biometrics in identity: building inclusive futures and

Biometrics in identity:Building inclusive futures and protecting civil liberties

About this report

This report by Secure Identity Alliance (SIA) seeks to support European policy makers when planning and implementing biometrically-enhanced identity programmes and associated services. Taking a holistic view of today’s sophisticated biometric landscape, it identifies the key issues and drivers for biometrically-enhanced identity, provides an insight into current and forthcoming projects in Europe and beyond, and puts forth a set of common best practices and recommendations to support policy makers looking to leverage biometric identity to drive and accelerate the digital economy across Europe.

A best practices and recommendations guideJune 2019

1. Executive summary

Since Gilbert Thompson of the U.S. Geological Survey first attached his thumb print on a document to prevent its forgery in 1882, the power of biometrics as a unique personal identifier has been clear. Today, across the European Union and beyond, the ‘human interface’ is being applied to a vast range of identity-based services – from accessing smartphones and consumer payment apps, through to widescale national border management programs and much more.

This proliferation of biometry offers a compelling answer to the identity questions facing governments who seek to create and operationalize legal, trusted identities for their citizens. Not only to provide speed and accuracy when verifying identities at land, sea and air borders, but to enable and accelerate social inclusion and welfare programmes, and wider economic development.

From the eu-LISA Entry-Exit System (EES) to better facilitate and reinforce border checks for non-EU nationals travelling from and to the Schengen space, to a host of national and metropolitan programs that deliver a wide and growing range of identity-based services, biometrics has become a vital and growing part of the social fabric of our lives.

Of course, few state-run biometric-enabled ID initiatives are designed to operate in isolation. Today, we are witnessing the development of mega systems, built on enormously complex infrastructures and to a grand scale. In the EU, nowhere is this better illustrated than in the interconnected world of law enforcement. Here, under the purview of the eu-LISA agency, the Shengen Information System (SIS-II), visa system (VIS), asylum system (EURODAC), criminal records (ECRIS), Entry Exit System (EES) and European Travel Information and Authorisation System (ETIAS) are all being deeply and widely integrated to support integrated policing and extended border control.

There are challenges too, of course. Most notably (but certainly not limited to) data privacy and security. While the European Union’s General Data Protection Regulation (GDPR) enshrines the personal data rights of the individual – and specifically categorizes biometric data as ‘sensitive’ – the framework alone is no guarantee against data misuse or theft. Recent legal discussions surrounding India’s landmark Aadhaar biometrics-based program highlight the complexities of civil liberties and privacy groups.

While GDPR is becoming the benchmark for best practice, it is by no means globally adopted, nor does it eliminate the need for European policy makers and private enterprises to continue to address individual rights and freedoms when planning biometric-led projects.

Moreover, while biometric data – be that fingerprint, iris, facial, voice or others – is typically understood to be the most accurate and effective evidence of identity, it is not immune to problems. False positives (where a biometric system allows access based on an incorrect match) or false negatives (where systems fail to recognize an authentic individual and block access) are not uncommon occurrences.

Similarly, biometric systems can be vulnerable to ‘spoofing’ or hacking. Famously, the fingerprint sensor on a newly launched smartphone was spoofed by a false fingerprint within days of its 2013 launch. Security is continually evolving and improving, and it’s interesting to note that despite this and other breaches, Apple’s TouchID, and its later generation FaceID biometric matching technology on the iPhone X, remains widely trusted by banks to authorize new customer on-boarding and cash transactions.

So, while no security solution is 100% effective – due in large part to the need to balance security with user convenience – it remains true that vulnerabilities exposed under lab conditions rarely have major real-world impact.

Of course, it is always important to consider the business need and the protection that will be provided for privacy of personal data. In any deployment this requires a detailed exploration of the security and privacy considerations of the specific use case, and taking into account the opinions and concerns of potential stakeholders, before planning and design proposals are finalised.

For example, the Commission Nationale de l’Informatique et des Libertés (CNIL), the independent French regulatory body that aims to ensure data privacy law is appropriately applied, published its observations on the Secured ID card using biometrics in 2011. The main issue for the CNIL with this digital multi-biometric file is data privacy, i.e. use for surveillance, beyond the risk of data breach. In 2018 the French government validated the creation of a file that will gather personal and biometric data of French citizens called “TES” (Titres Electroniques Sécurisés). The TES is already in place for passports, and will now be also for ID.

While GDPR is becoming the benchmark for best practice, it is by no means globally adopted.

Biometrics in Identity1

The need for best practices It is fair to say that biometric technology is well proven and that standardized data security approaches are, in the main, very effective if implemented correctly. Therefore, the questions for policy makers today are more of an operational and ethical nature. Proportionality too is critical to avoid over investing or over engineering systems.

Discussions have moved on to cover critical issues such as how best to apply the multiple biometric options in specific identity-based scenarios, to how to contain cost, and the best approaches to ethical and responsible deployment. Here, the issues are both complex and diverse – from siloed approaches within governments, to the ever-present technical and logical challenges of enrolment, data management (centralized or de-centralized), systems integration and future proofing.

In the interdependent and interconnected biometrics environment, it is critically important that these (and many other considerations) are well understood by policy makers.

Which brings us to the need for a set of best practices – hard won and clearly defined from experience of successful (and not so successful) deployments across the world. There is no ‘one size fits all’ solution, with different biometric modalities and technologies suitable for some applications more than others. The right biometric system is the one that fits the use case and delivers the desired outcome within the societal, ethical, operational and budgetary context each agency and government finds itself subject to.

From the SIA perspective, the development of a set of guiding principles will greatly support European policy makers’ ability to make informed decisions; not just around the design, implementation and ongoing management of biometrically-enhanced identity systems, but to aid them in fully understanding and addressing the wider ethical, legal and privacy questions that sit at the heart of these complex environments.

The right biometric system is the one that fits the use case and delivers the desired outcome within the societal, ethical, operational and budgetary context.


Table of contents

1. Executive summary

2. The identity imperative 2.1 The critical role of identity 2.2 The need for legal, trusted identity 2.3 Case Study

EU identity management for law and order

3. The biometric evolution 3.1 Understanding the evolution of biometrics 3.2 Biometrics use cases 3.3 Exploring biometric modalities • Facial • Fingerprint • Iris • Voice 3.4 Selecting the right biometric modality 3.5 Biometrics in smartphones 3.6 Continuing development of algorithms 3.7 Biometrics, artificial intelligence and machine learning

4. Capacity building in biometrics 4.1 Privacy 4.2 Security 4.3 Data sharing 4.4 Standardization 4.5 Operational approaches

5. Biometrics in practice 5.1 Frictionless travel 5.2 Secure borders 5.3 Humanitarian aid 5.4 Social inclusion

6. A time for action

7. Best practice guidelines in biometric-enhanced ID


2.1 The critical role of identityA legally recognised Identity is one of the most important human rights in the modern world – as enshrined in article 16.9 in the UN Sustainable Development Goals: “to provide legal identity for all, including birth registration” by the year 2030. It was also the impetus for the World Bank Group’s launch of the Identification for Development (ID4D) initiative in 2014.

Around the globe, citizens depend on government issued identity documents to prove they are who they say they are, and to undertake commonplace transactions like opening a bank account, registering for school, obtaining formal employment, or receiving social welfare transactions.

Identity is a validation of who we are. While we only need to expose just enough to enable secure and trusted authentication, there is little doubt that ID is becoming increasingly essential for full participation in our daily social, working and political lives.

This is the case whether we’re streamlining citizen access to digital government services or delivering unique, personalised digital identities that make it easy for companies to know and serve customers better. It is nothing short of a strategic necessity for governments and commercial organisations everywhere.

Ultimately, citizens throughout Europe and the World depend on government-issued identity documents to access a host of health and welfare programs, education, financial services, and to move smoothly and securely across borders.

It’s not just EU citizens. Identity systems are central to effectively addressing population movements and the continuing refugee challenges at Europe’s borders, as well as facilitating national security and anti-terrorism initiatives, while being a catalyst for sustainable economic growth.

2.2 The need for legal, trusted identityIn response to growing citizen demand, governments around the world are fast tracking the shift to digital service provision. But, with multiple identity providers offering to host and manage digital identities for the general public, the root identity – the single sovereign trusted identity upon which all others are based – must start with government.

