June 22, 2011
By Alex Daley
For many years technology prognosticators have warned about the coming onslaught of “biometrics”: a fingerprint instead of one’s credit card at the ATM to draw cash, or a retinal scan at the border to verify one’s identity against one’s passport. Yet with decades of research and development behind the technologies, very few widespread uses of biometrics have found their way into our lives.
That is starting to change, however – and if the latest technology is any indication, you can probably expect a lot more biometrics in your life real soon.
When we think of technology, we often dream of the whiz-bang new capabilities it has brought to our lives, from ATMs to DVRs to smartphones. For a technology to go mainstream, first and foremost it generally has to also reduce someone’s “pain” – whether that be saving businesses money, or allowing an individual to conveniently catch his or her favorite program.
Ultimately, it usually comes down to the end user of a piece of technology who has to like the outcome before it will really catch on in a big way. Just because banks would prefer to save money with ATMs doesn’t mean customers will prefer them over live tellers. But put them in places where one can’t put a bank – like convenience stores and malls – and suddenly they are beneficial to both parties. That’s a recipe for widespread proliferation.
This is the problem that biometrics has suffered for decades: End users not only usually get little to no benefit, but they incur a significant perceived (and possibly actual) risk by using the system and giving up a digital copy of this highly personal identifiable information.
Give a criminal a record of your fingerprint, and he will find a way to submit that record to the system without actually needing your finger. Advances both in technology, as well as in security practices, have made that scenario less likely. Connections between sensors and computers can be made virtually hack-proof using secure communications techniques that are resistant to spoofing and man-in-the-middle attacks. Data is encrypted from end to end. Much more thought is put into security of new technology now than a decade ago, thanks to the high-profile breaches we have all become so accustomed to hearing about these days.
But even if biometric systems have become relatively secure, up to this point they have been generally unreliable. For many decades, the primary pursuits of biometric researchers have been the two ends of the spectrum, from the seemingly simplest and most readily available – the fingerprint – to the figurative holy grail – the retina scan. Both have suffered from major, insurmountable problems.
Fingerprints, despite the positive reputation gained from television crime dramas, are simply not that unique. The systems used to measure them digitally are cheap and widely available now. However, they have a tendency to achieve large error rates when matching against large databases of samples. This is because they are inherently imprecise, sampling just a few spots. If they are to be made more precise, the cost suddenly becomes relatively impractical for the limited improvement in match rates. Fingerprints just make bad identifiers. The machines also usually require you to physically touch the sensor, which can make them less durable and subject to breakage.
We’ve all seen the movie scenes where retinal scans are much more precise. They look at the pattern of tissue in the eyes which is incredibly unique, and doesn’t suffer from the precision problems that fingerprints have been long known to have. It also doesn’t require a user to touch the actual sensor, since it uses light to take its measurements. That means less wear and tear and more reliability. But it also requires the user to keep the eyeball relatively still (a very hard thing for some people to do), and usually to put one’s head into a machine that makes it easier for the hardware to see and recognize the eyeball.
In one word: uncomfortable.
Researchers have posited that technology could be developed to make retinal scans work from across the room – in a matter of milliseconds – just by having a user look at a focal point (like a camera lens at the DMV). However, the reality has proven more complicated than the theory (as it usually does), and no working system like that has ever been demonstrated to work in the field, at a low cost, and be mass producible.
That’s where the local hospital comes in – if you live in New York City, that is. The NYU Langone Medical Center has recently launched a new biometrics-based registration system for patients. At check-in to the medical center, one is asked to present a hand for a quick palm scan.
The system they’ve employed, provided by HT Systems, uses infrared light to read the pattern of veins in a palm. The result is an image like this one:
That is starting to change, however – and if the latest technology is any indication, you can probably expect a lot more biometrics in your life real soon.
When we think of technology, we often dream of the whiz-bang new capabilities it has brought to our lives, from ATMs to DVRs to smartphones. For a technology to go mainstream, first and foremost it generally has to also reduce someone’s “pain” – whether that be saving businesses money, or allowing an individual to conveniently catch his or her favorite program.
Ultimately, it usually comes down to the end user of a piece of technology who has to like the outcome before it will really catch on in a big way. Just because banks would prefer to save money with ATMs doesn’t mean customers will prefer them over live tellers. But put them in places where one can’t put a bank – like convenience stores and malls – and suddenly they are beneficial to both parties. That’s a recipe for widespread proliferation.
This is the problem that biometrics has suffered for decades: End users not only usually get little to no benefit, but they incur a significant perceived (and possibly actual) risk by using the system and giving up a digital copy of this highly personal identifiable information.
Give a criminal a record of your fingerprint, and he will find a way to submit that record to the system without actually needing your finger. Advances both in technology, as well as in security practices, have made that scenario less likely. Connections between sensors and computers can be made virtually hack-proof using secure communications techniques that are resistant to spoofing and man-in-the-middle attacks. Data is encrypted from end to end. Much more thought is put into security of new technology now than a decade ago, thanks to the high-profile breaches we have all become so accustomed to hearing about these days.
