“No One Gets Past a Raptor” The 2012 Biometrics Consortium Conference: Tampa

Even with global sales around $5 billion, the biometrics industry is surprisingly clubby.  Most participants at the 2012 Biometrics Consortium Conference I attended recently seemed to know each other.  Most were from the US, but some  came from Europe, and from India and other developing countries.  Their backgrounds were diverse:  academics, entrepreneurs, engineers, lawyers, police, security and military personnel. And, of course, sales departments! Amidst the spluttering global economy, the biometrics industry stands out, with several years of 28% annual growth.The Convention featured some 100 exhibitors, showing off a variety of new applications and wares.  Among these were the RaptorPad (“No One gets Past a Raptor”), a chunky black armored tablet that would delight any young aspiring Navy Seal.  At $3,995 it seemed a bargain – waterproof, shockproof and multipurpose, including GPS, as well as dual iris capture “regardless of lighting conditions, subject or operator movement and depth-of field errors.” The battery (operating life 20-30 hours) is apparently powerful enough to fuel a taser. Another standout was the RapidHIT 200, a DNA identifier able to provide results for 8 samples in 90 minutes. This is far less than the 2-3 weeks usually required by a laboratory for DNA analysis, but still too slow and costly to be used on a large scale to create true biometric birth certificates able to “prove” that individuals are who they claim to be.  Yet another fascinating exhibit, from the University of Maryland, was new software that simultaneously authenticates a fingerprint and the device on which the image is taken.  Even if someone were to replicate your print, they could not hack into your bank account without your mobile phone too.What has all this got to do with development? Quite a lot. Developing countries have become substantial markets for biometric technology, with sales increasing  faster than the industry average, at 34% over 2005-2010.  With 10% of global population but only 2% of GDP, Africa has become a substantial market with 8% of global sales. Many of the applications are in development-related areas (rather than security), including transfer programs, banking, payroll management, health insurance and others, as documented in a presentation I gave on the opening day of the conference. In total, developmental biometric applications cover around 1 billion people. A number of the participants had worked in developing countries, particularly in India where the UID program is breaking new ground for the industry. Presentations on this program ran through part of the second day and most of the third.Some brief observations from the conference:

• While technology is still advancing rapidly, the industry is maturing.  UID has contributed to this, through its standards-based competitive procurement, including for “computing capacity on demand.”  Indeed, in some areas such as iris scanners, it has set performance standards where none existed.  Competition is opening up in what used to be a highly proprietary industry, dramatically reducing costs and expanding user choice.

• Remote access through internet or mobile phones poses a formidable challenge to identity security.  Typical remote users can have 25 or more accounts that often share passwords.  Three out of four online users share their banking password with at least one non-financial website.  With too many passwords, usernames and PINs to remember, identification based on “what you know” seems less secure. This has fueled the interest in remote biometric authentication (“who you are”) -- one of the frontiers for the industry.

• Technology is ahead of policy and law.  Technological solutions exist for many problems, but political and legal difficulties of implementing them stymie progress – at least as seen from the industry side.

The US, for example can be frustrating for technology types. Why do so few stores use biometrics to authenticate food stamp recipients when, as early as 1997, one third of states already used the technology or had plans to adopt it?  Why is it so hard to get consensus on common biometric applications, for example, to implement secure drivers’ licenses or even to establish a common data base on missing children?  Individual states issue multiple credentials – largely paper-based and not at all inter-operable.  When even rural clinics in Ghana use electronic health records, why is it so difficult to implement them here, despite their portability and potential for cutting out many redundant tests and procedures?The problem of information and system “stovepipes” – a serious one in many developing countries – is very much present in the US also. So is the issue of incentives:  many family doctors have no incentives to move towards electronic health records.  No doubt they have caring, personal relationships with their patients but they are still “dinosaur doctors” to the techies.  Looking ahead, we are likely to see a number of lessons for rich countries from the application of advanced ID technology in poor ones.What about the other side of the picture?  A civil rights convention would probably have produced a different take on the use of the technology.  The industry is not oblivious to the debates on data security and privacy, including the disconnect between widespread distrust of large identification databases coupled with widespread voluntary  participation in Facebook, Google and commercial applications that have assembled enormous quantities of personal, financial and other information on virtually all individuals. Still, some of the applications did leave a creepy feeling, including the use of remote camera surveillance and biometric face recognition.  Where to draw the line?