Biometrics Law and Legal Definition
Biometrics is a field of science that uses computer technology to identify people based on physical or behavioral characteristics such as fingerprints or voice scans. "Bio" in the name refers to the physiological traits measured; "metrics" refers to the quantitative analysis that provides a positive identification of an individual. Biometrics is gaining widespread use in the business world as means to make the workplace more secure and efficient. The technology promises almost foolproof security for facilities and computer networks. It also helps employees increase their productivity by providing instant identification for time cards, payroll processing, computer logins, phone or copy machine usage, and myriad other purposes. In the age of terrorism, biometrics is increasingly recruited to help in tracking potentially dangerous individuals.
"The biometrics industry, which produces technologies to identify people by their natural biological features, such as fingerprints, the patterns in the eye's iris, and facial characteristics—the stuff of Mission Impossible—is sensing the chance to break out of high-tech security doors and enter the mainstream of daily life," Julian Perkin wrote in the Financial Times. "Biometrics are enjoying good reviews from the businesses that have integrated them into their systems to date," Sheila Smith Drapeau added in the Westchester County Business Journal. "They are proving themselves reliable, time efficient, affordable, and easy to use—another nod to shaving a few dollars off the office payroll. And their popularity is expected to skyrocket as aging baby boomers concerned with memory loss eagerly seek an alternative to remembering passwords, numerical systems, and their car keys." The U.S. Government is deploying biometrics as well. On January 1, 2006, the U.S. State Department announced the installation of biometric "entry systems" at U.S. land ports. According to the State Department release, "The program compares bio-metric data such as digital and inkless fingerscans and digital photos, as well as biographical information collected by the Department of State, against U.S. terrorist and criminal watch lists to identify and intercept criminals and violators who try to enter the United States."
One benefit of biometrics is that it relieves people from the burden of remembering dozens of different passwords to company computer networks, e-mail systems, Web sites, etc. In addition to creating distinct passwords for each system they use or Web site they visit, people are expected to change their passwords frequently. Employees who have trouble remembering their passwords may be more likely to keep a written list in a desk drawer or posted on a bulletin board, thus creating a security risk. But biometrics offers an easy solution to this problem. "An employee may not be able to remember a dozen passwords and PINs, but is very unlikely to forget or misplace his or her thumb," P.J. Connolly wrote in InfoWorld.
A related problem with passwords is that they do not provide reliable security. In fact, hackers can download password-cracking software for free on the Internet that will test the most obvious combinations of characters for each user on a system and often find a way in. Electronic retailers have found that their prospective customers are aware of the unreliable nature of password-based security systems. A survey conducted by Yankelovich Partners and reported in Entrepreneur indicated that security concerns prevent 31 percent of Internet users from making purchases online. Installing a biometrics-based security system is likely to impress customers who are concerned about Web site security. "You may already have the solution to all your security needs right in the palm of your hand—or, more likely, at your fingertips," Mike Hogan noted in Entrepreneur. "That's because biometrics offers an answer to all security and authorization issues."
Biometrics systems—which once cost tens of thousands of dollars to install—were originally used only by large corporations and the government. But now less expensive systems—costing as little as a few hundred dollars per desktop—are making the technology available to smaller businesses and individual consumers. As a result, analysts believe that the usage of biometrics will grow over the next few years, so that the technology will become prevalent on the Internet as well as in businesses. Several recent developments have helped assure the future of biometrics. For example, digital signature legislation passed in 2000 provided for biometric authentication to be accepted in place of a written signature and considered legally binding on documents. In addition, Microsoft announced that it would support biometric technology in future versions of Windows, making it easier to build Internet and network servers that can accept the biometric identifications. Before long, biometric scanning devices may be bundled into every new PC sold.
