Ten years have passed since the first issue of Keesing’s Journal of Documents graced the desks of executives, technology suppliers, consultants, and others with an interest in official documents, banknotes and related issues. Since that first edition, the journal has provided a wealth of information upon many subjects, one of them being biometric technology. In that seminal edition, an article entitled ‘Enhancing Secured Documents with Biometrics’ appeared, which spoke of the need for standards, the importance of the registration process, non-obvious variables that affect realised performance, and more.
These were all important themes then, and remain important themes today. But what else has changed since that time?
In 2003, the Department of Homeland Security officially began operations, US and UK forces invaded Iraq, the Columbia space shuttle disintegrated upon re-entry into the Earth’s atmosphere, Concorde made its very last commercial flight, there were serious earthquakes in both northern Algeria and south-eastern Iran, 393 tornadoes twirled their way across America, hurricane Isabel claimed 40 lives, electricity supplies broke down in Italy, Canada and America, Toyota became No.3 in US car sales, Harley Davidson celebrated their centenary and the world kept spinning happily on its axis. Since that time, there have been many implementations of biometric technology in both the public and private sectors. The larger scale projects have mostly been around immigration and border control, merging increasingly, and to various degrees, with national and international security. In 2003, even though we had clear aspirations in this direction, many would not have foreseen the scale of these operations and the sheer number of biometric registrations which now exist. Some may not have foreseen the inevitable link with the intelligence services and the move towards increasing automation. A lot of people would not have appreciated, and perhaps still do not appreciate, the almost complete erosion of personal privacy as an associated cost to this exercise, not just as a result of biometrics, but also as a result of the drive to collect and collate transactional information of every kind.
Has this made the world a better place? It is a difficult question to answer. We still have a variety of hotspots and war zones throughout the world which show little sign of resolution, while violent crime at a more mundane level is generally on the ascendancy. It is reasonable to assert that citizens, most certainly, do not feel any safer. Neither have we seen much progress in thwarting terrorism or organised crime. Sociologists might additionally argue that the staggering financial cost associated with all this, might have been better spent on education, health care and improving the quality of life for as many as possible. The world has changed a great deal in recent decades, and we are seeing crime and exploitation upon levels never previously imagined, partly as a result of globalisation and partly, it must be said, due to incompetence at both the government and corporate level. Many such criminal activities involve identity fraud of one sort or another, whether in benefit fraud, identity theft, or simply the creation and exploitation of multiple identities. In addition, in so many walks of life, we have seen a depersonalisation of services to the degree that the notion of ownership and responsibility has all but disappeared. Consequently, we must strive to find ways of protecting and trusting identities in a global society that relies increasingly upon technology and, often, remote transactions, with little human interpretation or applied intelligence. Against such a backdrop, it is clear that we must develop mechanisms for identity management and associated intelligence, in a manner which is nevertheless sympathetic to individual privacy.
Biometric technology offers scope for achieving such aspirations, providing that we understand its limitations and that we implement the technology intelligently. Herein lies the challenge. Simply collecting biometrics of every kind and at every opportunity is not the answer. Ironically, this approach might even open up new areas of identity fraud, which will be much harder to discover. We must also reconsider the confidence that we place in the result of a biometric identity verification transaction, and place this in a proper context. Aligned with all of this are the requirements for data protection and privacy which, if properly addressed, will serve to reassure citizens as to the efficacy of the whole movement. If not properly addressed, however, these requirements will simply serve to alienate legitimate users and cause confusion.
After 10 years of fairly frenzied activity, while successfully ramping up associated initiatives in terms of the numbers of identities enrolled, we have, in some respects, failed to understand and resolve many of these challenges. The reasons for this are manifold and include the lack of a sufficient depth of understanding of the technology and its implications, a rapidly developing commercial sector eager to grasp market share, a distortion of funding priorities and a brace of false assumptions, especially at government levels. Furthermore, the greater the number of registrations and transactions, the more such issues are exacerbated. We are reaching a scale of operations now, in 2013, where such concerns are very relevant. Does this mean that we have lost our way? Not necessarily. More, that we are at a natural watershed where we have an opportunity to stand back and look dispassionately at past achievements and future aspirations, realigning our various programs accordingly. Indeed, we may just be at a threshold where we can substantially improve upon the benefits of adopting this stance while simultaneously providing a clearer model for citizens.
However, this will not happen automatically. We shall have to work at it. Previous editions of this journal have provided some important clues as to precisely how this may be achieved, the cornerstones being coordination and collaboration, with a much clearer understanding of the broader societal picture. There remain technical issues to resolve, concepts to develop more fully, a requirement for clearly documented architectures and the adherence to standards, and a clarity of purpose that may be uniformly accepted. All of this is within our grasp. It is simply a matter of clear thinking and competent organisation.
