Identification Using Biometrics and Bioinformatics


Since all of the identification devices supplied by employers can either be lost or duplicated (with the possible exception of RFIDs), and since the demand for greater security has been growing steadily, businesses are increasingly interested in technologies that allow them to identify employees using distinguishing physical characteristics. Thus, they are turning to the field of biometrics—the science of measuring and distinguishing individuals based on physical characteristics.

Human beings are very good at distinguishing people by their physical characteristics. When we see someone in the distance, we can identify him instantly from his gait, height, hairstyle, and a dozen other physical characteristics, long before we can distinguish his face. When we pick up the phone, a single word can tell us who's on the line. Even in a crowd, the way people toss their hair or shrug their shoulders can unmistakably distinguish them from everyone else around them.

As each of us is formed in the womb, we take on various physical characteristics that make each one of us unique. We may share eye color with a sibling, our height with a parent, or even our face with a twin, but some things remain ours alone, regardless of how closely our external features match someone else. With the growing emphasis on security, businesses are implementing increasingly powerful (and intrusive) technologies to measure and record our unique characteristics, as part of the ongoing battle to definitively distinguish those permitted to be on company property from those who are not.

The Measure of a Man

Not long ago, it was believed that each person had a unique combination of superficial physical characteristics that, if properly measured and recorded, would enable that person to be positively identified. In the late 1800s, a French anthropologist named Alphonse Bertillon created a system called anthropological signalment to record measurements of eleven specific features of a person's body.

When someone was arrested for committing a crime, Bertillon or one of his assistants would measure the length of the suspect's arms, the size of the ears and feet, the size and length of the head, and so on. Each measurement was recorded on an index card and filed according to whether the measurements was below average, average, or above average. After Bertillon's system was used to identify hundreds of suspects with previous criminal records, he was appointed the head of a newly created Bureau of Identification in Paris.

Bertillon calculated that the odds of any two individuals having eleven identical physical measurements at just under one in forty million. When photographs were added to the measurement files, the odds against a mistaken identification grew even worse. However, the signalment system was an inexact science. For example, ten policemen might measure the same person and come up with ten different sets of measurements. In addition, while the system worked well for smaller numbers of criminals and suspects, in large police departments, the challenge of storing, maintaining, and searching the Bertillon cards threatened to destroy the system's utility.

A well-publicized case of mistaken identity helped lead to the end of the Bertillon system, particularly in the United States. In 1903, a certain Will West was brought to the Leavenworth Prison in Kansas. His Bertillon measurements were taken and the files searched to see if he had previously been a guest of the U.S. Government. The records clerk found a card on file with West's measurements, along with a photograph that appeared to be of West. The records clerk concluded that West was a repeat offender, something that West strenuously denied.

After further investigation, it was determined that West was right—the Bertillon card and photograph were of a man named William West, who was already imprisoned at Leavenworth. The two men were identical in both measurement and physical appearance. There is disagreement about whether the two men were strangers or were actually twin brothers; in either case, the well-publicized confusion of the prison officials badly damaged the credibility of signalment as a means of accurately identifying people.

Fingerprinting

A few months later, Leavenworth prison officials determined that there was one physical characteristic that Will West and William West did not share—their fingerprints. In 1904, Leavenworth replaced the Bertillon system with fingerprint records, and numerous other American law enforcement agencies followed suit. Twenty years later, Congress made its first appropriation to enable the United States Department of Justice to create a program to collect and maintain records of fingerprints and other criminal records.

Remarkably, the commercial use of fingerprints in this country dates back even further. In 1882, U.S. geologist Gilbert Thompson put his own thumbprint on wage chits and then signed across the print to prevent forgery. His is the first known use of fingerprints in the United States.

Apart from photo IDs, fingerprints are the oldest and most widely implemented biometric identifier. [13] Commercial fingerprint authentication systems have been in use for approximately fifteen years and are becoming an increasingly common feature in mainstream computer applications. A number of companies, for instance, have announced plans to include fingerprint scanning technology as a security device for laptops, keyboards, and mice.

There are two main types of fingerprint scanners: optical scanners, which take a picture of your fingerprint, and scanners that use a semiconductor-generated electrical field to make an image of your fingerprint. Not surprisingly, there are some practical challenges in getting a clean optical image: Fingerprint scanners have a tendency to get dirty, and users need to be educated on how to properly place their finger in order to get a successful read.

