"Let me paint an image for you," says Ted Dunstone, CEO of Australian biometrics integrator and consultancy Biometix. "It is a world where there aren't any keys to lose, or passports to check. A world where you interact seamlessly with technology, where personalisation is ubiquitous and devices recognise who you are in order to make life more convenient.

"Imagine a world where your stereo and TV know who you are," his eyes sparkle and his arms glide outwards, gently emphasising the fluidity of his vision.

Far from the ominous and omnipresent big brother so often associated with biometrics, Dunstone believes personal-identification technologies will ultimately lead to a freer and fairer society for all.

"As long as it is implemented properly," he cautions.

Realms of possibilities

There is a certain amount of mystique associated with the biometrics industry, and as a result, an awful lot of confusion as to its capabilities.

In the wake of the World Trade Centre attacks in the US, biometrics vendors world-wide have been caught making all sorts of promises regarding the efficacy of their particular solutions, however many within the industry are more guarded.

As an evangelist of the overall benefits of biometrics technology, and CEO of the Biometrics Institute, Clive Summerfield is concerned unqualified claims could do more harm to the industry than good.

"We have seen some US vendors come out and say that if their technology was being used in airports the tragedy could have been prevented," he says. "However, all indications are that Mohamed Atta and the rest of them had not been identified as terrorists in the past so there is no reason why they would have been stopped. Biometrics is about establishing people's identity, not reading people's minds."

Founded in July 2001, the Biometrics Institute aims to provide independent advice to users of biometric technology, as well as liaise with the community about possible privacy concerns over the implementation of the technology.

Summerfield points out that without an industry body, end users would have to rely on the advice provided by biometrics vendors.

"It is important to have an independent group able to advise in the use and implementation of the different technologies," he said.

While fingerprint technology is by far the most widely used form of biometric identification, there has also been a passing interest in hand geometry and retinal scans.

As architecture director of security with Unisys, Ajoy Ghosh is focussing on proven technologies, and finding new ways to integrate them into security and identification requirements.

"We are mostly working on areas of identity verification, making sure people are who they say they are," explains Ghosh. "Using fingerprints to check electoral rolls and so forth."

Ghosh also says that since September 11 there has been an increase in the integration of fingerprint technology into identity cards, such as the Malaysia Card and similar projects in Colombia.

"Some governments are able to simply implement these types of systems, things that would be very difficult in Australia," Ghosh said.

An increase in concern for state security has even seen governments traditionally curtailed, for fear of a voter back-lash, openly suggest national identity cards.

September 11 has also added impetus to ,iris-scanning technology, which had already been gaining increased interest as improvements to the technology brought prices down.

According to John Grimes, director of business management for Iris Australia iris scanning is growing in popularity due to its non-invasive nature and accuracy.

"Globally we are looking at a series of cases where databases are being compiled based on voluntary enrollments, especially in the areas of travel and immigration," Grimes said. "The technology has never had an instance of a false accept, and the participant is aware they are being scanned and is actively involved in the process."

Multimodal biometrics is also carving out a niche in areas where secure access is paramount.

Rather than relying on one mode of biometric verification Nick Janic, General manager at BioData InfoSecurity explains that an interaction of several metrics provides a highly secure, and flexible system for identity verification.

While the multimodal biometric system BioData offers is available as a software development kit, Janic says its uses are essentially created for identity verification for security purposes rather than surveillance.

"The system is based on a combination of voice recognition, lip pattern and face recognition," Janic explains. "You could link the information which identifies each individual back to a database of information, but to use the system they must be willing participants in the whole process. It is more use as access control, either in terms of physical access, or in terms of who has and hasn't accessed certain information within a company. "

Also on the horizon are DNA-based recognition, ear shape, keystroke patterns, personal signature, vein pattern and voice recognition. In many cases the technology exists to measure or record the specific biological signatures, but the commercial applications of these measurements remain to be seen.

Further out in the ether, methods for recognising body odour and capturing gait patterns also loom large, however few are taking these as serious options at this stage.

