The Biometric Industry: One Year After 9/11
One year removed from 9/11, it is clear that biometric technology has a tremendous opportunity to reshape the manner in which citizens, employees, and consumers interact with their governments, their employers, and with each other. However, the biometric industry must immediately address major challenges related to performance, real-world utility, and potential privacy impact in order for biometrics to reach their full potential.
9/11 represented a signal event in the history of the biometric industry. Many of the fundamental assumptions about the applications and environments in which biometric technology would eventually gain acceptance were rendered obsolete, and many long-standing impediments to large-scale biometric technology implementation were eliminated. Conventional wisdom states that the post-9/11 need for security and reliable identification in myriad public and private sector environments will lead to substantial increases in the number of biometric technologies and systems deployed, which will in turn directly benefit the developers, manufacturers, and integrators of biometric technology.
However, it is far from certain that the long-term impact of 9/11 on the biometric industry – relative to pre-9/11 projections – will be increased deployment, sales, and revenues. While biometrics are now a more familiar technology than had been the case prior to 9/11, with every major media outlet reporting on biometrics as an emerging post-9/11 technology, the “year of the biometric” has been proclaimed annually since the late 1990’s. In fact, the biometric industry has emerged much more slowly than most observers had anticipated. Will 9/11 be the impetus for the broad deployment and use of biometrics?
The greatly increased visibility afforded biometric applications does benefit the industry inasmuch as many more individuals are familiar with the term and the technology. However, this increased visibility may be detrimental to the biometric industry when the general public’s first introduction to the technology is through surveillance applications – a generally substandard biometric application in terms of performance and privacy impact. Similarly, while federal legislation (both in the U.S. and abroad) mandates the use of biometric technology on an unprecedented scale in public sector applications, difficult questions must now be addressed regarding certain technologies’ ability to perform in extremely large-scale and challenging transactional environments. Biometric technology, considered as a whole, will be forced to provide higher levels of accuracy, enrollment, and transparency than has historically been the case.
While the long-term impact of 9/11 on biometrics will only have been determined years hence, what has incontrovertibly changed as a result of 9/11 is the following:
• The leading-edge
applications in which biometrics are seeing large-scale adoption.
• The technologies most likely to be deployed within these applications.
• The deployment rationale for which biometric systems will be implemented.
• The levels of effectiveness which biometrics systems will be expected to provide.
The biometric industry will grow differently than would have been the case had 9/11 not occurred – but will not necessarily grow more quickly.
Market Report 2003-2007, IBG has revised its biometric industry revenue
projections. Projected 2003 revenues of $935m are actually slightly lower than
previously anticipated; however, 2004 revenues of $1.48b and 2005 revenues of
$2.2b are higher than had been previously projected. These shifts in revenue
projections are primarily attributable to the general downturn in the global
economy, which has impacted the ability of private sector firms to dedicate
substantial budgets to implementing emerging employee- and customer-facing
solutions. The strength of this global downturn is such that but for the events
of 9/11 projections would have been lowered even further.
Post-9/11 Biometric Applications
9/11’s most direct impact on the biometric industry will be a major increase in public sector spending on biometric technology for authentication of individuals in their capacity as citizens and employees. This spending will reflect a priority on access control and identity-related applications as opposed to information security related applications, although PC/Network Security will remain a strong growth area.
The single largest changes engendered by 9/11 will be the substantial increase in Citizen ID applications, a key industry horizontal, and travel and transportation applications, a key industry vertical. The use of biometric technologies in conjunction with government-issued documents – passports, visas, licenses, identity cards, and the like – is not a new concept, but had traditionally faced strong objections on the grounds of civil liberties. These objections are now offset by an increased awareness of the need for stronger processes related to issuance and use of identity documents. Biometrics are explicitly cited in several pieces of U.S. legislation, including the USA Patriot Act (signed in October 2001), the Aviation and Transportation Security Act (signed in November 2001), and the Enhanced Border Security and Visa Reform Act (signed in May 2002), each of which calls for the implementation of biometric technology to enhance homeland security. Similarly, the passenger- and employee-related vulnerabilities exposed in travel applications will lead to substantial deployment of biometric authentication systems, most often mandatory for employees and opt-in for travelers.