A scanner's ability to read a fingerprint can also be compromised if your finger is callused, worn, damaged in some way, or simply too moist (or too dry) to produce a good image. Scanning companies are attempting to circumvent these problems by developing an imaging chip that focuses on the living cells underneath the top surface of your finger. These cells reveal the same fingerprint pattern as the cells on the surface of your finger, but often provide a clearer image.

In addition, scanner manufacturers are incorporating a variety of sensors (temperature, pulse, blood flow, skin conductivity, etc.) into fingerprint scanning devices that will be able to detect whether the finger being pressed against the scanner is actually alive. The goal, obviously, is to prevent someone from trying to replicate your finger with a latex mold, or more horribly, cutting off your finger in an attempt to gain access to your office.

Successfully getting a clean image of your fingerprint is merely the start of the authentication. The real challenge is to correctly identify your fingerprint so that it can be compared against your fingerprint template. There are two main categories of fingerprint matching: minutiae based and correlation based.

If you look closely at your fingerprints, you'll see that they're made up of a series of ridges and furrows. Some of the ridges in your fingerprints come to a stop; others split into two separate ridges. Minutiae is the term used for the points on your finger where a ridge either stops or splits. A minutiae-based scanning system identifies and maps those points, and then measures the relative distance between them. That information is then compared to a database of fingerprints to see if there is a match with a fingerprint having an identical relationship among its minutiae. A correlation-based system, by contrast, focuses on the overall pattern of arches and whorls in each fingerprint.

Each method has its drawbacks. Minutiae-based systems are generally faster and more accurate overall, but require a higher quality fingerprint scan. Correlation-based systems handle lower-quality scans more easily, but require a reference point that is consistent from one scan to the next. If your finger is not in the correct position, it's much more difficult for correlation-based systems to get an accurate read.

The challenge for the developers of fingerprint scanning technology, as with other biometric devices, is to create a system that has a very low false rejection rate for a given false acceptance rate. An employer can ensure a low false rejection rate, of course, by having a high acceptance rate, but that makes the biometric system essentially worthless. Similarly, requiring a very low false acceptance rate has the tendency to push up the false rejection rate, which irritates users and motivates them to find ways around the security system.

The other factor that has slowed widespread adoption of fingerprint scanning is the long association of fingerprints with criminal investigations. After a hundred years of detective stories, movies, and television shows, we indelibly associate being fingerprinted with being a suspect. Most of us, undoubtedly, can see the scenario in our head—the fingerprint card on the desk and the pad of printer's ink (quick-drying and nonsmudging), the hand firmly grasping each of our fingers, rolling it first across the inkpad and then across the corresponding square of the stiff cardboard.

As people grow more familiar with biometric fingerprint scanning, some of those fears will die away. Nonetheless, it will be some time before people lose their discomfort over having a fingerprint stored in their employer's computer system.

Ironically, of all of the various biometric identifiers that are currently being researched and marketed, the fingerprint is probably the one that says the least about you beyond identifying who you are (the iris runs a close second). Physical changes in your body are generally not reflected in your fingerprint, so you don't give up any extra information (such as other health data) when your fingerprint is scanned. If you are nervous, having hot flashes, or perspiring for some other reason, it might be difficult to read your fingerprint, but once your finger is dried, your fingerprint itself remains unchanged. As we'll see, that's a considerable advantage compared to some other types of biometric data.

Voice Recognition

Given our familiarity with using the voice to recognize each other, it's not surprising that voice verification is the biometric security tool that has the highest level of user acceptance. Weeks before we're born, we learn how to distinguish one voice from another, and researchers have determined that newborn infants can distinguish their mother's voice from the voice of another woman. As we grow older, we build an internal library of hundreds of different voices that we can quickly recognize, ranging from our family to friends to favorite musicians and actors. Anyone who's watched television during the last decade, for instance, can instantly identify the voice of James Earl Jones as he intones, "This is CNN." And the number of preschoolers who can instantly identify the voice of a certain purple dinosaur is frighteningly high.

