Heathrow Tests Biometric ID

Heathrow airport is testing an iris scan biometric machine to identify passengers at customs.

I've written previously about biometrics: when they work and when they fail:

Biometrics are powerful and useful, but they are not keys. They are useful in situations where there is a trusted path from the reader to the verifier; in those cases all you need is a unique identifier. They are not useful when you need the characteristics of a key: secrecy, randomness, the ability to update or destroy. Biometrics are unique identifiers, but they are not secrets.

The system under trial at Heathrow is a good use of biometrics. There's a trusted path from the person through the reader to the verifier; attempts to use fake eyeballs will be immediately obvious and suspicious. The verifier is being asked to match a biometric with a specific reference, and not to figure out who the person is from his or her biometric. There's no need for secrecy or randomness; it's not being used as a key. And it has the potential to really speed up customs lines.

Posted on October 26, 2006 at 1:04 PM • 27 Comments

Comments

Para NoidOctober 26, 2006 1:29 PM

I may have an extreme view, but I object in principle (as a right to privacy issue) to gathering and storing any biometrics, unless of course one is convicted of a serious crime. And even then, I'd like to see protections that the data is stored securely and not released unless there is a strong need and cause by the FBI or police. The potential for abuse is too great. Personal data is already too pervasive and persistent.

It would be a pretty nightmarish world if the government sells or allows access to private corporations of biometric information. I really don't care to be identified by a face-recognition system every time I walk down the street or into a store. Unfortunately, that may not be very far away if things keep going as they are.

AlanOctober 26, 2006 1:41 PM

Biometric ID's can be copied / stolen / forged. In a meaningful way that makes them non-unique. To verify the ID, one has to prove that it belongs to the person presenting it as proof of identity. It's no different from a login id in that respect. For strong authentication it needs to be supported by something secret -- something you have or something you know.

OnurOctober 26, 2006 1:47 PM

What I wonder is can iris biometrics be forged with something like a special crafted contact lens?

Dom De VittoOctober 26, 2006 2:01 PM

Of course. Why special?
You can get ones in shops that change your eye colour, give cat-eyes etc. etc.

It's a bit of round plastic.

Most iris scanners, IIRC, don't check for iris variation during the scan, and match min/max iris variation (which is also individual).

MarkOctober 26, 2006 2:01 PM

You may well know more about this implementation than the article covers, but the article makes no claim that the biometric identifier is being matched against a specific reference (e.g. does this iris scan match a field in this scanned passport?). Rather, it indicates that the iris scan is used to pick out a passenger's records from a database of all possible passengers, or at least that subset of all possible passengers who have been previously entered into the system. When used on a global rather than enterprise basis, that sounds to me like your bad use case, figuring out who the person is from her biometric.

Davi OttenheimerOctober 26, 2006 2:03 PM

Heh, I noticed this quote in the article:

"The iris is much more unique than the fingerprint and is the most unique thing on the outside of the human body"

Hmm, he must have mentioned "outside" for a reason. Perhaps they do not wish to be compared with upcoming skeletal/dental scans. It used to be impossible to display all the uniqueness of a human's internal data to a monitor for human review, but if you're just trying to compute a digest and compare it to a known value...bones seem like something that would be stable enough to use.

"There's no need for secrecy"

Except that the retina data has to be stored for reference. That makes it necessary to keep the key to create the digest of the retina a secret, no, as the match is based upon stored data points?

And since the objective of this system is speed, doesn't that mean someone could compromise the stored data to make a fake eyeball/retina that would bypass the control? Not that I'm saying this is likely, but it sounds like a computer match is the *only* thing preventing someone from getting through the control point:

"Instead of showing their passport on arrival they will go into a kiosk where in seconds a camera will check that the pattern of their iris matches computer records. If so a barrier will automatically open. "

Davi OttenheimerOctober 26, 2006 2:05 PM

"It would be a pretty nightmarish world if the government sells or allows access to private corporations of biometric information."

An eye for an eye...?

PerfDaveOctober 26, 2006 2:25 PM

Unfortunately, the British National Identity Register will permit access to the biometric information stored thereupon by "selected commercial partners", not to mention 400,000 civil servants who are assumed trustworthy.