Indeed, the United Nation believes governments have a responsibility to develop and anchor legal identity with its Sustainable Development Goal target 16.9 stating: “By 2030, provide legal identity for all including birth registration.” The World Bank too has developed a series of core principles on identification as we see in Figure 1.

2. The identity imperative

INCLUSION:

Universal Coverage and Accessibility

1. Ensuring universal coverage for individuals from birth to death, free from discrimination.

2. Removing barriers to access and usage and disparities in the availability of information and technology.

DESIGN:

Robust, Secure, Responsive and Sustainable

3. Establishing a robust – unique, secure, and accurate – identity.

4. Creating a platform that is interoperable and responsive to the needs of various users.

5. Using open standards and ensuring vendor and technology neutrality.

6. Protecting user privacy and control through system design.

7. Planning for financial and operational sustainability without compromising accessibility.

GOVERNANCE:

Building Trust by Protecting Privacy and User Rights

8. Safeguarding data privacy, security, and user rights through a comprehensive legal and regulatory framework.

9. Establishing clear institutional mandates and accountability.

10. Enforcing legal and trust frameworks though independent oversight and adjudication of grievances.

FIGURE 1: Core Principles on Identification, World bank

http://documents.worldbank.org/curated/en/213581486378184357/pdf/112614-REVISED-English-ID4D-IdentificationPrinciples-Folder-web-English-ID4D-IdentificationPrinciples.pdf


Trust is critical in the digital ecosystem. And, as custodians of the ‘root’ identity, governments need to build their digital identity strategies in a manner that ensures they can retain control of national services and transactions, protect their citizens and allow individuals to use their derived digital identities as access points to commercial services – without exposing it to theft, misuse or attack.

This is particularly true when it comes to the collection, management and use of biometric data. Government, border management and law enforcement use cases typically require the development of biometrically-enabled identity. As such, there is a strong argument that they possess a considerably more legitimate reason to create and maintain biometric databases than private enterprises.

At the most fundamental level, the effective development of a secure and trusted identity relies on three pillars – all of which increasingly utilize the individual’s biometry:

• The creation of the root identity within a well-functioning civil registration and vital statistics (CRVS) system based on a unique set of characteristics (be that biometric of biographical data)

• The creation of a secure, government-issued physical document, such as both certificate or passport, by which the individual can seek to ‘prove’ their identity

• The creation of a digital ‘mobile’ identity as a convenient, derived credential that enables secure online interactions with governments and third-party services

There’s more to it, of course. Such as ensuring that a biometric record taken at a particular point in time is tied to the root identity – for example when applying for a new passport, during an interaction with law enforcement or adding biometrics to authenticate access to a state-run welfare program. Here, the ability to tie back to the root identity is critical in ensuring both accuracy and security, and requires a clear set of processes whatever the application.

Whether embarking on a government-driven centralized system in which state-issued digital ID serves as the basis for all public and private sector transactions, or initiating a federated model of multiple government-endorsed digital identity providers, the definition of what constitutes official legal identity should always remain the purview of the state.

Across Europe and beyond, policy makers are required to navigate all these complex issues. The scale and sophistication of today’s identity systems, the complex integrations, and the broad and interconnected ecosystems of multiple public and private stakeholders combine to pose considerable challenges. As do the potential tensions between national security and individual privacy.

For many, the role of biometrics in addressing these issues, and in protecting user identity, guaranteeing goods and services make their way only to bona fide recipients, and reducing fraud and abuse, is without equal.

Only by knowing ‘who’ to a high degree of certainty can governments or business ensure that only those entitled are being served. To do otherwise is both an economic and social injustice as biometrics technology has now advanced to a level where performance is proven, and the benefits are real and measurable, and easily outweigh the costs.

2.3 CASE STUDY EU identity management for law and order As discussed earlier in the report, the trend in large-scale, mega systems is growing. Here we explore the EU’s approach in more detail.

Managed by the EU through the eu-LISA agency, this police and border security mega system is certainly the largest and most complex of its kind in Europe. As summarised in Figure 2, there are five main core systems already in existence, or in development. Shown as green, these are: the Shengen Information System (SIS-II), visa system (VIS), asylum system (EURODAC), criminal records (ECRIS), Entry Exit System (EES) and European Travel Information and Authorisation System (ETIAS) which will provide an online service for Third Country Nationals (TCNs) who do not need visas before entering the Schengen area.

The design challenge is how to integrate biometric capability for all of these systems (except ETIAS, which is non-biometric). Five separate biometric systems would fragment the data and be difficult to co-ordinate. Therefore, all these systems connect to a common, Shared Biometric Matching Service (sBMS).

As well as meeting the needs of individual systems and their users, the sBMS links together records about the same person recorded on any of the systems that have a biometric component, for users who have authorised access.

Only by knowing ‘who’ to a high degree of certainty can governments or business ensure that only those entitled are being served.

2. The identity imperative continued


In general, operating on a very large scale in this way is a logical way to control complex data and exploit the power of biometrics to optimise the management of identity. However, it’s not easy, and requires major investment of time and money.

The quality (accuracy, timeliness, completeness, etc.) of data and therefore the correct operation of each system is also essential. Data inherited from legacy systems that does not already meet a rigorous standard may be hard to correct after the event: an approach to linking identity (as described above) may be easier to implement for new data than to cleanse historical data.

During 2018 the EU published proposals1 to strengthen the security of European ID Cards and Residence Documents, bringing these into line with the comparable security standards for European Passports and Residence Permits contained in ICAO 9303 plus the European requirements for including fingerprint images (Extended Access Control (EAC)).

This is seen as an important contribution to European efforts to control immigration and counter terrorism. The proposal requires discussion, legislative change and practical changes to design and production: this will take time to implement. However, it has made some progress and received endorsement by the European Council in late 2018 and the regulation was definitely adopted in June 2019.

In addition, the infrastructure keeps track of biographic information, including names, dates of birth, document numbers and reference numbers linking records (identities) held on different systems, through the Common Identity Repository (CIR).

Because of the scale of the information and the potential for uncertainty about who is or is not the same person, an additional system, the Multiple Identity Detector (MID) is used. Again, the biometric component (sBMS) will help to confirm the status of possible matches within the CIR.

An additional approach is being taken to categorise potential identity matches, shown in Figure 3. Matching identity is difficult at very large scale. Two different people could share the same name and even date of birth, for example. Conversely, the same person may appear on a system twice or more, under different names and passport numbers, even nationalities. This could be for a variety of reasons: because of legitimate life changes (e.g. name change on marriage; renewal of a passport), or because of fraud. Or because some data may have been recorded differently on different occasions, possibly in error.

The coding scheme in Figure 3 registers a status of the link between two similar or related identity records: green for different; while for same; red for fraudulent, and yellow when the situation requires further examination.

European Search Portal (ESP)

Multiple Identity Detector (MID)

Schengen Info. System (SIS-II)

Shared Biometric Matching Service (sBMS)

EU National Gateways Police / Border agencies

External Partners e.g. INTERPOL stolen / lost docs.

iAPI Hub Carriers (airlines, etc.)

Asylum (EURODAC)

Visas (VIS)

Crim. Records (ECRIS)

Entry / Exit (EES)

Non-Visa (ETIAS)

Common Identity Repository (CIR)

External interface

Core systems

Biographics

Biometrics

FIGURE 2: European Identity Systems for law enforcement

FIGURE 3: European Identity categorisation (same or different person?)

1. DIFFERENT people, even if biographics are similar

2. SAME person, even if biographics are different

3. FRAUDULENT identities detected for the SAME person

4. MAY be the same person: needs further investigation

GREEN

WHITE

RED

YELLOW

Multiple Identity Detector (MID)

1 Proposal document, COM (2018) 212, 17 April 2018 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52018PC0212

Endorsement of the proposal by European Council, 14 November 2018 https://www.consilium.europa.eu/en/press/press-releases/2018/11/14/better-security-for-id-documents-council -agrees-its-position/


3.1 Understanding the evolution of biometrics Stepping back slightly, the automated biometric systems we know today first began to emerge in the latter half of the twentieth century, enabled by the growing capabilities of modern computer systems. The field experienced an explosion of activity in the 1990s and began to surface in everyday applications in the 2000s. Today’s biometrics systems are highly integrated, incredibly sophisticated and rapidly growing in functionality, ease of use and security.