In addition, biometric surveillance and real-time screening applications will inevitably see broader deployment, despite the inherent difficulties encountered by biometric technology in this environment. Biometrics are uniquely capable of identifying an individual in an automated fashion – and in some circumstances without the individual’s knowledge or consent – without requiring that the individual claim an identity claim.
While biometric applications such as eCommerce, PC/Network Security, and Retail/ATM will see continued growth, these applications are not directly impacted by 9/11 (the residual benefits resulting from generally increased awareness of biometrics notwithstanding).
From a technology perspective, the primary beneficiaries of the post-9/11 changes in the biometric industry will be the following:
• AFIS, due to its position as far and away the most proven biometric technology for 1:N identification.
• Facial recognition, due to its being the only biometric capable of operating in surveillance mode as well as being compatible with massive databases of photographs and facial images.
• Fingerprint, due to the greatly increased need for effective, reliable 1:1 transactional verification in public sector applications.
The basic operating conditions of horizontal biometric applications, such as PC/Network Security, Citizen ID, Criminal ID, and Physical Access / Time and Attendance, will continue to define which biometric technologies can be deployed effectively. It is increasingly rare that a public or private sector institution faces a decision on whether to deploy (for example) fingerprint technology or facial recognition technology. The basic parameters of one’s application – including requirements for accuracy, response time, level of impact on existing systems and processes, and compatibility with existing data – define which technology can be effectively deployed. Determining which technology to deploy has become a small fraction of an institution’s overall biometric implementation strategy.
Post 9/11 Deployment Rationale
For much of the history of commercial biometric technology, an ongoing argument was whether convenience (in the form of reduced password management or increased access to public services) or security (in the form of logical and physical access controls) would be the primary driver of biometric industry growth. 9/11 has recast this debate such that security is the primary focus of nearly every biometric solution provider. In many cases this change is reflected only in marketing approaches: products once positioned for their convenience benefits are now sold as security tools, although the core biometric technology remains unchanged. Even biometric applications based on increasing consumer convenience, such as “trusted travel” applications in which known travelers can use biometric authentication to expedite the travel process, are predicated on increasing the overall security of the air travel environment by allowing redirection of inspection resources to the non-trusted traveler.
Post 9/11 Levels of Effectiveness
Although this trend will be slower to emerge than others, 9/11 will lead to an increased understanding of the limitations of today’s biometric technology, along with a clear definition of criteria which biometric technologies must meet and exceed in order to be considered deployable in mission-critical applications.
It has become generally understood that biometrics systems do not provide 100% accuracy, and are particularly prone to non-matching, or false rejection, in 1:1 applications. Biometric systems are often difficult to use and operate. Biometric systems are often incompatible with legacy access control and identification systems. Biometric system performance often varies according to the gender, ethnicity, demographic group, and age group of the enrolled user.
Further, at a conceptual level, biometric systems can only confirm or determine a claimed identity – one established upon system enrollment – as opposed to revealing a “true” identity. Biometric systems also must be seen as but one component in an overall system, and do not provide increased security when implemented in conjunction with highly vulnerable or easily circumvented systems.
Whereas biometric technology has been accompanied by unsubstantiated claims as to accuracy, scalability, response time, and real-world effectiveness, a result of 9/11 is that a heretofore absent realism has been injected into the general discourse on biometric systems. An increased emphasis is placed on objective performance data, on real-world as opposed to laboratory-based capabilities, on adherence to standards, and on the ability to positively impact current systems and processes.
Vendors and technologies unable to meet these requirements for highly effective operations will struggle to gain traction in the post-9/11 biometric landscape. For those able to meet increasingly rigid requirements for accuracy, universal enrollment, and transparency, there is an unprecedented opportunity to position biometric technology as solutions for a wide range of citizen, employee, and consumer-related applications.