They've been trialling a system like this at Manchester Airport too, with very little success...

MaikOctober 26, 2006 2:51 PM

A similar system was tested at Frankfurt/Main Airport (FRA) here in Germany. From a practical point of view, the results were horrible, the system was, at its best times, barely usable.

The project was continued as a permanent installation anyway. This is, of course, completely unrelated to the fact that Mr. Schily, who was the minister of the interior at the time and therefore politically responsible for the original project, now just happens to be on the board of directors of the biometrics company that sells the equipment used in the project.

Tell Me More About My EyesOctober 26, 2006 2:59 PM

A $70,000 retina scanner at HQ USAFE was officially decommissioned after too many false negatives. Too many high-ranking people who liked to party were coming to work the next morning with bloodshot eyes. They're better off with a hand scanner if they have to do this sort of thing at all.

KevinOctober 27, 2006 3:34 AM

Google "Privium".

It's the Iris scanning system that's been in use (for EU citizens only) at Schiphol airport in Amsterdam for some time.

arctanckOctober 27, 2006 4:08 AM

Some countries like Malaysia are actually using finger prints as the biometric ID, not just for trial. So is iris scan really a significant step forward from finger prints? It seems that different countries are trying to take up different technologies...

Tim KirkOctober 27, 2006 4:11 AM

A friend was telling me about this yesterday...

"I think the same thing might also apply to smiling with your eyes...so here's another cautionary tale about passport madness.

To save yourself unnecessary grief whilst travelling abroad, you may want to think twice about the new iris recognition technology now available in most UK airports. The idea is that once you sign up for it, you supposedly flash your iris in a special booth when re-entering the UK and you're let back in, avoiding the need for lengthy queuing to show your passport and any such tedious time-consuming nonsense. Since I'd already bought my duty-free's and still had 20 minutes to kill in Manchester airport on my outward flight, I signed up for it right away.

Well, based on experience, once you're plane lands you can now look forward to standing in the iris booth - which'll be thoughtfully positioned in full view of the immigration queue, so all passengers waiting at passport control can have a good gawp and snigger at what you're doing - and then mess around getting your iris photographed while the normal immigration line gets longer and longer....and longer, before finally giving up and skulking off to join the back of the normal line once the highly sophisticated iris recognition software decides it doesn't want to recognise your iris.

I found it to be a thoroughly valid and entertaining way to finish off my holiday and luckily so did [his wife], who'd made it through passport control a good 10 minutes before I did and didn't stop laughing about it all the way home."

It might be a good place to use biometrics, but it looks as though the technology is not yet reliable enough to actually be useful.

arctanckOctober 27, 2006 4:34 AM

@Tim Kirk
Did your friend not need to do an iris scan during the signup? If the signup can be done in less than 20mins then that's quite impressive, as surely they will need to store your friends passport details and ask a few questions as well.
Anyway, I wasn't aware that I could signup when I travelled from Heathrow (Terminal 1) recently. Maybe I need to pay a bit more attention next time

AlexOctober 27, 2006 7:35 AM

Its deployment at Terminal 4 appears to have considerably reduced the immigration control's throughput, judging by the cake-and-arse party in progress there the last time I travelled through it. Nobody uses it, it takes its time to check the few who do, and it takes up a couple of posts' worth of space (and no doubt budget).

Mr PondOctober 27, 2006 7:37 AM

If the hardware & database are sufficiently reliable then this should be a good system - as someone else noted above, carrying fake eyeballs or manufacturing special constact lenses (would the "contact lens plot" take account of the 3D distortion of the iris image do the the unique sphericity of an individual eyeball? I doubt it.) are very much the stuff of movie plots.

In fact, I seem to remember a faked contact lense being used by someone in a James Bond film to steal some nuclear weapons. QED.

MSOctober 27, 2006 7:46 AM

From the BBC article:
"The entire procedure only takes a few seconds and there is no contact with the body OR WITH LASERS OR OTHER POTENTIALLY HARMFUL LIGHT SOURCES."

