Believing in biometrics
Biometrics could improve passenger experience, optimise security and increase profits but privacy issues still abound. Frances Cook reports on why a technology which promises so much has been embroiled in so much controversy right from the start.
There has always been controversy surrounding the use of biometrics data. On a general level it is perceived as intrusive and tends to stir-up public suspicion on how the data could potentially be used. On the technological level there isn't much debate that the technology is a highly accurate way to validate passengers easily at border controls, whether by using fingerprints, the face or iris, with the two latter being considered the most effective.
Face and iris first
"Identity authentication uses three factors: something you know, something you have and something you are," explained Neil Fisher, vice president of Global Security Solutions at Unisys.
"Biometrics validates who you are and is the strongest element." Unisys has systems in more than 100 airports, including Beijing Airport, which reported "flawless and secure" operations during the 2008 Olympic Games.
"The use of biometrics all depends on the risk: if it's your home computer, you probably only need one factor of authentication - something you know - but if you're trying to keep out terrorists and organised criminals, you need a strong authenticator to recognise people: something you are."
The best are still face and iris scans he said, because they are seamless and transparent to the public, not requiring any positive action by them other than looking at a camera.
Better flow means better revenues
The implementation of efficient biometrics systems at airports can allow many processes to become automated. Biometrics has the potential to increase airport revenues thanks to an increased through flow of passengers.
"This year will see air travel booming and increasing as people continue to fly, yet border control staffing levels are being cut by 10%," said Fisher.
"Governments don't want to compromise on the risk by cutting down on staff but they can by investing more in automation technology."
Take for example the Privium scheme at Schiphol Airport, which requires frequent business travellers, who pay annually for the service, to have an iris scan when they pick up their card. This allows flyers to pass through the unmanned Privium iris scanning control station in far less time than the manned border control areas.
The prospect of such a scheme becoming more widespread, however, and common to the regular passenger, depends on iris scanning being accepted on a global basis and the roll out of relevant technology and infrastructure. But acceptance of this method is fraught with inconsistencies and obstruction.
"Getting global buy-in is essential and time consuming," said Peter Forrest, CEO of DPM Systems. "It has taken years to get a MRZ passport adoption let alone biometric passports. The need for a single identifier for all persons should be the prime directive - biometrics satisfies this."
DPM Systems has developed an immigration management and control system which includes biometric capture validation and verification using fingerprint, facial and iris recognition. It allows for the incorporation of technological advances and can adapt to changing security processes from border agencies.
Olympic concerns at UK borders
The UK's iris scanning programme, which started in 2005 in Heathrow terminals 1, 3, 4 and 5 and Gatwick North, so that registered non-Europeans could move quickly through border security, has been gradually scaled back and replaced by the eGate system. BAA worked with Accenture on the development of this £8m security solution.
The Financial Times reported a business traveller who flew into Heathrow once a week as being "infuriated" that he couldn't renew his registration. "In summer you can wait for at least 25 minutes in the normal queue and at iris it's only five minutes," he told the newspaper.
"In my view, the current concept of iris is sound - 300,000 regular travellers use it and swear by it - and it is disappointing to hear the UK Borders Agency (UKBA) has decided not to proceed with Iris technology," said Fisher.
"While the eGate strategy has its merits, iris recognition remains the strongest form of authentication available. Improving the technology that already exists in project iris is a lot simpler than implementing an international agreement for eGate technology."
Fisher believes the new system will not be able to work at the same speed as the iris scanning technology. "eGate takes approximately 30-45 seconds a passenger, while modern iris recognition technology - not necessarily the same as that used currently by Project Iris - can process a passenger in around ten seconds."
Following controversy over the loosening of border controls in 2011, this new eGate system, which needs to cope with an extraordinarily high level of immigration demands during the Olympic Games, is still not working.
"The sensible solution would be to continue project iris at least until after the Olympic Games, then scale back the project after the burden on our borders has been reduced," said Fisher.
"Then install modern iris recognition technology (iris-on-the-move) into eGates to replace the very clunky face recognition technology it has now."
Downsides of iris scanning
While many have criticised the scaling back of project iris, the false acceptance rate of iris scanning also needs to be recognised as an issue. Fisher said it is in the region of 0.1%, a rate that in industries, such as telecoms, would not cause too many problems.
"But with large numbers of people, say the annual throughput at an airport, this would mean more than one person being accepted against one set of biometrics," he explained. "That's an unacceptable rate."
While iris scanning in itself isn't a panacea when used in conjunction with other authenticators it offers an effective security solution. Forrest thinks it may become the preferred method of biometric verification, particularly in busy airports.
Security optimisation obstacles
But to optimise global security for travellers, border controls need to share information and think beyond just national border security.
Forrest said that today's lack of consensus on border security technologies has combined with political "empire building" which leaves intelligence gatherers without access to critical information.
"There is limited real time information sharing, a distinct lack of travel history and inefficient, inaccurate passenger verification," he said, adding that border security experts are frustrated by the lack of progress on international standards.
In an era where the security requirements at airports are likely to grow, passenger numbers are set to increase (and look for alternative methods of travel) and airports need to cut costs, biometrics offers a way to automate systems and optimise passenger flow while retaining a top level of security.
A biometrics future
However, receiving biometrics information in advance from passengers - and as such their confidence in these systems essential - is going to be necessary if biometrics is going to be utilised optimally in the future.
"On the technological level their isn't much debate that the technology is a highly accurate way to validate passengers easily at border controls."
The prospect of this is looking favourable if the latest results of Unisys's Security Index are anything to go by.
According to Unisys, 72% of US citizens said they would be willing to provide personal data in advance of air travel to increase security, while 91% of UK citizens and 68% of Australians said they would provide biometric data to increase flight security.
"The future of biometrics is looking good," said Fisher. "Security systems at airports will be more converged, linking real world security CCTV to the logical world of traditional IT security. This can be achieved through using biometrics as an authenticator, making it people centric.
"Once you do this, you can transform security into a system where you also get good business information without imposing on people's privacy, enabling security to become a business driver, not a cost centre."