SPEAKERS CONTENTS INSERTS
Page 1 TOP OF DOC
BIOMETRICS AND THE FUTURE OF MONEY
WEDNESDAY, MAY 20, 1998
U.S. House of Representatives,
Subcommittee on Domestic and International Monetary Policy,
Committee on Banking and Financial Services,
Washington, DC.
The subcommittee met, pursuant to call, at 10:00 a.m., in room 2128, Rayburn House Office Building, Hon. Michael N. Castle, [chairman of the subcommittee], presiding.
Present: Chairman Castle; Representatives Metcalf, Weldon, Waters, Jackson, and Lee.
Chairman CASTLE. Good morning. The hearing will come to order. Let me just first express my appreciation to the witnesses in both the first and the second panel. We know that some of you have come from far away. We know that all of you have disrupted your schedules to be here. We greatly appreciate you being here. We will try to get to you as soon as possible.
I am going to make a brief opening statement. If any Member here wishes to say anything, they certainly may at that point, and then we will proceed with our hearing. Dr. Weldon will introduce our young student here in a few minutes as well. Ed Pease, by the way, could not be here. He was going to be here to introduce you, Ms. Koehler. He has to be present at the Judiciary Committee so he could not be here. He wanted me to send his apologies to you.
Page 2 PREV PAGE TOP OF DOC
Today we are going to learn about a family of new technologies that may soon change the way we live and do business in a multitude of small but profound ways. We will have a lot of audience involvement today, as you can see. We are going to start right now. To illustrate, I would like to ask your indulgence for a little bit of this audience participation. Take a moment in your minds and add up all the passwords, PIN numbers, account numbers, voice mail access numbers and other security codes you have to deal with in your daily life. I would like to see a show of hands of those who have five or less. This is everybody, anybody here in this room. I would like to see a show of hands of those who have five or less of these to keep track of. Not too many. I see one hand out there. How many have five to ten? We are getting upward of maybe 40 or 50 percent. How many poor souls have more than ten to manage? I think I am in that category. That is clearly in excess of 50 percent.
How many of you would cheerfully trade in all of these multi-digit codes if you could use one unique secure personal identifier for every purpose, one that was always at hand and could not be stolen, lost, forgotten or duplicated? Raise your hand if you are in that category. Again it gets up to about 100 percent in this case. I felt that would be the answer, or I would have never asked the question or we wouldn't have had the hearing perhaps.
Trying to come up with that all-purpose or at least multi-purpose personal identifier is what the art and science of biometrics is all about. A broad variety of physical characteristics currently are being tested to determine the potential accuracy and ultimate consumer acceptance of their biometric measurement as personal identification standards.
In the second panel, we will be introduced to a representative selection of these emerging technologies. While a definitive review of all the potential biometrics is impractical due to time constraints, in this hearing we will sample the following: Facial recognition, a variety of finger imaging, iris scans, voice recognition and signature dynamics.
Page 3 PREV PAGE TOP OF DOC
As a subcommittee, we are primarily interested in the application of these technologies to banking and financial transactions as well as the protection of individual data from identity theft and other forms of fraud. We have already been prepared by Hollywood films and sci-fi novelists to understand that biometric technology has potential applications that extend well beyond these areas to securing secret intelligence, protecting strategic commercial data and law enforcement.
There will be two panels of witnesses today. The first will provide a context of biometric identification applications and includes the chairman of the President's National Biometric Consortium; a middle school student from Merritt Island, Florida, who will share the results of her very interesting science fair project; the Director of the National Biometric Test Center at San Jose State; an attorney expert in this emerging field; and the Vice President of the Purdue University Employees Federal Credit Union where biometric applications have already been installed and used for a number of months.
On the second panel, we will have representatives from seven companies that already are actively marketing their technology. To the extent that time and physical space constraints permit, they will each demonstrate a device or technique for biometric identification. With respect to the demonstrations, we can do some of these afterwards but it is probably preferable, if possible, for those who have them if we could do them while you are testifying.
We would like to keep the testimony to five minutes. We won't electrocute you or anything if the red light goes on, so you may get an extra minute or two, but we have two panels. The second one is fairly large. We hope everybody can try to work within the time constraints. If your demonstration would take longer or you want to do a more involved demonstration, we can certainly do that after the fact. Basically we are going to hear from the other Members of Congress who are here now, and then we will hear from each of the witnesses, and then we as Members will ask questions of each panel in turn and hopefully we will not have any votes to intervene, because that really messes things up. But we don't control the House of Representatives in this small subcommittee. We will just have to take our chances with respect to that and hopefully it will move along in a continuous fashion so that we can get the most out of it.
Page 4 PREV PAGE TOP OF DOC
With that, let me turn to Congresswoman Lee to see if she wishes to say anything.
Ms. LEE. Yes. Thank you, Mr. Chairman. First, let me just say I am very delighted to serve with you on this subcommittee and look forward to learning a great deal from each and every one of you today. This whole issue of biometrics is, I think, very important and it is very critical that we look at it from the point of view of making sure that we have standards that cover biometrics, but also ensure that the privacy issues are addressed.
I just look forward to hearing from you today. I will probably ask a couple of questions about biometrics after that. Thank you very much for giving me the opportunity to appear.
Chairman CASTLE. Thank you very much. It is a pleasure to have you on the subcommittee, I might add, as well. Dr. Weldon will be introducing one of our witnesses, but he may wish to make an opening statement and/or do his introduction now, whichever, or both.
Dr. WELDON. Why don't I just take care of both of those.
Chairman CASTLE. That is fine.
Dr. WELDON. First let me thank you, Mr. Chairman, for calling this very important hearing on a topic whose time I think has arrived. I think you demonstrated that very clearly when you asked the questions that you did. I know that I personally struggle with all the PIN numbers that I have to remember. I always enjoy when a company will allow me to select my number because I usually try to select a number I am already using somewhere else. To have a world where we can get away from all those things would be wonderful.
Page 5 PREV PAGE TOP OF DOC
I also want to take this opportunity to introduce Shanin Leeming, who is a very enterprising and very bright young lady, 14 years old. She attends Divine Mercy Catholic School in Merritt Island, Florida, which is in my congressional district. In her testimony, she is going to reveal some very interesting information that I believe has some very direct bearing on the issues that we are dealing with here in this hearing. I think first of all it is a real treat to have her here and to see a young lady from my district here. As well, I think her testimony is very pertinent and will be very helpful to us as we move in the direction of trying to establish policies in this arena.
Thank you, Mr. Chairman.
Chairman CASTLE. Thank you, Dr. Weldon. We appreciate your being here, too. I understand the light system is not working. So we eliminate the electrocution factor in this after all. We have cards up here. This will be displayed, I guess after four minutes they will show one, after five minutes they will show this one. You don't necessarily have to stop. If I really think we need to get to this, I will start to rattle this a little bit and you will get the idea to start to wind it up.
Basically we are just going to go through each and every one of you. We do have five witnesses. We will be starting in a moment with Mr. Jeffrey Dunn, Chairman of the Biometric Consortium. Of course Shanin Leeming has already been introduced. She will be second. Dr. Wayman will be third. He is the Director of the U.S. National Biometric Test Center at San Jose State University. John Woodward is the lawyer to whom I referred earlier who specializes in biometric issues. The practice of law is becoming very specialized in this day and age. Gail Koehler is the Vice President of Information Services at the Purdue Employees Federal Credit Union. I mentioned the university because we have Perdue chicken plants in Delaware. I like to make sure people understand the difference between them.
Page 6 PREV PAGE TOP OF DOC
With that, let us turn to Mr. Dunn for his testimony.
STATEMENT OF JEFFREY S. DUNN, CHAIRMAN, BIOMETRIC CONSORTIUM
Mr. DUNN. Good morning. Mr. Chairman and Members of the subcommittee, I would like to thank you for the opportunity to speak today about biometric technology. I believe this subcommittee's interest in biometric technology is very timely. The information age is quickly changing the way many transactions are completed. Every day more and more actions are being handled electronically instead of face to face. This increase in electronic transactions has created a greater demand for automated authentication. Biometric technology is one means to achieve fast, user-friendly authentication with a high level of accuracy.
Today, I would like to discuss some of the terminology used by the biometric community, highlight some of the benefits of biometrics for authentication and give some examples of the emerging applications. I would also like to explain how the biometric consortium is bringing together technologists from Government and industry.
Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristic. Examples of human traits used for biometric recognition include fingerprints, speech, face, retina, iris, handwritten signature, hand geometry and wrist veins. During enrollment, a sample of the biometric trait is taken, processed by a computer and stored for later comparison. Biometric recognition can be used in identification mode, where the biometric system identifies a person from the entire enrolled population by searching a database for a match. For example, an entire database can be searched to verify a person has not applied for entitlement benefits under two different names. This is sometimes called one-to-many matching. A system also can be used in verification mode, where the biometric system authenticates a person's claimed identity from their previously enrolled pattern. This is also called one-to-one matching.
Page 7 PREV PAGE TOP OF DOC
No biometric system today is flawless. All have some errors where the wrong person matches or where the right person fails to match. The better biometric systems have low equal error rates of less than 1 percent. This should be compared to the error rates in the current methods of authentication, such as passwords, photo IDs, handwritten signatures and so forth. Often we forget how many errors can occur in these types of systems.
Using biometrics for identifying human beings offers some unique advantages. Only biometrics can identify you as you. Tokens, such as smart cards, magnetic stripe cards, photo ID cards, physical keys and so forth can be lost, stolen, duplicated or left at home. Passwords can be forgotten, shared or observed. Handwritten signatures can be forged. Biometrics hold the promise of fast, accurate, more reliable and less expensive authentication for a variety of applications.
There is no one perfect biometric that fits all needs. All biometric systems have their own advantages and disadvantages. There are, however, some common characteristics needed to make biometric systems usable. First, the biometric must be based upon a distinguishable trait. For example, for nearly a century law enforcement has used fingerprints to identify people. There is a great deal of scientific data supporting the idea that no two fingerprints are alike. Some newer biometric methods may be just as accurate but will require more research to establish their uniqueness.
There are many examples of biometrics being used or considered in Government and commercial projects. I would like to mention a few specific examples.
Page 8 PREV PAGE TOP OF DOC
At Fort Sill, Oklahoma, basic training inductees are issued a stored value card protected by fingerprint recognition. The disbursing office can enroll a user and issue the card in about 45 seconds. The card may be used at over 30 locations such as the PX, military clothing sales, barbershop and so forth. Over 18,000 trainees have participated so far.
The Defense Manpower Data Center saved $8 million in a pilot program with 25,000 military retirees living in overseas locations. The suspicion that benefits were still being collected on deceased retirees was confirmed when many failed to appear to enroll their fingerprints in the new identification system. DMDC is now collecting live scan fingerprints on new military ID cards to prepare for a full-scale system.
The Immigration and Naturalization Service is one of the most prolific users of biometrics in the Federal Government right now. Over 85,000 frequent international travelers have enrolled in a program that allows participants to bypass long lines at busy airports by using an automated kiosk with a hand geometry recognition system. At remote ports along the Canadian border, a speaker verification system is used to allow border crossings after hours when the post is not staffed. Both face recognition and speaker recognition are being tested in a pilot program that allows participants to use a dedicated commuter lane at the port of entry near San Diego. Participants in this program average a minute delay compared to the two-hour delays that are common during peak hours.
The Federal Bureau of Investigation and other Federal, State and local law enforcement agencies are using Automated Fingerprint Identification Systems, or AFIS systems. These large-scale computer systems convert the rolled ink, ten-print cards traditionally used by law enforcement into digital images for computerized storage and retrieval.
Page 9 PREV PAGE TOP OF DOC
The U.S. Navy conducted a test in the Pacific area with smart cards. One part of the test was to use a smart card with a fingerprint recognition biometric for access to ordnance storage areas.
For vehicle access to controlled areas at Chicago's O'Hare International Airport, the Federal Aviation Administration is starting a test program using fingerprint recognition with truck drivers.
One of the most dramatic uses of biometrics in terms of cost savings has been in State entitlement programs. The New York Department of Social Services requires fingerprint recognition enrollment for applicants to entitlement programs. This ensures that someone enrolling multiple times under different names cannot fraudulently obtain benefits. In the first 19 months of the program, 925,000 people were enrolled. Only 172 cases of known fraud were detected, but 37,000 cases were closed, saving $314 million. Several other States, such as New Jersey, Connecticut, Massachusetts, and Pennsylvania already have or are starting similar programs.
There are also many significant applications in the commercial sector. Many types of financial transactions such as bank by phone and bank by computer are also potential applications. One unique application is at Walt Disney World in Florida, where 200,000 annual pass holders are enrolled in a fingerprint geometry recognition system.
The Biometric Consortium was chartered as a working group on 7 December 1995 by the Facilities Protection Committee, a committee that reports to the Security Policy Board established by the President. The consortium now has over 500 members and associate members from Government, industry and academia. Over 60 different Federal agencies participate in the Biometric Consortium. The Biometric Consortium website at www.biometrics.org is open to everyone and contains a variety of information on biometric technology, research results and Federal and State applications.
Page 10 PREV PAGE TOP OF DOC
There is a great demand for fast, accurate authentication that biometric systems can provide. Continued improvements in technology will bring increased performance at a lower cost. Biometric authentication, however, is not a magical solution that solves all security concerns. A complete systems approach that addresses a variety of security, functional, operational and cost considerations is always necessary. The growth of biometric technology will place greater demand on both biometric system developers and users to work together to address a number of issues, including privacy, testing, infrastructure and standards. Within the Federal Government community, the U.S. Government Biometric Consortium provides a forum to facilitate this work.
Thank you.
Chairman CASTLE. Thank you, Mr. Dunn. We appreciate your testimony. We look forward to having a little discussion with you further on.
Now we turn to Shanin Leeming for her presentation.
STATEMENT OF SHANIN P. LEEMING, STUDENT, DIVINE MERCY CATHOLIC SCHOOL, MERRITT ISLAND, FL
Ms. LEEMING. Good morning, Mr. Chairman, and Members of this subcommittee. I would first like to thank you for giving me the chance to address you here today. My name is Shanin. I am from Divine Mercy Catholic School on Merritt Island, Florida, which is about ten miles from the Kennedy Space Center. At our school, we are very dedicated to science. For my science project this year, I decided to see if picture ID is a help or a hindrance. I wanted to know if people really look at the picture on a picture ID. When you go into any convenience store, you see a sign saying that people under the age of 26 must present an ID to prove they are who they say they are. But I have noticed that people really don't look at the picture, just the numbers. They don't compare the faces. So how can this be a valid form of security? I feel that it is more of a hindrance because of the faith that is put in the whole system. To prove my hypothesis, I did a series of 10 tests to see if people would challenge someone who looked different than the ID they presented. In the beginning, I started with subtle changes, then got more elaborate as the time went on. For the first trial, I stuffed my mom's cheeks with cotton to change the shape of her face. She went through airport security unnoticed. The second disguise consisted of a baseball cap and brown curly haired wig. My mom cashed a check in this getup. For the third trial my mom wore a black Cleopatra wig to get a legal document notarized. Other trials included a veil, a full clown suit complete with face paint, a curly brown rainbow wig and gloves, a biker, a vampire girl, and a man's outfit, including dreadlock hair, a mustache and an eight-inch Iguana tatoo. I even called her ''Grandpa'' in the checkout line. I used mortician's wax on her face to give her skin a smooth, mask-like appearance.
Page 11 PREV PAGE TOP OF DOC
All in all, I find it amazing that my mother could purchase alcohol and cigarettes or cash $50 checks in these silly costumes. Over the course of my project, I was only challenged once and I was simply asked to present a second form of ID, then the check was promptly cashed. Although I had a lot of fun doing this project, I know that my results are quite scary and I hope there is something that can be done about it. I strongly recommend that you don't keep your checkbook and your license together.
Thank you again and always be aware, don't let some bozo make a clown out of you.
Chairman CASTLE. Shanin, are these pictures of your mother in different disguises?
Ms. LEEMING. Yes.
Chairman CASTLE. Is your mother here? Would you like to introduce her?
Thank you for being a great sport. You were a great accomplice in this rather interesting experiment. We appreciate your testimony. It is great to have you. That is fascinating.
Our next witness is Mr. James Wayman.
Page 12 PREV PAGE TOP OF DOC
STATEMENT OF JAMES L. WAYMAN, DIRECTOR, U.S. NATIONAL BIOMETRIC TEST CENTER, SAN JOSE STATE UNIVERSITY
Mr. WAYMAN. Thank you very much. I do appreciate the opportunity to address you this morning.
You have heard from Mr. Dunn the definition of biometric identification, the automatic identification or identity verification of people based on physiological or behavioral characteristics. There are actually two functions to any biometric system, two possible functions, one being to prove that I am a person known to the system and enrolled in the database. A second function is to prove that I am not a person known to the system and enrolled in the database. It is important that we keep these two different functions separated in our mind, because they have important ramifications when we go to develop systems, particularly when we start talking about privacy issues.
I want to give some examples. I have three cards here in front of me. The first is my INSPASS card, INS Passenger Accelerated Service System card. I have this as a matter of choice. Now, if I wish to use the usual system of immigration at five of our country's airports, I can take my passport, I can wait in line, I can show it to the immigration officer and I can be admitted to the country. But if I wish to bypass the line, I take my INSPASS card which has my hand geometry encoded on the back along with my passport number, I put the card in the reader, I place my hand on the hand geometry device to identify me as the person who is appropriately enrolled in the database and, holding this card, I am issued a receipt. I need not wait in the immigration line. I can go right through. It is a matter of customer convenience that I have this card.
Page 13 PREV PAGE TOP OF DOC
The second card I have with me is my California driver's license. In five States here in the United States, a fingerprint is required for the issuance of a driver's license. But the fingerprint, or the data from the fingerprint do not appear anyplace on the card. The purpose of giving a fingerprint to receive my California driver's license is to show that I am not someone enrolled in the system under any identity and I am not someone who has had a license revoked or suspended. So my INSPASS card is for positive identification. The use of biometrics for the California State driver's license is for negative identification.
