In my first of two biometrics blogs, I’ll look at the types of biometrics in air travel and how they’re configured for risk levels and facilitation requirements. A bit of a biometrics 101, maybe, but let’s face it, the use of biometric technology can be controversial, and articles that we all see are sometimes confusing. We need to try to get on the same page in our collective understanding as a community.
Ubiquity, privacy and ethics
The high profile of this technology right now is due to the massively improved accuracy of facial biometrics, combined with the ubiquity of cameras, images and surveillance potential. As you’d expect, there’s serious concern about protecting people’s privacy. People want to be sure that biometrics and artificial intelligence are used ethically.
SITA has worked in the field of biometrics in the air transport industry for over 20 years. So we’re more than convinced that this is the future for security at airports. But as the industry accelerates its adoption of biometrics, it’s imperative we understand the technology, the associated processes that form a critical part of a solution, and all the necessary privacy protections to ensure appropriate use.
Biometrics in travel
The types of biometrics are many, too many to go through here. But for border and international travel purposes, the three main biometrics used are facial, fingerprint and iris. These are each catered for in an ICAO compliant passport or travel document.
So which to choose?
All have different strengths and weaknesses for travel and border scenarios. Facial is the only mandatory biometric in an ePassport. It’s usually the only biometric made readily available through the security features of the chip. Matching a verified facial biometric, for instance in the chip of an ePassport, with a live image is also very quick, accurate, and unobtrusive for the traveler.
Iris is the most accurate, but it’s typically more difficult to capture. On top of that, fewer databases exist at a national and international level to check iris records against.
Fingerprints provide great accuracy. They offer a link to law enforcement data for border protection purposes. But this law enforcement connotation creates concerns over data usage and the perceived link to criminality. Most fingerprint enrolment systems, such as entry into the United States, demand recording 10 prints – a time consuming process that typically requires formal supervision.
Select your own threshold based on risk
It’s a mistake to think that biometric matching is a simple “yes / no” situation. Biometrics are a probabilistic and highly configurable technology. Typically, biometrics use a configurable threshold to decide if someone is a ‘match’ or ‘no-match’ in the context of a specific threshold score – for instance “99% sure this is a match”.
Any biometric solution must have the capability to flex these matching thresholds to reflect different needs, demands and risks. When matching biometric data:
- You need to statistically manage the possibility that you’ll reject a matching record for the same person (the False Reject Rate or FRR).
- You must also consider the possibility you’ll accept a biometric match that isn’t the same person (the False Accept Rate or FAR).
Think of the use cases
Different use cases imply different threshold scores to balance these risks, as well as consideration for the manual effort to manage biometric rejections or resolve close match cases within a system. There could be several reasons for a ‘no-match’.
It could be people looking the wrong way, adopting a particular head angle or facial expression, or moving, for example. But if there’s a no-match, it needs to be examined and assessed, hence the manual effort. And of course, someone may not be in a referenced database in the first place.
While it may not be serious to falsely accept a person attempting to enter a lounge as a match against a different person who’s entitled to enter (allowing them entry and some free drinks), it could be very serious to falsely accept an impersonator into a secure and sensitive environment, or to accept a fraudster at border control, for example.
In the first scenario, with lower threshold scores set for lounge access, more genuine identities and more impersonators will be accepted. In the second scenario where we’re more concerned about getting identity right and we set higher threshold scores, more impersonators and more genuine identities will be rejected. We’ve accepted the fact that more people who are who they claim to be will not be accepted as a match, and manual effort will be necessary to resolve non-matches.
Clearly, then, when there’s serious risk at border control, we set our threshold quite high. The trade-off in manual resolution is worth the effort because risk is high. Falsely rejected travelers will have to be processed manually. It’s interesting to note that, while there’s huge variance in different people’s ability to match faces, some studies put the average human at an accuracy of about 80% in matching photos of people they do not know, to live faces – much lower than most biometric systems. But of course, human border officials have access to other tools and skills that many machines do not.
More to come on game-changing accuracy
In my next biometrics blog, I’ll look some more into the accuracy of biometrics. That will include exciting and game-changing increases in the accuracy of facial biometric technology. And much of that is down to advances in Machine Learning.
For now, let me reinforce that it’s imperative we understand the biometrics we’re embracing in air travel. In SITA’s experience with over 40 governments, we’re always mindful of taking the right approach to biometrics. We must achieve the balance between better facilitation and a far more satisfying passenger experience, and the need to ensure privacy and accuracy.