Thanks in large part to the telephone and the recording industries, the human voice is probably the personal biometric that has been studied the most closely. As early as 1936, AT&T's Bell Labs invented the "Voder" (from "voice coder"), a device that enabled an operator to use a keyboard and foot pedal to produce recognizable speech. There is a wide variety of computer-driven speech synthesization applications on the market today, ranging from toys to telephone directory assistance, and while the words produced are nearly always recognizable as electronic speech, they are at least understandable.

It has proven much more difficult, however, to get computers to either understand what we are saying or even identify the person speaking. Until recently, the greater effort was devoted to developing electronic translators. Not long after the end of World War II, the Defense Department began work on the development of a mechanical language translator. Given the complexity of human language and the state of computers at the time, it's not surprising that the results were erratic at best. One perhaps apocryphal output from the DOD's device was to translate the English phrase "The spirit is willing but the flesh is weak" into Russian for "The vodka is strong, but the meat is rotten." Rumors flit about the Internet that the ultrasecretive National Security Agency (NSA), with its underground forest of Cray computers, is capable of doing effective real-time speech recognition and translation, but the expert consensus is that even the NSA is still some years away from successfully using computers to routinely translate and understand human speech.

Since identification is a much more limited task than recognition, there's been considerable more progress on it. The early leader in this field was Texas Instruments (TI), which developed voice-activated systems for U.S. Air Force pilots in the early 1970s. In the thirty years since, TI has been joined by researchers from corporations and universities around the world.

The consensus, after all of these years of study, is that even if two people say the same word, each individual's voice print—the frequencies and patterns of the sound that comes out of each person's mouth—is unique. One typical method for creating a voice print is to reduce each spoken code word into segments and identify the dominant tones for each segment. The tones for each segment are plotted on a table or spectrum, which makes up the individual speaker's voice print. The voice print can then be stored as a table of numbers, with the presence or absence of a dominant tone being marked by a one or a zero. Since all the numerical entries are binary, the entire voice print table can be expressed as a long binary code, which makes comparisons of a new voice print with stored voice print templates very fast.

There are two main drawbacks, however, to using voice as a biometric security device. First, voice authentication systems tend to have a fairly high false rejection rate. Ideally, a voice authentication system should be fairly sensitive, so that it can accurately record your voice and create your voice print. However, that also makes it difficult to eliminate background noise, which in turn impedes successful matches. (Humans also have difficulty sometimes identifying voices when there's a lot of background noise, but we have a lot more processing power than most computers to assist us in filtering out the noise and making a match.)

Also, unlike some other physical characteristics, your voice is highly changeable. Something as simple and as common as a cold can alter the timber, tone, and pitch of the voice, making it exceedingly difficult for a computer to make an accurate match. Voice print technicians also point out that even if an individual is healthy, it is difficult to say the code words in exactly the same way they were said when a voice print template was created. As a result, even the most sophisticated voice authentication system needs to have a little wiggle room built in; the company deploying it needs to make a decision about what confidence level it will require before authenticating a given speaker.

The requirement of a little wiggle room just to make the system function in a reasonable fashion makes voice authentication inherently less secure than other forms of biometric identification. While it may in fact be impossible to imitate another individual's voice exactly, there are some people who are very good at copying how others speak: The accuracy of Will Farrell's impersonation of President Bill Clinton on Saturday Night Live, for instance, was downright scary. Similarly, in theory an individual's voice could be fed into a voice print computer from an audio tape, an idea that showed up as a plot device in the 1992 movie Sneakers.

The vendors of today's voice verification systems, however, say that there's no way that a tape recording of a voice can be used to gain access to a secure facility. In testimony before the U.S. House Subcommittee on Domestic and International Monetary Policy on May 20, 1998, Dr. Steven F. Boll, the director of licensed products for ITT Defense & Electronics, said that his company had solved the "tape recorder threat." The ITT Speaker-Key system, Boll said, requires users to repeat back random numbers during voice verification; the system also uses a variety of other "anti-spoofing" techniques to foil impersonators. [14]

The employee privacy issues raised by voice authentication systems are relatively minor. Your voice, after all, is one of the most common ways that other people recognize you, so there's no great intrusion if your employer uses the same technique. In theory, voice identification systems are set up to discard each new recording once verification takes place, but certainly, it wouldn't be too difficult to alter the system to record the words spoken each time you used the system. But there would really be little reason to do so; while we do notice changes in other people's voices over time, the impression is usually subjective. Occasionally a medical condition will affect the voice and change its sound, but there are usually other indications long before the voice is affected. It would be very difficult for an employer to glean much information even from a decade of voice authentication entries.