What I have here is the recent Republic of the Philippines Social Security System card, the new card that is being issued this year. This card has both functions. To receive a Social Security card in the Philippines, one has to establish that one does not have such a card under another identity. You do that by giving four fingerprints. One of those fingerprints, the right index finger in fact, is reduced to a numerical code and put here on the document itself. So when the holder of the Social Security card goes to the Social Security office to receive benefits or applies for admission to any of the 19 Manila area hospitals, the card is read, the fingerprint template is taken off the card, it is compared to the fingerprint template of the holder, and that is all of the administrative paperwork required, a great savings in convenience not only for the holder of the card but for the issuer as well.
I want to go to great lengths now because I know we all want to talk about privacy here. I want to talk a little bit about the fingerprint data that is encrypted on the front of the card. It is not the fingerprint that is encrypted on this card. It is numbers coming from the fingerprint that are put in the code on the card. There is no way to reverse that process and to reconstruct the fingerprint from those numbers. That is a very, very important thing to note. Even if these numbers were sent to the FBI, the FBI could not reconstruct the fingerprint. These numbers are totally worthless to any other system but the specific system that created the card. That is true of all biometric devices. The numbers that emanate from your biometric data cannot be reconstructed to produce the size and shape of the body part in question, nor are they of any value anyplace outside of the system that produced them. I think that is vital when we start thinking about privacy issues as we will in a moment here.
Page 14 PREV PAGE TOP OF DOC
The National Biometric Test Center was created by the Biometric Consortium and given three primary tasks, the first being to establish objective, scientifically sound methods for evaluating biometric technologies. The second was to collect and analyze data. The third was to advise Government agencies on the use of biometrics. With regard to the first task, the creation of objective and scientifically sound techniques for the evaluation of biometric devices, I want to point out that we are primarily scientists. We are scientists first. We are firmly within the tradition of science. Science is by its very nature extremely conservative and extremely skeptical. The criteria that we use for establishing error rates for biometric devices is one based in statistical theory and fundamental to all sciences. To give you a quick example, for instance, if we see 300 trials of a biometric device with no errors, we will conclude not that the error rate is zero but that the error rate is less than 1 in 100. We are given the task of collecting and analyzing data, but data for biometric devices involves people. The use of people in human experiments is difficult, time-consuming and is expensive, as you might conclude. That is why biometric testing has not reached the level that we would like. There have not been as many biometric tests done as we would like.
Lastly, I said that we were tasked to advise the Government and Government agencies on the use of biometrics. This tasking also involves consideration of legal and privacy issues. What I wanted to do there was to establish that we are a very conservative and skeptical group. I wanted to establish my credentials in that regard. But I can say, then, having said that, having looked at these devices, that there is no reason at all not to conclude that these devices are in fact ready for use in the financial services industry. More directly what I am saying is the technology is here, it is here today, it is absolutely usable and there is no reason why it cannot be used in the financial services industry.
Page 15 PREV PAGE TOP OF DOC
There are some immediate uses that one might think of within institutions themselves, either for internal security or infrastructure protection. You might think of control to secure places within a bank, for instance, or control to the electronic funds transfer computers. Those devices may in fact be in use by the individual banks. We believe that will be driven of course by market forces. There is no reason why financial service institutions could not be using those internal controls now. But of more interest, I think, is the general question of consumer uses of biometric devices. I think those are far more interesting. In that regard, I would say to the extent that biometrics provides additional choices for consumers with regard to protecting their own privacy, protecting their own identity, I think the use of biometric devices in consumer applications within the financial services industry would be extremely well received. We have credit cards, we have checks, we have ATM cards. It is only the ATM card that we even try to protect. We use a four to eight digit code. There is no reason now that biometrics could not provide that same level of protection for ATM cards as well as additional protection now to the checks and credit cards which, as we know from Shanin Leeming's testimony, are not reasonably protected under the current system.
I need to say something about standards. When it comes to consumer applications, there are many, many possible devices available. You will hear about some of those today. But even among a single type of device, let's take fingerprinting, for instance, there are numerous instantiations of that technology. What I mean to say is these technologies cannot communicate with each other. Certainly if I can identify you by your eye, I cannot necessarily identify you by your fingerprint. If I can identify you by your fingerprint in one system, that does not mean that I can use that same fingerprint, that same card, in another system. The point being that given the current lack of standards, it will be that if biometrics is used as a consumer application in the financial services industry, it will be used on a company-by-company basis. It is not possible at the current time to have an ATM card that all ATM machines will read when protected by a biometric identifier. But this may be a good thing. My colleague John Woodward here has coined the term ''biometric balkanization'' to mean this profusion of devices leads to their inability to communicate simply by their diversity. That might be a good thing in protecting privacy, as I will talk about now.
Page 16 PREV PAGE TOP OF DOC
Privacy concerns obviously are foremost in everyone's minds. It is always appropriate when considering any technology to ask what is the impact here on privacy. The primary issue when I talk to people about privacy is the thought that they will find me or they will track me or they will correlate my data, they being perhaps computer hackers or perhaps an insurance company or perhaps a Government group. Any discussion of biometrics and privacy has to be rooted firmly in the realities of the technology. The truth is biometrics cannot be used to find you. And it cannot be used to track you. There are only two biometric technologies that have ever been shown in tests to be able to pick a single person out of a group of a thousand or more. Those two biometric technologies are fingerprinting and retinal scanning. In the case of retinal scanning, they will find you with a retinal scan only if you cooperate with the retinal scanning system.
With regard to fingerprinting, as I said a minute ago, the profusion of methodologies means that the different fingerprint systems can't communicate. On the website of the National Biometric Test Center, I have posted my own personal fingerprint template. These are the numbers that come from my fingerprint. It is up there on the website. Certainly my credit card number is not on the website. My ATM PIN is not on the website. My mother's maiden name is not on the website. But my fingerprint—not pattern, but my fingerprint template, is on the website. That template is absolutely unusable outside of the system that created it. The FBI is welcome to download that template because there is absolutely nothing they can do with it. With regard then to correlating data——
Chairman CASTLE. Could we start to wrap up?
Mr. WAYMAN. I will wrap up right now. And I apologize.
Page 17 PREV PAGE TOP OF DOC
Chairman CASTLE. It is very interesting, but we have to keep going.
Mr. WAYMAN. With regard to correlating my data, these devices in general are not specific enough, so that for instance if my data is indexed under my hand geometry, that data cannot be found on the basis of my hand geometry.
Let me conclude by saying that we have looked at these devices scientifically, we have applied rigorous and skeptical criteria to their evaluation. We believe strongly that these devices are ready now for both internal and infrastructure protection applications and consumer applications for extending consumer choice with regard to privacy protection.
Thank you very much.
Chairman CASTLE. Thank you very much, Mr. Wayman. We appreciate that.
Mr. Woodward, we are ready for your testimony.
STATEMENT OF JOHN D. WOODWARD, JR., ATTORNEY-AT-LAW
Mr. WOODWARD. Chairman Castle and Members of the subcommittee, I am deeply honored to participate in these timely hearings to discuss the law and policy concerns raised by biometrics. From activities as diverse as the elaborate security of the Winter Olympics in Nagano, Japan to the daily operations of the Purdue Employees Federal Credit Union in the Hoosier State, both the public and private sectors are making extensive use of biometrics. As the technology becomes more economically viable, technically perfected and widely deployed, biometrics could refocus the way Americans look at the brave new world of personal information.
Page 18 PREV PAGE TOP OF DOC
As Members of this subcommittee get more interested in and involved with biometrics, two important themes need to be stressed at the outset. The first theme: Biometrics should not be automatically construed as privacy's foe. Quite to the contrary, biometrics is privacy's friend. Biometrics is privacy's friend because biometrics safeguards information integrity and thwarts identity theft. It limits access to sensitive information, and it serves as a privacy enhancing technology.
The second theme: A pro-privacy position should not be construed as an anti-biometric stance. In other words, you can be a friend of privacy and a friend of biometrics. Moreover, limited Government regulation of private sector use of this technology is not opposing biometrics but rather promoting biometrics. Appropriate policymaking can greatly increase public acceptance of this new technology.
Since privacy concerns are central to biometrics, we first have to examine privacy in a legal context. Most importantly with respect to biometrics, we are dealing with information privacy. Individuals have an interest in determining how, when, why and to whom information about themselves, in the form of biometric identification information, would be disclosed. In the American legal experience, the private sector enjoys great leeway as far as what it can do with an individual's information in the absence of legislative action. Except in isolated categories of data, an individual has virtually nothing to say about the use of information that he has given about himself or that has been collected about him.
With respect to the current policy status quo, Congress and the State legislatures have left biometrics essentially unregulated from the standpoint of privacy protections related to private sector use. Among the individual States, California has moved in this direction. Recently, Assembly Member Kevin Murray introduced legislation known as AB–50 to promote the responsible use of biometric identifiers.
Page 19 PREV PAGE TOP OF DOC
While critics of biometrics may argue that this new technology is privacy's foe, the opposite is in fact true. Biometrics is a friend of privacy. Biometrics proves itself as privacy's friend when it is deployed as a security safeguard to prevent identity theft and consumer fraud.
Let's consider a specific example from the financial services industry. Criminals eagerly exploit weaknesses with the present access systems, which tend to be based on passwords and PINs, by clandestinely obtaining these codes. Criminals then surreptitiously access a legitimate customer's account. Her financial integrity is compromised and her finances are gone because a criminal has gained unauthorized access to the information. In effect, she has suffered an invasion of her privacy because her financial integrity has been violated. With biometric-based systems, identity theft becomes more difficult for the criminal element to perpetrate.
Biometrics also becomes a staunch friend of privacy when the technology is used for access control purposes, thereby restricting unauthorized personnel from gaining access to sensitive personal information. Biometrics further protects information privacy to the extent that biometrics can be used, through the use of a biometric log-on on a computer workstation, to keep a precise record of who accesses what personal information within a computer network. For example, individual tax records would be much better protected if an Internal Revenue Service official had to use her biometric identifier to access them knowing that an audit trail was kept detailing who accessed which records. Far less snooping by curious bureaucrats would result.
Biometrics can also enhance privacy in broader ways. For example, biometrics can be used to control access to information such as financial records without requiring specific identification of the person accessing the information in a process known as anonymous verification.
Page 20 PREV PAGE TOP OF DOC
Of special interest to the Members of this subcommittee, Congress should promote biometrics by mandating the adoption of a biometric blueprint based on a Code of Fair Information Practices (CFIP). This biometric blueprint should consist of five basic principles which would include: First, notice that clandestine capture of biometric identification information in the private sector would be strictly prohibited.
Second, access. The individual should have the right to determine if his biometric identification information is in a database and how it is being used by the data collector.
Third, a correction mechanism. The individual must be able to correct or make changes to any biometric identification information in a database.
Fourth, informed consent. The individual must voluntarily and knowingly provide his biometric identification information to the data collector in the primary market. Before any information can be disclosed to third parties, the individual must consent. Reasonable exceptions can be accommodated as appropriate for academic research and law enforcement, for example.
Fifth, reliability and safeguarding. The organization responsible for the database must guarantee the reliability of the data and safeguard the information.
In conclusion, we are now eyeball to eyeball with a new, exciting technology that can be used in robust ways by both the public and private sectors. Now is not the time to blink. Biometrics is a friend of privacy, not privacy's foe. Congress can make this new technology even more acceptable and beneficial for private sector use, particularly in the banking and financial services industry, by promoting a farsighted biometric policy that deals with the face of this new technological reality.
Page 21 PREV PAGE TOP OF DOC
Thank you, Mr. Chairman.
Chairman CASTLE. Thank you, Mr. Woodward, we appreciate your testimony.
Now we turn to Ms. Koehler for her testimony.
STATEMENT OF GAIL J. KOEHLER, VICE PRESIDENT, INFORMATION SERVICES, PURDUE EMPLOYEES FEDERAL CREDIT UNION
Ms. KOEHLER. First of all, I really want to thank you for giving me an opportunity to be here. This is kind of a thrill for me and obviously a real privilege to come here and talk about the use of biometrics at Purdue Credit Union. I appreciate the fact that you realize we weren't related to chickens and we were related to education.
During the next few minutes, what I would like to do is just give you an overview of what our TARA Touch Project is and how we are using biometrics at our credit union. We have learned a great deal. We started about a year ago. Actually we have been involved in the whole project for about 2 1/2 years.
You have already heard Jim Wayman's definition and other people talk about the definition of biometrics. You know that it can be used either for verification or for identification purposes. At Purdue Credit Union we are definitely using it as a verifier as opposed to an identifier. We are using biometrics as a means of positively identifying or verifying our member's identity. We are using biometrics in fact to replace PIN numbers for account access on our automated branching units TARA Touch. One of our goals would be in using it the way we are, the member still has to enter their account number in one way or another.
Page 22 PREV PAGE TOP OF DOC
There is a model, a prototype of what we are using to my right. You can see there is a card scanner there. The card scanner can take the account number off an ATM card, if you please. However, you don't need to enter a PIN number. What we have found as we started to get into this, there are a few things that I think are important and that relate to the whole area. When people use PINs, which are very common, and they make a mistake or there is a problem with the PIN, automatically they assume that they have made an error, that they have miskeyed or that they have forgotten their PIN number, so they blame themselves. We found that when people have a card to use and they have a card failure, they blame the card, they don't think it has anything to do with the system. With our biometric systems, one of the problems we have had is if a member has a problem getting into the system, they automatically blame the biometrics because it is so new. I think that as we start to see this technology used more throughout the country, it is going to be just as accepted as cards and PINs are right now.
One of the things that we felt was very, very important and really partially based on information that we received from NRI, one of our vendors, was that you had to have very good instructional screens. I will show you one later. On the unit right now, Steve is showing the instructional screen that explains to the person who is using this technology remotely exactly how they need to use it to be successful in using it so that they don't have the failures. We also knew that we had to have some kind of backup system in place with a new technology. If it failed and people couldn't use it, they may not come back. So we collect two different finger scans, so that if you have a problem with a finger, you cut your finger, for instance, that is not an issue. That was one of our big questions. The other thing that we use as a backup is if there is a problem with the finger scan, people still can use that one TARA PIN number that we use at the credit union for our touch tone audio response access.
Page 23 PREV PAGE TOP OF DOC
Why did we go with biometrics? I have heard a lot today about the security issue. But in actuality, it is also a numbers game for us. Besides the added use that biometrics provides to our members, there are some really good economic reasons for other financial institutions to look at this technology as well. The biometric identifier, number one, can't be lost or stolen as a PIN can, so there is less problem with sending that on to the members again. Also if we accomplish our goal of replacing card access with biometric access, there will be no lost, damaged or stolen cards to replace any longer for us and we won't have to deal with periodic card reissue like you get with your credit cards and your ATM and debit cards now. That would be a great cost savings to us as an institution. Of course for us the biggest concern with any new technology at the credit union is will our members use and/or accept it. When we made the decision to use biometrics at TARA Touch, one of the ways we resolved this is we really spent a lot of time and effort on immediately educating our members about biometrics and how they are used. We thought that we might have a difficult time still convincing our members to use it. Amazingly, right away we had 912 members starting to use a test system in our lobby, so there didn't seem to be a lot of resistance to using it and to some of the privacy issues that we have listened to today.
When we put our second unit in at Purdue North Central, which is a very small regional campus of Purdue University and we had very limited membership, after 60 days we already had 131 of our members. That sounds like a small number, but that was over half of the member population there at that time.
Finally, when we put our unit in last August, right before fall semester, right on Purdue University's main campus, we had 277 members who scanned prints and opened accounts on that unit within 60 days. Obviously as a very small financial institution, we didn't develop the TARA Touch units ourselves. We had partners that we worked very closely with. Our vendor Real Time Data Management, Inc., who supplied the test unit here today, worked really hard to supply a very good user-friendly interface to our application using NRI, who I believe is going to testify later on today, using their hardware-software package on the units.
Page 24 PREV PAGE TOP OF DOC
The TARA Touch branches that we use are much more than an ATM. They have things on there that you do not find at a normal ATM. It is our belief that in order for us to provide products and services, anytime, anyplace, anywhere, which is what I think is happening to financial services, we had to find better ways to secure the accounts. This is a picture of what you see on the smaller screen just so you can get an idea of what kind of functionalities there are on the unit. As you can see, there is a place for members to go in. There is also a place for nonmembers to go in. In order to look at nonmember things, we don't require biometric verification at all. Anybody can go in and get information about the credit union, determine whether they are eligible for membership, and so forth. The biometric piece comes in after they have opened or actually while they are opening an account with us on the unit. We require a finger scan and we use that along with other identifiers to ensure that this is in fact the person they say they are. This is a screen that shows how the imaging actually is obtained and gives you a little bit better picture of the instructions that we have on that screen.
Why did we go with biometrics? Basically, the pricing is coming down, so we can afford to do that. Hardware and software costs are decreasing constantly. Also we are finding that the consumer, our members, are much more comfortable with all forms of technology. We are finding a very good level of acceptance. Although these figures may look very small to larger financial institutions, they are very encouraging. We are having about three times the number of transactions on these units than we had with our ATM products when we first started using them in the early 1980's. We are very active and have a very successful and profitable ATM program, so it makes some sense to me to use it.
This is kind of a history of the installation. So our first live installation began in January of 1997. So we are looking at almost a year and a half on the project and getting ready to put our fourth installation in now. Finally, what have we learned about biometrics? We are still learning. Our members are very knowledgeable. I think that helps so I think it is going to be important that consumer education be included in the rollout of this technology.
Page 25 PREV PAGE TOP OF DOC
We found that there were some privacy concerns about the fingerprint capture, but once we educated our members on the fact that we were retaining an algorithm as opposed to the actual finger image, that seemed to alleviate those concerns. We also learned that age wasn't a barrier. Very surprisingly, over 50 percent of our original people registering in the program were over age 50. We thought it would be the student population running in there. We had a little bit harder sell for the students, 25 and under. They just didn't care, maybe because they don't have as many funds to secure and we really emphasized the security issue on the product. The speed is important. As I said, the user education is critical.