In the early days, biometrics were primarily used in law enforcement and border control applications to provide the irrefutable link between the individual and document they present. This included ID solutions such as Automated Fingerprint (and palm print) Identification Systems (AFIS), which process, store, search, compare and retrieve, fingerprint images and subject records.

These have evolved into Automated Biometric Identification Systems (ABIS) that augment the fingerprint to create and store biometric information that matches biometric templates for face and iris.

Both systems are also widely used for civil purposes including national ID card programs, voter registration and to access welfare payments being linked with a civil register database to ensure the identity and uniqueness of the citizen.

Biometrics in government

In Europe, for example, the European Union’s EURODAC serves 32 nations in Europe and offers a biometric identification system for asylum seekers. Eurodac was the first biometrically enabled system commissioned by the European Union (EU), and the first multinational biometric system in the world. Eurodac has been operating continuously since going live in 2003 and has undergone a number of expansions and upgrades as it expanded to address immigration.

Looking beyond Europe, Aadhaar- the world’s largest biometric ID scheme developed by the Indian Government, manages staggering numbers of citizens. Over 1 billion people have been enrolled in the scheme since its 2010 launch to access a variety of government services following the submission of their biometric data. The scheme is being expanded into the private sector to provide access to a growing range of enterprise services.

So too in Uganda, where a countrywide biometric identity verification program for more than a million asylum-seekers and refugees in Uganda has recently been completed by the UN Refugee Agency UNHCR, World Food and Uganda’s Office of the Prime Minister (OPM) – using some 68 verification sites across the country.

The list goes on.

Biometrics in the consumer arena

In the consumer arena, it’s predicted that nearly all smart devices including mobile phones, tablets and wearables will have some form of biometric security enablement by 2020. And, according to a recent report from Good Intelligence, by 2021 1.9 billion bank customers will adopt biometrics for a variety of financial services, including ATM cash withdrawals, accessing digital bank services through IoT devices and mobile bank app authentication.

Tens of millions of Apple Pay and Google Pay customers are already familiar with this kind of fingerprint (or facial) biometric payment functionality, of course. But it’s also coming to credit and debit cards – with both Visa and Mastercard piloting ‘on card’ biometrics that capture and match the individual’s fingerprint to authenticate transactions as an alternative to PIN code.

It is important to mention that while biometrics are a common sight on today’s generation of smartphones and wearables, the biometric data is typically used as an authentication mechanism to unlock phones, make app store purchases and conduct mobile wallet transactions. These are not biometric identities in the strictest sense – being designed to provide the user with access to a particular service rather than confirm their actual ‘true’ identity. Similarly, the biometric data remains on the device, and protected by layers of security and encryption. That is not to say that private enterprises are not building biometric databases. Many are, but whether they should be is a point of debate outside the preview of this paper.

Another compelling example of the growth of biometrics in the consumer world comes from China. On “Singles Day” (Nov 11, 2018), the biggest day of the year for retailers in the country, Alibaba Group online retailer, Tmall, conducted 60.3 percent of its CNY213.5 billion (US$30.7 billion) in business using biometric face or fingerprint identity verification.

Offering higher security, convenience, accountability and accurate audit trails, biometric matching solutions are being adopted for a broad range of vertical uses cases – from improving experiences in retail environments, to frictionless travel through airports, and background checks on employees.

So much so that the market is projected to be worth some $50 billion by 20242, with industry watchers expecting voice and facial recognition to be used in as many as 600 million mobile devices by 20213.

3. The biometric evolution

In Nov 2018 online retailer, Tmall, conducted 60.3 percent of its CNY213.5 billion (US$30.7 billion) in business using biometric face or fingerprint identity verification.


Biometry innovations

Over the past decade we’ve seen dramatic strides in biometric technologies and expectations are that biometric authentication mechanisms will become even more precise and convenient in the future. While such innovation is good, it is also important that systems and technologies are thoroughly proven before being placed in an operational context.

There’s also a new and emerging field of biometrics that involves measuring human behaviour. Using artificial intelligence and machine learning to execute pattern recognition, devices can now lock out fraudulent users if they detect deviant behaviour that doesn’t match the way an authorised user would typically behave. For example, a combination of keystroke dynamics, GUI interactions and factors such as flow, touch, sensitive pressure all add up to behavioral patterns can form something akin to a virtual fingerprint.

3.2 Biometric use cases Using physiological or behavioral characteristics is considered one of the most effective ways to prove an individual’s identity. The biological traits of each human being are unique and therefore very personal.

Since every individual on the planet possesses unique physiological features that can’t easily be swapped, shared or stolen, biometrics has the potential to accurately identify someone with as near 100% certainty as is able to be achieved today.

This kind of functionality is particularly effective in a centralised database environment, and for government applications or government-sponsored programs. By contrast, in the enterprise sector, the task is typically one of authentication rather than identification of the specific individual. In both environments, biometrics has a key role to play.

The following illustrate the key benefits of using biometrics within both identity and authentication contexts:

To prove Identity

To enable financial inclusion

To enhance security

To manage population movements

To improve customer experience

Supports the next wave of financial inclusion. Globally, about 1.7 billion adults remain unbanked – without an account at a financial institution or through a mobile money provider4. Often as a result of the lack of appropriate documentation to prove their identity, biometrics offers significant potential to address unbanked populations. Indian government’s Aadhaar system is a good example.

Biometric authentication offers a higher level of security than other methods of online identification. Between social media accounts, emails, application and services, the average person might have upwards of 20 different identities. Trying to keep track of our various logins, passwords and PINs is an almost impossible task – forcing people to use the same password/PIN for multiple uses which makes them vulnerable to hacks. Biometrics makes having to memorise multiple passwords a thing of the past.

Addresses migration and population movements. Biometrics offers a truly transformational opportunity to address today’s growing migration challenges – not simply to monitor population movements for border control and security purposes, but to provide previously undocumented migrants with an identity to access support services.

Consumers/citizens want an improved experience. We all want user-friendly and highly secure ways to undertake our daily life tasks, but traditional forms of authentication can feel clunky and inconvenient. Biometrics can go a long way to eliminating the complexity and time involved in securely boarding an aeroplane or cruise ship, moving between borders, paying for products and services and more.

2 Global Market Insights, 2017 3 Juniper Research, 2016 4 Global Findex database, World Bank, 2017

The use of a secure, accurate biometric, rigorously verified against the holder of a passport or ID card can add important assurance on identity, in addition to any checks on the authenticity of the document itself. Biometrics, therefore, play an important role in preventing identity theft or fraud.


CASE STUDY

Seamless boarding at Changi International Airport Singapore’s Changi airport is one of the busiest in the world. With an annual passenger capacity of 16 million passengers, a clear focus on convenience for bag-drop, airside clearance and passport control and boarding were required. Deployed in the new Terminal 4, a fully automated departure process was deployed to deliver Fast and Seamless Travel (FAST). Several world-firsts were achieved in this project, including the first terminal-wide implementation of an automated boarding solution. While several concepts have been explored elsewhere, this is the first in production in the world and is resulting in faster processing of passengers to allow for more time to enjoy the terminal facilities, greater levels of non-intrusive security, the ability to re-deploy staff to customer service roles and the improved optimisation of operating costs.

SOLUTION OVERVIEW

• Biometric capture of passengers to facilitate automated bag drop, immigration and boarding

• Automated immigration and boarding gates

• Passenger process facilitation platform, linking various airport and airlines systems

3. The biometric evolution continued


3.3 Exploring biometric modalities While there’s extensive research currently being undertaken into new and exotic biometric (gait, odour, ear shape) identifiers, the most common characteristics – also known as modalities – in use today are detailed below. These biometric identifiers best meet today’s tests for uniqueness, permanence and consistency – providing accurate recognition and a high level of protection against fraud, while also conducive to being captured using sensing devices in an ergonomic, non-invasive and convenient way.

While other forms of biometric are being captured – including the aforementioned human behaviour, palm and heartbeat methods – the above represent the most popular and widespread approaches in use today.

