Assessing Biometric Technologies
Several key measures reveal the ability of a biometric identification/authentication system to function reliability. When evaluating the reliability of a system for straight identification, the predicted number of rejections should be very small, but the predicted number of false acceptances should be improbable to the point of practical impossibility. Where a system will be used for authentication as part of a two-factor scenario, balance of false rejections and acceptance is more relevant. Here the system functioning in a context with other controlling factors—asserted identity, user facilitation, and so on— that can operate conveniently in addition to reliably. Three principal reliability measures are normally described for biometric systems.
| False Accept Rate (FAR) | The False Accept Rate (also called Type I error) indicates the percentage of
unauthorized attempts that will be erroneously accepted. Even interpreted
in terms of how many attempts are expected in the system, this number
should always be as low as possible. Identification systems should have a
false accept rate as close as possible to statistical zero. |
| False Reject Rate (FRR) | The
False Reject Rate (also called Type II error) indicates the percentage of
authorized attempts that will be erroneously rejected. False
rejections are more acceptable than false accepts because they can usually
corrected by a second attempt. This number should always be as low as
possible. The more frequently authorized users are rejected, the more
greater the risk to project acceptance. |
| Equal Error Rate (ERR) | The point where the lowest False Accept and False Reject rates intersect is the Equal Error Rate. A very low number for ERR indicates a system with a good balance of sensitivity. |
The phrase "statistical zero" is used here to describe a non-zero level acceptable risk. For example, if a scenario presented a 1 in 1000 chance of false accept, the probability of compromised security would be high. If the odds were 1 in 1 billion, the probability of false accept actually occurring would be a practical zero. A two factor authentication scenario can drive the odds out even further. Probabilities are indifferent matters, however, and a failure anticipated as statistically possible only once in a billion years could still happen the next time the system is used. Every system needs to operate in a context of security policy and planning.
Issues to Consider
The issues of privacy, anonymity, and community standards surface at the center of an implementation of biometric identification. It is in the nature of the technology to excite concerns about loss of control of information or of individuality. For all practical purposes, a two-factor security biometric security scheme could eliminate the external ambiguities that cause records to become lost or associated with the wrong individual. The potential reduction in fraud alone is driving some financial institutions to introduce biometric techniques associated with credit card verification. Transaction records this authoritative would have implications for how many transactions that demand high security are automated. The consequences in terms of improved efficiency in our data-based society are already showing up in banking, the use of cash, and even taxation. The social cost can be assessed in the simple concession that authoritative identification expects—the loss of anonymity.
In healthcare, implementations of biometric identification where the scope is limited to controlling access to computer systems or to identifying employees authoritatively certain areas seem to offer the greatest immediate promise. Rolling out a biometric identification scheme to the community at large, on the other hand, must navigate the discovery and definition of local community standards and whether or not such technology would be accepted.
Where to Next?
Information about biometric technology is abundant and available through even the most casual search of the World Wide Web. The Biometric Consortium is probably the best place to begin accumulating detail about the state of the art.