The Eyes Have It: Irises and Retinas

In 1985, National Geographic published one of the most famous photographs of the twentieth century: From the cover of the magazine, the face of a twelve- or thirteen-year-old Afghan girl stared out from underneath her dark red shawl, her eyes an unusual green color and her expression enigmatic. The portrait had been taken a year earlier by photographer Steve McCurry at the Nasir Bagh refugee camp in Pakistan during a five-minute photo session, but because he was working without an interpreter, McCurry never learned the name of the girl he photographed.

In January 2002, the National Geographic television show Explorer learned that the refugee camp was scheduled for demolition, and the producers decided to try to find the "Afghan girl." They began an arduous search that started at the camp and wound up in remote Afghanistan, where a woman named Sharbat Gula lived with her husband and three daughters. The host of Explorer, Boyd Matson, said that he knew he was on the right track even before he saw a photo of the now-grown Gula. "The second I saw the color of her brother's eyes, I knew we had the right family," Matson told National Geographic news reporter David Braun.

Although Matson was confident that he and his crew had in fact located the "Afghan girl," the show sent the two photographs out for analysis. The results, using the same iris scanning and facial recognition tools employed by the U.S. Federal Bureau of Investigation, confirmed that the two photographs were of the same woman. [15]

The verification of Sharbat Gula's identity illustrates how eye scanning may soon become the definitive workplace security tool. In certain instances, a rare color or shade of color can help link us to a particular family; Gula's brother, apparently, shared her unusual green eye color. But the eye has two other features—the pattern of the iris and the retina—which can be used to unequivocally identify each of us.

The iris is the colored portion of the eye surrounding the pupil. The basic color of our eyes—our irises, really—can change during the course of the day, depending on the light, our clothing, make-up, our mood, etc. What doesn't change is the unique pattern of light and dark regions contained in each iris. The pattern is formed in part by a tissue within the iris called the trabecular meshwork, which gives the iris the appearance of being divided by radial spokes. In addition, the pattern of each iris is marked by a variety of other features, including "rings, furrows, freckles, and the corona." [16]

Unlike most of our other physical characteristics, the pattern of the iris is not determined by genetic make-up; instead, the pattern has been formed during the eighth month of pregnancy through a process called "chaotic morphogenesis," i.e., random formation of tissue. Since there is no genetic influence on the development of the iris pattern, it not only differs from person to person (including identical twins), it also differs from eye to eye: The iris pattern of your right eye is different from the one in your left eye. In his book Database Nation, Simson Garfinkel reports that the odds of two individuals having the same iris pattern is roughly one in 1078 (ten followed by seventy-eight zeros); right now, the population of the entire Earth is less than 1010.

Equally important, from an identification point of view, is that the pattern of the iris remains unchanged (barring accident or surgery) throughout the course of your life. The consistency and potential variation in each iris pattern thus makes it an extremely powerful tool for identifying individuals.

The idea of using the iris for identification has been around for some time. Bertillon included detailed descriptions of the irises of criminals in his records, and in 1936, American ophthalmologist Frank Burch proposed the idea to an annual meeting of the American Academy of Ophthalmology. Even Hollywood got into the act in 1983, using iris identification as a plot device in the James Bond film Never Say Never Again.

It wasn't until 1985, however, that serious steps were taken to make iris identification a reality. Drs. Leonard Flom and Ara Safir raised the idea of creating a biometric tool based on the iris and obtained a patent for the idea in 1987. In 1990, the two ophthalmologists founded a company called IriScan to develop and market iris scanning technology. [17]

In the early 1990s, Flom and Safir began collaborating with Dr. John D. Daugman, a professor of neuroscience and statistical pattern recognition at Cambridge University in England, to develop the mathematical algorithms and software necessary to perform iris scanning. Daugman developed and patented a system for reading points of reference in the iris and converting that information into a 512-byte mathematical code, which Daugman calls an IrisCode. As part of the encoding process, Daugman's algorithms draw on data taken from up to 266 points in each iris, compared to the thirty to sixty points of information drawn from other types of biometric examination. Since the stored IrisCode is a mathematical representation of the iris's pattern and not an image of the iris itself, a comparison of a recently photographed iris to all of the other IrisCodes on file can be done quite rapidly. Even average computer equipment can compare hundreds of thousands of IrisCodes per minute.