One of the most flexible biometric identification methods, facial recognition systems analyse features common to every individual’s face: the distance between the eyes, the position of cheekbones, jaw line, chin, width of nose, shape of mouth and so forth. Systems can automatically identify or verify an individual from a digital image or video frame, comparing selected facial features from the chip stored image of an electronic travel document or a facial database. Facial recognition is becoming the global de facto standard for identity verification and identification in a majority of modern Border Control systems. EU, USA, APAC, followed by South America, and more recently by the Middle-East are using Facial as a primary modality to process border movements.

An authentication method that uses pattern recognition techniques based on high-resolution images of the irises of an individual’s eye. The iris of the eye has a distinct pattern that remains stable throughout a person’s life. These highly accurate biometric systems are rarely impeded by the presence of glasses or contact lenses and are well suited to one-to-many identifications. Iris recognition systems have been implemented into the UAE’s air, land and sea ports of entry, the FBI has incorporated the technology into its next-generation biometric identification system, and Google uses this iris recognition to regulate access to its datacentres.

While there is some evidence that fingerprints degrade slightly with age, finger ridge configurations remain unchanged throughout the life of an individual and therefore are good indicator of identity. Fingerprint patterns too are another accurate and reliable identifier characteristic – and an approach gaining widespread popularity for personal identification systems owing to its distinctiveness and stability. Recent advancements in technology have led to the development of fingerprint recognition systems that are small and inexpensive – resulting in the deployment of these systems in a wide range of scenarios. Prominent applications include mobile phones and laptops, building and car doors, and border control.

Voice recognition systems validate an individual’s identity by using certain characteristics extracted from their voice. In these systems, the emphasis is on the vocal features that produce speech and not on the sound or pronunciation of speech. Such systems can accurately identify individuals from their voices with less than a 1% error rate; the error rate is even lower for speakers that say a pre-determined phrase, making the accuracy of these systems almost similar to fingerprint systems. Today, voice technologies are being used to speed up the ID verification process for telephone banking customers and citizens who contact government call centres to discuss their sensitive tax matters.

Facial recognition

Iris recognition

Fingerprint recognition

Voice recognition


CASE STUDY

Border management at El Dorado International Airport As part of an initiative to deliver a state-of-the-art immigration experience at Bogata’s El Dorado International Airport, Migración Columbia, the migratory control entity of Colombia, piloted an automated, iris-based, traveller verification system. Columbian citizens enrol before they travel, and on return to the country, the iris reader authenticates their identity and allows them through the barrier. During the 2-week trial, travellers saved upwards of 30 minutes on the re-entry process, and a significant drop in crowds and bottlenecks was reported. Based on the success of the pilot, Migración Colombia plans to expand the implementation at other airports and immigration centers throughout the nation.

HOW IT WORKS

• Columbian citizens register to participate in the scheme before traveling

• Scan iris at one of 30 BIOMIG migratory control stations

• Unique iris scan is registered with Colombia’s Border Management System (BMS) in under 1 minute

• Travellers’ data is instantly verified, and identity is compared against databases from Interpol, national police records and other government authorities

• On return, travellers enter national ID number on a touchscreen terminal and glance at the iris scanner

• Identity is authenticated via a secure digital process and again compared against multiple databases

• Automatic doors to swing open and travellers are free to enter Columbia

https://www.gemalto.com/press/pages/gemalto-biometric-authentication-technology-revolutionizes-automated-border-control-in-colombia.aspx



3.4 Selecting the right biometric modality The selection of the modality is largely dependent on the use case. Systems can also be designed to use a single biometric identifier for identification or verification. These are called single or unimodal systems. It is becoming increasingly common to see two or more biometric identifiers used together, in multimodal systems.

There are pros and cons of both approaches. Unimodal systems benefit from being simpler and generally less expensive in terms of enrolment, required hardware and software, and data management. There are also cultural and ethical considerations – some populations may be happy to register their fingerprint or have their voice recorded to avoid multiple identity checks when calling their bank, for example. But they may not want to register their facial biometric as well.

While multimodal approaches require users to register more of their unique physiological data, they also offer a higher level of assurance that the individual is who they say they are. This can reduce the number of false negatives/positives and increase the reliability of the recognition – addressing the issues caused by aging irises in older people and in fingerprint scanning systems for younger children whose ridges may not be fully developed.

The multimodal approach has also been shown more effective to address vulnerabilities posed by spoofing biometrics and sets a higher authentication threshold that increases security – making them more appropriate for national eID schemes, ePassports and voter registration programmes.

That is not to say that simply adding (or taking away) a modality necessarily increases (or decreases) either the effectiveness of the verification process or the security of the application or service itself. A raft of other factors impact accuracy. These include the quality of the biometric sensor, resolution of the image, the sophistication of the enrolment and matching algorithms and level of presentation attack detection.

But again, the right choice is the one that fits the application and is able to provide the ‘right’ balance between security, convenience, cost and the multitude of other factors that must be considered before an informed decision is made.

Chief amongst these additional issues is user privacy. Irrespective of biometric modality, maintaining both privacy and transparency for users is a major factor in the selection of the wider solution environment – something goes beyond devices and modalities to biometric data management.

One of the major reasons smartphone vendors choose to implement fingerprint and facial applications in a local environment (i.e., with biometric data remaining on the device) is to eliminate the privacy, security, regulatory and financial implications of creating and managing biometric databases.

3.5 Biometrics in smartphonesOn an individual scale, smartphones are increasingly used as a means of providing assurance about the holder’s identity, to enable their use for payments, travel, proof of age and other purposes, both online and in person. Some innovative developments are continuing to take place with the use of biometrics in smartphones that are important in assuring identity:

• Providing fingerprint and other readers via an attachment / device that can be clipped onto a smartphone when required

• Using the on-board camera to capture biometric images of acceptable quality for accurate use – even 4 fingers in a single image; fingerprint sensing built into the screen

• Illuminating the user’s face with a precise matrix of controlled lights (infra-red) to capture a better 3D image of the face for recognition

• Improved algorithms for verification, liveness detection, and detection of ‘spoof’ attacks – Presentation Attack Detection (PAD)

• Security features in the phone to protect against theft or alteration of data such as biometrics or encryption keys used to authenticate the device or user – stored in secure environments including Trusted Execution Environments (TEE) and Secure Elements

Simply adding (or taking away) a modality doesn’t necessarily increase (or decrease) verification effectiveness or application security.


3.6 Continuing development of algorithmsWork is also continuing to improve the accuracy of biometric algorithms. A report by Patrick Grother and colleagues at NIST (US) in November 20185 concluded that although there were still wide variations, massive gains in accuracy had been achieved by many face recognition algorithms in the previous five years (2013- 2018).

With good quality portrait photos, the most accurate algorithms will find matching entries, when present, in galleries containing 12 million individuals, with error rates below 0.2%. However, when significant age differences existed, or the photographs were of lower quality, some struggled.

As algorithms evolve, they are not only becoming better able to cope with low quality images, they are also providing much improved ‘pitch and yaw’ functionality to detect and identify those individuals not looking directly at the camera. This ability to verify people without requiring them to ‘stop and stare’ both improves the experience for the user and speeds throughput of people at passport control and in similar choke points environments.

3.7 Biometrics, artificial intelligence and machine learning For some, the marriage of biometrics and machine learning offers infinite possibilities to develop a host of frictionless and secure services. For others, particularly civil liberties groups, such developments can cause concern.

In China, for example, we are seeing examples of big (behavioral biometric) data collection and analysis, aided by artificial intelligence (AI) algorithms becoming commonplace in policing strategies. We have also seen questions over proportionality: with media6 reporting the Temple of Heaven Park in Beijing has trialled toilet paper dispensers with facial recognition to limit the number of sheets being dispensed.

In contrast, in regions where stricter individual privacy legislation is enacted and enforced – such as in EU with its GDPR – there are constraints as to how far such technologies can be deployed.

Whatever the regulatory environment, there is no doubt that AI will combine with biometric identifiers to drive a huge range of services. Analyst house, Gartner Inc, reports7 that over the next few years, advances in AI will lead to increasingly sophisticated facial recognition technology – particularly useful in identifying lost children or elderly citizens.

