Biometrics: much more than just fingerprint and face recognition
17-05-2022 Autor: Jan TisslerRecognising people by their fingerprints or facial geometry has become commonplace. At the same time, researchers are developing other methods to recognise people by their bodily or behavioural characteristics. And while this might be useful, it is also alarming data protectionists.
It wasn't so long ago that TV series and action films had something unique going for them: every respectable secret underground laboratory had an eye scanner at the entrance. And the Starship Enterprise board computer could not only recognise speech, but even the speakers by their voice alone. How futuristic!
What exactly is biometrics?
All these examples fall into the category of "biometric recognition methods". They use the most unique, unchanging and easily measurable characteristics possible to identify people. The methods can be roughly divided into two groups referred to as physiological/behavioural, or passive/active, but also static/dynamic.
At the same time, biometrics is one of those science fiction concepts that has now become commonplace. It is highly likely that the readers of this article own at least one device for which they use a fingerprint or facial recognition login function. And smart speakers bring the Enterprise feeling into our homes for less than 50 francs.
Biometric methods have become popular because of their extreme practicality and the fact that the necessary technology is now more affordable. They sometimes replace other security mechanisms such as passwords or access codes, for example when a smartphone recognises our face and automatically unlocks. In other cases, they supplement identity cards for example, to offer better protection even against forgery.
However, certain recognition methods can also be used for surveillance, even without the knowledge of the person being watched. More on these and other criticisms in a moment.
Physiological, passive methods
The aforementioned fingerprint and facial recognition methods are examples of physiological biometrics: in other words, they measure something to do with our body. The "eye scan" we mentioned above also belongs to this category, whereby details of the iris are measured, or else the blood vessels in the eye or on the retina, depending on the method. Speaking of blood vessels: the vein structure in the hand or foot also lends itself to this technique.
Other methods analyse our hand geometry, the structure of our hand lines or nail bed pattern. Even the shape of our ears is unique enough to ensure our recognition. And it may seem a little strange, but people can also be identified by body odour.
Last but not least, our genetic material in the form of DNA is rightly known as a "genetic fingerprint". In this case, however, a sample is needed for examination, making this information much more difficult to obtain compared to the geometry of our face, for example.
Signatures and handwriting also belong to this category while nonetheless overlapping with behavioural methods.
Behavioural, active methods
"Active" methods look at how we behave or move. If, as we said, we look at signatures and handwriting, it is not only the end result that will be evaluated: the analysis will include details of how we write – the pressure exerted, the tempo, the rhythm. And what's more, it doesn't just cover manual writing: typing behaviour on a keyboard is also unique enough for recognition purposes.
Ir exImple is voice recognIn, which ideally examines not only pitch, but also how the person speaks: pauses, intonation or pronunciation are further points of measurement. Even lip movements vary to such an extent from person to person that they can be adopted as an additional means of identification.
Last but not least, each person's gait: We often recognise people from a distance if we know them well enough. A computer can do the same.
What do data protectionists criticise?
By combining recognition methods such as facial geometry or gait with now ubiquitous security cameras, it is effectively possible to create personal movement profiles. The potential misuse of these techniques is therefore a major point of criticism by data protectionists. The line between "active protection of the population" and "warrantless mass surveillance" is much too thin as far as they're concerned. In a previous article, we explained why automated facial recognition is so strongly criticised for precisely this reason.
Experts warn that such detection methods are able to capture other sensitive data, such as a person's gender or ethnicity. Moreover, not all methods are as accurate as one might hope, which could lead to innocent people being targeted by the authorities.
In addition, it must be considered that biometric features cannot be changed if the stored information falls into the wrong hands. If there is a password leak, you can create a new one. But a person's fingerprint can never change.
Of course, biometric data can be stored securely. Various types of encryption are used in this regard, among other things, to make the information as unusable as possible for data thieves. The systems must also improve the ability to recognise when they are dealing with a forgery, for example manipulated fingerprints.
Closing words
Like almost every technology, biometric recognition methods have two faces: on the one hand, they offer an easy and convenient way to secure access to buildings or devices. They can also support police work. On the other hand, these methods and the information they collect can be misused.
These techniques should therefore not be demonised across the board. Rather, it is important to use them consciously and conscientiously.
