A wide range of biometric solutions are being used to develop national identification systems around the world. The systems work by storing individuals’ personally identifiable information (PII), such as fingerprints, facial patterns, iris scans or other unique features.
A reported 3.6 billion people worldwide will carry digital IDs with embedded biometrics by 2021. Even though biometrics offer notable security advantages, they do come with risks. The following Deep Dive examines the potential use cases for biometrics in national identification systems and the security pitfalls they could encounter.
Digitizing government services
Several markets are beginning to deploy or have already introduced biometrics to their national identification systems for a wide range of purposes. India began experimenting with the technology 10 years ago when it launched its national ID system, the Aadhaar program. The program issues citizens a unique, 12-digit identification number that stores their biometric and demographic data, including photographs, fingerprints and iris scans. Residents can use these IDs to conduct different types of government business, including filing taxes or accessing pensions.
More than 90 percent of India’s population is currently enrolled in the Aadhaar program, making it one of the world’s largest biometric ID systems. The program is largely seen as a success because it is helping India’s citizens, especially those with lower incomes, access government benefits and more easily participate in the digital economy.
South Africa has been in the biometric ID game for a while now, as well. The country’s Department of Home Affairs (DHA) launched a national identity card in 2013 that includes fingerprint authentication on top of a standard PIN. The card relies on embedded processors to store citizens’ data, which includes fingerprints and photos. South Africans can use the cards to access government services, including transportation, health and social benefits.
The U.S. government is also exploring biometric-based security through the Department of Defense, which uses a system called the Common Access Code (CAC). CAC utilizes microprocessors and public key infrastructure (PKI) certificates that enable code holders to digitally sign documents with PINs. The Pentagon is also testing the behavioral biometrics’ potential for authenticating those who use its computer network.
Giving travel documents a biometric boost
Other biometric solutions are improving the travel industry, making it easier for tourists to reach destinations and for security officials to authenticate visitors. The Maldivian government launched a biometric, electronic passport in 2016 to help its immigration agencies deliver secure and efficient border security operations. The passports, which contain polycarbonate data pages with laser engraved photos, can be validated automatically with eGate services installed at local airports. The eGates also verify passengers’ boarding passes, fingerprints and facial biometrics. Additionally, immigration officials are not required to stamp the ePassports.
Biometrics aren’t just finding their way into passports. The Land Transport Office in the Philippines launched biometric driver’s licenses in 2017, and they include 32 different security features and fingerprint biometrics. The first of the new cards were issued in the Manila area three months ago, prior to the nationwide rollout. The country is now issuing as many as 500,000 licenses per month.
The European Commission is also looking at biometric IDs. The commission last year proposed making biometrics — specifically fingerprints and facial recognition — mandatory for European Union (EU) member states’ national ID cards. Because EU citizens can travel freely between different member states’ borders, the organization believes their IDs should match the same security measures present in international travel documents.
It might not be long before U.S. drivers ditch their physical licenses for digital options. Colorado, Idaho, Maryland, Wyoming and Washington, D.C., are piloting digital driver’s licenses. Pilot participants are given digital licenses that exists in their smartphones and contain the same information as physical ones, with the addition of PINs or fingerprint biometrics that are linked to the DMVs’ databases. These added security measures make it difficult to complete fraudulent transactions with them.
Keeping biometrics safe
Biometrics may be seeing increased usage, but they still come with security risks. The U.S. Office of Personnel Management suffered a breach in 2015 that resulted in the theft of 5.6 million fingerprint records. Nine million Israelis had their private information hacked four years earlier, resulting in the release of data about birth parents, adoption records and other sensitive health information.
Exposing biometric data is significant because, unlike passwords, people’s fingerprints, facial features and iris data cannot be changed. This means that any collected biometric data must be carefully guarded. It can be stored locally, rather than in a central database, which would make it easier to compare it with data stored in official documents or on devices’ applications.
While biometrics are being more widely adopted around the world, their data must be kept secure to remain effective. Attention to security will go a long way toward helping governments worldwide make biometric identification systems a reality.