By 2023, there will be an 80% reduction in missing people in mature markets compared to 2018, due to AI face recognition. Although current facial recognition is limited in application, the report says, the speed of recognition using one-to- many matching, even in large sample sets, is less than 600 microseconds.

On a more commercial note, a recent study by fintech researcher Autonomous NEXT8, showed how identity verification powered by artificial intelligence could reduce the costs of Know Your Customer (KYC) and Anti-money Laundering (AML) processes by 70 percent, while speeding them up by 80 percent.

Today’s behavioral biometric technologies can capture more than 2,000 parameters from a mobile device, including the way a person holds the phone, scrolls, toggles between fields, the pressure they use when they type and how they respond to different stimuli that are presented in online applications9. Indeed, by 2022, 80 percent of smartphones shipped will feature with on-device AI capabilities (vs 10 percent in 2017)10.

It is precisely this kind of AI-powered analysis – carried out with due regard to ethics and privacy, and when and opt-out practices are handled correctly – that sets AI-driven behavioral biometrics apart from more conventional approaches; offering tremendous opportunities to acutely verify and authenticate online users.


5 Ongoing Face Recognition Vendor Test (FRVT) Part 2: Identification, by Patrick Grother, Mei Ngan and Kayee Hanaoka, US National Institute of Standards and Technology (NIST), report NISTIR 8238, https://doi.org/10.6028/NIST.IR.8238

6 BBC, 20 March 2017 https://www.bbc.co.uk/news/world-asia-china-39324431

7 Gartner Top Strategic Predictions for 2019 and Beyond, Gartner Inc, Nov 2018

8 https://www.biometricupdate.com/201811/ai-identity-verification-efficiency-could-make-european-digital- lenders-more-competitive

9 https://www.forbes.com/sites/forbestechcouncil/2018/01/18/ machine-learning-and-behavioral-biometrics-a-match-made-in-heaven/#443feec3330

10 Gartner Highlights 10 Uses for AI-Powered Smartphones, Gartner, Jan 2018

By 2023, there will be an 80% reduction in missing people in mature markets compared to 2018, due to AI face recognition.


CASE STUDY

Queue management at Abu Dhabi International Airport In 2016, as part of a major initiative to deploy smart passenger flows and queue management, Abu Dhabi International Airport commercially deployed iris and finger print biometric sensors across the airport – at 80 eRegistration stations, 94 self-service eCounters and 96 eGates. Featuring a contactless ‘wave’ of four fingers, and anti-spoofing technology, the system provides rapid capture and authentication for over a million passenger a month.

ABU DHABI AIRPORT IN FIGURES

• 90 seconds for eCounter transactions

• 20 seconds for eGate passage

• 2,000 registrations per day

• 2 second matching (Iris & Fingerprint)

• 5000 passenger/hour total for eCounters

• 15,000 passenger/hour total for eGates


As we have touched on before in this report, building a cohesive and interconnected biometric ID infrastructure and associated services is a complex undertaking. There are a multitude of considerations – from the ethical and legal to the technical and operational. It requires the buy-in, and collaboration between, multiple stakeholders. In this section we will look at the key considerations of any biometrically-enhanced identity service.

4.1 PrivacyAs previously discussed, privacy is the number one concern for citizens. It is perhaps best illustrated by the growing deployment of facial recognition systems in tandem with behavioral biometrics and AI. Whether in a retail scenario to identify shoppers or a national security use case, it will be important to plan and deploy AI-powered biometric systems ethically and responsibility – with the rights of the individual uppermost in the minds of policy makers.

General Data Protection Regulation (GDPR)

In Europe, and for European-operating organisations, the General Data Protection Regulation (GDPR) offers some regulator cover in terms of individual’s privacy. Here, biometric data is specifically identified as a ‘sensitive category of personal data’, defining biometric data as, “personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic (fingerprint) data”.

Under the terms of the regulation, there are now well-established norms for capturing, storing and processing personal data, with stringent opt-in conditions. Similarly, the eIDAS (Electronic Identification, Authentication and Trust Services) set of standards for electronic transactions in the European Single Market lay down some protections in Europe (and for European citizens),

In the EU, for example, two fingerprint images are now included in Schengen area passports, but access to this private information is strictly limited, using Extended Access Control (EAC)’.

Privacy-by-Design matters, whether in a national identity scheme, a border security environment or in a consumer-to-brand relationship. The right of the individual to privacy must be properly protected. Indeed, individuals who increasingly consent to their biometric data being stored and processed must be able to do so with a high level of confidence their data is being used for the specific purpose it was provided for – and no more. This is as relevant an issue for government agencies sharing biometric information with one another as it is for commercial organisations wishing to deepen their customer profiling activity.

As with many such evolutions, the pace of technology change within biometrics is outpacing many regulators’ abilities to provide appropriate control mechanisms. This is particularly true with IoT-enabled biometric data capture and processing. How international and national regulatory authorities continue to address the privacy issue must remain in focus as we move forward.

To date, there is no cohesive international standard for biometric data protection. There is, however, a tranche of technical standards relating to interoperability that we cover below in section 4.4.

4.2 SecuritySecurity of biometric data is, of course, paramount. A biometric system is inherently one that stores personal data, which therefore requires high levels of protection against attack and from improper processing (such as disclosure to anyone not entitled to receive it). The spectre of a widespread data breach of millions of citizens biometric data is of major concern.

While at rest, biometric data collected (and the associated templates generated) from biometric capture devices should be stored in a secure, dedicated secure environments to avoid theft/leakage that would expose the data to malicious usage. This is particularly relevant for networked capture devices such as cameras.

Encryption is required – whether data is stored on the device, or in the case of centralized databases on-premises, in a virtual, public cloud, or hybrid environment. In transit too, biometric data should be encrypted and sent across secure channels to prevent theft as data travels between the device and the database where it is stored.

As previously discussed in Section 3.5, secure storage of data and applications on mobile devices can be delivered through via Trusted Execution Environments (TEE) and the Secure Element.

Similarly, secure access management and user management are crucial to restrict access only to entitled persons to systems and specific information. Provision should also be made to trace and store access data from authorized individuals, as well as unauthorized access attempts.

4. Capacity building in biometrics

Privacy matters, whether in a national identity scheme, a border security environment or in a consumer-to-brand relationship.


Additional security measures can be added to support offline authentication, and to add a physical factor to support the digital ID, through passports or identity cards. While the direction of travel is certainly digital-first, physical identity documents will continue to play a key role for years to come. Indeed, the Aadhaar initiative utilizes a 12-digit code for authentication – adding the something I have to the something I am. This ability to interact with digital documentation in areas of limited connectivity is crucial in many parts of the world today.

On the application side, protection can be bolstered by adding liveness detection to address spoofing attacks such as using fake fingers to dupe a fingerprint-based authentication system (to access a device or an area), or the use of pictures/tablets – or even masks –to fool facial recognition systems.

From a functional perspective, increasing the quality of the biometric sensor, resolution of the image, the sophistication of the enrolment and matching algorithms and level of presentation attack detection will all have a positive impact on security of the application.

We also see a tremendous amount of work to secure against, and open up new, biometric vulnerabilities. Photo-morphing is one example that has been shown to create highly plausible passport photographs – using increasingly advanced algorithms.

While no security solution is 100% effective – due in large part to the need to balance security with user convenience – it is also true that exposed vulnerabilities often result from incomplete or incorrect implementation of technology (rather than the technology itself).

4.3 Data sharing In a security and law enforcement context, data sharing is a well-established norm. A good example is the Migration 5 (formerly the Five Country Conference) High Value Data Sharing Protocol (HVDSP), established in 2009 to enable the exchange of biometric data between the immigration agencies of the ‘5Eyes’ countries – Australia, Canada, New Zealand, the United Kingdom and the United States.

Latterly, the success of the HVDSP has encouraged members to develop the Secure Real-Time Platform (SRTP) to enable high volume automated exchanges. The objective is straightforward – exchange data relevant to immigration cases while maintaining individual privacy, with ‘privacy by design’ a being cornerstone, and with more biometric data becoming available sharing of such data is set to continue.