As a credit union, we are member owned, member operated. We use our member volunteers to help us with these kinds of developments. So they have had a lot of input on what we do. We have future applications that we intend to use it on. We know that we are going to use it for building access. We want to see the ATMs and the web-based home branching and our credit and debit card authorizations start to go to biometrics. But our goal definitely is account access with identification, meaning the members would no longer need to remember account numbers or enter account numbers.
Finally, my boss, Bill Connors, the CEO of Purdue Credit Union, says you always miss 100 percent of the shots that you don't take. Basically I think that we and our vendors who have partnered with us on this project have really done a very good service to the financial service industry as a whole. We had a willingness to take a chance on a new technology that at the time we started there was no other financial institution in this country using successfully. I think our pilot program and our project proves that biometrics can improve security, they can improve convenience on the accounts and they have had very little adverse effect on our bottom line.
Page 26 PREV PAGE TOP OF DOC
Thank you very much.
Chairman CASTLE. Well, thank you very much. We appreciate all of your testimony. I will start off with the questioning, while you are still there, Ms. Koehler. I am sort of interested in some things. About halfway through your testimony I realized there are no cards involved in this at all. I should have picked that up from the beginning, I guess, but that is true. You strictly open your account with your finger identification and that is it.
Ms. KOEHLER. That is exactly right.
Chairman CASTLE. If you make a withdrawal, deposit or whatever, or do any kind of a transaction, do you get paperwork from that?
Ms. KOEHLER. There are receipts printed on the unit. So the person can get a receipt.
Chairman CASTLE. Normal paperwork?
Ms. KOEHLER. And actually we give them an option as to whether they do or do not want a receipt for those transactions. But they can do a lot of things. I skipped over that slide in the interest of time. We do loans on these machines, we disburse their funds for their loans, we have check withdrawals which you don't find on normal ATMs. Those are the reasons that we went with the biometrics, frankly, is because we were allowing so much more access to the account than you see at a normal ATM.
Page 27 PREV PAGE TOP OF DOC
Chairman CASTLE. A year or so ago we had a gentleman from Florida State University testify that they are putting everything basically through an account, the card.
Ms. KOEHLER. That is Florida's one-card system. I have been there.
Chairman CASTLE. Precisely. All the way to get cokes out of the machines to your scholarships and your tuition. You could do the same thing with this, right? There is no reason why this wouldn't apply to that?
Ms. KOEHLER. Yes and no. It really isn't a campus card access. My feeling is that you should, and being associated with a campus, I have tried to look at Purdue University and suggest that biometrics is a more secure access for their dormitories in particular. You can't share a biometric as kids do on the dormitories. I have sons in college so I know they do this. They share each other's cards so they can go into each other's dorms, yeah.
Chairman CASTLE. Do you think the kids worry about someone being able to identify they are not 21 years of age if we get this fingerprint scanning instead of being able to cheat on cards as kids have done in college for years?
Ms. KOEHLER. Sure. I would think that is a possibility.
Chairman CASTLE. That is interesting. Unfortunately, we have to go through this very quickly. I have a lot more questions I would like to ask you.
Page 28 PREV PAGE TOP OF DOC
Shanin, I would like to ask you if I could, you have heard this. You saw the experiment with your mother which clearly proved the existing system doesn't work particularly well. Do you think this is something which we should be doing and which is the future of identification for these kinds of things in America?
Ms. LEEMING. I think so. As you can see from my project, the picture ID isn't really a valid form of security. There has to be something else. I think that this is a really good example.
Chairman CASTLE. I tend to agree with you. Mr. Wayman, why haven't the banks been doing this? Or are they getting ready to do it? Where is this in terms of the next wave of who is going to do it?
Mr. WAYMAN. The National Biometric Test Center has worked with the banking community and the banking community is looking quite closely at this. I think the banks are gearing up to do exactly this.
Chairman CASTLE. You think, but you don't know for sure?
Mr. WAYMAN. Let me be a little more specific. We did create a test plan for the Financial Security Technical Consortium composed of several banks. We did create a fingerprint test plan. Testing biometric devices, as I mentioned in my testimony, is extremely expensive because you need human subjects. Not only do you need human subjects, you need to see the same human subject on two separate occasions. For instance, I need to take your fingerprint now and then I need to come back and look at your fingerprint in a month or so from now, because there will be changes to that print. Your skin will be drier, your skin will be moister, you may have cuts and scratches and the like. Any biometric testing is very expensive. One of the things we try to do at the National Biometric Test Center is to develop some less expensive ways of testing using operational data. Certainly as data comes in, we can look at that to determine how this works. The banks want to test these devices before they deploy them and they are finding testing to be extremely expensive.
Page 29 PREV PAGE TOP OF DOC
Chairman CASTLE. This is for anybody actually. Will the cost come down as more use these systems, like the costs of computers and everything else comes down as we start to implement it?
Mr. WAYMAN. Certainly the cost of the biometric devices themselves come down. The cost of testing those devices and optimizing those devices doesn't necessarily come down. I guess to answer your question more directly, the banking industry is looking into these things. They are interested in testing, they find that testing is very expensive so they are being very cautious with regard to how they set up their tests to make sure they use scientifically valid test procedures.
Chairman CASTLE. To anybody on the panel, have these systems worked? I would get a little nervous, frankly I have an odd PIN number and I get it confused. Every now and then I am in a hurry, I can't remember my PIN number. Fortunately, I did write it on the back of my card as everybody else seems to do. It is probably a smart thing to do although banks discourage it. Do these systems work infallibly or are there times at Purdue or at other places where it works like 98 percent of the time and all of a sudden you need money or whatever and you can't get it?
Ms. KOEHLER. I probably can answer that and somebody else may as well. What we have found is once we have good instruction screens up so that people know how to use them and know how to reuse it because they are entering at one point and reentering later for verification, we didn't have a lot of problems with it. We have had some problems with hardware. What we put in place on our units is we have a phone on the unit, but we also have allowed people to use what we call their audio response PIN. That is a self-selected PIN. It wouldn't have to be a difficult, confusing PIN. It is there as a backup in the event that we have failure. But they have been pretty minimal. We have never had a false positive on our system in the year-and-a-half that it has been up and operational. We have had a few false negatives. Basically those were very early on in the program. As technology has gotten better, it has gotten better as well.
Page 30 PREV PAGE TOP OF DOC
Chairman CASTLE. Thank you. Mr. Woodward, you discussed the privacy issue. I don't want you to necessarily go over the same ground we have plowed, but I am very interested in that. I think of all the issues, that is the one that we are going to hear about the most. I wrote down some of the things you said. I couldn't get them all.
Biometrics is privacy's friend. It avoids identity theft. And pro-privacy is not antibiometric. I think that is going to be an important issue. Are you making the argument that biometrics actually is perhaps more private than systems we have presently with number identifications and PIN numbers and things of that nature?
Mr. WOODWARD. Yes, Mr. Chairman, I think that is absolutely correct, for some of the reasons that Dr. Wayman alluded to in his testimony, especially in cases where the actual physical characteristic is not stored by the private sector user. You enhance your privacy and provide greater privacy protection for the individual. I think one of the great things about the subcommittee having this hearing at a very early stage is that the biometrics industry is very new. I think it will rapidly grow in the future. By having this subcommittee hearing at an early stage, you are able to call congressional attention and public attention to this growing new industry. Even though I perceive biometrics as privacy's friend, I still think there is a very important role for congressional regulation in the form of a biometric blueprint to basically protect privacy concerns related to the development of any kind of possible secondary market for biometric information.
Chairman CASTLE. Thank you. I have a lot more questions but my time is up and we have other Members who certainly want to ask questions. I would like to welcome Ms. Waters here today, who is the Ranking Member of this subcommittee. We look forward to whatever she wishes to say or ask.
Page 31 PREV PAGE TOP OF DOC
Ms. WATERS. Thank you very much, Mr. Chairman. I thought I was going to be a lot less interested than I find myself at this point in time. I am one certainly for convenience. Life is getting very number difficult. I am not one to keep up with cards. So I find that this does interest me.
Ms. WATERS. However, when you talk about fingerprints or handprints, that seems all right, but I am told that there is some research being done with laser identification of the eyes or something like that. That seems invasive and that bothers me a little bit.
Does this technology or this research go beyond kind of the discussion that we have heard here this morning? Perhaps you can answer that.
Mr. DUNN. Maybe I can address that.
Ms. WATERS. Yes, sir.
Mr. DUNN. There are a variety of biometric technologies. The ones you mentioned, iris scanning and retina scanning, don't use lasers. In fact, an iris scan just uses a video camera like your home video camera, or the one that is already in your ATM machine. So there is really no health risk at all.
You are going to see some demonstrations of those kinds of products today so they are certainly available. As for retina scanning, as far as I know, there is only one company working on retina scanning. That is Eyedentify, Incorporated. They have been in the business maybe 20 years. I don't know how many applications they are selling. I do not think it is a very large scale business right now.
Page 32 PREV PAGE TOP OF DOC
There has been some reluctance in the past of people using retina scan because you do have to look into an eye piece, but iris scanning uses a normal video camera and most people seem very amenable to use that.
Ms. WATERS. I think it was Mr. Wayman who mentioned that the financial institutions are concerned about the cost that is involved in research and testing. And I heard earlier that when you don't have to produce credit cards and PIN numbers, and so forth, that you save a lot of money. Am I to understand that the savings does not balance the cost of the research?
Mr. WAYMAN. Well, I think that is an unfair conclusion. It is simply that if you want to do scientific research, scientific research is painstaking. It takes a long time. You need to put together a test plan. You need to put together a statistical plan for the evaluation of results, and we are in the process of doing that. As I mentioned, we are working with the banking community. We have been working with them about a year. We have established a test plan. It is undergoing an approval process now.
It is my understanding that what they will do is that they will put that out for a proposal to get an institution, perhaps ours, perhaps some other university, to implement that test plan.
Any time you do large scale scientific testing, particularly involving human subjects, it just takes a long time.
Page 33 PREV PAGE TOP OF DOC
Ms. WATERS. Well, yes. I was just concerned about your statements about cost. I have just found that when industries or interests pursue research in their own best interest, they are usually willing to spend the money if they decide that this is going to save them money. And I was a little bit surprised to hear, you know, that maybe there is some thought that the savings didn't offset the cost of research.
Let me just conclude by asking another question about the possibility of a secondary market for this. And I think that kind of concern is a concern that is held by many citizens. I enter into some kind of agreement just based on the services that I need only to find that now my handprint, my fingerprint, is marketed for other reasons that perhaps I can't even think of at this time and I want to know, you know, whether or not—not only is there the possibility of marketing it for other reasons, the criminal justice community gets involved any time there is an opportunity to have access to information that may be helpful to them in solving crimes, and so forth.
So I would really, really like, as we explore this, to have those who are involved in it help us to anticipate the usages so that we can protect people as we move into this new technology and come forward not two or three years later when we discover the abuses, but if you are smart enough to initiate it, you ought to be smart enough to anticipate it. And I would think that that is the kind of help we would need.
Do you think that is unreasonable to expect of you? Anybody?
Mr. WAYMAN. No, not at all.
Page 34 PREV PAGE TOP OF DOC
Mr. DUNN. I think that is perfectly reasonable and one of the issues I think the biometric consortium needs to address is the exact privacy concerns that you have mentioned; John Woodward has recommended that we do that, and I think we will start looking into those issues.
Mr. WOODWARD. Representative, I am in agreement with you on this one.
Ms. WATERS. Thank you.
Mr. CASTLE. Thank you, Ms. Waters. And we will now turn to Dr. Weldon.
Dr. WELDON. Thank you, Mr. Chairman.
Shanin, I had a couple of questions for you about your project. It was really fascinating. I am just curious, what course was that for? Was that social studies or science you did that?
Ms. LEEMING. Science.
Dr. WELDON. What grade are you in now?
Ms. LEEMING. Eighth grade.
Page 35 PREV PAGE TOP OF DOC
Dr. WELDON. Eighth grade. Did you get a good grade on that project?
Ms. LEEMING. Yes, but I didn't win anything.
Dr. WELDON. Is that right?
Now, what did your teacher think when you were invited up here to Congress to testify on your project?
Ms. LEEMING. She was very surprised.
Dr. WELDON. Is that right? How about your classmates?
Ms. LEEMING. Well, they sort of don't know yet but they will know, I am sure.
Dr. WELDON. Yes, they may know. If those are C-SPAN cameras over there, they may see you on TV this week or this weekend.
What do you think of all of this? Do you think this is an interesting field?
Ms. LEEMING. I think it is, and I was very interested in everything they had to say.
Page 36 PREV PAGE TOP OF DOC
Dr. WELDON. Do you plan on going to college?
Ms. LEEMING. Yes, I do.
Dr. WELDON. What do you think you want to study?
Ms. LEEMING. I like marine biology.
Dr. WELDON. Is that right?
Well, again, I commend you for what you did. I think it was very fascinating and very appropriate for the panel that we have here today.
I have a couple of questions for some of the other panel members.
I am just curious about—it seems like we have a burgeoning industry here in the United States with lots of different companies getting in on all of this. Can any of you tell me anything about what might be going on overseas, in Europe, in Japan. Are these applications being utilized or do you not have any knowledge of what is going on?
Mr. DUNN. I can probably address some of those. I think you are correct that the U.S. is the world leader in biometric technology right now, but that does not mean other parts of the world are not moving out. Certainly, in Japan, several companies are active in building biometric products. There are a number of companies in Germany and elsewhere in Europe. Siemens has just announced a new product.
Page 37 PREV PAGE TOP OF DOC
So, while I think we have a leadership role in biometric technology, there is a worldwide need for authentication technology and certainly other countries are going to move out as well.
Ms. KOEHLER. I might mention, too, there has been a project in South Africa for several years now using biometric identifiers, using finger imaging, in fact, for the use of account access at financial institutions in South Africa. So we aren't brand new in this.
Dr. WELDON. Mr. Wayman, you mentioned the INS card that is currently in use. Are there any other Government agencies, to your knowledge, using biometric technologies?
Mr. WAYMAN. Well, I do want to say a little more about INS because they really have been a leader in using these technologies, particularly for enhancing consumer choice.
Jeff mentioned the Scobey, Montana, border crossing that uses voice recognition technology. In San Diego, at the Otay Mesa border crossing, they have a dedicated commuter lane. Boy, it really speeds the crossing of people from Mexico into the United States using facial and voice identification, as well as the INS program.
Now, under the 1997 Work Opportunity and Personal Responsibility Act, it was recommended by Congress that the individual States adopt appropriate technologies, and that is as far as it went—the act did not mention biometric technologies—adopt appropriate technologies for limiting fraud in the welfare systems. Eight States to date have started procurement or have implemented fingerprinting projects for their social service system protection.
Page 38 PREV PAGE TOP OF DOC
So certainly, social service systems have been a leader in this area. Five States are using biometrics, primarily fingerprinting, in drivers licensing, and then the INS, and then of course there is a number of Department of Defense agencies that have been using biometrics for a decade or more for access control.
Dr. WELDON. What about fooling or frauding these various systems? Is there any data on the various technologies in terms of can they be fooled? What does it take to fool them?
Mr. WAYMAN. Yes. Let me draw a distinction between what we might call a false match error rate and adversarial analysis. There is a field of study within the Department of Defense of adversarial analysis, which looks at the deliberate attack of a device and the deliberate exploitation of vulnerabilities.
Adversarial analysis is always done for obvious reasons in a classified environment. Our university does no classified research and consequently we don't look at adversarial analysis. That research is always done by the Department of Defense in classified facilities.
What we do look at is the probability of a random false match. We have done extensive testing with regard to fingerprinting and, as I mentioned, the fingerprint templates that come from your fingerprint are just a series of numbers and it is possible that your series of numbers and my series of numbers will coincidentally match. It doesn't mean our fingerprints match. It means a series of numbers match.
Page 39 PREV PAGE TOP OF DOC
We estimate that probability about one in one million. That is our best estimate now.
Dr. WELDON. Thank you very much. I see my time has expired.
Thank you, Mr. Chairman.
Mr. CASTLE. Thank you, Dr. Weldon. We will go to Ms. Lee.
Ms. LEE. Thank you, Mr. Chairman.
Let me ask Mr. Woodward a couple of questions with regard to the principles that you have outlined on page 13 of your testimony. First in terms of the issue with regard to informed consent understanding, and what you stated here I think makes sense that the individual must voluntarily and knowingly provide his or her biometric identification information to the data collector. What type then of consumer information do you see as being necessary in terms of how the consumer can become informed to the extent that he or she will be able to make the correct or informed decision?
Mr. WOODWARD. That is an excellent question, and in a way, since this industry is so new and we really don't have a great number of case studies to look at, where biometrics is being used by the financial community for consumer applications, it is kind of difficult to come up with concrete requirements. But I think that in general, one of the potential difficulties with giving clear notice could be, and I would draw an analogy to looking at the back of your monthly credit card statement where you have lots of fine print that probably no one but very neurotic attorneys read, it could be very confusing to the consumer.
Page 40 PREV PAGE TOP OF DOC
But I think that we are dealing with a principle that is basic enough, if you will, that financial institutions using biometrics can come up with language that could be understood by consumers who would be using the product.
I think also one of the factors that will help this greatly would be the fact that the public is going to be very interested in this technology, and I think if there are problems with privacy or any kind of inadvertent disclosure of biometric information, I think that the media would play a very good unofficial enforcement role in that regard.
Ms. LEE. The second part of my question then is with regard to the issue of access, the right to access his or her information.
Now, you know, oftentimes we have to pay for these rights. For example, some credit companies charge you to receive a copy of your credit report. This is so important and the privacy issues I believe around biometrics is so critical that when we talk about access we have got to make sure that low income individuals have that access, as middle or upper income individuals would have. And so what types of protections or guidelines should we look at to make sure that the right to access is really a basic right that we don't really have to pay for?
Mr. WOODWARD. I think that is an excellent point. It is one that I did not address in my written testimony. And I think you are absolutely right, that this is something where if consumers are going to have this right, but if consumers are charged high fees to get their information, you are going to be denying people the opportunity to make certain that the biometric identification information contained about them is correct. And we know that with credit reports, at least in the existing system, there are many errors, and errors are very difficult and at times expensive to correct.
