A Wrinkle For Biometric Systems: Irises Change Over Time 59
scibri writes "The iris scanners that are used to police immigration in some countries, like the UK, are based on the premise that your irises don't change over your lifetime. But it seems that assumption is wrong. Researchers from the University of Notre Dame have found that irises do indeed change over time, enough so that the failure rate jumps by 153% over three years. While that means a rise from just 1 in 2 million to 2.5 in two million, imagine how that will affect a system like India's — which already has 200 million people enrolled — over 10 years."
uh.... (Score:3)
if you were fucking over 0.0000005 of your population already to no significant protest, why would anyone care if you are now fucking over 0.00000125 of your population?
any statistical system should serve only as a first alert; and any positive found thereby should be carefully evaluated by more thorough and human measures.
Re: (Score:3)
FTFA:
“So although you might not really notice the problem after one year or two years, after five or ten years it can become a huge problem,” he explains.
This area definitively warrants further research - if nothing else, it could mean that Iris scans will have to be re-done every 5-10 years (a bit like passport renewals). Depending on the specifics of the cumulative degradation (i.e. how exponential the effect is), you could be looking at a 2,000,000% failure rate increase in 11 years.
Re:uh.... (Score:5, Interesting)
I think they could have a much larger problem. Since a diabetics eyes can change drastically in a 2-3 month period, and depending on who's data you're using. You're looking at anywhere between 3% and as high as 25% of the average population having a problem with this system.
Re:uh.... (Score:4, Interesting)
Re: (Score:3)
I think they could have a much larger problem. Since a diabetics eyes can change drastically in a 2-3 month period, and depending on who's data you're using. You're looking at anywhere between 3% and as high as 25% of the average population having a problem with this system.
Pish!
Easy to solve for a government drone. Just make it illegal/against regulations to change your irises. No more high error rates or re-testing/registering, and a significant rise in arrest/detention stats!
A win-win for security theater!
Strat
Re:uh.... (Score:4, Insightful)
Re: (Score:2)
okay, but that is a problem regardless of whether the system works, right? if anything, it's more of a problem if the system works.
Re: (Score:1)
Re: (Score:2)
Except people didn't think of this as simply a statistical system. It is thought of as a unique identifier.
"Hey, we can build equipment to compare photos of people's irises. We can tell everyone that this is reliable and irises never change. They'll believe us, because who would both with a literature search to see if any research has been done or that it's true. It has worked for over a century with fingerprints, even though the textbooks contain lists of all the known problems they have, plus examples of fingerprints that aren't at all unique. So they'll accept the same uniqueness claims for iris patterns
Re: (Score:2)
People who literally don't exist shouldn't be getting welfare. When they do, it's called fraud.
I literally believe you don't know what "literally" means.
So update the scan with renewal (Score:2)
You already have to update passport and drivers license photos ever few years why would it be difficult to update the iris scan to increase accuracy?
Re: (Score:3)
For the simple reason that many people might find that sort of thing stinks of Big Brother. People are used to official photographs now but generally find other forms of identification such as fingerprinting to be too associated with law enforcement to be acceptable. The appeal of Iris scans would be to do them when children are born and can't protest, meanwhile the parents are probably too overjoyed and tired to protest either.
Also I suspect the authorities don't like biometrics which change because they l
Re:So update the scan with renewal (Score:4, Insightful)
And yet iris and retena scans are FAR more privacy friendly than fingerprints or DNA.
We don't go around leaving our eye prints all over the place. And it is far more difficult to obtain them clandestinely.
Re: (Score:1)
Re: (Score:2)
Sorry, that is not going to happen. Physics won't let it. You might be able to get a partial *iris* scan from a distance, but not a retinal scan.
Re: (Score:2)
I am going to guess that just about everything in the human body changes over time.... even DNA (slightly).
Re: (Score:1)
Fingerprints themselves are horribly flawed even though they're accepted as a means of identification. Theoretically they're pretty good, but in practice they're somewhat less good as you're not typically dealing with a small number of features being matched out of the entire print. What's more because there's a finite area and a minimum size of the features there will be duplicates from time to time.
Re: (Score:2)
Re: (Score:2)
how do you force the guy in somalia to renew before he tries to immigrate again?
Re: (Score:2)
Non sequitur. Just because the iris changes doesn't say it tells you something about your health status. The planets indeed move, does that validate astrology?
Re: (Score:2)
Error margin still well within limits (Score:4, Insightful)
One in a million instead of one in two millions. I guess it would still not overload the average office clerk to double check that many people. Yes, it would be a nuisance, but a minor one.
Don't get me wrong, I'm not really a fan of biometrics, but I guess we'd have to come up with a better reason than one of statistical insignificance. Likewise you could say inoculations are bad because one in a million develops a rash so let's toss it altogether.
The only thing that I can take from this is that officials should be informed that a negative on a biometric scan is NOT necessarily a proof that the person is not who he claims to be.