However, one of the most contentious technologies is face recognition, with critics describing the technology as unreliable and its implementation--in terms of surveillance--as unethical.

Facing up to reality

Despite his particularly critical stance, Clarke says he is not against the technology per se, but is simply concerned with its implementation.

"Biometrics is an enormously dangerous use of technologies," Clarke says. "We are playing with dynamite and we haven't worked it out yet."

Clarke's principal concerns surround the privacy and efficacy of different biometric techniques.

"If you want to look at somebody's iris, you have to slow them down enough to actually scan their eyes. It requires their participation to a certain extent," Clarke says. "What is absurd is to expect a similar result from a camera perched above a crowd of people, and then respond to people in certain ways."

At the other end of the scale sits Spiros Kalotihos, chairman of Melbourne-based business group Aid and Abet. A proponent of biometric surveillance, Kalotihos caused a privacy furore over a series of databases he compiled on business and 'suspicious characters'.

"To the business community, biometrics will be about as valuable as tits on a bull on unless you can link the individual you are identifying to some kind of history," Kalotihos said. "At the end of the day if you can't attach the images to some kind of database of information it is just going to end up as a gimmick for retailers--a fridge who knows who you are."

Aside from a few high profile roll-outs in places like Crown Casino in Melbourne, industry pundits say face recognition technology is fairly wide spread.

"Facial-recognition technology can be very effective as long as it is implemented appropriately," explains BiometixCEO Ted Dunstone, who began his career by completing a PhD in the facial-recognition arena. "If you have someone sitting directly in front of the scanner in a situation where the lighting can be controlled then you have a fairly good chance of success."

However, when it comes to crowd surveillance, Dunstone says that it is absurd to place too much faith in the technology alone.

"When you are looking at a place like a shopping centre or a casino you really need to have people working in conjunction with the technology," Dunstone says. "The software might come up with a series of possible matches, and a person needs to decide if they are correct or not."

The extent to which this is any kind of improvement on traditional methods of surveillance, which depend on security staff scanning shopping centre crowds for suspicious characters, is essentially yet to be proven.

"The whole point of biometrics is that it works well as long as it is implemented appropriately," Dunstone explains. "You have to match each biometric to an appropriate niche application."

Leaks in the back-end?

"Firstly we are looking at cost, but not just in terms of straight dollars, rather in terms of cost-benefit to users, then accuracy. It is important to have accurate advice on error rates, and how these can be minimised via appropriate deployment," Summerfield explains. "And the third is use-acceptance, if people don't feel comfortable using their biological signatures there will be no point in investing in the technology."

At this stage, Summerfield is primarily concerned with providing potential biometrics users with reliable information regarding the nature of the technology they are applying.

On March 20, 2002, the group is holding a conference covering the technological and social repercussions of biometric advancements in Australia. Speakers range from Malcolm Crompton, federal privacy commissioner, to CSIRO's chief-science assistant.

Summerfield is keen to see open debate in the area, admitting that the industry is walking a fine line in terms of public acceptance.

"There are a couple of issues in terms of privacy. One is the extent to which biometrics will enable government and organisations to gather and cross-reference information any more successfully using biometrics," Summerfield says. "The other is the importance of the way the technology is integrated."

Conceding that it will only take one breach of security to discredit the entire industry, Summerfield is emphasising the technological integrity of a biometrics-based security solution.

"There are big compliance issues," Summerfield says. "This is why the industry needs to get together to discuss standards, especially in terms of backend integration."

As e-solutions manager at Siemens business services, Reg Smyth is also aware of the need to secure the back-end.

"A lot of government-to-consumer or business-to-consumer interactions will become easier if you can securely identify the person at the other end," Smyth says. "However, you have to be committed to a certain level of accuracy, and security of the information while it is in transit."

Similarly, Stuart Suarez, webmaster of industry watch Web site Biometric Security believes back-end encryption is as important as the effectiveness of the front-end scanner.