But even if biometric systems have become relatively secure, up to this point they have been generally unreliable. For many decades, the primary pursuits of biometric researchers have been the two ends of the spectrum, from the seemingly simplest and most readily available – the fingerprint – to the figurative holy grail – the retina scan. Both have suffered from major, insurmountable problems.
Fingerprints, despite the positive reputation gained from television crime dramas, are simply not that unique. The systems used to measure them digitally are cheap and widely available now. However, they have a tendency to achieve large error rates when matching against large databases of samples. This is because they are inherently imprecise, sampling just a few spots. If they are to be made more precise, the cost suddenly becomes relatively impractical for the limited improvement in match rates. Fingerprints just make bad identifiers. The machines also usually require you to physically touch the sensor, which can make them less durable and subject to breakage.
We’ve all seen the movie scenes where retinal scans are much more precise. They look at the pattern of tissue in the eyes which is incredibly unique, and doesn’t suffer from the precision problems that fingerprints have been long known to have. It also doesn’t require a user to touch the actual sensor, since it uses light to take its measurements. That means less wear and tear and more reliability. But it also requires the user to keep the eyeball relatively still (a very hard thing for some people to do), and usually to put one’s head into a machine that makes it easier for the hardware to see and recognize the eyeball.
In one word: uncomfortable.
Researchers have posited that technology could be developed to make retinal scans work from across the room – in a matter of milliseconds – just by having a user look at a focal point (like a camera lens at the DMV). However, the reality has proven more complicated than the theory (as it usually does), and no working system like that has ever been demonstrated to work in the field, at a low cost, and be mass producible.
That’s where the local hospital comes in – if you live in New York City, that is. The NYU Langone Medical Center has recently launched a new biometrics-based registration system for patients. At check-in to the medical center, one is asked to present a hand for a quick palm scan.
The system they’ve employed, provided by HT Systems, uses infrared light to read the pattern of veins in a palm. The result is an image like this one:
The vein pattern is matched up against the medical records database, and if a patient already has a record he is checked in immediately, with no forms to fill out. The electronic health record (which launched in tandem with the biometric check-in system) is then accessible to the doctors and nurses who need it throughout the hospital system.
The impetus behind the system from NYU’s perspective was to avoid costly mistakes when registering patients. Their database has over 125,000 records with matching names. When using forms, mistakes happen where the wrong patient is checked in, and the wrong medical records are presented to the doctors and nurses. In the best of scenarios, this causes confusion and delay. In the worst-case situation, serious injury or death can result when the wrong medication is given or similar mix-ups occur. Such errors bring serious liability to the hospital, so their motivation is obvious for wanting a system that can potentially reduce human error, save time, and reduce liability.
But what about patients? Have they reacted well to the system, which has been in use for just over a week now?
Despite what one may at first think, patients have apparently taken to the system with very little pushback. The reason most cited is that elderly patients especially find it much easier than trying to read and fill out forms every time they arrive. Instead, one just presents a palm and is ready to go.
A handful of patients each day have refused to use the system, but according to NYU representatives the primary concern is not privacy but “radiation.” The system employs infrared light to do its scanning, not x-rays or other dangerous forms of radiation, so at least those concerns are unwarranted.
In press releases and interviews online, the representatives from NYU Langone insist the system is secure. And one can imagine few instances where an attacker, other than a malicious one intent on providing incorrect data to the system, would have a desire to access or manipulate the data. The palmprint alone is not sufficient to access any medical records. That still requires secure login by hospital staff. It is only a record locator at this point.
However, if the same technology is eventually employed by banks or credit card companies – possibly as a better alternative to ATM PIN codes – suddenly the data output by these systems will be much more valuable. We can only hope that hospitals, banks, and the companies who help them implement these systems use best practices for security and stick to multifactor authentication (e.g., something you have, and something you know) and secure communications. Even then – as recent incidents with hacked credit card terminals at Aldi, Michaels, and other national chains have proven – every complex system is only as secure as its weakest point. In this case, we may be reliant on hospitals to secure our data – something they have proven to not do well so far, with hospitals around the country guilty of losing patient records from clinical trials, epidemiology research studies, and various other programs.
The palm-scan technology has almost all the earmarks of a potentially mainstream technology. The systems are cheap to produce, reliable, and accurate. They save their buyers money by reducing complex mistakes or fraud. And hospital patients are – so far – seeing a direct benefit from the use of the system. One question now remains: If the biometric onslaught is finally about to begin, how will it affect our security? Only time will tell.
For now, we welcome the convenience of the new technology at the doctor’s office, but will remain skeptical of using it beyond that. We certainly don’t intend to give it up at the local grocery store to pay for the junk food that is going to send us to the hospital with a heart attack soon enough...
[Did you know that technology has become the single largest sector of the American economy? Even so, investing wisely in tech stocks isn’t easy. Put the expertise of Casey Research to work for you, with a risk-free, three-month trial subscription to Casey Extraordinary Technology. Details here.]
