Biometric data

Types of biometrics

Countries that plan to use biometric recognition for deduplication and/or authentication can chose from a variety of biometric characteristics (i.e., “modes”). In general biometrics fall into two major categories:

• Biological: fingerprints, face, iris, veins, etc.

• Behavioral: keystroke dynamics, gait, signature, voice, etc.

This section provides a brief comparison of the primary biological biometrics used in national-scale ID systems for biometric recognition. For a more detailed evaluation some emerging biometric modalities (voice, vascular, DNA, etc.) see the ID4D Technology Landscape report.

Table 28. Comparison of biometric technologies commonly used in ID systems

		Finger	Iris	Face
USE	Number available	1-10	1-2	1
	Ease of capture	Easy to medium	Medium to hard	Easy
	Adjudication	Medium—requires trained fingerprint examiner	Impossible with naked eye	Easy—any person can compare two faces
	Accuracy for deduplication (1:N) assuming quality capture	Very high depending on number of fingers used and population size	Very high with 2 irises	Low to medium, but improving over time
COST	Capture device cost	1-print (US$5-40), 2-print (US$200-250), 10-print (US$500-750)	US$ 500-1000	Varies from cheap webcam-type devices to more expensive smartphones/tablets
	Computing for duplicate enrollment check	Medium to high—more complicated algorithms require high-end computer cluster with large memory	Low to medium—iris matching algorithms are the most efficient as templates are stored in binary code	Medium to high—more complicated algorithms require high-end computer cluster with large memory
INCLUSION	Failure to capture (FTC)	<2-5%	~1-2%	~0%
	Children	<6 years: may not be viable >6 years to adult: usable with software that accommodates for aging	<1 year: may not be viable 1-5 years: challenging, requires parental assistance	All ages with updates needed over time (accuracy improves at older ages because the face stabilizes)
	Other groups with difficulties	Manual laborers, persons with disabilities, people with cuts on their fingers, people with diabetes	May be more invasive than fingerprints, stigma in some cultures; difficult for persons with visual impairments or albinism	Not always optimized for recognition of darker skin tones, some algorithms have difficulty for persons with albinism

Source: Adapted from the Digital Identity Toolkit and Technology Landscape for Digital Development, and informed by expert consultations.

As shown in Table 28, different biometric modes vary in terms of their:

• Accuracy. The accuracy with which the technology matches records. This includes the false match rate (FMR) and false non-match rate (FNMR) of the technology.

• Universality. The presence and ease-of-capture of the biometric in members of the relevant population and in a variety of climates and weather conditions. Certain biometrics (like fingerprints) may be poor or damaged among certain groups and can lead to a failure to capture (FTC) a biometric sample or failure to enroll (FTE), as can adverse weather conditions, such as direct sunlight.

• Stability. The permanence of the biometric over time (e.g., for children, or the elderly) or after disease or injury.

• Collectability. The ease with which good quality samples can be acquired.

• Usability. The ease with which individuals can interact with the technology used to capture the biometric data and its utility for different purposes (e.g., some biometric modes may be more convenient for authentication than others)

• Cost. The hardware and software costs of collecting and matching samples during initial registration and—if used for authentication—at points of transaction.

In practice, many countries adopt a multimodal strategy and collect more than one type of biometric data. This is beneficial for multiple reasons:

• More accuracy. More data points (e.g., fingerprints and iris scans or fingerprints and face) help ensure statistical uniqueness to a higher degree of accuracy, which may be necessary in large populations (see Gelb & Clark 2013b)

• Improved inclusion and fault tolerance. More modes can help increase the possibility that all members of the population are able to provide a biometric sample (e.g., fingerprints may be difficult to collect for manual laborers, but iris scans may work).

• Allows for the use of different biometrics (fusion) for deduplication and authentication. Certain biometric modalities may be optimal for conducting duplicate biometric enrollment checks (i.e., 1:N/N:N matching, while others may be optimal or sufficient for use during authentication (1:1 matching).

The choice of which biometrics to use—if any—will have implications in terms of the trustworthiness and inclusivity of the ID system, as well as potential risks. These issues are discussed below, with particularly attention to inclusion challenges, use with children, and concerns regarding privacy and exclusion. Practitioners will also need to make related decisions regarding the technical standards used for biometric recognition, as well as back-end systems used for biometric deduplication.

Figure 21. Key considerations for using biometrics

Inclusion	Reliability	Data Protection	Sustainability
Certain biometrics may be difficult or impossible for some people to reliably provide, necessitating multimodal biometrics and/or appropriate technical and procedural measures to reduce exclusion.	Biometric deduplication may be the best solution to establish uniqueness in large population, however, not all biometric modes provide the same level of accuracy.	The use of biometrics creates additional risks to privacy and data protection that must be mitigated through legal, technical, and operational controls.	Biometrics can add significant costs to registration as well as the authentication infrastructure.

Challenges for accuracy and inclusion

In deciding the set of biometrics to use, special attention needs to be given to the ability to collect these characteristics from the entire population. For example, there are specific groups and conditions—both of which may be overrepresented in developing countries—where FTE errors during enrollment and FNMRs during biometric verification are likely to be more common. Where individuals are unable to enroll, or where authentication procedures fail to confirm that a person is who they claim to be, this will lead to exclusion.