Page 41 PREV PAGE TOP OF DOC
I would just have to say that I think this is an area that I would encourage the subcommittee to think about, and it is my hope that eventually when legislation is introduced on this, that it is something that could be included in a kind of comprehensive plan.
Ms. LEE. Thank you.
Thank you, Mr. Chairman.
Mr. CASTLE. Thank you, Ms. Lee.
Mr. Jackson.
Mr. JACKSON. Thank you, Mr. Chairman. Let me begin by apologizing to the witnesses for my tardiness today.
I want to make a couple of comments and maybe ask one question and then any panelist would be more than willing to respond would be appreciated.
I think I have some sense of where this is going. When I first ran for Congress, Mr. Chairman, I purchased a database of my district and shortly thereafter I purchased the voter history for the 570,000 constituents that I represent.
I now know those constituents who voted five out of five of the last five elections; four out of five; three out of five; two out of five; one out of five, and those constituents who weren't voting at all.
Page 42 PREV PAGE TOP OF DOC
I then purchased a neighborhood census track and overlaid that information on top of the data so I now have some sense of where every constituent lives, the price of the homes they paid for and where their children go to school.
I purchased a school district overlay and I know specifically what school districts those children are participating in. And in the next couple of weeks, my campaign is going to begin to test a feature on our campaign software that allows constituents when they call in to actually identify them and their record actually shows up on the computer. We know when we sent them the last bits of information that are campaign related.
So there is a tremendous amount of information that biometrics indeed is going to allow banks and other institutions in the future to obtain about individuals. Some of the problems, particularly security problems, which have been raised, are actually foreseeable. Eye doctors, all the information that eye doctors maintain about individual clients; fingerprints, particularly fingerprints collected, as Ms. Waters indicated, by Federal law enforcement agencies or even local law enforcement agencies, all become points of contact for gathering information about an individual.
And so I guess my question to the panelists today is whether or not they would support a point of contact piece of legislation that simply requires that every entity that acquires biometric information about an individual, that it must be an original point of contact for gathering that information; that is, if I willingly decide to provide a bank with my fingerprints and my eye prints for the purpose of security and access to my accounts, can I be assured that that information won't end up at Visa or MasterCard or the FBI; that it won't end up at some local law enforcement agency? And if in fact I want Visa, MasterCard or American Express to have biometric information on me that Visa, MasterCard and American Express must obtain the information independent of my cash station access to my own personal account?
Page 43 PREV PAGE TOP OF DOC
Shouldn't the University of Illinois, where I attended law school, shouldn't they be, for the fact that I am a student there, have biometric information independent of the fact that I have it with my bank in Chicago?
And, again, Mr. Chairman, the security of that information, so that our biometric data isn't being sold, as Maxine Waters has indicated, on the open market and therefore shared and then suddenly we are getting bombarded with people who know that we have fantastic credit records, have no criminal records and everything, and they are simply selecting us out of a group of Americans simply because they have been able to amass the same kind of data that I have been amassing on a much smaller scale just for my reelection effort?
And so any information about original point of contact security, that any of our panelists would be willing to share, would be very appreciated.
Thank you, Mr. Chairman.
Ms. KOEHLER. I guess as the only financial institution here, I could maybe address that to some extent. As a credit union, we have obviously closed membership, so it may be a different issue than it would be for a banking institution. But, for instance, we don't sell our membership lists or any member information today on the market. I know that many other types of institutions, Visa and MasterCard and those kinds, oftentimes do share not the privacy issues or the private account information. We, in fact, don't share anything and don't sell or allow anyone else to use our membership lists. So for us I don't think it is an issue.
Page 44 PREV PAGE TOP OF DOC
I feel that that should not be shared, and I would agree with you completely. In Jim Wayman's testimony, one of the things he talked about was the fact that you could not take the algorithm that I have right now for members' finger image and send that to any other entity and they would be able to obtain anything from that algorithm. It would have to be tied directly to my system for it to have any value to them. They could not recreate that print from the algorithm. So I think we already have taken care of that issue on our application. I can't speak for other applications, however.
Mr. WOODWARD. If I may add to that, Representative Jackson, I think that essentially your original point of contact security approach is very much along the lines of the kind of biometric blueprint that I have asked Congress to consider as far as basically taking steps to make certain that a secondary market in biometric identification information does not develop.
And I know also that that is a concern of the legislation recently introduced at the State level in California.
I think part of the areas for Congress to ponder would be that in certain cases, there are good reasons to make exceptions to banning a secondary market, and that is when you kind of come down to wordsmithing and it is why you also need the technologists and scientists to help make policy.
To give you a few examples of where exceptions to banning secondary markets might want to be considered in legislation, colleagues, like Dr. Wayman, who do a lot of academic research need databases so they can rigorously test data. So it helps Dr. Wayman, if he has a big base of biometric identifiers so that he can test them.
Page 45 PREV PAGE TOP OF DOC
Now, he doesn't have to know that this template is John Woodward's finger image. He just likes to have a lot of identifiers so he can rigorously test. So, that is one area where when you fashion legislation, you might want to allow a very limited kind of academic exception.
And then other areas that would come to mind would be cases where you want legitimate judicial or law enforcement ability to get biometric information when armed with a subpoena or whatever.
Mr. JACKSON. If I can just ask one follow-up question very quickly, Mr. Chairman.
Mr. CASTLE. Yes, sir.
Mr. JACKSON. My sense—I have been only new to the legislature for a couple of years now, but I have a sense generally of how this actually works. It starts off with an innovative idea like biometric technology, and then 5, 10 years from now, 15 years from now, a group of economists will come before this subcommittee and they will say, we will be saving the American taxpayers and we will be saving American businesses billions of dollars if we just have a single uniform code.
Well, your information about you is your information about you. You shouldn't be able to hide it over here at this bank and hide it over here at this entity or hide it at some other entity. The information about you, whether you have a prison record, whether you graduated from college, whether you only have a GED, that information about you is just who you are and the credit reports are entitled to it; the banks are entitled to it; the mortgage lending companies are entitled to it; the military is entitled to it; the FBI is entitled to it; local law enforcement is entitled to it. All of these entities are suddenly entitled to who you are, the information about who you are, for example, our Social Security numbers today.
Page 46 PREV PAGE TOP OF DOC
So the question becomes whether or not we can craft the security of Americans well into the future that will stand posterity and stand the time of whether or not today's arguments, which make total legitimate sense when viewed from a technological point of view but may fall and fail the test of time when put up against the privacy issues raised by the Constitution, and whether or not it is more efficient for us in the future to have some large conglomerate that eventually collects data for everyone and subsequently distributes it.
So any comments along those lines, and, Mr. Chairman, I thank you for your indulgence.
Mr. WOODWARD. I think that the subcommittee has taken the right step by holding this hearing at a very early stage in the development of the industry. And maybe I have too much faith in the legislative process, but I think that Members of this subcommittee, working with staff and experts from the biometric community, from the policy community, and the financial institutions, can draft legislation that can really enhance biometric technology from the standpoint of public acceptance and provide for the necessary privacy protections that Americans want.
And I think also it is important to realize that biometrics is coming. If, as is the case in so many other information privacy areas, it is just left unregulated, then you run the risk of having secondary markets and so on developing. I would take the view, to analogize to the world of sports, I guess this is like skeet shooting. It is a moving target and you kind of have to aim ahead. Maybe it is hard to do that in legislative terms, but I think that the subcommittee should definitely try.
Page 47 PREV PAGE TOP OF DOC
Mr. JACKSON. Mr. Chairman, I would only add that my concern, which I think I have clearly stated, what we are gathering here is medical information on individuals. It is not just biometrics and fascinating technology, which it absolutely is; biometrics bio as in having to study biology; biometric, this is specific fingerprinting of each human individual, and so I think the questions and concerns that have been raised by both sides are ones that we have to focus on going into the future.
Thank you, Mr. Chairman.
Mr. CASTLE. Well, thank you very much, Mr. Jackson. And we appreciate your testimony.
Ms. Lee, do you have something further?
Ms. LEE. Let me just ask anyone on the panel one quick question, following up with what Congressman Jackson was saying. In terms of our role in establishing regulations to guide this industry, of course, we don't want to overregulate but I sense that we need some tough regulations in this area, and compared to the other information systems, how do you see the types of regulatory efforts that need to be mounted, given the sensitive nature of the information that could be gathered, well, that is being gathered, through this industry? Do we need to have tougher regulations as compared to our information systems that are already in existence or do we need more flexible regulations, in terms of consumer protections?
Page 48 PREV PAGE TOP OF DOC
Mr. WOODWARD. Right. Starting in broad terms, I guess there would be essentially four approaches this subcommittee could take. One, laissez faire, ''if it ain't broke, don't fix it''; let the industry flourish and develop along free market lines. Second would be some kind of call for voluntary industry standards related to information privacy.
As we heard in Gail Koehler's presentation, that is an example of a credit union that has taken a voluntary approach toward privacy safeguards, as far as not disclosing the information in the secondary market, and that would be basically a self-regulatory approach. You would trust the industry to regulate biometrics itself. And we see that approach in certain other areas of information privacy.
I think the third approach would be governmental regulation. You could let the States regulate biometrics on a State-by-State basis or Congress could seize the initiative. I personally favor congressional regulation because I think it makes for uniform, comprehensive standards.
The other approach, I guess, would be a hybrid where it is some combination of the above in specific areas of biometric information related to financial institutions.
I don't necessarily know how strict you have to be from the standpoint of wording, but I think that fortunately this hearing is being held early enough in the process that we have time to work on this, if you will, as far as coming up with sound wordsmithing that will safeguard this technology and enhance its use, and lead to greater public acceptance.
Page 49 PREV PAGE TOP OF DOC
I am optimistic in that I think that we can work it out.
Mr. WAYMAN. Mr. Chairman, could I make a comment with regard to that question?
Mr. CASTLE. Certainly.
Mr. WAYMAN. My California driver's license is my current form of identification. I use it to get on airplanes. I use it to cash checks and the like. On my driver's license it indicates that I am a male, I have, it says, blond hair, which I don't, eyes hazel. It says my height is five foot six. It also gives my weight and my date of birth, neither of which I want to discuss with this subcommittee, and the weight is not correct as noted on my driver's license.
The point I am trying to make is I find this information far more personal, far more private, and the display of this information to airline ticket personnel is far more privacy invasive than simply giving, say, a fingerprint. We must note that with almost all biometric devices, there is virtually no personal information contained therein.
Let me be more specific. From my fingerprint, you cannot tell my gender; you cannot tell my height; my age or my weight. There is far less personal information exposed by giving you my fingerprint than by showing you my driver's license.
So I think that although this is technology and it is high technology, that doesn't necessarily imply that it is any more privacy intrusive than our current system. And I would contend that our current system is quite privacy intrusive and I don't know why the person at the checkout stand who receives my check has to know my weight and my exact date of birth to do that.
Page 50 PREV PAGE TOP OF DOC
Mr. CASTLE. Well, thank you, Mr. Wayman. I think we are going to end on that note . I would just say I think the concern some of us have is that fingerprint or whatever can lead to other information. You start getting cross information among different agencies. Eventually you can get all the information that you are concerned about and a lot of other things as well. But there is some reassurance in this hearing that, A, that may not happen and, B, that we may be able to legislate in such a way when we have to, when it is appropriate, to avoid that as well. So we share your concern I think, and we would like to see that prevented.
But we really appreciate this panel's testimony here today. It has been exceptional. I think it will help us in terms of developing this in the future. And we are going to move to the second panel, which means all of you have to move away and the second panel will step up. But you are all welcome to stay, and hopefully we can start to go through the second panel as rapidly as possible because I have a hunch we are going to get into votes here pretty soon and that will become a lot more disruptive. So thank you again for your very great testimony.
As this panel starts to take its place, I am going to try and run through the introductions just to save a couple of minutes. I hope we get the pronunciations correct. If we do not, please straighten it out at some point.
And I realize that we are going to have more demonstrations here. We are probably going to have more demonstrations here than we have ever had in this committee room before.
As I said earlier, to the extent possible if you can incorporate into your testimony, that, I think, helps in terms of understanding and in terms of making for a better presentation but sometimes it may be more complicated than that and you have to go beyond that. But we will start off in a moment with Dr. Joseph Atick—is it pronounced Atick?
Page 51 PREV PAGE TOP OF DOC
Dr. ATICK. That is right.
Mr. CASTLE. Who is the Chief Executive Officer of Visionics Corp.; Mr. Clint Fuller, who is the Chief Operating Officer of the National Registry, Inc., will be second; Mr. Robert Van Naarden is the Vice President of Sensar, Inc.; Mr. Tim Nitzche-Ruggles is the Senior Vice President, co-founder of Sagem Morpho—not simple names you all have chosen—Dr. Steven Boll, Product Line Director for Biometrics ITT Industries, Inc.; Ms. Lisa Broderick is the Chief Executive Officer of PenOp, Inc.; and Oscar R. Pieper is the President of Identicator Technology.
By the way, for anyone in the audience, if any of this holds true from previous hearings we have held, I would recommend buying stock in some of these futuristic companies. Some will make it; some will not make it.
And we welcome Mr. Metcalf, too.
OK. I will call on Mr. Metcalf, who wishes to make the introduction of one of our witnesses.
Mr. METCALF. Thank you very much, Mr. Chairman.
I just want to thank the subcommittee for allowing Tim Nitzsche-Ruggles to testify today. Mr. Ruggles is a Senior Vice President of Sagem Morpho. He has been a leader in the biometrics technology from the Puget Sound area. It is a Puget Sound company, and it is my pleasure to welcome you today on behalf of the State of Washington.
Page 52 PREV PAGE TOP OF DOC
Mr. RUGGLES. Thank you.
Mr. METCALF. Thank you, Mr. Chairman.
Mr. CASTLE. Thank you, Mr. Metcalf.
And I think we are ready to go with the witnesses, and we will start, of course, with Dr. Atick.
STATEMENT OF DR. JOSEPH J. ATICK, PRESIDENT AND CHIEF EXECUTIVE OFFICER, VISIONICS CORPORATION
Dr. ATICK. Thank you.
Mr. Chairman, Members of the subcommittee, thank you for giving me the opportunity today to share with you the latest innovations in computerized facial recognition.
Face recognition is a recent addition to the family of biometric technology, but it already boasts an impressive array of real world applications. The company I represent, Visionics Corporation, which is based in Jersey City, New Jersey, is the leading developer in this area and its technology, the so-called FaceIt Engine, enables systems for combatting identity fraud, airport security, automated border crossing, information security, automated teller machines and physical access control systems.
Page 53 PREV PAGE TOP OF DOC
Facial recognition has unique advantages that make it an attractive choice for many applications. To start with, it is inexpensive. The technology is mainly pure software, runs on any standard video hardware and standard PC hardware.
Second, it is not intrusive and very convenient to the end user. For example, to gain access into an ATM or into a facility, all you have to do is show something you never leave home without, which is your face.
Finally, in many applications, such as in the instance of combatting identity fraud, departments of motor vehicles, facial photographs are the only type of biometric information that is being collected. In fact, we don't think of facial photographs as a biometric.
In what follows I would like to actually introduce the Members of the subcommittee to three demonstrations of real world applications of facial technology. We will do it very quickly, but I would like to show you the array and the range of things that can be done with this new innovation.
We will start with a system for combatting identity fraud. As you know, in banking, your driver's license is a document that is used to open up bank accounts, and identity fraud can start at the point of issuing a driver's license.
What you will see next is an investigative tool that we are offering through a partnership with Polaroid to all of the DMVs. This new capability allows the DMVs to cut down on the identity fraud right at the source, the point of issuance of driver's licenses.
Page 54 PREV PAGE TOP OF DOC
By now, most of the DMVs have converted their records to digital databases that include a photograph, just like what you are seeing flashing in front of the screen. With this technology, what they are able to do is when an individual applies for a driver's license, they are able to submit this image against the entire database and search in order to see if this individual already exists, because typically identity fraud happens when an individual has multiple driver's licenses under aliases and under duplicates.
And so an investigator can submit that image of the applicant at the time of the application and the system will bring back a list of possibles. Again, there is no 100 percent proof but it is an investigative tool.
For example, here, as you can see up on the screen, the system brought up the top match at 86 percent confidence level down in the fourth line. If you say—see the score, confidence, 86 percent. It brought up an image of that person.
We happen to know that that is actually the same individual because this is his image when he first joined Polaroid ten years ago. He did not have a beard. You could see there was substantial aging going on, and also the lighting and background were different.
So as an investigative tool, it can allow the DMVs to ensure that only one driver's license is issued to one individual.
Other applications of this tool include actually tracking missing children. In fact, facial technology was just recently chosen by the NIJ and their prime contractor Answer as the facial recognition engine for an information system under the development for the National Center for Missing and Exploited Children. So there is a lot of positive at that level.
Page 55 PREV PAGE TOP OF DOC
Over the next few months, systems for combatting marriage fraud, things that we really don't normally think about, asylum fraud, voter registration and national IDs, worldwide, based on this technology will be deployed.
Let us move on to another application of this technology, which is the use of facial recognition in information security.
As you know, we all live in a network society today. We all are on the computer. We are all connected on a network and our expectations for access to our information from anywhere have increased, but so has our vulnerability against access by an unauthorized individual. The problem, as you stated, Mr. Chairman, is how do we protect our privacy and safeguard our information without drowning in a sea of numbers and pass codes?
Face recognition technology offers a simple solution. All you need is an inexpensive video camera, something similar to this, and your face. When a computer is capable of recognizing who is in front of it, it can be programmed to grant access only to those it recognizes as authorized individuals. From then on, as you can see, every file database or record will be delivered only to an authorized face. The computer shuts down as soon as the authorized individual turns her face or moves away from the monitor. That is all it takes; no logging in, no worrying about pass codes or any procedure.
So from the end user point of view, this is a high level security but also convenience. It is security that takes human nature into account. We don't want to have to worry about numbers and pass codes.
