Stanford business professor scrutinizes India’s epic biometric identification program
May 1, 2014
STANFORD, CALIF. — The cutting edge of biometric identification — using fingerprints or eye scans to confirm a person’s identity — isn’t at the FBI or the Department of Homeland Security. It’s in India.
India’s Aadhaar program, operated by the Unique Identification Authority of India (UIDAI) and created to confirm the identities of citizens who collect government benefits, has amassed fingerprint and iris data on 500 million people. It is the biggest biometric database in the world, twice as big as that of the FBI. It can verify one million identities per hour, each one taking about 30 seconds.
The program unnerves some privacy advocates with its Orwellian overtones, and the U.S.-based Electronic Frontier Foundation has criticized it as a threat to privacy.
But many developing countries see biometric identification (ID) as a potential solution for millions of citizens who don’t have any official and fraud-resistant ID. The Indian government distributes $40 billion a year in food rations, but fraud is rampant because most people lack proper ID. Analysts estimate that 40 percent of India’s food rations never reach the people they are intended to help. Indeed, a new study of initial results from India’s biometric program found that it both reduced corruption and was popular with beneficiaries.
India isn’t the only developing nation to explore biometric strategies. The Center for Global Development, a Washington-based think tank, reports that 70 nations have some sort of biometric program.
Now a Stanford business professor is proposing a way to make India’s program far more accurate. Lawrence Wein, a professor of management science, applies mathematical and statistical modeling to solve complex practical puzzles.
In health care, Wein has analyzed strategies to optimize food aid in Africa and to mitigate the toll of pandemic influenza. In homeland security, he has developed strategies that the U.S. government has adopted for responding to bioterrorist attacks involving smallpox, anthrax, and botulism.
Wein’s interest in biometrics started almost a decade ago, with his analysis of fingerprint strategies used by the Department of Homeland Security’s US-VISIT program for nonresidents entering the country. That analysis influenced the government’s decision to switch from a two-finger to a 10-finger identification system.
For Indian officials, the big practical challenge has been to make the program more accurate without getting bogged down when used by a billion people.
The system has to be accurate enough to spot all but about one in 10,000 imposters. But it shouldn’t be so foolproof that it falsely rejects large numbers of people who are who they claim to be. Nor should it take so long that people have to wait in long lines. If either of those things happened, few people would sign up. Participation in India’s program is voluntary, not mandatory.
India’s system is sophisticated. When a person first enrolls, scanners take image data for all 10 fingers and both irises. When people show up at a local office to receive a benefit, they get scanned again. That data is then sent to the central database, which compares it to the person’s original enrollment data.
But comparisons are complicated. One problem is that the scanning equipment where people first enroll is usually more expensive and sophisticated than the equipment at local government offices. That sets the stage for a lot of false rejections.
Making matters more difficult, fingerprints and even irises vary tremendously in how distinctive they are.
The tradeoff is between accuracy and speed. Comparing all 10 fingerprints, or both irises, is extremely accurate, but it takes about 107 seconds. That may sound lightning fast, but it isn’t for a system that is supposed to perform 1 million verifications an hour. To speed up the process, Indian officials originally compared only a person’s right thumbprint. But a single thumbprint — or any other individual fingerprint — may be too hazy to compare. Indian officials then latched on to the idea of picking a person’s best fingerprint — the one that provides the easiest match. Results were better, but not ideal.
Wein teamed up with two graduate researchers, Apaar Sadhwani and Yan Yang, to derive and test sophisticated algorithms based on the Indian biometric data. Wein didn’t charge for his work, but he thought that it might have ramifications for many other governments, as well as for commercial companies. Indeed, banks in India are already developing their own applications for the Aadhaar system.
The researchers’ solution, which Indian officials are studying at the highest levels, is to focus on a particular subset of each person’s fingerprints and eye scans that are the easiest to compare to those originally scanned. The combination of fingerprints and iris data will vary from person to person. For some people, it could be just the right index finger. For others, it could be an index finger and a thumb. Or, it could be the irises, or a combination of fingerprints and irises.
For many people, as it turned out, an easy check of only one or two fingerprints is enough for an accurate identity confirmation. For about 37 percent of people, it’s necessary to compare just the irises. And for a very small number of people, it’s necessary to compare both irises and some fingerprints.
By spending a small amount of time on most people, and more time on a minority of others, the researchers found they could keep the average verification time to just 37 seconds. That’s a bit longer than it takes to just compare one finger, but the rate of false rejections is about 200,000 times lower.
Wein doesn’t expect the United States to replicate the Indian approach. Americans are already suspicious about government surveillance, and most Americans already carry drivers’ licenses and other photo identification that are fairly hard to forge. But for low-income countries, he says, biometrics may have a big future.
The paper, “Analyzing Personalized Policies for Online Biometric Verification,” was published by PLOS ONE on May 1, 2014.