"Encryption is as important in biometrics as it is in any other field," Suarez says. "A lot of vendors are getting around it by securing the algorithms and not telling anyone how the encryption operates, they make the whole thing proprietary.

Suarez points out that problems arise when the technology isn't specifically developed with this level of security in mind.

Summerfield believes these issues further underline the need for industry groups to unite.

"It is in no one's interests to see the industry fail," Summerfield says. "That is why it is important to get in early and work with industry, government, and users. Australia has a unique opportunity to be an world leader both in terms of the technology and the way in which it is implemented, but that is not going to happen unless these groups come together and share information."

Bertillonage in-disguise?

Way back in 1879, a French police clerk by the name of Alphonse Bertillon suggested that individual homo sapiens could be precisely identified through carefully gathered measurements of different parts of the body.

Using an impressive array of calliper-compasses the Bertillonage systems recorded height, arm span, cranial diameter, forehead tilt, as well as the length of the right ear, left foot, left forearm and selected fingers. It also called for an examination of the size and shape of his nose, and a thorough recording of any skin blemishes or scars.

Such dimensions and descriptions were duly noted and filed away with information regarding the individual's past misdemeanours.

Eventually the procedure was cutdown to a simple mug shot, with a quick physical description alongside a set of fingerprints.

Fingerprints satisfy what Dunstone describes as the two main features required for a biometric to be useful for identification purposes: stability and distinctiveness.

"You can take biometric measurements from just about any part of the body, but to be a reliable form of identification it must be stable over time and differ between individuals," Dunstone said.

One of the first countries to adopt and refine the system was Argentina. Police administrative officer Juan Vucetich widely implemented and evangelised the practice of keeping records of fingerprints. By 1892, Francisca Rojas became the first person to be convicted of murder based on fingerprint evidence gathered at the scene of the crime.

However, fingerprint-based identification was quickly becoming a victim of its own success. When the Mona Lisa went missing in 1911, fingerprint-identification implicated Vicenzo Perrigia. The tell-tail thumbprint he left on the glass of the famous painting was, however, of no use in locating him, due to the chaotic filing system French authorities had been using since they began collecting prints almost 20 years before.

As security agencies around the world began implementing mandatory fingerprinting of convicted criminals, these databases swelled to mass proportions. By 1956 the FBI had 141 million prints on file, and the race was on to provide accurate searching and storage facilities via the emerging field of computing.

Two decades later the Argentine police were using a system called Digicom, to track down so-called dissidents in the streets of Buenos Aires. Combining digital processing, with radio technology the system scanned in fingerprints and relayed the information from the police cars back to a central database.

"They would stop you in the street and ask for your national identity card," explains Oscar Lima, an Argentine who emigrated to Australia in the 90's. "The card had your photo on the front, and a complete set of fingerprints on the back. You would have to wait while the fingerprints were scanned into the machine and relayed back to the base."

The Digicom system enabled the Videla government to keep tabs on Argentina's population, thirty thousand of which "disappeared" between 1976 and 1981.

Across the world, biometric information--gathered since Bertillonage systems came into broader use at the turn of the century--was being digitalised, stored and accessed via computers. The results of its implementation, however, were based largely on the governmental agenda behind them.

By 1985, Australia finally caught up with advances in the rest of the world and began to digitalise its fingerprint databases.

Superintendent Alan Snow, who has since retired, was charged with overseeing the implementation of a system developed by Rockwell Automation, but integrated by NEC.

"We had to make the choice between a system that basically counted the ridges of each finger print and converted it into some kind of number, and one which compared the images, so we went with the latter," Snow explained. "We collected the fingerprints as we always had, then put them through the scanner."

The system took a group of Japanese technicians about 12 months to implement, and radically reduced the amount of work required to cross-check fingerprints with those on the databases.

While the nature of the data gathered has changed significantly, and the power to access databases has improved along with technological advances, the core idea is the same.

Biometrics was born of Bertillon's attempts to compile specific and unique physical measurements, and use these to identify individuals and track their activities.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.