Page 56 PREV PAGE TOP OF DOC
In fact, this is a commercial product, and a consumer version of this has been available for the last 9 months for about $60. So it has gone beyond just corporate and banking and Government agencies to the mainstream consumer.
Finally, I want to show a very quick application that this subcommittee might be interested in, which is the application of facial recognition in banking, and more specifically the application in smart cards.
As you may know, smart cards are cards that include memory and a processor, micro-processor chips, just like this. They can fulfill different roles and different applications. They can serve as your ATM card, as an alternative to cash. They can carry medical records. They can carry your driver's license, your frequent flier membership card. They can carry a whole list of information about you.
Of course, since a single card can carry so much information, can enable its holder to do so many things, it is very imperative that security mechanism that protect the content when a card is lost or stolen be in place. We need something to protect the privacy of information that goes on the card.
Biometric technology offers the desired safeguards. By placing biometric information on the card at the time of its issuance, one can prevent unauthorized use. For example, if a digitized facial image is encoded inside the card, then no one can use your card unless they have your face.
Page 57 PREV PAGE TOP OF DOC
Let's see a quick demonstration of this. There is a card. The system will attempt to—what happened here is the biometric information on the card was read by the system and was matched against what is live from the video camera. And if the match is successful, the person is allowed in.
Let's see, for example, if somebody else tries to use Julia's card; if she lost her card, somebody else attempted to use that card. What the system will do it will take an image of the person, will take a graph but will not open up and will not allow this person access to the information on the card. So this renders the card worthless, and its contents inaccessible to anyone but yourself. It is really one of the most effective mechanisms for protecting privacy.
There are many applications of this technology. One was already mentioned, the INS center commuter lane, which is bringing down two hours' worth of wait to about a few minutes; Langkawi airport in Malaysia. We would be happy to provide additional information about these and many other projects after the meeting.
As you can see from our demonstrations today, computerized facial recognition technology has many applications that positively affect the day-to-day lives of many people. It is a tool that can solve problems facing our modern society.
However, as is the case with any powerful tool, especially in new technology, it is understandable that there will be concerns regarding the potential for abuse. Of course, it is up to society to discover and define the responsible uses of innovation. We are ready and available to work with you and the public interest groups to address any privacy concerns.
Page 58 PREV PAGE TOP OF DOC
In this process, I urge that we remain focused on the real issue and the ultimate cause of concern, and that is not the technology itself but the information databases.
Without a database, a biometric system cannot function. Thus, you can channel the technology into positive applications by deciding what databases can be built. No one will argue that a database of known terrorists or drug traffickers invades someone's privacy.
Thank you.
Mr. CASTLE. Thank you, Dr. Atick. I guess we are getting into some kind of a vote here, but we will be able to go ahead at least through one more witness and maybe two.
So let's go to you, Mr. Fuller, for your testimony.
STATEMENT OF CLINTON C. FULLER, CHIEF OPERATING OFFICER, THE NATIONAL REGISTRY, INC.
Mr. FULLER. Thank you, Mr. Chairman. And I thank Members of the subcommittee for having me here today.
The National Registry Incorporated, or NRI, is a public company founded in 1991, with a mission of developing commercial applications of biometric technology.
Page 59 PREV PAGE TOP OF DOC
NRI became involved in the implementation of some of the first biometric systems designed for use by financial institutions. In addition to the Purdue Credit Union System that you saw earlier, members of the Houston Municipal Employees Credit Union have the option of using finger image identification when conducting transactions in their branches, rather than providing traditional forms of ID such as a driver's license or a mother's maiden name.
Later this quarter, Western Bank of Puerto Rico is scheduled to deploy a new branch system that will include the use of biometrics for both customer identification on selected transactions and for internal employee ID for operator log-on, for supervisory transaction, approvals and overrides. The bank already uses a current NRI biometric product for employee access to the bank's central databases.
NRI has been working with the financial industry representatives since 1995. At that time, the major barrier to entry for this technology was cost. In 1995, prices for a finger image based technology, which was considered at the time the most proven biometric, were in the range of $2,500 per workstation. As the first low-cost of finger image scanners became available, something like this unit that has a finger image scanner built into the keyboard is manufactured by Key Tronic, the largest keyboard manufacturer in the United States, and other biometrics became viable, such as iris and facial imaging, interest within the financial industry began to increase and the opportunity to develop sound cost-benefit based business cases arrived.
As 1997 progressed, we saw the focus turn more and more to the business benefits. Where in 1996 the focus had been on how does it work and, more importantly, does it really work, by mid-1997 the focus had shifted to the cost justification and the practical issues of security enhancement.
Page 60 PREV PAGE TOP OF DOC
Questions about the overall viability of biometric technology waned as information technology and security personnel became more knowledgeable.
As a result of our work with the financial community, it became clear to us that biometric authentication offers a number of distinct advantages over other commonly used means of identification. First of all, biometrics provide true positive identification. Password or card-based systems only tell you that whoever performed a given transaction possessed the needed card and personal identification or PIN number.
While this might lead you to believe it was probably the account owner, these methods of identification do not provide any real proof about who actually performed the transaction. In fact, this distinct lack of proof is the reason many automated teller machines in use today have cameras photographing each transaction. Biometrics, on the other hand, provides positive verification of the individual who performed the given transaction.
Biometrics can also enhance customer service. Many forms of customer identification, such as signature verification, photo ID, even PIN numbers, are perceived by customers as something that slows down the process of performing a transaction. Biometrics, on the other hand, enhance customer service by providing quick and easy identification. There is nothing to remember, no risk of leaving a card or an ID at home. Even if their paper credentials are lost or stolen, customers can continue to transact business quickly and easy.
Another benefit of biometrics is they require no teller or operating interpretation. Some systems in use today, such as signature verification or photo ID, require an employee to examine the documents and make a judgment about whether the signatures or the photos match. Errors can and do occur.
Page 61 PREV PAGE TOP OF DOC
Biometric identification depends on computer algorithms to make a yes/no decision, removing the burden of examination and decision from the employee.
And finally, biometrics can act as a deterrent to fraud. If we accept that the cost of fraud is ultimately passed back to the consumer, and that many acts of financial fraud are perpetrated against innocent consumers, then we must consider the possibility that implementing biometrics can provide real benefit to the majority of consumers.
When we examine the issue of fraud in a business environment, we traditionally separate attempts into two categories: Internally generated fraud and attempts external to the organization.
Internal fraud has become a major issue in corporate America. One survey of 1,300 information systems chiefs in the United States and Canada report 45 percent had suffered a loss related to information security. When asked how the losses occurred, 42 percent of respondents cited malicious act by company insiders.
Biometrics provide an easy and effective tool for combatting many types of internal fraud. One use is for employee identification in place of a password when logging into the institution's computer systems. This has a dual benefit of enhancing security and lowering internal operating costs. Without the need to change passwords, calls to internal hotlines are reduced and, of course, the risk of one operator obtaining another's password is eliminated.
In addition to providing identification for sign-on, biometrics can be extended into high risk areas of the bank for transaction level approval. High value transactions, such as a wire transfer, represent an obvious area of vulnerability within the financial industry. Other areas, such as human resources, trust and accounting, also have special security and confidentiality needs.
Page 62 PREV PAGE TOP OF DOC
Implemented selectively, biometrics can be tied directly into these systems, ensuring only authorized users access to sensitive data or initiate transactions.
In terms of deterring external fraud, there are also a number of applications to consider when evaluating the possible benefits of biometric identification. The first and most obvious is customer identification. A biometric provides a quick, easy and highly secure method of verifying customer identity when performing routine transactions such as cashing a check. As banks move into the world of Internet transactions, the issue of positive identification becomes even more critical.
Several types of biometric identification, including finger imaging, voice recognition and facial image recognition, can be easily installed on a home PC, affording valuable protection to both the end user and the bank.
The end user knows their accounts are secure from access by other household members or individuals who might be alone in the home, such as a babysitter. The bank has positive identification for each transaction in case there is a question or a dispute.
In effect, biometric ID becomes the equivalent of the camera placed in the ATM, providing a record of who completed each transaction. As the price of biometric technology continues to drop over the next year, we expect to reach a level which makes it easily accessible for the home computer user.
Business accounts are another area that can benefit from the use of biometrics. Many banks now provide on-line access to corporate accounts to enable controllers and key executives to track their cash position on an up-to-the-minute basis. However, the workstations with on-line access are often placed in unsecured office environments. As with home banking, biometric technology can ensure that only the authorized personnel can access information on it, and initiate transactions.
Page 63 PREV PAGE TOP OF DOC
Mr. CASTLE. Mr. Fuller, we are starting to run into a time problem in our votes. Mr. Metcalf and I are going to have to go vote. Could you possibly summarize in the next 30 seconds or so, so we could do that?
Mr. FULLER. Sure. In summary, NRI believes that biometrics are finally reaching the point where they will become affordable and cost justifiable for both business and personal use. If implemented responsibly, biometrics can solve a number of security issues within the business environment while simultaneously improving end user convenience.
Ultimately, as the cost of fraud decreases and systems become friendlier and easier to use, it will be the consumer who benefits.
This concludes my remarks. Thank you.
Mr. CASTLE. Thank you. I really appreciate the testimony of both of you. It is always better if we can do this consecutively. Unfortunately, votes are now intervening. We have two votes, and this one will close out in about six minutes and another one will go on for awhile.
I think the best thing to do is probably to break until 12:30. And that way, if you wish to take any kind of a break and get a quick lunch downstairs or whatever, you can do it. Hopefully, at that point, we will have an hour's run and we can finish with everybody so we can be done with the whole panel around 1:30.
Page 64 PREV PAGE TOP OF DOC
If any of you have a time problem, see Mr. Lopez here. If you have a plane or something you have to deal with, we will try to juggle as best we can to make sure we get in all of your testimony. There is a lot of interest in making sure we do hear all of this, so we will try to do the very best we can.
I apologize. And hopefully there won't be another series of votes after this. But I think it is about an hour's break after this series of votes. And we can start again at 12:30 and hopefully, as I said, wrap it up at 1:30. Thank you.
[Whereupon, at 11:55 a.m., the hearing was recessed, to reconvene at 12:30 p.m.]
Chairman CASTLE. I am sorry to be ten minutes late. But you may rest assured I was doing important things. I understand there are no changes to schedule, so we will just continue right down the line. Mr. Fuller had just finished before we broke. So Mr. Van Naarden's turn has arrived.
Mr. Van Naarden.
STATEMENT OF ROBERT VAN NAARDEN, VICE PRESIDENT OF SALES MARKET & SERVICE, SENSAR, INC.
Mr. VAN NAARDEN. Thank you, Mr. Chairman and Members of the subcommittee for the opportunity to participate in this process. Sensar, Incorporated is a very good and wonderful example of the combination of Government research, university research and corporate research because in fact that is where the technology has come from to get us to the point of where we are today.
Page 65 PREV PAGE TOP OF DOC
Let me talk a little bit about the value of biometrics and how that relates to your hearing. To us, it is a simple equation. Biometrics simply provides consumer convenience and trust enhancement. It is a way for the retail and banking communities and many other access control environments and other applications, whether it be airlines or what not, to provide a form of security at a much higher level than we have ever experienced before in our lives and, hence, it provides us through that process more loyalty.
In many ways, it lowers costs for organizations which will be passed through to the consumer, and it will reduce the risk of fraud and terrorism throughout our society. In effect, it is privacy enhancement and security enhancement.
Looking back historically, you will know that we have typically addressed security through keys. Keys are artifacts from the Bronze Age, 5500 years old. They don't work anymore in today's society. They are cumbersome to carry, they are ineffective and technology has taken us to the next step. Today, and I am a good example of this, we carry around credit cards, just like you indicated earlier in your opening remarks. Lots of PIN numbers, lots of things to remember. It is ineffective, it is uncomfortable to carry, and it is certainly not secure. So today's environment with technology allows us to go a step further. We need to increase the quality of life for the consumer and for the individuals. Biometrics does that.
Our focus groups, which we have done all over the world, have repeatedly shown us that if we can eliminate anything from someone to remember, like a PIN number, like a password, like an ID, they can spend those cycles and that brainpower on more important and interesting life experiences, and in this case biometrics also increases security. So it has a multiple function.
Page 66 PREV PAGE TOP OF DOC
As you see over here, I would like to welcome you to the iris. The iris of your eye is the most feature rich, stable part of your entire anatomy. It provides so much data that I can positively identify you from the entire world's population using this biometric device. There are 6 billion people on this planet. There are 12 billion irises. Identical twins have different irises. Your left and right eye are different. In fact, this is more secure and more privacy enhancement than DNA testing. Hence, the iris is used in our technology to provide a biometric that provides that level of security and trust enhancement for the consumer.
We have spent approximately 3 1/2 years taking technology from the Department of Defense, from the David Sarnoff Research Center in Princeton, New Jersey, and from Cambridge University in the U.K. to where we are today in commercializing a product that provides biometric security. Today these products are now being implemented in banking solutions in Japan and in the U.K., in commercial, real live applications. We as a company have focused on banking and financial services very simply because, in banking, the most important rule is Know Thy Customer. If we are going to provide more services securely to the consumer, the bank has to know who you are.
The four-digit PIN number that you use at an ATM today is just not secure enough. It can be defrauded, it can be stolen, you can certainly forget it. And we know of lots of cases where all those have occurred. Banks want to retain and acquire more customers like any business does. By knowing who they are positively using a biometric, they can absolutely provide more services at a lower cost. Banks lower costs by moving transactions from the teller to an electronic format.
Page 67 PREV PAGE TOP OF DOC
In my next slide we will show you how that is done. But the most important thing is improving customer convenience and service because it engenders loyalty and trust. Let me give you some facts in the banking environment. When you as an individual go up to a branch that you are used to doing business with for the last 20 years and you do a transaction at a personal teller, it costs the bank $1.07 for that transaction. When you do that exact same transaction at an electronic point of entry, an ATM, a remote kiosk, a remote banking situation, it costs 27 cents.
Chairman CASTLE. Then why do the banks charge you so much more for the ATM? I was just curious.
Mr. VAN NAARDEN. You are absolutely right. This cost reduction will be hopefully pushed down to the consumer so those will go away, because it does save money for the banks. Let me tell you how the process works. It is very simple. We simply take a picture of the eye. We are using the same cameras that you use in your home camcorder. No different. All we are doing is taking a picture. We find you in space. You see the picture of the person there. We find your eye by figuring out where your face is, the shape of your face. We find your eye, we take a picture of the iris of your eye with a high resolution camera and using mathematical algorithms we can identify and extract the features that are in your eye, the various features you saw in that very first slide. Then we transform that into a digital code. That digital code transformation is the same as it would be as a PIN number today. We are not storing personal data. We are storing a piece of digital code that cannot be reversed to identify you as being able to recreate the iris of your eye or a picture of your eye. So it is no different than what is on the systems today. Total privacy and total security.
Page 68 PREV PAGE TOP OF DOC
In our estimation, the iris provides a unique identifier because it is unique to you of all the people in the world and it is completely stable. From the time you are born until about five minutes after you die, it does not change, which means one particular enrollment for your entire life. Secondarily, it cannot be defrauded simply because there is no way to replicate the iris. It is something that is accessible very easily, and it is naturally visible. In our business in order to be a consumer product, it has to be fast, it has to be accurate, and it has to be unobtrusive. We don't want to change the behavior of the consumer. That is why we believe biometrics of certain forms will actually survive and make a major statement in how behavior is changed.
There are only three ways to identify yourself. It is what you carry, your credit cards, your identification through your driver's license, Social Security card or so forth. It is what you know in your head, your passwords, your ID numbers, maybe your Social Security number, or whatever, PIN numbers. And it is who you are. Who you are, and all the people represented here represent different ways of figuring out who you are, is the ultimate way to uniquely identify you. It basically allows you to have trust enhancement and security enhancement.
I would like to show you a couple of pictures of where this has been implemented to date. We have currently banking systems, again we are focused completely on the banking and financial services business. One of our partners in Japan, OKI Electric, implemented I think somebody earlier mentioned at the Nagano Olympics, it was used to secure the high-powered rifles in the biathlon event on a per-iris, per-athlete basis. Here you see an application of a remote banking kiosk which again moves the banking to the consumer in a mall in a remote location where someone could enroll or do a total banking transaction, whether it be applying for a loan or buying a theater ticket by looking at the pattern of the seating chart, picking out a seat of what is available and having it printed right there, deposit money, taking out cash, what not, all done in a remote banking application.
Page 69 PREV PAGE TOP OF DOC
Lastly, I would like to show you another application, which is a bank in Swindon, the largest savings and loan in the U.K., Nationwide Building Society, which has implemented this in ATMs, teller stations, vault access, safety deposit box access, customer service stations throughout the bank. The idea here simply is trust enhancement and security enhancement for the consumer, make it more convenient.
I believe that is what the biometrics industry provides and gives to society. I would like to demonstrate it for you and you will see what is happening with my colleague Dennis Leek over here. We actually are going to switch the control from this presentation for a moment to the application itself so you can see that it is totally unobtrusive, it doesn't require the involvement of the consumer. Once enrolled into the system, we can identify you whether you are wearing glasses, sunglasses or contacts. In this case Dennis is wearing sunglasses so you may think it is a little bit harder. We put in his account number which could be done with an ATM card or a credit card, whatever, and basically we go out there, find you in the scene, look for your eyes, and before I can finish explaining it, we find him out of the database of thousands. It is that simple. I believe that biometrics provide that enhancement of security, that enhancement of convenience which is ultimately what will make our lives better.
Thank you.
Chairman CASTLE. Thank you, Mr. Van Naarden. That is very interesting, too.
We will go next to Mr. Nitzsche-Ruggles.
Page 70 PREV PAGE TOP OF DOC
STATEMENT OF TIM NITZSCHE-RUGGLES, SENIOR VICE PRESIDENT FOR BUSINESS DEVELOPMENT, SAGEM MORPHO
Mr. NITZSCHE-RUGGLES. Good morning, Chairman Castle and Members of the subcommittee and thank you, Chairman Castle, for pronouncing my name exactly right. You are probably the only person I have met in several years who has. My name is Tim Nitzsche-Ruggles. I am the Senior Vice President for Business Development for a company called Sagem Morpho, Incorporated, of Tacoma, Washington. I want to thank you for having us here today.