Moving beyond government, and today’s biometrically-enhanced authentication services do not, as a general rule share, biometric data. The biometry held on today’s crop of smartphones, and increasingly in biometrically-enabled smart payment cards is not shared. Rather the match is made on the device – where the biometric data is securely stored and encrypted. A simple yes/no verification message is transmitted to the Point of Sale terminal, for example.

It does however pose an interesting problem for both commercial and government policy makers as facial recognition and behavioral systems begin to dominate. The fact an individual’s biometric can be gathered (and potentially shared) without their knowledge is worrisome indeed for many. In fact, in a recent blog11, Microsoft President, Brad Smith, lobbied for a wider discussion of facial recognition technologies, calling on governments around the world to adopting laws to regulate this technology in 2019. In the EU, of course, regulations are already in force as a result of GDPR.

4.4 Standardization The majority of technical deployments benefits from leveraging industry standards – and there are many relating to biometrics. They are complex and should be fully understood in the design of any biometric-based identity infrastructure and application. This will ensure interoperability of both data and systems and to reduce development and lifetime cost. The interchangeability of components is vital too – both to simplify testing and to future systems.

However, in the biometric context, the sheer number of technical standards can create challenges for policy makers. Indeed, both the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) recommend against long reference lists of standards in this, and other, areas. When seeking to ensure standardization, and corresponding interoperability of technology solutions, policy makers are advised to work with their industry partners from the beginning of the project to ensure standards compliance.

11 https://blogs.microsoft.com/on-the-issues/2018/12/06/facial-recognition-its-time-for-action/


4.5 Operational approachesWhile the principle technology and systems to support biometric identification and authentication are mature, the operational challenges are very real, and range from enrolment and biometric capture to management models and so on. It is perfectly possible to implement a national identity scheme based on biometrics as the India’s Aadhaar initiative has shown. To date some 1.3 billion Indian citizens are registered.

Under the Aadhaar model all ten fingers, a facial scan and an iris scan are collected. To date, somewhere in the region of 256 million Aadhaar identities have been linked to bank accounts, with over 20 million accounts opened instantly using Aadhaar e-KYC. Added to this, more than 99,000 certified portable devices have been deployed. This is a major inclusion initiative requiring a significant infrastructure investment, not to mention a nationwide acceptance and enrolment process.

Of course, different use cases require different enrolment approaches. Aadhaar took a distributed approach to enrolment but a centralized one to data management.

For enrolment, the project utilized easily transportable equipment capable of operating in remote locations without electricity supply or online connectivity. This choice of bringing the enrolment to the citizen is a proven approach that drives higher engagement. However, the centralized approach to biometric data storage and management has caused many issues to highlight potential security and privacy challenges – issues that were brought before the Supreme Court of India.

In Europe, a distributed model data storage, management and authentication is the more favored approach. Here, rather than a single database holding all identity data (including biometrics), an intelligent platform (ideally using standardized interfaces), connects multiple civil registries (such as births and deaths), civil identification registries (that manage biometrics) and functional registries (such as land registries, vehicle registration etc.) and enables seamless sharing and authentication without exposing the data within each. Not only does this separation reduce security risk, it also enables governments to maximize their investments in existing systems, and eliminates the considerable operational challenges of migrating data from multiple systems to a centralized database.

Similarly, for the purposes of ensuring data protection during authentication, storing the individual’s biometry on a decentralized device such as a smart card or smartphone may also be preferred. Such a process involves less risk. The token (physical ID card or electronic ID) is kept in the user’s personal possession (or on their device), and a straightforward matching layer provides authentication.

Ultimately, in today’s world of sophisticated cyberattacks – many now targeting government systems – a distributed architecture that uses a physical token (such as passport or ID card) for authentication is a logical and secure approach.

4. Capacity building in biometrics continued


CASE STUDY

Homeland security with the US IDENT system The United States’ IDENT is the largest biometric border management system in the world, sitting at the heart of the central Department of Homeland Security (DHS) system for storage, matching and processing of biometric and associated biographic information. This Automated Biometric Identification System handles digital facial images and 10 fingerprints – taken at ports of entry and consular offices abroad of foreign nationals seeking admission into the United States.

Established in the 1990s, this continually growing database that holds over 240 million identities12. It’s a cross-department approach and combines Immigration and Customs Enforcement (ICE), Customs Border Patrol (CBP), Citizenship and Immigration Services (CIS), and the Department of State.

IDENT is currently being upgraded with Homeland Advanced Recognition Technology (HART) features to add multimodal biometrics functionality. The upgrade includes a move to a cloud-based solution with large scale lights out matching, very fast response time, increased capacity both in terms of total number of records and in number of daily transactions. The new system will include finger, face & iris deployment.

IDENT IN FIGURES13

In 2017, OBIM:

• Processed over 100 million subjects

• Identified 175K known or suspected terrorists

• Added over 15 million new unique identities

• Performed 3.8 million latent print comparisons

https://www.gemalto.com/govt/customer-cases/ident-automated-biometric-identification-system

12 http://www.planetbiometrics.com/article-details/i/5598/desc/dhs-launches-rfp-for-hart/

13 https://www.gemalto.com/govt/customer-cases/ident-automated-biometric-identification-system


The following section highlights key areas of adoption biometrics across the world today.

5.1 Frictionless travel Innovative uses of biometrics have been showcased at many airports around the world to help boost efficiencies and speed up the complete check-in to boarding process. As early as 2013, some 3000 British Airways passengers flying from London Gatwick were able to use iris scans to bag drop, clear security and board the airplane without any additional documentation.

In an example of a commercial roll-out, the automated PARAFE system (Automated Fast Track Crossing at External Borders), first introduced in 2009 and based on fingerprint recognition at Paris-Charles de Gaulle airport has been updated. Now evolved to utilise facial recognition, close to 100 automated control eGates implemented across Paris-Charles de Gaulle and Paris-Orly airports give passengers the ability to cross through the new gates faster – saving appreciable time both on departure and arrival. The updated system is now able to be used by over 40% of travellers as against 3 to 4% with fingerprint recognition.

While the vision of document-free travel has yet to be totally realised, biometric trials or even full roll-outs are well underway. In Europe 18 countries + are already using Facial allowing 200 million passengers to cross borders using their face. In Middle East and Asia, multimodal and Iris approaches are popular. Face as a single-token from Curb-to-Gate is being trialled or even rolled-out by Aruba Happy Flow (Caribbean), Changi FAST (Singapore), Sydney FPPS (AU), Emirates Biometric Path (UAE), Carrasco EasyAirport (UY), Schiphol Seamless Flow (NL), Bengaluru DYBBS (IN), and a dozen of US Airports, including Los Angeles International Airport, which are offering contactless self-service biometric boarding while CBP performs border checks (biometrics exit) at this “last point of no-return”, using face as an identifier.

Today 500 million passengers across the world are crossing borders using their face.

5.2 Secure borders One of the first, and certainly most enduring use cases, for biometric identity systems is border management. Some,

like the U.S. IDENT systems are built around an Automated Fingerprint Identification System (AFIS) to check the fingerprints of an individual seeking to enter the country against watch lists of known or suspected terrorists, criminals and immigration violators. Others, like the EU’s EURODAC system, have been designed to address specific border control and population movement issues in addition to supporting law enforcement activities.

5.3 Humanitarian aidBiometric identifiers are finding a ready market in the humanitarian aid arena. In the recent Rohingya crisis, where an estimated 688,000 refugees flooded across the border from Myanmar, humanitarian agencies and the Bangladeshi government using biometric identification systems to manage the response. Indeed, according to Oxfam, “Biometric deployment in the development and humanitarian context is now widespread and expanded beyond the remit of UNHCR and WFP-led implementations to other actors”. Biometrics continues to be a useful, if sometimes controversial, tool in relief operations.

5.4 Social inclusion With the recognition that biometry plays a crucial role in social inclusion and economic development, adoption levels are growing rapidly across the world – in support of free and fair elections, health and social protection, and a wide range of financial support programs. The standard bearer is, of course, India’s Aadhaar initiative but others are being rolled out apace across the world.

As these programmes evolve to cover whole populations (including children), citizens will enjoy fast, non-intrusive access to a multitude of digital services in increasingly smart cities and public places.

