The common idea that biometric technologies are capable of identifying individu- als through one-to-many matching across large, shared databases is based on the
belief that biometric identifiers are unique and universal. It has been established that each person is supposed to have unique fingerprints, irises, face, and DNA. For
instance, fingerprints have been used in forensic research for many years as pur-
portedly unique identifiers of criminals. However, some recent cases have revealed
that identification by use of fingerprints has been overturned on appeal at court.9
In fact, the “uniqueness” of a fingerprint in forensic science remains an assump-
tion without watertight proof.10 The belief that latent fingerprints can be matched
to a single person is “the product of probabilistic intuitions widely shared among
fingerprint examiners, not of scientific research. There is no justification based on
conventional science, no theoretical model, statistics, or an empirical validation process” (Stoney, 1997, p. 72).
Nevertheless, it is worth pointing out that there is not yet any solid proof that this
assumption is wrong either. Hence, it may be true that fingerprints per se are unique.
Yet it does not necessarily follow that the latent fingerprint is unique too. Neither
does it necessarily follow that the thumbprint template which simply extracted certain features of a raw thumbprint image can be as unique as its origin. The tem- plate may be based on a blurred, dirty, and/or incomplete image of the thumbprint which may affect the accuracy of the collected biometric information, making the
biometric template’s uniqueness more difficult to be guaranteed. Even DNA, which
is widely recognized as the most accurate biometric identifier, is exposed to criti-
cisms. While it is true that each individual (except identical twins) has a unique sequence of genes,11 in the forensic DNA identification process, only a subset of a
particular gene is used for identification. Hence, Professor Alec Jeffreys, a pioneer
in developing modern DNA testing techniques, has pointed out that DNA testing is not an infallible proof of identity:
[m]odern commercial DNA profiling compares a number of genetic markers—often five or 10—to calculate a likelihood that the sample belongs to a given individual. Jeffreys estimates the probability of two individuals’ DNA profiles matching in the
most commonly used tests at between one in a billion or one in a trillion, “which sounds very good indeed until you start thinking about large DNA databases”. In a database of 2.5 million people, a one-in-a-billion probability becomes a one-in-400 chance of at least one match. (Lawless, 2004)
It is not guaranteed either that the fuzzy biometric template which actually uses just part of the DNA sequence will be 100 percent unique. Thus, the “uniqueness” of biometric data is not absolute, it is relative. The biometric templates generated from them are even less unique due to their “fuzzy” nature. This also affects the stability of the biometric data.
The universality of biometrics also is relative. One problem with the widespread use of biometrics is that there are few biometrics—apart from DNA—that everyone has. Not everyone will have a particular biometric trait, or an individual’s biometric trait
may be significantly different from the “normal” expected trait. For example, some people may be missing fingerprints due to skin disease—a factor which may cause more problems when enrolling a large population into a fingerprint-based register.
Discrimination concerns also may be raised in such a case. Therefore, a large-scale biometric scheme will usually need to utilise more than one biometric—for example,
both fingerprint and face—to ensure that all people can be enrolled in it.
Unlike passwords or tokens, biometric identifiers are by their nature supposed to
be stable over time; without such stability, their utility will be quite limited.12 Fin-
gerprints, irises, and DNA are widely recognized as stable biometrics, while faces, keystroke, and voice patterns give rise to more skepticism concerning their stability as people get older. However, the stability of even the former types of biometric
data is not absolute. For instance, the image of a fingerprint pattern is “plastic”
and does not remain as stable as is commonly imagined. Each time that you place
your fingerprint on a finger-scanner, the pattern may appear to be the same from
a short distance, but there are actually small differences in the pattern due to dry- ness, moisture, and elasticity conditions of the skin. Moreover, cuts and scratches can alter the pattern. It is thus likened somewhat to “fuzzy” decryption (Dorizzi, 2005). Iris, another popular biometric measurement, though has been regarded as
highly accurate; the process unfortunately also suffers from difficulty in consistently
obtaining a valid image. The iris often is occluded by eyelids and eye lashes. In ad-
dition, data collection also can be hindered by specular reflections in uncontrolled
lighting situations (Retica Systems Inc., 2005). Similar problems also apply to other
The.Automatic.Nature.of.Biometric.Data.and.Biometric.
Technology
Using parts of the human body as a key clue to identity is not new. It is reported, for example, that in China in the 2nd century BC, thumbprints were put on clay
seals used on important documents, while in 14th century Persia, various official government papers bore fingerprint impressions (Scottish Criminal Record Office,
2002). Nonetheless, biometrics is presently defined as involving automated tech-
niques. The “automated” aspect is said to differentiate biometrics from the larger
field of human identification science (Wayman, Jain, Maltoni, & Maio, 2004, p. 1).
The biometric data are processed by computers and the “bio” information is put in digital form from the moment of its creation. Compared to visual comparison of
signatures or photographs, biometric identification is ostensibly less fallible and
potentially much faster, and because of its “automatic” nature, biometric technology is endowed with great potential.