Using the iris as an identification tool has a number of advantages over other types of biometrics:

  • An iris scan does not require an individual to touch a special sensor, and in fact, can be done without the person's knowledge.

  • The eye is a self-cleaning organ, and protects the fully-enclosed iris from damage and environmental changes.

  • Enrollment of an individual in an IrisCode database is quick—generally less than half a minute—and subsequent identification checks take only one to two seconds.

  • It is very difficult, if not impossible, to duplicate the pattern of another person's iris. In addition, scanning devices are programmed to look for natural fluctuations in the pupil to screen out potential fraud.

If anything, our retinas offer even more precise indications of who we are than our irises. The retina is a thin membrane at the back of the eye that gathers the images that come through the pupil and passes them to the optic nerve, where they are transmitted to the brain for interpretation. The retina is fed by an intricate system of tiny blood vessels, which form a unique pattern on the surface of the retina of each person. The blood vessel pattern is complicated enough to provide between 320 and 400 different points of reference, which can be stored in a remarkably small (35 byte) data file.

Despite its various advantages, however, retinal scan technology is hampered by the fact that it is considerably more intrusive than iris scanning. In order to get a successful retinal scan, the individual being scanned must hold his or her eye motionless a half inch from the scanning device while five successive scans of the retina are performed. In addition, the retina is subject to the effects of aging and disease, both of which can change the pattern of a person's blood vessels. If the changes are great enough, the system will be unable to verify your identity.

The fact that the retina is highly sensitive to the state of your health raises concerns about possible medical discrimination stemming from the use of retinal scanning. "The retina does change its state with various clinical conditions," Professor Daugman said, "such as diabetes, glaucoma, dietary imbalances, high blood pressure, and even just aging. The retina is highly vascularized." [18]

By taking daily retinal scans over a period of time, an employer might gain some insight into the general state of your health. The space required to store the information captured by a retinal scan is so small that it would be a trivial matter for even the largest corporation to store months or years of its employees' retinal scans. An employer might pitch routine retinal scanning as part of the company's health benefits, but the greater temptation would be to use the information to surreptitiously identify employees who are likely to make costly health insurance claims.

Professor Daugman contrasted the retina's susceptibility to health changes with the immutability of the iris:

There is no medical evidence that the iris (the tissue at the front of the eye, in front of the lens, behind the cornea) has any correlation with a person's state of health. Many people, journalists especially, confuse the iris with the retina (which is the imaging tissue at the very back of the eye, whose outputs go via the optic nerve to the brain). [19]

Despite the clear evidence that the iris is unaffected by general health changes, there is a branch of study called "iridology" or "iris analysis" that argues that a person's overall health, mood, personality, and future can be revealed by closely studying the iris. According to its practitioners, the iris is connected by thousands of nerve fibers to the brain and spine; changes in the body travel along these nerve fibers and are reflected in the appearance of the iris. If this were true, the routine use of iris scans would pose tremendous privacy concerns for employees. Daugman's assessment, however, is blunt:

You might like to look at the "iridology" links from my website. This occult practice, rather like palm reading, believes that each point on the iris is connected somehow to a particular organ in the body. It is of course all just hocus-pocus, and therefore very popular, like religion ... [20]

The notoriety of iris recognition technology received a considerable boost in the summer of 2002, when it was a major theme in the midsummer release, Minority Report. Throughout the film, we see the hero, John Anderson (played by Tom Cruise), having to deal with the fact that iris recognition technology has permeated American culture. As he walks down a mall corridor, for instance, interactive advertisements scan his irises, retrieve his identity, and change their pitch accordingly. Iris readers on the Metro system provide a log of his movements, and access to his workplace is controlled by similar authenticators. When on the run, Anderson seeks out a black market doctor who can replace his eyes with someone else's; he keeps his old ones in a small plastic bag, however, so that he can break into his former office.