Alongside the benefits to citizens, these biometric-based initiatives bring important benefits to governments, including fraud prevention, greater governance and budget control. They also contribute to the growth of national digital economies so often the catalyst for wider economic growth.

5. Biometrics in practice

With border control becoming more automated, the use of facial biometric is globally growing. Well accepted, fast and less intrusive, facial biometry also benefits from being available to cross reference on electronic passports. From a technology perspective, automation can be completed using gates and kiosks, or in zero touch scenarios such as delivering a smooth, fast and frictionless passenger boarding experience by just looking at a smart camera, on-the-move.

Leveraging biometric data and existing infrastructure to promote Cash-Based Assistance and streamline delivery is becoming an established approach to managing crisis. Developed to combat fraud and guarantee much-needed financial support reaches its intended recipients, biometry provides a card-less and PIN-less system to ensure identity in real time. This approach also significantly increases traceability and local accountability.

Facial biometrics to speed immigration

Cash-based intervention (CBI) and biometrics


CASE STUDY

Supporting asylum seekers with Eurodac The European Dactyloscopy System (Eurodac) is the EU’s asylum fingerprint database. It contains the fingerprints of all asylum applicants from each Member State, as well as fingerprints from those apprehended in an irregular border crossing. Its primary role is to assist in determining the Member State responsible for examining an asylum application made in the EU and to implement the “Dublin Regulation”.

Eurodac was the first biometrically enabled system commissioned by the European Union, and the first multinational biometric system in the world. The system captures and enrols all ten fingerprints, the state sending the data, the place and date of the international protection application, together with the individual’s gender and a reference number.

In response to the EU migrant challenge, proposals are now being considered by the European Parliament to increase the information stored in Eurodac about individuals, for example in order to assist in reuniting family members.

Where Eurodac differs most from many other AFIS systems is in its unique workflow requirements which are designed to ensure that only Member States can change or read their own records, while ensuring that individual freedoms and rights are protected in the event of an individual being granted asylum or citizenship of a Member State.

With the numbers of asylum applications growing rapidly (numbers grew six-fold between 2005 and 2015, from around 200K to over 1.2 Million per year), the capacity of the system has to be scaled accordingly. Today, the system manages over 7 million records, delivering a high degree of accuracy by ensuring that each and every fingerprint record is checked in a one to many search.

EURODAC IN FIGURES

In 2016, Eurodac processed:

• Over 1 million fingerprints for applications for international protection

• Over 370Kfingerprints of persons from irregular border entries

• Over 250K fingerprints of persons suspected of being illegal immigrants who failed to gain asylum on the territory of a Member State

https://www.gemalto.com/govt/customer-cases/eurodac


As we have seen, biometrics have fast evolved into the de facto authorization and recognition mechanism for a range of EU-wide and national government-led services. This trend is set to continue, with access to a growing range of services – from frictionless, multi-modal biometric end-to-end journeys at airports, through voice-enabled banking to iris-based voter registration and migrant processing, and much more.

Whether the chosen biometric is fingerprint, iris, face or voice (or the latest behavioral options), the issue of selecting the right biometric, or combination of biometrics, to get the job done (whatever that may be) is crucial. Of course, there’s more to consider: not least the acceptance levels of the audience in question.

As we have seen, there are vulnerabilities and challenges – and not just in the biometric itself. The complexity of design and deployment, and the need to ensure an ethical approach that champions the privacy rights of the individual are also key.

And while millions of people are comfortable using their facial or fingerprint biometric to log into their smart devices, there remains significant number of citizen and third sector concern when it comes to exposing more of their biometry to growing numbers of government and private organisations.

In Europe, the presence of the GDPR is a major factor in developing a baseline of best practices that ultimately becomes the launchpad for new biometrically-enhanced services and applications. But, of course, while GDPR is an international bench-mark, it is certainly not a globally adopted standard. A foundational pillar the Privacy-by-Design principles and framework established by Dr Ann Cavoukian from the University of Ryerson in Toronto (CA) back in the 1990s, is increasingly becoming an inspiring source of best practices to create global standards.

Added to this, the rapid proliferation of online identity creates innumerable opportunities for fraudulent use. While the unique characteristics of a biometric go some way to addressing the challenge, enrolment and registration processes and methodologies must remain robust and secure.

However, risk is not limited to large scale data breaches and fraudsters. On a wider point, the growing usage of online services requires citizens to present a unique identifier that is accepted everywhere. Governments have a real opportunity to create that identity based on citizens biometry. If they do not, commercial organisations – those that already provide identity-based services including Apple, Facebook, Google and others – will come to the fore.

SIA believes that governments are best placed to provide the foundational, legal identity for their citizens. This includes biometric identity. It is a matter that goes beyond operational considerations, technology discussions and models of implementation, to the very heart of national sovereignty and citizen security. There is, without doubt, a role for private organisations, but this is one of access to online services, not in creating and managing root identities upon which all citizen interactions and protections are based.

Ultimately however, policy makers across are increasingly moving in this direction. To ensure initiatives are both responsibly designed and operationally efficient, the SIA has developed a set of best practice guidelines to help European policy makers’ ability to make informed decisions.

6. A time for action


CASE STUDY

Financial assistance for refugees with UNHCR in Syria-JordanHaving integrated iris enrolment into its corporate registration software back in 2012, UNHCR extended deployment into Egypt, Lebanon, Iraq and Syria. By 2015, over 2 million refugees had been registered – a process that involves recording iris biometry for all refugees (over 3 years old) arriving in Jordan. Those eligible for financial assistance receive an SMS and are able to withdraw cash from iris-enabled ATMs in every governorate throughout Jordan. With 78% of refugees within Jordan living outside of camps, this ability to provide financial support on a large geographical scale was crucial. In addition, iris-enabled POS devices have been deployed in the supermarkets of UNHCR camps.

CASE STUDY

Voter registration program in Burkina FasoWith 16 million inhabitants and over 7.5 million under voting age, Burkina Faso was seeking to restore the credibility of, and citizen confidence in, its electoral system. This required establishing a database of qualified voters to address issues of multiple voter registrations. This national project was completed within three months – enrolling all citizens, even those in isolated and remote rural locations. Over 3,500 mobile enrolment stations were delivered, enabling over 100 voter registrations a day. Over 3,800 CENI operators were also fully trained in enrolment technologies and methodologies.


7. Best practice guidelines in biometric-enhanced ID

The following best practice guidelines from the SIA not only address issues around the design, implementation and ongoing management of biometrically-enhanced identity systems, but aid policy makers in fully understanding and addressing the wider ethical, legal and privacy questions that sit at the heart of these complex environments.

• Expertise Beware of developing or acquiring of a biometric system without fully understanding what you need, and make sure the solution delivers on objectives. Biometrics is not once size fits all. For a major system, relevant experts need to be involved from the outset. Some requirements may be more complicated than a non-expert may expect: discussion to understand why the advice is being recommended can be a useful learning for the team, before a business decision is taken.

• Modality As we have seen, many different types of biometric are possible – be that face fingerprints, iris, voice or a combination. Each has different characteristics and requirements. Deciding which modality – or modalities – are required for a new system may be complex. Will requirements change, e.g. to add a further modality during the life of the system? Is simultaneous processing of multi-modalities (multi-mode biometrics) required? Similarly, it is important to judge the proportionality of using multi-modal biometrics against the use case and benefits of adding additional system complexity.

• Standards There are many standards relating to biometrics. They are complex, and the relevant ones need to be understood. Compliance with relevant standards has important advantages – interoperability, of data and systems; faster and cheaper development of solutions; lower lifetime cost (initially and when upgrading the solution); interchangeability of components; easier and better testing. In a broader context a ‘standards’-based approach also includes professional learning and norms, and consistency in the uses of technical vocabulary to improve communication. Your industry partners will be able to guide you through the complexities.

• Accuracy and quality Achieving accuracy and quality of biometric samples recorded on a system is critical to obtain reliable results from the use of the system. Enrolment of each record is a vital step—if the quality of samples captured and stored is poor, results will be compromised while that system and data remain in use. Accuracy is key, of course, and should a result prove inaccurate, it is possible to cascade down from a facial biometric to fingerprints etc. As the paper notes, it should be stressed that additional modalities alone do not guarantee a greater degree of accuracy. Many other considerations are required, including the algorithms.