I am here today to talk to you about a solution to one of the Nation's most serious problems, which is check fraud. The solution, the Morpho solution identifies the unique characteristics of fingerprints to positively verify a person's claimed identity. We have been perfecting this technology over the past 16 years. We have installed fingerprint identification systems and the technology that support them in civil, forensic and commercial customer installations around the world. At this time, our systems, the systems we have installed, search a collective total of nearly 60 million fingerprint records worldwide. The Philippines ID card system, for example, that was mentioned by Dr. Wayman, is provided by our company, as is the South Africa system which was also mentioned by the representative from Purdue.
Fingerprint identification serves two distinct purposes. First of all, fingerprints can be used to determine that a person is unique. In other words, that no other person exists in the database that is identical to themselves. With respect to civil AFIS applications, this capability avoids the possibility that a person can enroll in the same system under more than one name and get duplicate benefits, for example.
Page 71 PREV PAGE TOP OF DOC
The second purpose that it serves is that fingerprints can verify that a person is who they claim to be with very high precision. This capability enables commercial clients, for example, to easily and with great confidence establish their identities at the point of a transaction.
Now, going back to the civil example. Eleven States, as was mentioned before, have authorized their public assistance agencies to implement fingerprint identification systems and prevent payment of duplicate benefits. Morpho has already installed such a statewide system in New York and is under contract to do so in three other States. To give you some idea of how efficient these systems are in combating fraud, the State of New York, as Mr. Dunn reported in his address to you this morning, estimates that its finger-imaging operation generated more than $100 million in savings during the first two years of operation by identifying fraudulent attempts to obtain public benefit claims. Some States such as Texas and New York are discussing the possibility of extending their fingerprint applications to the identification problem involved in identifying those individuals who use electronic benefit transfer cards to obtain benefits at retail stores from public assistance sources. This EBT application is interesting, I think, for the purposes of this subcommittee, because it is almost entirely identical to the application of fingerprints in commercial applications, so I would like to talk about that for just a minute and then give you an example. In the context of commercial transactions, fingerprints has several other important advantages other than ensuring the uniqueness of an individual and verifying their opportunity at a point of transaction. For one thing the act of placing a finger on a piece of glass, the sensor, is a voluntary act. It is nonintrusive, it doesn't invade the body, and it proves that the person was present when the claim of identity was made. Also because the act of capturing a fingerprint image requires a deliberate and cooperative act on the part of the client, the fingerprints can't be taken of someone without their explicit consent and cooperation, as Mr. Woodward suggested is necessary and important in his testimony.
Page 72 PREV PAGE TOP OF DOC
Let me give you a real-life example of where this technology is going. Last October we were approached by Kroger, which is a major grocery chain probably familiar to most of you, to help them combat the problem of check fraud. Kroger was looking for a means to ensure the integrity of the checks it cashed without inconveniencing or compromising the privacy of their customers. Their customers told them that they did not want to have PIN numbers. Further, they told them that they didn't want to carry little tokens with them that would have an account number because these PIN numbers and tokens were just one more thing that they could lose. The solution for Kroger had to be user-friendly, it had to be reliable, accurate, acceptable to the customer, and it had to operate in the real time environment of a checkout lane. Customers who choose to enroll in the system are given extended check cashing privileges. They can cash payroll checks at the checkout lane, for example, rather than at a service counter. Now, this is where we got started. We recognized that there was going to be an issue of educating a large number of users. The average number of users in a Kroger store is 15,000, average number of clients is about 15,000. Clearly we weren't going to be engaged in a long, protracted training exercise with 15,000 people and make it economically feasible.
So we started out with a standard PIN pad that is recognizable to everybody that has ever been to a grocery store lately. This is a device that you use to cash—to swipe your credit card or your debit card and enter a PIN number. Little instructions up here give you the option to choose credit or debit or whatever. So we started with this device. We added to that a docking station. This is a self-contained AFIS system. It is complete. It has a fingerprint scanner built into it. It has an image processor. It has a matcher. It even has a database inside it. In fact, it has a little PC, pentium PC, inside this device. So it is a complete system, self-contained. We married that electronically with this PIN pad and put this in place of the spot that it had previously occupied in the checkout lane right in front of the customer so that when they were going through the checkout lane, all they had to do was simply touch the sensor and in less than 2 seconds we would receive a yes-no verification for their checks.
Page 73 PREV PAGE TOP OF DOC
To enroll in this system is very simple. In fact it takes about 32 seconds. You place one finger, usually an index finger, the left first and then the right, the system evaluates the quality of these fingerprints, it does an internal quality check, it does some matching, and then it enrolls you and it issues an account number. This is usually done in the context of a manager's booth and so forth. At that point then you are enrolled in the store's database and are then authorized to use the extended check cashing privileges that Kroger authorizes people who have chosen to cooperate to be enrolled in the system. It is extremely easy to use. It is very fast. It is very unobtrusive. In fact, Kroger calls this system the touch and go system. The entire process is voluntary, it is private. During the transaction, no sensitive information passes from the client to the transaction provider or the store employee, as Dr. Wayman suggested he objected to by giving his driver's license.
I should also remind you that driver's licenses also contain personal addresses. The fingerprint system confirms the uniqueness of the individual when they enroll, and they confirm and verify the identity of the person when they cash a check. Since the pilot system was installed in one of the stores down in Houston at Kroger, the customers have been very enthusiastic about using the system and not only that but the rate of check fraud in that store has dropped to zero.
Our technology indicates, as I indicated, a real time personal identification that is accurate, secure and private. There is no need to swipe a card or remember a PIN number. You just put your finger down on the glass and you are identified. It is just that simple.
Page 74 PREV PAGE TOP OF DOC
Chairman CASTLE. Do you have to remember which finger to put down?
Mr. NITZSCHE-RUGGLES. Actually you don't. You can use either of the two index fingers.
Chairman CASTLE. What about my thumbs?
Mr. NITZSCHE-RUGGLES. That is also acceptable. If you chose to enroll with your thumbs, that is perfectly acceptable provided that in the future you use thumbs to identify yourself. And if you don't like that, you can use both index fingers and both thumbs and the system doesn't care which one you use.
Just by way of summary, biometric identification technology based on fingerprints is a very mature, very reliable technology based on experience that we have gained in dealing with many millions of records and tens of thousands of searches each day. We are working hard to make it even more affordable and efficient. The question is no longer whether it is possible. The question is how biometrics should be employed. The technology is here. It has been proven. It is being rolled out into 4,000 units in Dallas and Houston as we speak. It is a technology which is fully capable of meeting the requirements of privacy and ensuring the integrity of a person's identity.
Thank you.
Chairman CASTLE. Thank you. That also is very interesting, particularly to get the differing kinds of biometrics that we are seeing here.
Page 75 PREV PAGE TOP OF DOC
Next, Dr. Steven Boll.
STATEMENT OF DR. STEVEN F. BOLL, DIRECTOR OF LICENSED PRODUCTS, BIOMETRICS, ITT INDUSTRIES, INC., ACCOMPANIED BY FRANK SMEAD, SPEAKERKEY MARKETING MANAGER
Mr. BOLL. Thank you, Mr. Chairman. I am going to talk about speaker verification. To do that and to demonstrate it, we need a telephone. I have a telephone down at the other end, so I am going to move there.
Biometric voice verification. It is not one that has been talked about too much. Yet it is a way that each of us identify ourselves when we pick up a phone and talk to someone. We do it all the time, of course. And we don't think much about it. We have taken that advantage and developed a technology and products around that. It is an intuitive, user-friendly approach. The user is aware, of course, when they are being verified. It is nonintrusive. It is a technique that is very low cost, of course. You just need a telephone or, today's technology, you can get by with a sound card equipped PC for access to Internet accounts and things like that.
Accuracy. I would say a few years ago, we couldn't have claimed the accuracies that we are getting today, but what has changed? Well, first of all, high speed pentium processors are now with us, 200, 300-megahertz processors. This has allowed us to use very sophisticated pattern matching techniques. Those techniques have been around for 20 years but only recently have we been able to incorporate them.
Page 76 PREV PAGE TOP OF DOC
CD quality audio using 16-bit analog-to-digital convverters and high quality microphones are now very common with PCs and with telephone interfaces. This has allowed us to use techniques that enable us to prevent tape recorder fraud. We can use randomized prompts to prevent people from taping you in advance and then trying to get in. If you saw the Robert Redford movie ''Sneakers'', they recorded the person without their knowledge. That is not an issue anymore, because we use randomized prompts. Second of all, we use analysis techniques that are related to vocal tract shape, your tongue, your lips, your mouth. So Rich Little can't get into the system, either. If you ever watched some of these performers, the way they do that is through varying their pitch primarily and their prosody.
ITT offers a product called SpeakerKey. You can find out about it at the URL speakerkey.com. It is the result of 16 years of Government and ITT investment.
What we would like to do now is to demonstrate for you with my colleague Frank Smead how SpeakerKey is being used for protection of financial account access as well as network access control. I will now introduce Frank, who will demonstrate SpeakerKey over the phone.
Mr. SMEAD. What I would like to do first is show you an imposter rejection. Let's assume that my bank account has been stolen by a bad guy. I am going to let Steve be the bad guy. I am going to dial an actual on-line system.
[Mr. Smead then placed a call to Buytel Ltd, 17 Harcourt Street, Dublin 2 Ireland, a company currently using ITT's SpeakerKey for financial services caller authentication. The subcommittee and visitors were able to hear both sides of the conversation via a standard speakerphone.
Page 77 PREV PAGE TOP OF DOC
[The Buytel system answered the call with a welcoming message and then asked the caller for an account number.
[Dr. Boll, acting as an impostor, spoke Mr. Smead's account number.
[The Buytel system recognized the spoken account number as a valid account number and then entered the SpeakerKey verification cycle, to check whether the caller (Dr. Boll) was the authorized user of the account. To check the caller's identity, the system asked the caller (Dr. Boll) to repeat two (randomly selected) sequences of digits. Dr. Boll repeated the sequences, as requested, even though he knew the system was expecting to hear Mr. Smead's voice, since Mr. Smead was the actual account owner.
[The system correctly determined that Dr. Boll was an imposter. The system indicated this by saying: ''The system believes that you are not the card holder. If you are indeed the card holder, you must try again.''
[Mr. Smead then took the phone from Dr. Boll and repeated the next set of random digit sequences the system asked the caller to repeat. This time, SpeakerKey recognized Mr. Smead's voice as the correct voice for the account number.
[The system said: ''Hello, Frank.''
[The system then said: ''What service would you like?''
[Mr. Smead then spoke a two-digit sequence for a financial transactions service offered by Buytel. The system then announced that Frank Smead was authorized to make financial transactions in the account.]
At this point now I can withdraw lots of money, make transfers and so forth. Now it wants to know what other service I want. So I am going to pick another one.
[Mr. Smead then continued the SpeakerKey demonstrations. He spoke the digits for a remote time entry service. The Buytel system responded with a message asking that the caller enter his time information. Rather than do so, Mr. Smead termined this demo and explained the significance of the service being offered.]
Page 78 PREV PAGE TOP OF DOC
This is a related application where there is a lot of fraud, in things like home health care. This customer has installed a system where people can call in and give their time but they also get verified to make sure it is not a brother-in-law or a neighbor out giving the home health care. So by combining caller ID and voice verification, they have both of the key pieces of technology and information that they need. Now, let's do one more, and I think this goes back to some opening remarks by Chairman Castle about all those PINs.
[Mr. Smead then continued the SpeakerKey demonstrations. He next spoke the digits for a PIN (Personal Identification Number) reset service offered by Buytel.
[The Buytel system asked Mr. Smead to select a new PIN, which he spoke. The system repeated the new PIN back to Mr. Smead and asked him if it was correct. Mr. Smead said ''yes'' and the system then indicated that the PIN had been changed.]
That is in case you forget your PIN, you don't have to go through one of those lengthy interrogations about mother's maiden name, color of your dog, all that stuff. There are going to be PINs with us for a while and we are going to forget them. So this service should come in very handy for that particular function.
I would like to say one other thing. I am a little disappointed. This particular application is in place in Europe. They are using all U.S. technology. They are using our verification technology. They are using U.S. hardware. They are using other U.S. software. The financial community in the U.S. should look to some of these applications in Europe to see what they are doing. I would like to see a more aggressive response in the U.S. We will be happy to show this demo to anybody in the financial community who wants to see what others are doing with the technology that has been developed in the U.S.
Page 79 PREV PAGE TOP OF DOC
One final demo. NRI gave testimony earlier. They have a multi-biometric capability for securing access to computers and networks. I would like to show how I get into a computer using their secure technology and a voice input. First, I will tell you what you are going to look at. Right now I have been locked out of the screen. I won't be able to get in until I go through a biometric.
[A projected image of the computer screen showed a message indicating that access to the computer had been locked. It indicated a user should press the Control/Alt/Delete keys to activate logon. (This key combination is the normal process for logging onto a computer when using the Windows NT operating system.)
[Mr. Smead pressed the indicated keys. Instead of asking for a keyboard password, the normal next step, the screen asked Mr. Smead to type in his user name, which he did. Upon Mr. Smead's pressing of the Enter key, the NRI system then initiated the SpeakerKey user verification sequence. The screen asked the user to speak a (randomly selected) two-digit numerical sequence. Upon Mr. Smead's doing so, the screen then asked the user to speak a second (randomly selected) numerical sequence. SpeakerKey then determined from the voice which spoke the requested digit sequences that the voice was the correct voice for the user name previously entered. The projected screen image then changed to the display which normally follows keyboard password input.]
OK, it let me in. If bad guy Steve here tried that, he wouldn't have been able to get into the system. Thank you.
Chairman CASTLE. Thank you. We appreciate that. It is interesting to see all the different systems that we have here.
Page 80 PREV PAGE TOP OF DOC
Our next presenter is Lisa Broderick.
STATEMENT OF LISA A. BRODERICK, CHIEF EXECUTIVE OFFICER, PENOP INC.
Ms. BRODERICK. Thank you. Thank you for the opportunity to testify. We had a lengthy presentation and testimony prepared which we have just discarded based on what everyone has shown here, because we want to say one thing which has not been said of all of the technologies that have been shown here today. What we want to say is while they are futuristic and they are interesting and their applications are definitely grounded in what we will be seeing in the future, they all share one thing in common which they are not.
They are not legally binding in any way. They are not a technology in which there is anything of, let's call it informed consent, that someone is agreeing to whatever terms or conditions exist surrounding the transaction that they are interested in making. They are simply being read in a way that a human characteristic is medically read, converted into digits, digitized and then read by the computer. Nothing about that is a legally binding, legally consenting, let's call it a signature.
What our company does is exactly that. We provide a way to digitally read a handwritten signature using biometrics. We are going to show you that right now. A digital handwritten signature such as our company provides the software to read allows the measures of a human signature to be inputted, captured by a computer device, such as we are using right here, which is a computer, a touch-sensitive computer screen. It could be a tablet, it could be the hand-held devices that UPS or Federal Express use that allow you to sign on the computer. When you sign, as you have just done, it is a biometric being read by the computer in the same way that your iris is read, in the same way that your voice can be printed and your fingerprint can be read. All technologies we have seen here today. The one difference is that in every country around the world, in every State in the United States, this is a legally binding consent. This is a legal signature for purposes of consent, authorization, transactions, the transference of money, the transference of wealth, all of the things that we are talking about here today as well, which is the future of money.
Page 81 PREV PAGE TOP OF DOC
What my colleague here has just done is signed a credit card authorization form on the computer screen. This could be at your Crate and Barrel, this could be at any retail store where they have a pressure sensitive tablet which they increasingly have. When the signature was drawn on the computer screen, made on the computer screen, the software biometrically read 90 different measures of the nature of the signature. It read the speed, it read the duration, it read the pressure that was applied. It read where the gentleman stopped and started, what he wrote, whether he included a middle initial, all of these different measures. Just as an iris scan would measure the many different characteristics of your iris, we have measured the many different characteristics of your signature. This can then be inextricably bound to a document which is in fact what our software company does. We allow a handwritten signature read biometrically to be inextricably bound to a computer document for purposes of authenticating that document. While this may not be applicable in E commerce, let's say, or the transference of money for very low value transactions because the cost of an input device, an iris scanning device or a fingerprinting device or even this computer tablet might be more expensive than the transaction itself, for very high value transactions, in fact, it is virtually necessary. It is necessary that you can relate beyond a shadow of a doubt a human being and all his characteristics, his or her characteristics, to a computer document that they have authenticated, whether they are authenticating a check or a contract over the Internet or taking money out of an ATM, for instance, any of these different measures.
Now, this signature has been inextricably bound to the document and we are interrogating the signature here on the screen to determine whether or not that document has changed. The reason is, unlike paper, people looking on a computer screen know, and correctly so, that you could easily change a character and who would know the difference, whether you changed a decimal point or changed an amount from 100 to 1,000. Here the signature is bound to the document, so in fact you cannot change any aspect of the electronic document. We are now confirming that the form has not been modified and that the signature has been accepted. This is exactly as though your iris has been read or your voice has been printed, using any other biometric.
Page 82 PREV PAGE TOP OF DOC
Let's go on and verify a signature. The signature, in addition to being inextricably bound to the document, can also be verified, in the same way that your iris can be verified. That is, its 90 measures which it has taken as you have written a signature can be read into the computer and compared against a future signature event when you sign the next time. This allows you to be identified virtually beyond a shadow of a doubt. It is certainly not as secure as an iris scan, but then again for many transactions, especially many transactions which require a legally binding aspect to them, this may be a more appropriate biometric technology than reading your iris scan. No laws need to be changed, nothing needs to be altered about the way human beings have assented to, have consented to documents and agreements for thousands of years when using this type of biometric technology.
That concludes our comments. Thank you.
Chairman CASTLE. Thank you. That is also an interesting addition to the biometric discussion which we are having here today.
Our final speaker will be Mr. Oscar Pieper, who has waited quite patiently through the day. We appreciate that and look forward to your testimony.