There are three categories of people that present difficulties for biometric recognition, including:

• People who cannot physically provide an acceptable biometric (e.g., amputees, survivors of leprosy, etc.) to enroll in the first place

• People for whom acquiring reliable biometric samples is difficult (e.g., manual laborers, elderly people, children, people with visual impairment, persons with albinism, etc.) which could make enrollment or authentication difficult

• People who decline to provide their biometrics (e.g., because of religious or cultural constraints, such as the appropriateness of data capture techniques that require physical contact to get accurate readings)

In addition, there are other factors that can lead to accuracy and inclusion challenges with biometric recognition, including:

• Environmental and procedural issues:

  • Harsh conditions, such as direct sunlight, excessive wind, dust, humidity, and dryness, etc.

  • Minimal training or low capacity of the operator capturing the biometrics

  • Lack of incentives and/or time for capturing quality data

  • Poorly implemented enrollment and quality assurance process

• Biometric system characteristics:

  • Quality of the biometric scanners and software, including the Automated Biometric Identification System (ABIS) and other software development kits that may be used

  • The statistical nature of biometrics

  • Changing properties of biometric characteristics (i.e., facial appearance over time)

  • Non-optimum threshold setting for matching algorithm—i.e., the tradeoff between the FMR and FNMR

Some of these issues may be addressed through:

• Designing a multi-biometric system (see above) to ensure that most people are able to provide at least one viable sample

• Optimizing enrollment procedures, including by using:

  1. Better capture devices and software with built-in quality assessment to improve data quality and reduce FTE

  2. Quality Assurance Process and standards (e.g. NFIQ-II)

  3. Conditioning materials (gels, alcohols, etc.) that improve finger image contrast

  4. Uniform background for facial images

  5. Choice of capture devices (small versus large scanners, 4-4-2 versus single fingerprint scanners, optical versus capacitive)

• Implementing comprehensive training of operators to ensure understanding of and adherence to protocols

To ensure the inclusion of this group, it is vital that the identity provider develop transparent and practical methods of exception handling. For duplicate biometric enrollment checks during registration, this could involve identity proofing by other means, such as witnesses, alternate documents, demographic deduplication, and more. For authentication, there must be alternative methods of proving someone’s identity when biometric verification fails or is not possible, in order to ensure that people are not denied access to rights and services for which they are eligible and entitled. Exception handling procedures must be complemented by strong grievance redressal mechanisms to ensure that no one is excluded or unfairly treated as a result of the ID system. This is also true for any other type of authentication method and is not limited to the use of biometrics.

Children and biometrics

One persistent inclusion challenge with ID systems that use biometrics is that many biometrics take time to develop or stabilize after birth. For example, the viability of the following modes depends on age (see also Table 28):

• Fingerprints (6+ with update). The papillary ridge structure does not develop before the age of six, which means that reliable fingerprint minutiae—the points of comparison in a biometric template—are difficult to extract before that age. Furthermore, aversion to the capture process (i.e., squirming) makes it difficult to collect quality samples.

• Iris (~1-2+). The iris is fully formed 1-2 years after birth but poses some difficultly in capture and requires significant assistance from the parents until around five years of age.

• Photos (0+ with updating). Images of the face can be captured from birth, but they need to be updated frequently in the first years of life in order to be useful for automated recognition.

Given that it is currently not feasible to capture stable biological biometrics at birth—nor are there yet clear use cases as part of a foundational ID system—countries have a few options for the use of biometrics for children in an ID system. The first option is to enroll young children without biometric information—or with information that will change over time—and either add or update this information at a later date (e.g., at the first year of high school, for practical reasons). A second option is simply to only include older children and adults in the ID system. Typically, such solutions also include linking the child’s record with their parents (see Box 29), which can also help establish statistical uniqueness of a child at the point of birth registration.

This is an area where technology is potentially changing fast, and companies and researchers are working to develop and test biometric capture devices specifically tailored for infants (e.g., foot geometry and ear shape).

Privacy concerns for biometrics

The processing of biometric data—whether in raw image or template format, and whether encrypted or not—must be subject to the same legal, procedural, and technical controls used to protect other types of sensitive PII. In addition to the general risks of processing any type of PII, however, there are some particularities about biometric data that introduce additional privacy concerns, including that:

• Some additional personal information may be extracted from certain types of biometric data (e.g., gender, race, age, etc.)

• If biometrics are compromised, they cannot be reissued like cards, passwords, or PINs—i.e., you only have one right index finger

• Biometrics are uniquely linkable to a person, increasing the potential for correlating data about an individual

• The ability to collect biometrics passively (e.g., through photos or video images) requires safeguards to protect consent

While legal measures (e.g., prohibiting the use of biometrics collected for the ID system for unauthorized surveillance or forensics) and technical controls (e.g., encryption of biometrics when stored and in transit) can improve the security of this data, no system is foolproof. For example, even if biometrics are stored as encrypted templates in order to eliminate the possibility of a thief accessing the original images, there is still the possibility that synthetic biometric images can be reconstructed from templates (see, for example Chu et al. 2012 and Cao & Jain 2015). (For this reason, keeping centrally-stored biometrics as templates does not substantially increase security; conversely keeping centrally-stored biometrics as images has additional benefits, such as the ability to generate new templates with a different algorithm). With improvements in artificial intelligence (AI) and machine learning, the ability to spoof biometrics is likely to become easier over time.

Therefore, although it may be more difficult to steal a biometric than a password, the potential consequences of this theft—e.g., the inability to reissue a biometric and the inherent linkability of the data—may be more severe. Practitioners must fully weigh these risks against the potential benefits of using biometric recognition.