Hmm. There might not be here and there might not be now, but how comfortable would you feel about that if you were persona non grata in a different time or country? An 'enemy of the people' whose 'subversive activities' were a 'threat' to 'security'? Maybe you're a defense lawyer in Russia...
http://www.washingtonpost.com/wp-dyn/content/...
or a distributor of 'propaganda' in England if New Labour continue their astonishing assault on liberty
http://news.bbc.co.uk/1/hi/uk_politics/...
Since the very purpose of the system is to identify you, it would be a snap to ensure an 'unfortunate malfunction' for those who were disfavoured; the motive is clearly there since there are few better ways to undermine political dissent than to blind people. Might it not even be possible to have it do just a small etching of the retina every time you pass, unnoticeable, but blinding you over time until eventually your everyday life becomes so tedious as to severely impair your ability to resist? Paranoid thoughts maybe, but governments have done worse - MUCH worse - to their citizens so many many times in the past.

AnonymousOctober 27, 2006 8:24 AM

I fear and hate biometric technology like the devil. The problem is that it gives away too much data for abuse.

One can not only detect visual impairments, alcohol and drug consumption from an iris scan, but also eye-unrelated diseases, race, and probably soon infer statistics about the genes like life expectancy, aggressiveness, probability to break the law etc.

I was happy to learn that the iris changes so much over only three months that one must reregister. Not because that protects from abuse of the data, but because I hope this stops widespread adoption and acceptance so I can get away without compromising the integrity of my privacy.

I don't care how fast, convenient, expensive, or precise the scan is. (Except that I hope it remains too bad to become mainstream.) I care and insist that data about my very self remains private.

There will never be a "trusted path" for me because I cannot verify that the path is trusted. There can be a big label on the box saying "privacy proof - processes only one-way hashes", and I still don't know which government- or corporate-sponsored secret backdoor stores (a statistical guess about) my gene quality to a database that will be used for the next genocide or to compute my health insurance premium.

I rushed to get another passport before new biometry-equipped ones were introduced. Once it expires I will need to migrate to another country that respects my privacy. I don't fly because that leaves too many tracks, and because I fear the other country won't let me fly back without taking my fingerprints or more. I pray there will be no crime in my city so the police has no excuse to take my fingerprints or, god beware, a dns sample for the state's biometry database. I know the clock is ticking. One day I must leave, maybe to india or russia.

But maybe this wariness will safe my life, while others who applaud today might perish in toxic gas because the mighty of that time decide that some gene sequence has no place on earth.

derfOctober 27, 2006 1:05 PM

I wonder how many scans do I have to go through before my vision becomes impaired? Will airline travelers be stumbling into each other after a year or two?

Local police a couple of years ago rounded up about a large number (>50) of white males that fit the profile they had created on a serial killer and took DNA samples. The profile basically fit any white male between 20 and 40 and between 5' and 7' tall. Somewhere around 1/8 of the state's population fit this profile, so the police could have swabbed a lot more had they been in the mood. When they finally caught the actual killer, it turned out he was black. The poor unfortunate souls who had their DNA stolen have been trying unsuccessfully to have that record expunged. The moral of the story is that once you give up your private data, you can't put the d'jinni back in the bottle.

LoganDecember 6, 2006 1:59 PM

Why not using a fuzzy scheme to store information in the database... It is probably a better way than record directly the biometric characteristic... If the database is compromise, you won't have to change your iris ;-) It must hurt just a little... I put a small picture to explain the concept on my blog http://servalx02.blogspot.com for people, who are not familiar with the concept...

reddyMarch 10, 2007 4:00 AM

we are interested in Stand-alone Panasonic Iris scanner for use in our ID Card application.

Will that work in our Application without problems & that too without the need of computer.

reddy,omtel@rediffmail.com

reddyMarch 10, 2007 4:01 AM

we are interested in Stand-alone Panasonic Iris scanner for use in our ID Card application.

Will that work in our Application without problems & that too without the need of computer.

reddy,omtel@rediffmail.com

TeriJanuary 15, 2008 3:40 PM

I think the customs/security staff at heathrow need to master the art of patting people down without sexually assulting them before they can even consider an Iris scanner.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..