The result is facial biometric systems that are delivering “close to perfect” performance with miss rates averaging a mere 0.1 per- cent. These types of biometrics are the most reliable and accurate forms of identity verification in the world when compared to tra- ditional user verification.
It is also important to remember that facial recognition can be just as effective at providing exculpatory information as it does inculpatory information – meaning it can be used to clear inno- cent individuals as well as it can confirm a guilty party.
What needs to happen. While differences in algorithms’ per- formance have been studied in laboratory testing by public and private organizations globally, performance in real-world settings must be a focus for all biometric stakeholders. Overall, the in- dustry needs to continue training algorithms on the most robust, diverse data samples across demographic groups and ensure test beds are incredibly diverse.
Furthermore, conducting these comprehensive, real-world evaluations provides a fuller picture of the effects (positive or negative) of biometric identification technologies on communi- ties that have faced historical patterns of disadvantage.
In addition, the government needs to continue focusing on ef- forts to ensure civil rights are protected when it comes to biomet- rics. For example, in March 2024, the Office of Management and Budget (OMB) issued a memorandum on governance and risk management for federal AI use. As one example of how this mani- fested, the Transportation Security Administration mandated that airlines nationwide had to offer alternative forms of verification to biometrics, without requiring people to sacrifice their place in line.
BREACHES OF BIOMETRIC DATA
ARE A SIGNIFICANT THREAT
Biometric data collection is perceived to pose serious data se- curity and privacy threats, with the survey highlighting worries about data breaches and misuse of personal data topping the list of concerns about biometric authentication.
Insights. By far, consumers prefer that a biometric system stores data locally on their device. In many cases, this is already happen- ing, and there are other ways to circumvent the challenges asso- ciated with storing biometric templates, including stateless APIs. With stateless APIs, data persists only as long as is needed to do the transaction, and then it’s immediately discarded after that.
Other examples of how biometric data can be protected in- clude the “cancellable biometric” – where a distorted biometric image derived from the original is used for authentication. For example, instead of enrolling with your true finger (or other bio- metric), the fingerprint is intentionally distorted in a repeatable manner and this new print is used.
If, for some reason, your old fingerprint is “stolen,” an es- sentially “new” fingerprint can be issued by simply changing the parameters of the distortion process. Finally, one of the most groundbreaking new techniques involves breaking biometric templates down into anonymized bits. This approach to breaking biometric templates up and storing data throughout a network in the form of anonymized bits makes it virtually impossible for a
hacker to access complete biometric templates.
What needs to happen. There needs to be continued advances
in protecting data so that even in the unlikely event that a hacker can access biometric data, it would be useless.
And, of course, best practices need to continue being followed, such as never storing biometric data alongside personally identifiable infor- mation (PII), so that even if data was accessed, it would be useless.
Moreover, according to the study, significantly more consumers report feeling uninformed versus informed about how their biometric data is being stored and used. Organizations offering biometric authen- tication therefore have an excellent opportunity to better inform con- sumers, building consumer confidence and acceptance even further.
RELUCTANCE TO PROVIDE BIOMETRICS
WILL LEAD TO ABANDONMENT
There is a conviction that biometrics will lead to end users aban- doning an enrollment or process, particularly when there’s a lack of alternative options to biometrics offered.
Insights. The study showed that proper implementation of biometrics – including transparent policies and appropriate opt- outs, for instance – contribute to organizational trust. Further- more, most end-users indicated they are already sharing biomet- ric data for ease of use in many areas of their lives today. Offering support for multi-modal biometric options also helps, giving con- sumers the option to authenticate via the modality they are most comfortable with (fingerprint, face, voice).
What needs to happen: Above all else, organizations offering biometric authentication need to promote transparency. The public must be provided with sufficient information to under- stand how and when they are interacting with biometric identifi- cation technologies; if not, this can lead to heightened suspicion and a lack of public trust.
Information should always be posted in an easily understand- able format on organizations’ websites, and clear notice should be provided in all places where biometric data is being collected. Alternative methods of authentication should always be offered; furthermore, the availability of multi-modal biometric options provides much appreciated flexibility.
Organizations have a tremendous opportunity to capitalize on the benefits of offering biometric authentication, as it is the only form of identity verification that effectively balances and delivers superior security combined with an exceptional end-user experi- ence when compared to traditional authentication methods.
The organizations that correctly leverage biometric products will be those that deploy only the top algorithms to prevent bias; use in- novative techniques to secure biometric data; and are fully transpar- ent about when and how biometrics are being used. By providing multiple biometric authentication options and
always offering an alternative, non-biometrics-
based means of authenticating, organizations canstaycompliantandwinend-usertrust.
Heidi Hunter is the chief product officer at Aware.
   54
SEPTEMBER/OCTOBER 2024 | SECURITY TODAY
EMERGING TECHNOLOGIES