• Algorithms The algorithms used to capture, encode and compare biometrics have an important bearing on how well and how efficiently the system will perform, how flexible the system will be (for example in handling biometric samples or images that are significantly degraded), and in being able to detect attempts to deceive (or ‘spoof’) the system by presenting a false biometric sample or image (Presentation Attack Detection (PAD)).

• Testing Testing a biometric system is critical. For larger systems it can be a major undertaking. Testing is not just something undertaken as a final stage but begins with a sound strategy related to the circumstances of the system being created, how to prove that it works as intended, delivering acceptable accuracy, for all its use cases. Significant quantities of test data may be needed and must be created or built. How will the quality of the system continue to be proved during its lifetime?

• Performance How will the size of the system grow over time? Searching and processing biometric data can be computationally intensive: setting up a large biometric database that will be used by many users demanding fast response times, all of which will expand year by year, requires major and efficient processing power. That too needs to be tested and monitored. Cloud services may help in dealing with requirements for flexibility and growth, but there is no ‘silver bullet’ or easy answer. Again, this comes back to proportionality and the right solution to fit the use case. If vast, highly performant, multi-modal systems are not required to achieve the outcome, then it makes commercial and operational sense to avoid such over-investments.

• Security and privacy A biometric system is inherently one that stores personal data, which therefore needs protection from attack and from improper processing, such as disclosure to anyone not entitled to receive it. Loss of personal data can be very damaging for the subject(s) and for the owner of the system and is subject to legislative protection – and potential penalties. Protecting data effectively not only relates to technical system security but to business processes and therefore staff training in the use of the data. Security is also important for protecting the correct functioning of the system, avoiding corruption or loss of data or processing capability of the system itself, for example in the event of cyberattack. Additionally, user protections are critical, such as clear opt-in, opt-out, the right to review data, and the right to delete data. While such protections are enshrined in the GDPR, they are not yet universally available. However, for each implementation of a biometric program within a governmental and/or commercial ecosystem, it is highly recommended, before any implementation can take place, to at least perform a Privacy Impact Assessment (PIA) exercise, conducted by accredited agencies or specialized law firms to guarantee that


this program is in full adherence with the GDPR regulations and/or the national legislation at stake in the country of deployment.

• Integration A biometric system is not built for its own sake, but to create a biometric capability to support a broader business purpose. Therefore, effective integration, for example of planning, strategy, data, networks and user functionality, has to be envisaged from the start – and delivered. Look for partners with solid reputations, proven portfolios and a clear vision of the desired outcomes.

• Change and growth A system is unlikely to remain the same throughout its life. As a minimum there are likely to be new software releases which will need to be adopted; probably growth in the number of records and users to be accommodated which may require by design a comprehensive scalability strategy to grow as it progresses, while there may also be extra requirements that are added after the system has come into use. It is helpful to

consider these factors in advance, and to think about how they could be accommodated if and when they are needed.

• Proportionality As we have seen in this paper, Biometry offers significant problem-solving potential – from secure borders through to social inclusion. But along with great power comes great responsibility. It’s vital to remember biometry is deeply about personal information and should be operationalized appropriately, proportionately and ethically. Using facial biometric capture to, for example, deter thieves from stealing toilet paper is arguably disproportional and raises ethical questions – particularly with regard to how that data is stored and processed. In Europe, GDPR rules are quite clear, however similar regulatory oversight doesn’t exist everywhere. Just because governments can capture biometry doesn’t mean they should, and the use must be ethically as well as operationally appropriate under clear legitimate purposes.

CASE STUDY

Reliable access control: Verifying visitors’ identity at Munich security conference Munich Security Conference (MSC) is a high-level conference that brings together key decision makers of the international security community. For the 2019 event, walk-through portals and software that verify the visitors’ identity by reading badges on-the-move have been used. The technology improves verification, speed, and convenience: badge holders only need to step through a portal and their information is immediately verified through an advanced biometric face recognition technology.

Verification of the badges can also be carried out by specialized handheld RFID readers and smartphones, which then show the security personnel the provided picture of the participant for manual verification. The verification times were significantly reduced and the traffic flow improved.

The solution is based on secure ultra-high frequency RFID. It allows only authorized devices to read high-security contactless chips from a short distance. The result is a state-of-the-art authentication technology that has been successfully introduced at the MSC and that can be implemented in any situation that requires reliable access control.

https://www.veridos.com/en/news/munich-security-conference-benefits-from-veridos-innovative-authentication-technology.html


CASE STUDY

Aruba international: An innovation launchpad connected to the worldAruba International Airport has shaken the aviation industry when it launched Happy Flow™ in 2015. It was the first 100% biometric paperless airport journey ever, with two main objectives in mind: demonstrate the feasibility of the IATA OneID concept from curb to gate, while exploring the framework of a possible EU Schengen pre-clearance concept. The program is now running for four years, under a cooperation model between Aruba International Airport, Schiphol Airport, KLM, The Aruba Government and the Government of The Netherlands.

The end-to-end solution consists of a streamlined sequence of user-centric self-service touch points, from check-in to boarding the aircraft, coordinated through a Privacy-by-Design certified orchestration platform allowing all the stakeholders to benefit from real-time collaboration. At all choke-points, the passenger’s face image is the identification token. The program is a premium example of the crucial role of Governments as Identity Brokers to establish risk-based border control while enabling a multi-party passenger flow management process. For the first time, security and facilitation are coming together as a balanced equation.

Aruba is undergoing unprecedented expansion under the Gateway 2030 program, which will be the theater of new joint innovation sprints in Seamless Travel. One of the initiatives being planned is the implementation of a new Pre-clearance framework with USA Customs and Border Protection. This innovative concept offers on-the-move biometric technology supported by a cross-border enabled collaborative platform, allowing for a 100% frictionless experience for US returning travelers.

SOLUTION OVERVIEW• Single token operation since 2015, using facial recognition

• Check-in, on-the-move bag-drop, automated border control, self-service boarding

• Includes biometric processing at departures and arrivals

• It only takes 3 seconds to board a passenger in the plane

• 33 nationalities are eligible, with passengers starting from 8 years of age

• Consistent +95% success rate at boarding

• Includes Appy Flow, a mobile ID application for biometric check-in

CASE STUDY

Hamad international: Multimodal biometrics for cutting -edge border controlHamad International Airport (HIA) aims to be a landmark for Middle East as well as to the world as a cornerstone for the economic development of Qatar. Inaugurated in 2013, the Automated Border Control System is enabled by 65 multimodal (facial, iris, fingerprint) eGates for a differentiating solution that ensures a speedy passage with high levels of accuracy, suitable for all type of passengers’ eligibility criteria. A safe border control process and a pleasant passenger experience.

The deployed solution can perform both enrolment at first usage and border control processing at the same eGate, just by using ePassport or Biometrics national ID cards. Processing of passengers is made through a 2-step mantrap configuration where the passenger is always in full control of the process, while the Ministry of Interior of Qatar supervises the operation.

By allowing multiple passengers profile to use the solution through multimodal biometrics capability, the State of Qatar is achieving a maximized eligibility rate of over 70% automation usage, while taking advantage of their advanced Border Control backend to guarantee a best-in-class risk-based border control approach.

SOLUTION OVERVIEW• Operating since 2013

• 65 multimodal eGates in 3 Terminals – facial, iris, and fingerprint enrollment

• Over 2 million passages per year

• Performs enrolment at 1st usage and border control processing at the same eGate, just using ePassports, eID and multimodal biometrics

• 100% of Qatar Airways staff uses the Gates at the border

• eGates are enhancing passenger experience through their simple usage, security, sense of control and design


8. Driving value through partnership

Ensuring the success of proportional, ethical and outcome-driven ID programs is both an economic and social imperative. As the biometric-enabled identity market continues to rapidly evolve, it is more important than ever for regional and national governmental bodies and policy makers to make use of experience and expertise of today’s wide and deep community of experienced best-of-breed partners.

The Secure Identity Alliance is an expert and globally recognised not-for-profit organisation. We bring together public, private and non-government organisations to foster international collaboration, help shape policy, provide technical guidance and share best practice in the implementation of identity programmes.

www.secureidentityalliance.org