Error is not 1 in a million (Score:4, Interesting)
The tolerance is already set so loose that it only fails to approve the person 1 in 1 million times. It isn't the error rate, it's a reflection of the *wide* error tolerances set.
They did the same trick with the facial scanners, they rejected too many people when trialed at UK airports, so they 'recalibrated' them until they rejected only an acceptable number of people. Where 'recalibrate' is really just increasing the error margin till the reject rate is low enough that the last labour government can justify the purchase price.
Here they've set the iris scanner to only reject 1 in a million, and now it has to be set 3 times looser to reject 1/3rd of 1 in a million in order to keep the reject rate low enough so that it will still be that low after 3 years.
Oh, and one little side effect of these biometrics is that now have to get our passports updated every 5 years instead of 10, making any cost saving at the expense of the passport holder.
Re: (Score:3)
One in a million instead of one in two millions. I guess it would still not overload the average office clerk to double check that many people. Yes, it would be a nuisance, but a minor one...officials should be informed that a negative on a biometric scan is NOT necessarily a proof that the person is not who he claims to be.
Unfortunately, the number of times this will happen legitimately is still low enough when it it happens, the person who's iris has changed will automatically be assumed to be a scammer
Ever heard of a database? (Score:3)
Why not simply use a database to store the scan, and to compare the current scan, and replace with the current scan if it is considered a match? Then the issue is gone. Replaced by other IT issues, I suppose. But still...
Re: (Score:2)
Get an animation program to create all the necessary in-between frames between your target victim and your target final fake iris (which should not be the same as the one in your eye unless you want to get caught easily).
Re: (Score:2)
If it matches me, it's me, no? So, all of them?
Re: (Score:2)
So all of them means you need to secure all of the scanners to prevent your database from getting falsified data.
No problem (Score:2)
Just make sure you stop at all the checkpoints frequently enough that we can keep our records up to date.
Re: (Score:2)
they wouldn't let me through the checkpoint at the checkpoint
Adaptive (Score:3)
Unless you are going 6 months without being scanned, and assuming these changes are fairly linearly progressive and not abrupt, it wouldn't be hard to just update the database with the changes based on an allowed variation over time if multiple scanners are registering a change.
If there is anything wrong with biometric scanning it isn't this.
There you go again. (Score:1)
The usual assumption is that "biometrics" do not change and that they will accurately and precisely uniquely identify an individual for as long as s/he lives, and beyond. Think about that for a minute. Then consider that this assumption is only now starting to be challenged with those who assumed they could rely on it, while lots of governments the world over are busily taking biometrics from anyone with suitable biometrics to take. The US and its border "controls" are a good example, but so are, well, Indi
Iris scanning is NOT used to police immigration (Score:4, Informative)
Re: (Score:1)
True, but it still took less time than the hour I spent in the queue at Gatwick yesterday or the TWO FUCKING HOURS in a queue at Heathrow last month. Efficiency is not something the British do, at all.
As a legal tax-paying (highest tax-bracket) resident (with "no recourse to public funds" I might add - despite the outright lies the Mail and the Sun print) I used to be eligible for IRIS, now I cannot use it and have to join the non-UK or EU queue instead, even though I have a big UK Resident chevron embossed
The fact that irises change... (Score:1)
...has been known for centuries. Biometric do not work like stupid politicians want it work.
sigh (Score:2)
But still: does the detected error rate increas matter?
We do not *identify* people via the iris scan, or do we?
If we just match a person to his/her's passport the error rate is insignificant.
Retina (Score:2)
Retina scans probably suffer from less changes and would be a better choice.
As for privacy: Retena scans are FAR more privacy friendly than fingerprints or DNA. We don't go around leaving our eye prints all over the place. And it is far more difficult to obtain them clandestinely.
Already solved (Score:1)
The company I work for uses biometric security. The readers we use know that biometrics change over time and automatically update their databases every time you use the system (using some secret time weighted algorithm) .
You can set a threshold for the change/deviation/etc (in some people it changes more often than others). Our system only uses biometrics for authentication, not identification (that is, the biometrics confirm your ID, the biometrics are NOT your ID).
Duh (Score:2)
No kidding. Our bodies change over time, who would have ever thought?
Even our very DNA can change due to radiation..
company rules. (Score:2)
Guess our bodies are just complying with the company rules to periodically change our passwords.
Everything changes (Score:2)
Face changes; A picture taken over 10 years ago is significantly different that mine today.
Fingerprints change; scars, acids, growth all cause fingerprints to change significantly.
Signature; My signature is rarely the same twice.
I just love it when a sensationalistics statistic is used. The article states a 153% increase in failure rate. How about you look at the pass rate; it would decrease from 99.99995% to 99.999875. That is a decrease of 0.000075%. That change is pretty insugnificant.
sensation brings money? (Score:2)
Sensational statistics, bring more cash in the drawer; how else are they going to adapt all these machines for their 0.000075% off-tolerance ? :)