It will be some time before iris scanning technology reaches the level portrayed in Steven Spielberg's film. As Professor Daugman points out, long-range iris recognition just isn't being done. "Iris imaging requires the consent and cooperation of the subject," he said, "because the camera must be within about a foot or two of their face, and they must look directly into it. So, it cannot be done surreptitiously, as can face recognition from several tens of meters away (except that all current algorithms for face recognition have terrible performance results)." [21]

It's taken two decades since the debut of iris scans in Hollywood (in Never Say Never Again, 1983) for them to become a viable and well-understood technology. It's worth keeping in mind that, in 2020, we may be staring Spielberg's vision of the future squarely in the face.

Facial Recognition

From an athletic perspective, Super Bowl XXXV—held in Tampa, Florida, on January 28, 2001—was a rather unremarkable affair. The Baltimore Ravens, a defensive powerhouse during most of the season, completely shut down the offense of the New York Giants, and walked away with a 34 to 7 victory. Columnists complained about the quality of the quarterbacks and worried that the game signaled the arrival of a new period of defensive dominance.

The Ravens were not the only ones who had their minds on defense. Super Bowl XXXV may have been a dud on the field, but from a security perspective, the contest was groundbreaking. The game was used as an opportunity to test the speed and accuracy of a new facial recognition system. Every ticket holder who attended Super Bowl XXXV—roughly 72,000 people—had his face scanned, and the image was electronically compared to an image database of approximately 1,700 known criminals. The images were taken from state and federal law enforcement files and held pictures of individuals convicted of everything from pickpocketing to domestic terrorism.

The surveillance test was a collective operation of Raymond James Stadium officials, the Tampa police, and a consortium of hardware and software manufacturers led by Graphco Technologies, Inc., a leading developer of access and surveillance systems. In addition to monitoring the crowds at the stadium, Graphco also installed monitoring systems at the NFL Experience, the pre-Super Bowl fan exhibition, and in Ybor City, a popular Tampa tourist destination and nightspot area.

The Graphco surveillance installation was a complicated combination of hardware and software drawn from a variety of companies. Veltek International, a Shrewsbury, Massachusetts, manufacturer of closed-circuit television equipment, provided over thirty cameras and miles of fiber-optic cable. Viisage (located in Littleton, Massachusetts) provided FaceTrac, facial recognition software that it based on technology developed in 1987 by Professors Matthew Turk and Alex Pentland at the Massachusetts Institute of Technology (MIT).

MIT's technology uses an algorithm known as Principal Component Analysis (PCA) to analyze the features of each face and construct an eigenface. [22] An eigenface is created by taking your photo, locating your eyes as a reference point, and then expanding or contracting your head so that it is a consistent size with the other images in the database. The software then electronically removes clothing and hair from the image, leaving just your face. Next, the software eliminates brightness and contrast caused by lighting, leaving a flat, gray image of your face. In that image, however, certain features of your face will stand out, and those distinctive characteristics form your eigenface. Once the software has extracted your eigenface from your image, it can compare your eigenface with the others stored in its database and return a list of those that match within a preset degree of variation.

As each individual passed by one of the cameras in Raymond James Stadium, the features on her face were photographed and an eigenface was constructed. In turn, her individual eigenface was compared to the eigenfaces of the individuals in the law enforcement photo bank. For each comparison, the system listed the likelihood of a match; if the likelihood exceeded a certain preset limit (for instance, 95 percent), then an alarm sounded and the two photos were displayed side by side on a monitor. If no matches were found, then the image was discarded (although it would be a simple if space-consuming process to save the images for later examination).

In an interview with Time magazine following the Super Bowl, Viisage CEO Tom Colatosti was ecstatic that FaceTrac positively identified nineteen people in the law enforcement database. "It was a phenomenal success," Colatosti told Lev Grossman. "If you had told me the day before that we'd get one, that would be great. The fact that we caught nineteen, that's astounding." [23]

Actually, no one got caught. The police did not make any arrests based on FaceTrac identifications, and in fact, admitted that the surveillance test had educated them on the need to use "choke points" in conjunction with the facial surveillance technology. It's one thing to identify a wanted individual using a facial recognition system, but if that person disappears into a crowd before the identification is completed, the system's utility is limited.

