Although we have been employing the concept of biometrics in relation to identity verification for a very long time, many people still perceive biometrics as a modern development, mostly perhaps because they equate the principle with science, electronics and automation. In all this time, however, we have lacked guidelines that can be readily applied across boundaries of geography, culture, technology and operational purpose. It appeared to Julian Ashbourn that it was high time that some broad guidelines were developed which covered the operational reality of implementing systems featuring biometric technology. This was the germ of an idea from which sprung The Biometrics Constitution.
History of biometrics
As a species, we have been employing the concept of biometrics in relation to identity verification for a very long time, certainly the ancient Egyptians, Sumerians and others were familiar with the practice. This is hardly surprising given that, in the animal kingdom, different species adopt a wide range of what we might call biometric techniques in order to verify the identity of individuals, often in a multimodal operational manner. Nevertheless, many people still perceive biometrics as a modern development, mostly perhaps because they equate the principle with science, electronics and automation.
We can trace this perspective back to the 19th century where the practice of anthropometry, as developed by Alphonse Bertillon and others, while ostensibly initiated from a more general, medical perspective, inevitably moved towards criminology. Francis Galton brought a scientific rigour to the classification of biometric traits such as fingerprints and, inspired by his work, others such as Juan Vucetich in the Argentine police and Edward Henry, then serving in the British Indian Civil Service, saw the potential for classifying known criminals by their fingerprints. The resulting Galton-Henry system, as championed by Scotland Yard, became a milestone in criminology.
With the advent of electronics and automation in the latter half of the 20th century, we saw an explosion in biometric capability with several new techniques and a plethora of suggested applications, many of which never came to fruition. Those which did, often had a mixed experience, with some sustaining and others falling by the wayside. The reasons for this are manifold, but are often related to a poor understanding of operational realities.
Lack of guidelines
Against the background outlined above, it is curious that in all this time, we have lacked solid, plain language, common operational guidelines that can be readily applied across boundaries of geography, culture, technology and operational purpose. There are various technical standards, which themselves have taken an extraordinarily long time to come to fruition, and yet remain not uniformly adhered to. There are also various de-facto technical standards, often introduced by suppliers or related industry sectors, which also seem to be implemented in a somewhat fragmentary nature. In addition, there remain certain concepts affecting realised performance which are not universally well-understood and, to complicate matters even more, we now have a new wave of interest in biometrics from related industry sectors who have not hitherto been involved in the work of the past two decades around developing standards. Furthermore, the various operational issues and human factors involved in deployment will broaden as we embrace the mobile world and the concept of shared, third party infrastructures. In plain terms, this increased awareness of, and interest in, biometric technology, walks hand in hand with an increasingly complicated operational infrastructure and a similarly broadened range of potential applications.
It appeared to the author that it was high time that we developed some broad guidelines which covered the operational reality of implementing systems featuring biometric technology. Such guidelines should be readily understood and utilised by users, systems designers, administrators and implementing agencies. Consequently, they should be presented in plain language and should cover the issues of real concern to each of these groups. This was the germ of an idea from which sprung The Biometrics Constitution, a simple document which identifies and discusses factors of operational reality, offering practical advice as to implementation from both a technical, administrative and usage perspective. The intention was to produce a relatively short document (currently just 10 pages) which could be easily digested and then act as a simple reference as projects are designed and implemented (more in depth advice is available in other works from the author). The Biometrics Constitution is currently published in discussion form and is expected to be further refined and, perhaps, translated into other languages.
Sections in the Biometrics Constitution
The following sections are featured:
• Clarity of purpose
• Ownership of data
• Accessibility of records
• Privacy and data protection legislation
• Third party connections
• Life of data
• Data backup
• Data destruction
• Working with the Biometrics Constitution
Each of these sections discusses the attendant situation in practical terms, offering good advice as to how to translate each into a reliable and sustainable operational reality. The sections so far adopted have been chosen because they are the very factors which often cause issues within real implementations. Note that this is not just a matter of technical design competency, but a mixture of various factors which together affect realised operational performance. The list of sections will be expanded in order to encompass other important factors as the Biometrics Constitution develops. It may also be expanded slightly in order to reference various technical standards and associated requirements, although it will not in any way replace the formal documentation associated with these standards.
It is important that the Biometrics Constitution remains readable and is not burdened with unnecessary jargon or long lists of technical specifications – there are plenty of other vehicles for such things. No, the Biometrics Constitution must remain something that people are pleased to carry with them in their briefcase, toolbox or to have on their desk, instantly accessible and readily referenced as they engage in associated systems design and implementation. It is also something that might usefully serve, together with other material, to inform policy. In this respect, it should be enthusiastically embraced by every government agency with an interest in biometric technology.
Future for the Biometrics Constitution
So, what of the future for the Biometrics Constitution? It has been prepared in draft form and is readily available from the Biometrics Research website at http://biometrics.zzl.org. However, while it will remain available here, discussions are currently underway which might see the document hosted and maintained by a more formal body. This would be a good thing and will ensure a wider awareness and, hopefully, a broader practical usage. It will also be refined and developed on a ‘community’ basis, a little like the open source model for software development. In this context, readers are invited to submit their own views and suggestions via the aforementioned website, all of which will be carefully considered by the current author and incorporated as appropriate. As the document becomes more formally owned and administered, a rigorous review process will be established in the interests of continued refinement and development. The objective, after all, is that this should remain a practical, working document for the benefit of the broader community. However, for this to happen, we do need your input, as users, as system designers, as suppliers, as government agencies and from the broader IT industry. Mainstream suppliers of related technology, such as mobile devices, infrastructure components, middleware and software, are also cordially invited to participate. It is important that we acknowledge this broader picture and do not become too insular from a technology perspective. Indeed, the focus should be upon community and the reality of practical implementation.
It may have taken a few thousand years to get here, but we now have a practical ‘Biometrics Constitution’ with which to inform and shape our future efforts with respect to the implementation of biometric technology. Furthermore, as a technology and supplier agnostic initiative, the Biometrics Constitution will offer guidance across the board, including to users of biometric identity verification technology, many of whom remain unenlightened as to what is actually happening within related systems. This, of course, is important from a privacy and data protection perspective. Similarly, systems integrators and implementing agencies will benefit from a broader understanding in this context. The document is still in its infancy but, with assistance and contributions from the broader community, we shall have something of truly practical and lasting value. Something which is of real benefit, not just to policy makers and technologists, but which ensures the responsible and ethical use of the technology, upon a sustainable basis, for all concerned. Ladies and gentlemen, we offer you, The Biometrics Constitution.
The Biometrics Constitution has been updated with the following new sections: Biometrics Forensics, User Psychology and Managing Disabilities.
Julian Ashbourn has enjoyed a distinguished career in electronics, systems and IT. He has more than twenty years specific experience in biometrics and identity management, within which time he has introduced several important concepts, authored four specialist books, and contributed countless papers and articles to the general discussion. The Biometrics Research web resource
(http://biometrics.bl.ee) functions as a place holder for contemporary issues in this context and features a forum for the exchange of related ideas.