One of the first general applications of biometric technology may be in the health care industry. The Health Insurance Portability and Accountability Act recommended biometric authentication for health care facilities and insurance providers and set high penalties for improper or negligent disclosure of medical information. At some time in the future, every U.S. citizen's medical records may be available online and accessible with biometric authentication. This would allow individuals to access their records from a pharmacy or an emergency room far from home. It would also allow physicians to share case information and expertise online. However, many people still have concerns about privacy and worry that the online availability of medical records might affect their ability to change jobs or obtain insurance.
HOW BIOMETRICS SYSTEMS WORK
The main biometrics systems on the market work by scanning an individual's fingerprints, hands, face, iris, retina, voice pattern, signature, or strokes on a keyboard. According to Hogan, finger scanning accounts for 34 percent of biometric system sales, followed by hand scanning with 26 percent, face scanning with 15 percent, voice scanning and eye scanning with 11 percent each, and signature scanning with 3 percent. Retinal scanning—which reads the blood vessels in the back of the eye and requires the user to be within six inches of the scanning device—is the most accurate system but also the least likely to enjoy widespread use because of people's natural protectiveness toward their eyes.
Once the scanner reads the user's physiological information, the computer begins analyzing it. "The system reads the physical or behavioral characteristic, looks for telltale minutiae, and applies an algorithm that uniquely expresses those minutiae as a very large alphanumeric key," Bill Orr explained in the ABA Banking Journal. "This sample key then goes to a repository where it is compared with a key (called a template) that was created by the approved user when she enrolled in the system. This in turn generates a score based on how closely the two samples match."
Some experts suggest that the various types of biometric technologies will be combined as needed to fit different user applications. "If you already have a telephone in your hand, the most natural thing in the world is to use voice scanning for identification," Samir Nanavati of the International Biometric Group told Hogan. "If you're already typing at a keyboard, the unique pattern of how you type makes the most sense. And if you need an electronic signature anyway, why not do a biometric match for identification purposes?"
For companies hoping to incorporate some form of biometrics into their facility or computer security systems, the most difficult aspect of the process might be making various systems work together. "The tough part of implementing a biometric method isn't choosing between face, fingerprint, and voice pattern recognition but integrating the chosen method with your existing applications," Connolly acknowledged in InfoWorld. Even though biometric scanners are becoming more affordable, Web site operators still have to buy authentication and authorization servers that can accept the biometric identifications. However, some vendors are beginning to offer these services for companies that are unable to maintain a biometric server in-house.
Perhaps the most difficult obstacle to overcome in adopting biometric technology is employee or customer concern about its invasiveness. For example, many people think the technology could be used to collect fingerprints for a huge database. "But that's not how it works," Hogan noted. "While biometrics may make you more efficient at matching your Web site visitors to the customer profiles you keep of them, it doesn't provide any more information about the user at the point of access than the typical password system."
SEE ALSO Data Encryption; Internet Security; Counter terrorism
Connolly, P.J. "Biometrics Comforts Customers while Securing Assets." InfoWorld. 2 April 2001.
Connolly, P.J. "Future Security May Be in the Hands, or Eyes, of Users—By Eliminating the Need for User Passwords, Biometrics Will Tighten Networks and Save Big IT Money." InfoWorld. 16 October 2000.
Connolly, P.J. "Security Steps into the Spotlight." InfoWorld. 29 January 2001.
Drapeau, Sheila Smith. "Biometrics: Where Science Meets the Company Payroll." Westchester County Business Journal. 5 February 2001.
Fonseca, Brian. "Biometrics Eye the Mainstream Markets." InfoWorld. 15 January 2001.
Hogan, Mike. "Body Language." Entrepreneur. March 2001.
Orr, Bill. "Time to Start Planning for Biometrics." ABA Banking Journal. October 2000.
Perkin, Julian. "New Services Will Keep an Eye on Security: Biometrics." Financial Times. 21 February 2001.
United States Department of State, Press Release. "Biometric Entry System Installed at Final U.S. Land Ports." 1 January 2006
Hillstrom, Northern Lights
updated by Magee, ECDI