In the first part of our biometrics guide, we’ve told a little something about most frequent use cases of the technology. Part 2 is all about continuing speculation on that matter. We will also have a closer look at the most recent controversies.
Law enforcement and public security
Law enforcement biometrics are referring to applications of biometric systems that support law enforcement agencies.
This category can include criminal ID solutions such as Automated Fingerprint (and palm print) Identification Systems (AFIS). They store, search and retrieve, fingerprint images and subject records.
Today Automated Biometric Identification Systems (ABIS) can create and store biometric information that matches biometric templates for face, finger, and iris. Discover the work of forensic analysts in our video.
Live face recognition – the ability to do face identification in a crowd in real-time or post-event – is also gaining interest for public security – in cities, airports, at borders or other sensitive sites such as stadiums or places of worship.
These surveillance systems are being tested and/or used in many countries. They are however challenged and sometimes put on hold (read: California bans law enforcement from using facial recognition).
Military – Know your enemy
Much is unknown about how defence agencies around the world use biometric data.
The fact is that information is difficult to come by and share as it is not public.
The United States military has been collecting faces, irises, fingerprints, and DNA data in a biometric identification system since January 2009. The biometric program started as early as 2004 and initially collected fingerprints.
The Defense Forensics and Biometrics Agency (DFBA) is managing the system, known as the DoD Automated Biometric Information System.
According to OneZero (6 Nov 2019), the 7.4 million identities in the database are, for the vast majority, coming from military operations in Iraq and Afghanistan.
For the period 2008-2017, the DoD arrested or killed 1,700 individuals based on biometric and forensic matches (US Government Accountability Office web site – see page 2/59).
In the first half of 2019, biometric identification has been used thousands of times to identify non-U.S. citizens on the battlefield.
Border control, travel, and migration
The application which has been most widely deployed to date is the electronic passport (e-passport), particularly with the second generation of such documents also known as biometric passports, on which two fingerprints are stored in addition to a passport photo.
Over 1.2 billion e-passports are in circulation in 2019. That means over 1.2 billion travellers have a standardized digital portrait in a secure document. It’s a windfall for automatic border control systems (aka e-gates) but also for self-service kiosks.
This speeds up border crossing through the use of scanners, which use the principle of recognition by comparison of the face and/or fingerprints.
Check-ins and bag-drop solutions also increase speed and efficiency while maintaining high levels of security.
Needless to say, that for airports and airlines, providing passengers with a unique and enjoyable travel experience is a business priority.
Biometrics provides here irrefutable evidence of the link between the passport and its holder.
Biometric authentication is done by comparing the face/fingerprint(s) seen/read at the border with the face/fingerprints in the passport micro-controller. If both biometric data match, authentication is confirmed.
Identification, if necessary, is done with the biographic data in the chip and printed.
Besides, many countries have set up biometric infrastructures to control migration flows to and from their territories.
Fingerprint scanners and cameras at border posts capture information that helps identify travellers entering the country in a more precise and reliable way. In some countries, the same applies to consulates to visa applications and renewals.
Data acquisition requires reliable equipment to ensure optimum capture of photos and fingerprints, essential for precision during comparison and verification.
We describe in details three examples of such application:
The U.S. Department of Homeland Security’s IDENT biometric system, the largest of its kind
The European Union’s EURODAC, serving 32 nations in Europe (biometrics for asylum seekers)
The ambitious European Entry/Exit System (EES) to be put in place in 2020.
Physical and logical access control
Biometric access control systems help to prevent unauthorized individuals from accessing facilities (physical access control) or computer systems and networks (logical access control) based on biometric authentication.
In IT, biometric access control can be a complementary user’s authentication factor and supports organizations’ Identity and Access Management (IAM) policies.
Unlike codes, passwords or access cards that rely on data that can be forgotten or lost, biometric authentication is based on who people are (and not what they have).
In the mobile world, smartphones (a form of IT system) now usually include fingerprint and/or facial recognition features.
The iPhone 5 was first to introduce fingerprint recognition in 2013 (with TOUCH ID) and facial recognition became trendy with the iPhone X introduced in November 2017 (with FACE ID). Today many Android phones have this feature (combined with iris scanning) too.
According to Counterpoint, more than 1B smartphones with fingerprint sensors have been shipped in 2018 and those 1B smartphones will ship with some form of face unlock solution in 2020.
The Biggest Recent Biometrics Scandal
Back in October 2019, the U.S. Government has added 28 organizations to its Entity List, banning major biometrics companies including giants like Dahua, Hikvision, iFlytek, Megvii, SenseTime, and Yitu.
A statement issued by the Department of Commerce has the following:
“These entities have been implicated in human rights violations and abuses in the implementation of China’s campaign of repression, mass arbitrary detention, and high-technology surveillance against Uighurs, Kazakhs, and other members of Muslim minority groups in the XUAR.”
The New York Times reports that the immediate impact on the companies could be mixed, with some having found alternatives to American components in their offerings, or having stockpiled supplies in anticipation of a possible listing.
Both SenseTime and Megvii, which are the two biggest facial recognition unicorns in the world with valuations of $7.5 billion and $4 billion respectively, according to BuzzFeed News, have denied involvement in the Xinjiang government’s extensive surveillance and detention programs.
Megvii had been reportedly under consideration for the list but was subsequently cleared of involvement in an app used by government agencies which appear on the list by Human Rights Watch. A planned IPO by Megvii has been delayed, possibly by unrest in Hong Kong and a public relations incident, and may now be in jeopardy. That IPO was also reportedly being considered for the New York Stock Exchange as recently as March.
These measures could significantly reduce the means of development of the technology.
We will complete the series very soon. Stay tuned for the conclusions in part 3.