A biometric armoury for national security

When Sean Connery’s comeback Bond film, Never Say Never Again, had a stooge using iris recognition to gain access to a super villain’s lair (of course), it looked like science fiction. Skip forward 22 years or so and people are using biometrics to open their phone and their apps. The opportunity for increased security on both a corporate and a national level is massive when the technology has become so commonplace.

Lola Oyelayo, director of user experience at Head, a company that specialises in making things easier for users, points to identity management being made simpler for banks, schools, hospitals and others through something as simple as identity management.

“They could be used both in mobile apps, where existing smartphones are Touch ID-enabled, or for in-person solutions where a person could be provided access to an area or even pass extra security checks by using a fingerprint device when in front of an adviser,” she says. “We believe the mobile solution better suits today’s users as people are likely to be concerned about how their fingerprint data is being held and kept secure. We all feel more comfortable managing our security with our own phones and so this puts the control literally in our hands.”

It’s not just fingerprinting either. Those iris scanners of 007 fame have become a reality. “It offers the highest level of security – eyes are unique to the individual and near impossible to replicate,” says Yuval Ben-Itzhak, chief technology officer at security specialist AVG Technologies. “This technology is already employed by mobile devices as we interact with apps, while organisations, such as passport control, have started to include retina-scanning to help identify and validate arriving passengers.”

As organisations strive for better security, biometrics offers the most convenient and personally individual methods to distinguish one person from another

Voice recognition, too, has been used by various bodies to ensure the person with whom an entity is interacting is the person they’re supposed to be. The efficacy may be open to question, Mr Ben-Itzhak claims. “The convenience level is very high due to the verbal communication requirements within business, but this type of biometric authentication offers only a medium level of security,” he says. “Sound can be recorded for replay or manipulation by technology, and could be replaced with more reliable and secure biometrics.”

Just because someone can do something doesn’t mean they should, of course. Ms Oyelayo believes the risk begins when a third party supplies the equipment or service that holds the data – how would people know what’s being done with it? The risk is low, she says, since it would take a lot of work to impersonate someone else’s biological data; however, there are could be other risks. “For example, the police collecting DNA of every person who is arrested,” she says. “There’s a question of why and how they would use that information, particularly when our legal system demands a level of proof that a database of profiles cannot meet.

“In this regard, we can look towards policy-makers and government. The Immigration Service already collects a huge amount of biometric information from all travellers coming into the UK, and how this information is used and shared is a matter of policy.”

Mr Ben-Itzhak concurs over the need for careful oversight. “As organisations strive for better security, biometrics offers the most convenient and personally individual methods to distinguish one person from another, but there should be a limit as to how deep we can delve into biometrics,” he says. The more personal data businesses collect, the more valuable and attractive it is seen by hackers, he readily concedes.

He points out that we’ve been using biometrics for years by recognising people to whom we’re speaking and the people at passport control have always worked by looking at faces.

ePassport gates

Only half of people who can use ePassport gates do so

Matthew Finn, managing director of Augmentiq, which specialises in securing international borders, is very much in favour of e-passports, for example, because after years of experience, checking every individual face is probably the least productive task that can be assigned to a border control officer. He’s concerned, though, by the implementation; e-passports at the moment work only for internal European flights and even then only for people who are over 18, so if you’re doing something wild like travelling with your kids on holiday this summer, forget it. You can’t use them.

This is down to the implementation rather than the technology, but it’s an issue. “Not enough people are using them,” says Mr Finn. In fact only around 50 per cent of people who could use an e-gate are doing so. Students from outside the European Union and are also precluded. “None of those people can use the e-gate despite their biometric details having been taken at the visa issuance process. We’re just not thinking smart enough,” he says.

It’s going to be a work in progress; even if we clear all the issues prevalent in 2015, there will be something else in 2017. Mr Finn has some suggestions for starting points, beginning with the process rather than the technology. He points to the three teenage girls who travelled to war-torn Syria via Turkey recently, one on her sister’s documents and all with one-way tickets bought for cash. “The question is why that wasn’t flagged. A cash-bought ticket one-way ought to have raised alarms about risk and all the processes that happened seemed to fail,” he says.

“My concern is why their details weren’t flagged and, when their data was made available to the British Government, why it wasn’t in sufficient time for an alert to be issued to say three vulnerable people were at gate 53 and about to board a flight to Turkey. It’s not about how data moves from point A to point B; if our data and biometrics are going to be made available, make sure you do something about it and it means something – otherwise collecting it all is pointless.”