And what of the next ten years? Some factors are self-evident. Global population will continue to grow exponentially, generating more and more pressure on resources. Economic migration will grow, with associated fraudulent activities tracking this development. As a result, host cultures will dilute and once assumed values will, in many cases cease to apply. All of this will mean that identity, and the trust that we can place in a stated identity, will become increasingly pertinent for a variety of reasons. It is clear that we should plan for these inevitable developments, with a clear, published strategy. Furthermore, we cannot rely on technology alone to light our way. We must develop robust, ethical and sustainable processes which will support our ongoing requirements and those of civilisation in general. In addition, quite apart from foreseeable developments, there are always the unexpected situations, those which develop as a result of chance events, politics, economics and other factors which may bring substantial changes to bear, as might more fundamental developments associated with natural disasters. In almost all such cases, identity and identity management will have an important part to play.
It is surely time then, to lift our eyes from what has hitherto been a predominant focus upon border control, and understand the broader vista of identity management and identity intelligence in the 21st century. In so doing, we may perceive a fascinating window of opportunity, both to consolidate past achievements and, importantly, to develop an agreed strategy that will take us forward in a manner which anticipates future developments and has an architecture for their support. However, this window may be a fleeting one. If we do not grasp its potential and coordinate our efforts effectively, time will pass us by and the parochial patchwork will simply become more complex and, as a consequence, less effective.
There are perhaps several threads to weave into this broader tapestry: immigration and border control, law enforcement and homeland security, and entitlement in all of its many shades, of course. But there are others, such as disaster recovery, the management of refugees and global resource management. One of the most important threads will be that which empowers individuals with the ability to manage their own verified identity effectively, and across a number of everyday scenarios. All of these threads, and more, need to come together in a coherent framework, using common processes and observing technological standards wherever possible. Furthermore, the intent behind these mechanisms similarly needs to be universally understood and agreed. Models have been proposed which will answer all of these requirements. 2013 could be the year when we turn an important corner in this respect and develop a clear, common strategy for identity management into the future.
It is important to understand that this is not simply a matter of one or two government agencies seeking to underpin their law enforcement activities by the collection of biometric data at convenient intersections, such as border control. There are important principles at stake here, together with the opportunity to get things badly wrong. Furthermore, it is no good expecting technology suppliers and consultants to understand this – they don’t. It is a matter for government and for dialogue between governments. We are, in this issue, considering a ten year anniversary, but if we go back much further and look at the development of civilisation over the past, say one thousand years, we can appreciate that the management of human variables such as race, religion and politics is at the root of most of the defining moments of our species, here on Earth. It used to be much more clearly cut, when nationals tended to stay in their country of birth, other than for purposes of spasmodic travel, and therefore culture was more clearly defined and understood. Indeed, it was these differences that made the world such an interesting place. That sense of national identity also served to ensure that, within nations, people were proud of their civil achievements and strove to maintain law and order and a certain quality of life. This was reflected in educational standards, apprenticeships and a sense of belonging. Unfortunately, in many countries, this has all been abandoned in favour of globalisation and attendant greed. Multinationals have proliferated and national pride eroded, as organisations and, indeed, governments chase elusive ideas of growth which, actually, are not sustainable. The result is that, among ordinary people, many do not know who they are anymore and no longer have that clear sense of identity that once punctuated our world. This has resulted in a general lowering of standards and an erosion of the quality of life for many.
Identity management is thus a delicate concept among the global population. Many will attempt to exploit and corrupt the situation. Others will fear it. Yet more will distort it in order to further their own agendas. Within this complex picture, we must establish mechanisms to protect and respect the legitimate individual, while thwarting the attempts of those who wish to subvert the situation to their own ends. We can achieve this, but not with the current mish mash of initiatives. We need to get together, and we need the right people involved in order to create a strategy and framework that will serve us well for the next decade and beyond. Lastly, we need to remember who we are working for. What we put in place now will affect the lives of our children and grandchildren, and, quite possibly, their children and grandchildren. That is a big responsibility. It would be nice, would it not, to write another article in 2023 which celebrates 10 years of solid achievement in this context.
Julian Ashbourn has enjoyed a distinguished career in electronics, systems and IT. He has more than twenty years specific experience in biometrics and identity management, within which time he has introduced several important concepts, authored four specialist books, and contributed countless papers and articles to the general discussion. The Biometrics Research web resource
(http://biometrics.bl.ee) functions as a place holder for contemporary issues in this context and features a forum for the exchange of related ideas.