STATEMENT OF OSCAR R. PIEPER, PRESIDENT, INDICATOR TECHNOLOGY, ACCOMPANIED BY MR. COLLIER
Mr. PIEPER. Thank you, Mr. Chairman. In fact it is really appropriate that we were invited here today to participate in this hearing because biometrics and the future of money is extremely important.
Page 83 PREV PAGE TOP OF DOC
According to Dan Rather in a recent ''48 Hours'' TV special, ''Identity theft is quite possibly the fastest growing fraud.'' Identity theft affects citizens, businesses and Government. The whole basis behind its growth is that it is easy for the fraud artist to assume a law-abiding citizen's identity through use of fraudulent pieces of identification, such as driver's licenses, payment cards, along with the knowledge of Social Security numbers and other personal identification about the victim. The only real deterrent to this fast growing crime that has a major impact upon the future of money is positive user authentication through biometrics. That is what we are addressing today. Positive user authentication is extremely important in our payment system, because without it the financial industry can and will suffer substantial fraud losses in electronic delivery systems of the future. At the same time, the consumer will suffer damages through identity theft.
In the past, a consumer completed his or her transaction in person through a teller or clerk in a store. In the future more and more transactions will be completed without a human interface, making it even easier for the fraud artist. As the Chairman opened his remarks with, if you look at the screen up there, you are going to see that the consumer relies upon the following means to identify himself or herself. Possession of bank cards, PINs for ATMs, passwords for the Internet, possession of identity cards such as driver's license, possession of a key, and knowledge of Social Security numbers. Unfortunately, all of these can be compromised through identity theft, resulting in fraud, where finger minutiae cannot be compromised.
Fraud is one of the fastest growing crimes in the U.S. and worldwide today. For example, bank robbery with a gun is minimal compared to bank robbery with a pen or a keyboard. With identity theft present, we must find a better way to ensure and protect the future of money. Identity theft can be virtually eliminated through the use of positive biometric user authentication. The objectives are to eliminate fraud, to eliminate identity theft, which occurs when the fraud artist assumes someone else's identity in order to impersonate that individual and to commit various fraud crimes.
Page 84 PREV PAGE TOP OF DOC
Again quoting Dan Rather in a new CBS News ''48 Hours'' poll, ''Nearly one in four Americans say it has happened already to them.'' It is a significant amount. All of us pay for fraud in higher fees and higher cost of goods. The individual who suffers identity theft pays even a higher price in losing his or her identity and then suffering for months trying to regain it. Positive user authentication is the key to eliminate identity theft. But it must be easy to use and very cost effective. Therefore, we are going to talk about finger minutiae biometrics which we think is the answer.
Now, why is finger minutiae the best? Fingerprints don't change over time. In fact from birth to death they don't change. All fingers are unique. One of the things that was mentioned earlier is that you could use the two index fingers or thumbs or virtually any finger. So each person has 10 easily identifiable identifiers. Fingerprints stop unauthorized access, as I will get into a little bit later. It is the basis of all worldwide identification. We truly are in a global environment. When you talk about payment environments, you especially are aware of the global activities. Today we can use our ATM cards worldwide. It is fast and easy to use and we don't forget our fingers. In fact, within a second, we can verify one's identity. Users respect it and fraudsters are afraid of it.
According to Joel Lisker, Senior Vice President, MasterCard International in charge of security and risk management, ''After extensive testing and study, MasterCard has determined that the finger minutiae solution provides the highest degree of reliability, combines with a remote enrollment capability, ease of use at point of sale and a higher level of consumer acceptance based on a survey that MasterCard did with over 900 consumers, than any other biometric technology available today.''
Page 85 PREV PAGE TOP OF DOC
Let me give you an example of where fingerprints have been adopted by the financial industry to reduce fraud. Several years ago the American Bankers Association, the ABA, identified a substantial increase in fraudulent checks. They investigated technology alternatives to reduce fraud and at the same time to continue service to their honest customer. They determined that fingerprints would be the most effective deterrent to stop check fraud. The Touch Signature product is what they implemented, and it is supplied by us. According to the Bank Security and Fraud Prevention publication of the ABA, ''Banks are fighting the bad guys with the very tool those criminals have used to get ahead, technology. And one of the latest ways to do that begins with a fingerprint.''
Losses from checks cashed across the teller line fell by almost 50 percent, Bob Randolph a bank officer, said. Last year the Clearing House of the Southwest reported that analysis of the 1996 data indicated that six reporting banks showed losses are 47 percent lower. The total savings for the six banks was $2.5 million. Anyone who has ever had their identity taken knows that you are in the position of proving you are innocent rather than guilty. Having prints does that. The Touch Signature Program is simple, low cost, and saves time for both the Government, the financial industry and the consumer. The key again is positive user authentication to reduce fraud and eliminate identity theft while at the same time expanding customer service. User authentication links the account to the legitimate holder.
Again a quote from Joel Lisker: ''It is critical that companies maintain a delicate balance, significantly reducing fraudulent transactions through a biometric solution while protecting the identity of the contributing cardholder. Of all the biometric solutions reviewed and tested to date, MasterCard believes that finger minutiae technology is the most viable and realistic approach for the payment card industry. It poses the fewest problems for issuers, merchants and cardholders and is far easier and more cost effective.''
Page 86 PREV PAGE TOP OF DOC
How does the fingerprint work in this environment? The fingerprint is made up of a unique series of ridges that have end points and splits. Please look at this slide, which happens to be the ABA brochure on fingerprinting services. During enrollment, which takes about 30 seconds, the system generates a small template of these unique features. The original fingerprint is then thrown away. The original fingerprint cannot be recreated from these extracted features. This template then can be stored on a mag stripe, a smart card or a server controlling access to private information. At the point of transaction, the customer simply places the same finger on a low cost direct fingerprint reader. This slide shows what makes up the unit, which basically is a reader and software.
For example, this is a secured mouse. This is an operating mouse with a fingerprint reader in it. The important thing is that you can put this onto your PC for less than $100. That is both hardware and software. So it is becoming very practical at the PC level. The positive link between the account and the account holder can be accomplished in less than 1 second.
The program as outlined is currently being used in a number of locations. In September of 1995, the U.S. General Accounting Office released a report entitled ''The Use of Biometrics to Deter Fraud Nationwide.'' I bring that to the attention of the subcommittee and I suggest that you do read that because it is the most extensive report to date on biometrics, and it is a good one.
In April of 1998, Identicator received the annual award for the U.S. Treasury electronic payment project at Fort Sill, Oklahoma. This was awarded at the CardTech/SecurTech Convention, which is the major industry annual gathering. Mellon Bank is the systems integrator and Identicator's fingerprint technology is used both in enrollment stations and transaction stations. There are approximately 20,000 smart cards issued to Army recruits, and they use finger minutiae rather than PINs for user authentication. The results are very positive. The users say it is not only easier but also faster than PIN-related systems. You don't forget your finger, Mr. Chairman. The key is that through finger minutiae, the account holder is tied directly to the card. Identity theft is a nonissue in this particular area because the fraud artist cannot use the card.
Page 87 PREV PAGE TOP OF DOC
Two years ago, Identicator was similarly recognized at the same prestigious gathering for the Spanish Social Security program. The TASS project, as it is called, is used in 650 ATMs in Spain and has been up and running for over two years now. The kiosk machines are equipped with Identicator's direct fingerprint readers. The kiosk provides cash and information to recipients 24 hours-a-day, 7 days-a-week. A smart card is used. The recipient simply places his or her card in the kiosk and places her or his finger on the reader and in less than 1 second the cash is disbursed. All that is stored on the card is the fingerprint features. And, remember, a fingerprint cannot be recreated from these features.
Identicator was selected as the technology for the largest deployment of biometrics in the U.S. Department of Defense. This is after two years of extensive testing, and it is involved with the RAPIDS and the DEERS project. We have 1,322 servers and workstations deployed worldwide on that. I go back to, it was after extensive testing. Identicator is a member of the BioAPI Standards Group made up of Compaq, IBM, Microsoft, Novell and Identicator. We feel very strongly that this group will significantly move the adoption of biometrics and biometric technology worldwide through clear, open standards.
The bottom line is that we need protection from fraud and identity theft. This is important, not only to ensure that one's good name is not damaged but also to ensure that one's financial resources and personal data cannot be attacked so easily. This protection comes from biometric technology which in fact is the essential protection for the law-abiding citizens, Government and business. We will not successfully move into the future of money without it.
I do have a demonstration if you have the time or we can go just directly to questions. Thank you, Mr. Chairman.
Page 88 PREV PAGE TOP OF DOC
Chairman CASTLE. How long will the demonstration take?
Mr. PIEPER. The demonstration will take maybe a minute.
Chairman CASTLE. A minute is fine. Go for it.
Mr. PIEPER. Mr. Collier, our director of operations who is actually headquartered here in Rockville, Maryland, will give you a demonstration of a combined credit card, smart card terminal with PIN and biometrics.
Mr. COLLIER. First I am going to take my credit card which would have my fingerprint minutiae stored on it and slide it as I normally would. Then the system prompts me to place my finger on the scanner. It approved my access. What you see on the right side of the screen there is a minutiae map which contains all of the features that represent my fingerprint. If I was to do that and utilize a finger that was not enrolled, as if I were someone else trying to use the card, then it would deny my access.
Mr. PIEPER. Thank you very much, Mr. Chairman.
Chairman CASTLE. It took 45 seconds. Very good demonstration. Thank you, Mr. Pieper. I thank each of you.
I am going to ask a few questions. These are sort of broad, general questions. I really am probably not going to ask too many of anyone specifically. I ask that you do not each answer each question. Perhaps one person could answer one, perhaps if two other people want to add something, that would be fine. Maybe perhaps you will have a chance to answer another question. My first question is, I am sort of curious as to how much of this overlaps one biometric with another. And perhaps there are biometrics not represented here that we need to bring into this discussion as well. But, for example, Ms. Broderick, it seems to me that the signature identification has somewhat of a different purpose perhaps than some of the other things that we have heard. I would think that the voice identification would also be different because you are using a telephone versus when you are there. But when you get into things like retinas and faces, it seems to me that would be somewhat the same. I guess that fingerprints could be somewhat different, too. Am I right about this? Or in fact would you like to just stomp each other out because you are direct competitors of one another? I was wondering where you compete and where they could have separate or partially overlapping purposes.
Page 89 PREV PAGE TOP OF DOC
Mr. PIEPER. I would like to address that, Mr. Chairman. The use of a particular biometric is driven by applications. That is the major drive associated with the use of biometrics. The processing associated with biometrics are all basically the same. You take the raw image, whatever it is, and you extract the features which are unique to that raw image. Then you match or compare at the time when the person tries to gain access. In the access area, there are three major commercial applications for the technology. That is controlling access to databases through the Internet or through Intranet or Extranet. Then there is controlling access to payment environments which can be both retail payment environments of the demonstration we just showed you and wholesale payment environments. Then there is the physical access, controlling access to a physical facility. So, the technology will be driven by application.
Chairman CASTLE. Ms. Broderick, it looked like you wanted to answer. I would think there are areas in which there are overlaps here, though, and in which there is direct competition.
Ms. BRODERICK. There may be. Because in addition to the use of biometrics being driven by application, I would suggest that they are driven as well by consumer preference, by a level of comfort that a human being, a citizen, would have with one biometric versus another. The biometric that we provide is very secure, every bit as secure as many of the biometrics discussed here today, possibly with the exception of the iris scan, which seems to be the most secure. However, it is something that we find universally is accepted by consumers as a biometric they are willing to enter without hesitation. They have used it, human beings have used it for thousands of years as a way to assent to a transaction or to conform to something, and that preference drives the use of our biometric in many applications over other biometrics, I would say.
Page 90 PREV PAGE TOP OF DOC
Mr. FULLER. Mr. Chairman, we at NRI unlike many of the people on the panel, don't develop biometrics as such, we develop biometric applications. Consequently, we use all the different biometrics. There clearly is an overlap. But what we have found is for many of the applications, there clearly are areas or environments where one biometric is superior to another. I can give you an example. At Mayo Clinic, where we have an installation, which is a hospital, not a bank, of course, but we use finger imaging in areas where there is a lot of activity, including a lot of noise and a lot of movement in the background, in this environment face or voice has a difficult time recognizing the individual. But in quiet areas or areas that are gloved, operating rooms and so forth, examination rooms, we use face. Each biometric technology has pluses and minuses, particularly environmental, and through the use of standards which are now evolving in the industry, you can build applications that can deal with all the biometrics through a common interface separating the technology from the application. There is no such thing as a biometric application. There is a business application that uses biometrics to identify individuals.
So the standards that are evolving right now are moving the industry forward quickly into these business applications. Then those business applications can recognize the environment that the individual happens to be in and challenge them for the correct biometric.
Chairman CASTLE. Let me move on to another question. You probably all can answer any of these questions. I get a little nervous that you are going to and we just can't do this. Can anyone here sort of quantify the size of the problem with identity theft? Do we have a much greater problem in 1998 with the theft of information and the use of cards and PIN numbers and whatever it may be than, say, we had in 1968 before most of this existed when you just simply had people stealing checks and forging checks and that kind of thing? Is the wrong person getting access to assets or the use of services or cash much greater today than it was, say, 30 years ago?
Page 91 PREV PAGE TOP OF DOC
Mr. VAN NAARDEN. If I could address that. It is definitely a bigger problem today because the access points are much more available than they were before. In financial assets, I can only speak to that one, monetary assets, if you listen to the American Banking Association, they will tell you that on an annual basis in the United States alone, it was a $2 billion problem last year. If you listen to the FBI statistics, it is a $15 billion problem. That is a combination of credit card, check fraud, wire fraud which is a big problem, ATM fraud, and so forth. So it is a big problem. The banks don't report this type of information because it is a cost of doing business. You won't find it on a balance sheet or on a profit and loss statement of a bank, simply because they don't want to scare you that there is a problem. It is just a cost of doing business. Today when you open up a checking account, the average cost to the bank, just to cover the fraud for that checking account is $200, just to cover a single account for fraud.
Chairman CASTLE. Maybe if I don't open it, they would give me a hundred dollars not to open it. They could make a hundred bucks. Something just to think about.
Mr. NITZSCHE-RUGGLES. Mr. Chairman, I would like to just add one comment to that. I think compounding this whole issue is the fact that it is easily observed that over the last 15 to 20 years, we are quickly moving toward a cashless society that is much more dependent on electronic means of transfer. Those electronic means have none of the sort of built-in inherent checks, privacy checks and integrity checks that were previously built in when people were dealing with each other on a face-to-face basis where mostly everyone knew each other. That is not the case any longer. As we move more toward electronic commerce, these issues of privacy, these issues of identity integrity are going to become much more important.
Page 92 PREV PAGE TOP OF DOC
Chairman CASTLE. Let me give you a hypothetical. Let's assume as a result of this hearing today that every single financial institution or anyone else that needs identification calls your offices and floods you with orders and in the course of a year, every single biometric identification technique that we have talked about here today is installed someplace, with anyone who needs some sort of identification. How much would that reduce the fraud that is out there now, that is being perpetrated by this stealing of cards and PIN numbers and that kind of thing? I know that is probably a hypothetical answer, too, but are we talking about something that would reduce all this by 90 percent or 10 percent? What are we talking about if that truly happened?
Ms. BRODERICK. If I could answer that, just the use of a product such as ours which does digital handwritten signature verification, if it were applied to credit cards real time could virtually eliminate fraud, because it would read a signature real time, that signature inextricably linked by the company to that human being, almost impossible to forge, with 90 measures, but it is possible.
However, apparently most credit card fraud is not that someone is signing someone else's name badly, it is that they are signing the wrong name. Over the computer, the Internet, they have stolen the credit card number, reassigned it to them in their name, signing a different name, printing a different card, and the computer system can't match them up real time. So this would completely eliminate that.
Chairman CASTLE. I would assume that all of you would answer somewhat that way. Let's get at least one more answer on this.
Page 93 PREV PAGE TOP OF DOC
Mr. BOLL. Another thing to think about is that once you are keeping track of this person's biometric, when the bad person tries to do it, they are leaving evidence behind. That acts as a deterrent independent of anything else. I guess there have been examples in the welfare where thousands of people disappeared off the welfare rolls once the biometric was instituted. Where did all these people go? Well, they just decided not to come back because they knew the threat was there. We call this the person trap. If you are going to get caught or the likelihood of getting caught is increased, you may choose to do a different route to conduct your fraud.
Chairman CASTLE. Let's assume the FBI is correct and let's also assume we can save $15 billion by installing these systems. I realize this has a more than one-year cost, but what would be the cost of that? Are you running into banks and other operations which are saying, hey, we think our customers would benefit from this and we think they would adjust to it but we just simply aren't going to—they are used to paying the extra money through the problems of fraud as they exist today, they aren't interested in a direct charge if we put up so much money up front or whatever it may be. What are we talking about in terms of up-front capital costs in order to put these systems in place? And are institutions balking at that?
Mr. VAN NAARDEN. If I could address that, we as a company, because we deal with banks all the time, have done a tremendous amount of work in financial analysis to see what the cost of this product type biometric could involve, both in terms of the hardware cost, the software cost, the installation and the ongoing support of that infrastructure. We do internal rate of return calculations for the banks to give them a financial view of how this would save them long-term dollars. It turns out that is not the motivating factor in why they do it. Yes, there is a reduction in fraud and probably pretty much everybody on this panel would agree that we can eliminate 98 percent of the fraud if this were universally put together. But that is not the motivation. Because the real motivation is customer convenience.
Page 94 PREV PAGE TOP OF DOC
In any business, the idea here is how do you engender loyalty and trust so that people keep on coming back, how do you get one bank customer to change affiliation to another bank customer to get their dollars in your bank and make some profits on their accounts. The only way to do that is to give them more services, give them more convenient services 24 hours-a-day, 7 days-a-week. The only way they can do that is they know who you are.