The test at Raymond James Stadium also underscored the sensitivity of facial recognition systems. The accuracy of any facial recognition system varies tremendously depending on the lighting conditions, the angle of the person's face, how still the person is holding his head, and so forth.

In a report issued a year after Super Bowl XXXV, the American Civil Liberties Union strongly challenged the effectiveness of facial recognition systems. Using Florida's open record law, the ACLU obtained the operating logs for Tampa's facial recognition system. According to the department's records, during the two months that the system was up and running in Tampa's Ybor City, the system failed to successfully match a single individual with the photos in the police department's file of criminals. In addition, the ACLU found that the system made a significant number of false identifications, despite differences in age, weight, and even gender.

Viisage's chief rival, Visionics, has had similar criticisms leveled against it. The Visionics technology, called FaceIt, is based on a type of facial analysis called local feature analysis (LFA). Under the LFA approach, eighty different points on an individual's face are identified, and the relative distances between each feature are measured. Those points and measurements are used to create a numerical template, which can be compressed to a record just 84 bytes in size.

The advantage of LFA, according to Visionics, is that even if an individual's face changes (as it does when he smiles or frowns), the relative distance between the individual's features remains fairly constant. While the debate over which facial recognition system performs best is not likely to subside soon, Visionics did recently receive a boost from the Defense Advanced Research Projects Agency, landing a $2 million research grant aimed at improving its facial recognition technology for military and intelligence agencies.

Although government agencies have long been the primary purchasers of facial recognition systems, corporations are showing significantly more interest in the technology following the attacks on 9/11. In many ways, business use of facial recognition technology makes more sense than field use: All of the facial recognition systems in the works right now perform best when the image capture occurs under well-lit, full-frontal conditions, and businesses will be able to create those conditions as part of their security set-up. That will dramatically improve the recognition rate for whatever facial identification system is in use.

For employees, the privacy implications of facial recognition are minimal. As with voice and even fingerprints, the use of your facial image takes nothing away from you that you don't offer to the world already. In theory, a long series of facial images could reveal something about your physical or mental condition that you would rather not share with your employer, but again, the correlation between your facial appearance and your health is not particularly strong.

[13]A successful biometric identifier requires that an employer have the ability to compare some physical characteristic of the employee against a previously recorded example (or "template") of that characteristic. For instance, a photo ID allows a security guard to compare the employee's existing facial features against the template, i.e., the photo on the employee's ID. One of the great conveniences of the photo ID is that there's no need for a central database; each employee carries her template with her. It's only recently that computers have become powerful and flexible enough to create and maintain central libraries of templates for other types of physical characteristics, such as fingerprints, irises, and so forth.

[14]The SpeakerKey system, which has gone through a couple of changes of corpo- rate ownership, is now marketed under the trade name VoiceVault by a Dublin, Ireland-based company of the same name.

[15]David Braun, "Behind the Search for the Afghan Girl," National Geographic News, updated March 21, 2002; accessed on the Web on June 28, 2002, at news.nationalgeographic.com/news/2002/03/0311_020312_sharbat.html. The Web page contains side-by-side copies of the two photographs, along with links to additional information about the search for Gula.

[16]"Iris Recognition: The Technology," n.p., n.d. Downloaded from the World Wide Web on June 27, 2002, from www.iris-scan.com/iris_technology.htm.

[17]In 2000, IriScan merged with one of its largest licensees, Sensar Corp. (a specialist in developing iris recognition components for automated teller machines and similar electronic delivery channels), and changed its name to Iridian Technologies.

[18]E-mail to author, June 29, 2002.

[19]E-mail to author, June 29, 2002.

[20]The web page for John Daugman, Ph.D., O.B.E., is located at www.cl.cam.ac.uk/users/jgd1000/

[21]E-mail to author, June 29, 2002.

[22]The term is derived from the German prefix "eigen," meaning "own" or "individual."

[23]Lev Grossman, "Welcome to the Snooper Bowl," Time, Vol. 157, No. 6 (February 12, 2001). Downloaded from the Web on June 15, 2002, from www.time.com/time/magazine/printout/0.8816,980003,00.html.




The Naked Employee. How Technology Is Compromising Workplace Privacy
Naked Employee, The: How Technology Is Compromising Workplace Privacy
ISBN: 0814471498
EAN: 2147483647
Year: 2003
Pages: 93

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net