Biometric Security: The Eyes Have It

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

This very interesting article from the MIT Technology Review describes the Face Recognition Vendor Test (FRVT) 2006 and the Iris Challenge Evaluation (ICE) 2006 face-recognition contests. The related competitions were sponsored by the National Institute of Standards and Technology (NIST), and results were recently released.


The main point is that "face-recognition algorithms" -- the core computer smarts necessary for a machine to tell one person from another -- have improved tenfold since 2002 and a hundredfold since 1995. The bulk of the piece is a very well done look at the nature of the improvements. The bottom line seems to be that facial recognition will become an ever-more useful tool.


The main thrust of the story is technical, but the author traces some potential commercial uses of face recognition. Suffice it to say that the companies in the competition -- which include Toshiba, Samsung and Neven Vision, which recently was acquired by Google -- are serious about commercializing the technology.


Potential uses of face-recognition mentioned include finding people with suspended driver's licenses who are trying to use phony names to get new ones, integration with photo services and, in the longer-term, searching for specific faces recorded by surveillance webcams.


An oddity about the story was that it didn't mention the use of facial recognition as a form of second-factor identification for laptops and other mobile devices. The overall category of using the body for identification -- biometrics -- so far has focused on fingerprint identification. A more futuristic approach, iris recognition, is used in some instances. A drawback to iris recognition is that it requires the subject to get uncomfortably close to the reader. Hopefully, the entrants in the competition addressed that challenge.


The term "second factor" can imply that biometrics is simply additive to passwords. The reality, happily, is that it brings something different to the table. All a password proves is that the person accessing the machine or the network connected to it has the correct password. How he or she got it -- whether it was legitimately given by the company or stolen from a Post-it stuck on an absent employee's screen -- is not dealt with. Facial recognition would close that loop and determine if the person with the password is or isn't the authorized user.


Earlier this month, Digi International and Sensible Vision unveiled a system which uses a combination of facial recognition software and a USB camera to eliminate passwords and other security procedures.


The most interesting element of the system is that it apparently doesn't add biometrics as a second-factor identification. Instead, it replaces existing security. It is unclear if employees will be able to turn the camera off. If the answer is yes, unauthorized users could take control of the machine. If the camera always is on, civil rights advocates, unions and employees almost certainly will object to the possibility of continual surveillance.