Ms. BRODERICK. I would disagree with part of that, and, that is, if you are a credit card company, you are already engendering someone to use your credit card and credit card fraud is indeed your biggest problem and many credit card companies are self-insured, so that they are eating the cost of the credit card fraud themselves. We are lucky in that this device, as an input device for biometric, can be purchased for $10 in quantity. This is available in a retail store for $30. I do believe that the cost of the input devices is driving many of the applications and the delivery of the technology, the availability of the technology widely. We may be the smallest company among all companies here and we may have the largest installation. We have 30,000 installations right now using these.
Chairman CASTLE. We have a lot of credit card companies in Delaware, so this interests me a great deal. Are you suggesting that if that device is installed and using an MBNA credit card and you sign on that, it would identify the signature, that is the way you eliminate the fraud? Or do I have that reversed?
Ms. BRODERICK. That is correct. It would be real time signature verification.
Page 95 PREV PAGE TOP OF DOC
Chairman CASTLE. That is simplistically what you are stating?
Ms. BRODERICK. Yes, it is.
Mr. NITZSCHE-RUGGLES. Mr. Chairman, if I may comment, let's not kid ourselves. The cost of fraud and the cost of biometric systems are going to be passed along to the consumers.
Chairman CASTLE. That is why I sort of asked the question. I was wondering what the setoff is.
Mr. NITZSCHE-RUGGLES. I think it is probably cheaper to make a plane that crashes once in every 10,000 takeoffs, but we don't allow that, because we want to preserve the integrity of our transportation system. The same is true here, I think. We have a responsibility as a society to ensure the integrity of our economic system by deterring fraud. Fraud is something which defeats that integrity.
Chairman CASTLE. I would like to take one more answer. Then we will move on.
Mr. PIEPER. When you address the credit card field, you need to address it globally today. There are standards globally for credit cards. There is some 35 million points of sale in the world today. There are also some 1 million ATM machines. When you address it globally, you address it through three associations, that is MasterCard, Visa and Eurobank. My suggestion to you, Mr. Chairman, is that Joel Lisker, the senior Vice President at MasterCard, who has I think been an expert witness at several of these subcommittee hearings, would be a very good source of review associated with credit card fraud, because they have done a lot of research on this area. What is the cost effectiveness of the system, how can it be implemented, and how can you go across the board? You know that those associations are owned by the member banks, so you have the banking relationship also.
Page 96 PREV PAGE TOP OF DOC
Chairman CASTLE. I am sure Ms. Broderick would love to address it globally if she could.
Ms. BRODERICK. Just to say a signature is accepted in every country around the world today. So it is a global means.
Chairman CASTLE. Let me move on to another subject. I know this for a fact. Like electronic money and those kind of things, as one of you mentioned, I forget who did, that Europe seems to be ahead of us in certain of these applications. They are certainly ahead of us with respect to a number of banking applications, electronic money. Why is that? Or is it not the case? Is that not really the fact? My impression is I think a few of those countries are almost working exclusively on electronic cash now, almost becoming cashless societies. They seem to take to this more than we do. Is there a reason for that? Or is it not an accurate fact?
Mr. VAN NAARDEN. If I could address that again. The fact of the matter is that the United States economy is a credit card society. Everywhere else in the world is a cash society. The reason why there are more ATM machines by a factor of five outside the United States is for that very simple reason. People transact with cash outside of this country. Whereas the people here transact in credit cards or those kind of instruments. As a result, the infrastructure to support that electronically is more advanced in Europe than it is here in the United States. However, as was stated on the panel, the technology all comes from the States, it just happens to be implemented in Europe and Asia, other parts, South America, more prevalently today. That will change very rapidly.
Page 97 PREV PAGE TOP OF DOC
Chairman CASTLE. While you have the microphone, what were those numbers again, this is entirely apart from this hearing, on the ATMs versus the tellers, on the costs of a transaction? Didn't you give us those numbers?
Mr. VAN NAARDEN. It is in your packet. The cost of a transaction at a teller is $1.07. The cost of that same transaction at an ATM is 27 cents. It is 80 cents less, 5 to 1 ratio. When you do that same transaction at your PC using home banking should you choose to do that where security is even a bigger issue, then it goes down to about 10 cents.
Mr. PIEPER. I would like to address just one other issue on that, Mr. Chairman, and that is that we are far ahead of most other countries in the area of biometric development. Where we are not far ahead is in the area of smart cards. Smart card is the transaction card in Europe and many other countries. Because the infrastructure in this country was built on mag stripe cards, we have 98 percent draft capture now with mag stripe cards in the States. The reason why smart cards were developed initially in Europe was because the infrastructure was not there for the telecommunications, it was very expensive to make telephone calls and to hook ATMs up online. So what they did is they came up with a stored value in a smart card. Many of those telephone costs are falling. Still however, Europe leads in the smart card development. That will probably happen in this country and it will start to move very rapidly in the near term.
Chairman CASTLE. Thank you. We have actually had hearings on that in this subcommittee, actually in previous years. My next question, I have got just three more I will try to get through here. This may take an admission against your own interests or attacking somebody else. I am concerned about the accuracy of all this. I haven't heard anyone here say that whatever you are doing is anything less than just about 100 percent accurate. And maybe that is correct. But maybe it is also very expensively correct. My concern is, is there any aspect of these biometrics we are starting to get into that has some questions concerning its accuracy? Forget the applicability and all those kinds of things, but is there some aspect of it that just doesn't seem to be working 100 percent?
Page 98 PREV PAGE TOP OF DOC
Mr. BOLL. One thing to make sure we understand, and Jim Wayman has talked about this, is you need to measure enough data. There is a so-called ''rule of 30'' in which he said that to measure a 1 percent error, you need to take 300 trials, because you need at least 30 errors before you can make any high degree of confidence about what your error rate is. So you have to make sure, if someone says ''I have an error rate of one in a million'', that they have taken 30 million independent trials. Using less data than that leaves you open to suspicion that you haven't tested enough data. It is important that the test size be large enough to guarantee that high confidence.
Mr. NITZSCHE-RUGGLES. Mr. Chairman, I echo that. In fact, as I said in my testimony, we have been doing this for about 16 years. We have 60 million records on file. We are able to use that data to fine-tune our algorithms. This issue of accuracy actually has three components. One is failure to enroll, people who the biometrics just isn't capable of being read. Another would be false reject rate, people who are actually in the system that are falsely rejected by the system. The other one is the imposter pass rate, a person who isn't in the system is actually accepted. The last two are the ones that are more usually referred to as accuracy. But the first is equally important. But I echo the sentiment just expressed. You need a big database.
Chairman CASTLE. Dr. Atick.
Dr. ATICK. Mr. Chairman, there is another dimension to your question. In thinking about accuracy, I think it is important to also code accuracy at a given level of investment. For example, if you are talking about a camera that costs $25 and basically measured the accuracy of a system running on a camera of $25, that is not the same measure as a system at $10,000. So there is another dimension that we have to be aware of. You could get accuracy from every single one of these biometrics to increase dramatically if you invest more in the sensors, in the hardware that is driving them. So the comparison chart at least has to be two-dimensional. It would have to have the accuracy as well as the cost of the sensor.
Page 99 PREV PAGE TOP OF DOC
Chairman CASTLE. Thank you. Let me try to move on to another subject. I am not sure if this really should engender comments or not. But in some of the previous questioning by some of the other Members of Congress who were here, you heard an expression of concern that you would hear a lot if you went throughout the 435 Members of Congress. That is sort of the privacy aspect of all of this. Everybody, and I think our constituents reflect this to us, they are very concerned that everything they do, from videos they rent to their medical records, to their Social Security records or whatever is going to get into the public stream somehow or another. That seems to have happened. We do know that some credit card operations are selling information and all of a sudden you get solicitations, you subscribe to a magazine, you get solicitations from 10 other magazines. It is just happening to us on a much more regular basis in America at least today. I think everybody is becoming concerned about that. I think the feeling is that, gee, if I give somebody my index fingerprint, all of a sudden they are going to know everything there is to know about me. We have already had concerns about height, weight and things of that nature expressed today. There may be more significant concerns that people are worried about it. This whole business of privacy becomes extremely important.
Most of you have indicated—and also I do think as somebody else pointed out, you have to think about this on a longer term basis than just what is happening right now today. Where is it going to be a number of years from now? I don't know if we need legislation to address this problem or it is something that you as providers of different methodologies of dealing with this need to pay attention to. But I will tell you that there will be a public concern that needs to be addressed. I have been sort of reassured by what you have said. I guess because I am in public life and I file ethics reports, that everybody knows everything about me, anyhow, I don't really worry about it a heck of a lot, I just want to make my life more convenient. But there are a lot of people who think about this very differently. Their concern is going to be that if you get into these kinds of systems, somehow or another they are all going to be linked together and there is going to be a complete printout on everything I have ever done or not done, whatever the heck it may be, and the police can get it, my enemies can get it, whatever.
Page 100 PREV PAGE TOP OF DOC
I just point that out to you for whatever it is worth. Even though you may feel that your system is applicable only to whatever it is that you are serving, there is that abiding concern, I think, by members of the public that need to be addressed. I just want to put that forth because that is not to be lightly treated, I don't think, in terms of dealing with the future of this particular issue. If somebody does want to comment, I would welcome it.
Mr. PIEPER. Could I give you some food for thought on that, please?
Chairman CASTLE. We have two different speakers. We will start with the lady first.
Ms. BRODERICK. It might be interesting to note, you just mentioned that everything is known about you in your public life so it is just a matter of convenience for you. I would suggest that in fact there is a tradeoff between convenience and privacy. In fact that may be one of the most important reasons why the United States is so far behind the rest of the world in terms of the rollout of these technologies is their concern about privacy. They are concerned that information will be widely available to them, whereas people in other countries for whatever cultural reasons are less concerned about that. We need to review what is the cost, what is the cost-benefit of privacy versus convenience in the rollout of these technologies. What are we willing to forgo in terms of privacy for more convenience and vice versa.
Mr. PIEPER. I would take a totally different tack on that. This is out of USA Today yesterday. Of course, all the hotels always deliver these to the rooms as you know. This is ''USA Snapshots'', which they always do. The survey measures PC user issues. Specifically, those issues the adult computer users say they would be focused on for the next two or three years. Fifty percent say online security and privacy is their major issue. The next highest percentage is 25 percent, the year 2000 problem. I say to you that security and privacy go absolutely hand-in-hand. Security controls only authorized people to gain access. Privacy is also protected by only allowing the authorized individuals to gain access to their private individual records. I think it is very important that we take into account what the consumer is concerned about, i.e., security and privacy. These two absolutely go hand-in-glove and can be positively controlled through finger minutiae biometric systems.
Page 101 PREV PAGE TOP OF DOC
Mr. FULLER. Mr. Chairman, there was, it seemed to me at least, a concept put forward that biometrics would help collect information about you. In fact, huge amounts of information are being collected usually for marketing reasons today about all of us and biometrics has still not hit the mainstream. Really biometrics will protect the access to that huge amount of information. It is going to be collected about you because of the electronic world we live in. And it is going to get greater and greater and greater.
Chairman CASTLE. Let's say we are 20 years down the road and biometrics is in place, as we have talked about here today. Will there be greater access about an individual as a result of that or less access or the same access about an individual? How would you project what is going to happen 20 years from now?
Mr. FULLER. I believe, as someone on the panel said, there will be more and more points of access, which will increase the opportunity to get at that information. So we have to come up with a means to protect the information about you, about ourselves.
Mr. VAN NAARDEN. I think the issue is, is where is the information available. Today, I think it was one of the speakers on the first panel said, when I show my driver's license, I show my face, my address, my name, my Social Security number, my date of birth, my height, my weight, my hair color, my eye color. With a biometric, that is all protected. All we are doing is making sure it is you, the database which identifies you is protected for the first time. So I think we enhance the privacy and enhance the convenience.
Chairman CASTLE. So handled properly, that could be the answer. Handled improperly, there could be other answers to it as well, I would think.
Page 102 PREV PAGE TOP OF DOC
Mr. FULLER. A lot of data is linked by everyday numbers, like your driver's license or your Social Security number. The average individual can take that data and do something with it, without any special technology or knowledge. A biometric on the other hand is reduced to a series mostly unprintable numbers. I might mention also, it is not easily used by anyone, and is not typically used to link data.
Mr. NITZSCHE-RUGGLES. Could I just give you a concrete example which I think brings all of this into perspective? I saw a story last night of a young woman who went to a clinic on her HMO to get a sonogram. She had the sonogram taken. About two weeks later she got a package from one of the companies with diapers, baby things basically. The interesting thing about that was that, one, she was curious how they got her name and address. The second point was that it was for a girl, and she was in fact having a girl. The sonogram revealed that. How did they get that personal information? If 20 years from now that same person would walk into that same clinic and present an HMO card with an identification number and a fingerprint, there would be no information, no personal information whatsoever transferred between her and that clinic, and she would get the results sent back to her authorized doctor or nurse and the appropriate HMO would be billed. Those would be the only two pieces of information that would ever come out of that clinic about that person. So I think that sums up the protections that we are talking about here in terms of privacy and integrity of the information that is being transferred.
Ms. BRODERICK. I am not sure the clinic example shows that. I think it just shows the improper use of information, which could happen at any level, as low level as the clinic person that provided it.
Page 103 PREV PAGE TOP OF DOC
Mr. NITZSCHE-RUGGLES. The point that I am trying to make is that the biometric is an anonymous identity. In other words, nothing, as Dr. Wayman suggested in his testimony, need transfer between the person claiming the identity and the person offering the benefit or offering the service, except the fact that the person claiming it is who they say they are and that they are authorized that access. No other information needs to be transferred. This finger doesn't say whether I am male or female, black or white, whether I am rich, tall, poor, what color my hair is, or eyes or how much I weigh. It says none of those things. My driver's license gives every bit of that information.
Chairman CASTLE. Let me go on to my last question. I think I already know the answer to this, but I just am curious. That is, other uses of biometrics beyond the obvious uses for identification, for signatures and for various accounts, PIN numbers and those kinds of things. I assume that you already see this to some degree in terms of opening doors, and I guess you could get that, you see that in sometimes high corporate activities and that kind of thing, but I suppose you could have that with all the way down to cars, maybe into homes and those kinds of things. There are, I would guess, a lot of uses beyond the obvious multiple uses that you are talking about here for which at least one aspect of biometrics or another could be used to implement. Is that accurate and what are some of those things and is that likely to happen? Or is it just too expensive?
Mr. NITZSCHE-RUGGLES. Absolutely. Consumer applications of this technology are sure to come out. Access to your auto, access to your home, access to a cell phone, access to your computer. All of these things are here today. A number can be accomplished right now.
Page 104 PREV PAGE TOP OF DOC
Mr. PIEPER. Think about every time you use a key, every time you use a password, every time you use a PIN. You could use your personal biometric easier, faster and more securely.
Chairman CASTLE. The thing about the key, we have two cars now, they both have those things. My wife's keys are about as big as they can be.
Mr. PIEPER. I would like to address the largest application which is something that you are probably using every day, and that is your PC.
Today worldwide there are 400 million PCs installed. 400 million. I gave you a statistic recently, there is something like maybe 35, 40 million points of sale. The PC market is growing and there will be shipments this year of another 100 million PCs. The world is wired. The world is online. And so one of the greatest applications for biometric technology is access to that wired PC world. Biometrics is a method of being sure that the person who is gaining access, who is a faceless person, to whatever it is, a financial transaction, a data access type of transaction, a brokerage account or something like that is who he really claims to be.
So we think the application for biometrics is huge in this particular area and that affects the banks in a big way, because the financial industry overall is the largest single purchaser of PCs in the world. The next largest is the telecommunications industry, which is about half the size of the purchaser of PCs.
The banks are using PCs in a large way, from interactive banking to Extranets, which is a major revenue source for the banking industry. So we see the activity associated with the PC and anything that you see the PC doing as the largest single application for the technology.
Page 105 PREV PAGE TOP OF DOC
Ms. BRODERICK. With all due respect, though, you just said that the world is wired. If the world is wired, why would one need to go to another person's PC in order to break into it?
It doesn't seem to me that that is really the point of entry for fraud in a wired world, going to your PC or stealing your PC. It is getting online and having improper access to everyone's PC over the telephone.
Mr. PIEPER. It is not just the access to the PC, or the data that is on that PC. It is access to the Internet, to the Extranets and various other databases available on-line. Today when you do gain access to the PC environment, what basically is used for user authentication is password controls which is weak and not really secure and recognized as such by the consumer, i.e. the USA Today survey. Who is this faceless person who is gaining access to databases, which are many times not his own database? This is the issue that needs to be addressed and biometrics can do it.
Chairman CASTLE. You can have the final word on all this. So make it good.
Mr. VAN NAARDEN. Let me give you some real life examples in the financial world.
I don't know, Mr. Chairman, if you are an ATM user or not. But if you go up to an ATM, you know you can't get more than $200 or $400 a day out of the ATM. It has nothing to do with your creditworthiness. It is that the bank doesn't know who is standing there, so they have to protect your assets. That is one of the ways they do it. If you go back about a year ago when this huge fiasco happened in Singapore with wired transfers, this gentleman went to jail, how did that happen? He improperly used passwords in funds transfer. It needs to be controlled.
Page 106 PREV PAGE TOP OF DOC
If you are getting on an airplane, the airlines and the whole transportation system is fraught with problems because we don't know who is sitting in that airline seat. When you get a boarding pass, you just don't know who is going to get on that seat. Biometrics for the first time allows the individual to be identified at the point of entry, whether it is an airline, an ATM, a wire transfer, or a door, with positive ID, and that is a convenience and security that we have never seen before.
Chairman CASTLE. Let me thank all of you very, very much. This has been very interesting. Obviously we could go on forever. You probably think we have in some cases.
We appreciate you taking the time to be here. We wanted to do this. We realize it is a little bit early. We have no legislation in mind or at the table. At least I don't, and am not intending any at this time, either, but we did want to start the discussion to make sure that we understood what is out there and what direction it may be going. You all have helped in that, as did the first panel.
I apologize for the delay we had to have in the middle but we very much appreciate you being here and being able to stay to the end.
Thank you. We stand adjourned.
[Whereupon, at 2:00 p.m., the hearing was adjourned.]