The Emergence of Biometrics and Its Effect on Consumers

Biometric authentication systems are becoming increasingly common. Though their use offers important advantages to governmental agencies, business, and consumers, the widespread use of biometric technology has the potential for serious negative consequences. In this paper, the authors explore the

effects on consumers of the incorporation of biometric authentication into mainstream commerce, specifically focusing on privacy concerns of consumers in the context of the fair information practice principles of notice/awareness, choice/consent, access/ participation, integrity/security, and enforcement/redress.

**********

Biometric systems are quickly becoming a standard part of modern life as commercial and governmental entities rapidly embrace a technology that promises enhanced security and improved identification. Japanese cell phone manufacturers have begun including fingerprint readers into their devices to prevent unauthorized use (Dvorak 2004), and the U.S. manufacturers are expected to release similar products by the end of 2005 (Smith 2005). Accenture was recently awarded a $10 billion contract to incorporate biometric identification measures into the U.S. Visitor and Immigration Status Indicator Technology program, a tracking system for foreign nationals entering the United States (Stein 2004), and the State Department is planning to add electronic chips to passports by late 2005 to allow for facial comparisons (Krim 2004; Lucas 2005). Biometric payment systems using fingerprint scanning technology are now in use by a wide range of merchants including Piggly-Wiggly, General Nutrition Center, and Blockbuster (Clark 2004; Lucas 2005). Point-of-sale biometrics, a mere 2% of the total biometrics market, generated $16.1 million in 2003 and are expected to rise to over $250 million by 2008 (International Biometric Group 2004). Biometric technology, once the science fiction fodder of the Mission Impossible world, is quickly becoming a staple of American and world commerce.

Biometrics is the science of measuring biological characteristics and behaviors for the purpose of determining or verifying identity (Bolle et al. 2004; International Biometric Group 2004; Reid 2004). Authentication is a critical function in many consumer and industrial applications, and the shift to biometric technology is the result of governmental and industrial sectors seeking better identification methods for security and fraud prevention than traditional identity cards. Since the September 11, 2001, attacks and overall rise in worldwide terrorist activity, governmental entities have increasingly focused on the development of foolproof identification and tracking systems turning to biometric technology as a central part of the solution (Greenemeier 2005; Piazza 2005). Commercial use of biometrics has simultaneously been spurred by dramatic increases in identity theft and related crimes (Linnhoff and Langenderfer 2004; Sraeel 2005).

The promise of biometric technology is not insignificant. From an organizational perspective, biometric identifiers are attractive because they generally do not vary over the lifetime of the individual, they typically cannot be shared, and they cannot be acquired through computer hacking or surreptitious observation (Jain et al. 2004; Ratha, Connell, and Bolle 2001). This means, for example, that with biometric technology enhancements, employees cannot punch each other in on a time clock, criminals can be identified regardless of what identification cards they have stolen or forged, terrorists can potentially be denied boarding on aircraft, and health care providers can be relatively certain that the individual they are treating does indeed match the name on the insurance card and the medical history file.

From a consumer perspective, biometric authentication offers advantages as well. Once enrolled in a biometric system, consumers are potentially free from worry about the fraudulent use of their credit cards. They can make payments without carrying any cash or other identifiers, armed only with their fingerprints. They can be sure that if their car or computer is stolen, it will be worthless to all but the most sophisticated thieves because access is biometrically controlled, eventually reducing the impetus for theft. The task of remembering passwords could be a thing of the past (Wildstrom 2005).

However, the picture is not all rosy. Biometric industry executives have hyped their technology as the definitive solution for all manner of security problems, but there has been a relatively limited discussion of the potential harm that increased use of biometric identifiers can bring. Consumers face real threats from a greater reliance on biometrics, and those threats have received scant attention. The limited discussion that has occurred has mostly focused on biometric efficacy, with some discussion of privacy implications. The contribution of this article is to present a comprehensive picture of the potential consumer problems associated with the widespread adoption of biometric technology. Toward that end, this paper catalogs the various issues that confront biometric technology users, explores the implications of those problems from a consumer perspective, and illustrates the effect of widespread biometric adoption on everyday life. As noted above, biometrics has the potential to offer consumers considerable benefits as well. However, the biometrics industry has capably and effectively promoted the value of its technology. Instead, the focus of this paper is to explore the costs and shed light on the ways in which biometrics are likely to negatively impact consumers.

TECHNICAL CONSIDERATIONS

Biological traits that have been used for authentication purposes include fingerprints, face, palm, hand geometry, hand vein pattern, fingernail bed, iris, retina, body odor, skin reflection, ear shape, teeth, and DNA (Bolle et al. 2004; Jain, Ross, and Prabhakar 2004), while voice, lip motion, signature, gait, and keystroke dynamics have been used as behavioral measures (Bolle et al. 2004; Matyas and Riha 2000).

In order to determine or verify identity, biometric systems require two stages of operation: "enrollment" and "authentication." During the enrollment phase, biometric data are obtained, linked with a known identity, and encoded for storage, retrieval, and matching. Data are collected with a sensory device such as a fingerprint scanner, and the distinctive biometric characteristics are identified during a process known as "feature extraction" (Prabhakar, Pankanti, and Jain 2003). A reference template is then created, which is then stored in a centralized database or a decentralized portable system such as a smart card or mobile phone (Bolle et al. 2004).

Following enrollment, biometric systems can begin authentication, in which new information is compared to the stored data. Authentication can take place in two different ways: identification and verification (Jain, Ross, and Prabhakar 2004). Identification means to compare newly acquired biometric information of an individual with all available data files in a database using a one-to-many comparison process (Prabhakar, Pankanti, and Jain 2003). Identification is typical in the field of law enforcement when, for example, fingerprints found at a crime scene are compared to databases storing information about all known delinquents (Reid 2004). Verification, on the other hand, occurs when someone claims some particular identity, for example, to gain access to a high-security lab, and a biometric system compares the newly scanned data to a previously stored version (Jain, Ross, and Prabhakar 2004).

Identification and verification systems vary considerably with respect to their accuracy as well as the particular mechanisms and algorithms involved in the storage and comparison process. As a general rule, verification systems are considerably more accurate than identification systems primarily because one-to-one comparisons are technically simpler than one-to-many (Brownstein 2004). In addition, accuracy fluctuates based on the particular biometric employed. Some biological features are very distinct and the associated techniques for measurement well developed, allowing for high levels of accuracy in distinguishing one individual from another. Other biological features have yet to be measured with sufficient precision to allow for authentication processes to function as effectively. Below we examine the attributes of the various systems from both a technical and consumer perspective.

Fingerprint Scanning

Fingerprints have been used in forensics for more than a hundred years as a reliable means of determining the identity of an individual (Economist 2000; Rotella, Abbott, and Gold 2001). Because the field of fingerprint analysis is so well developed, fingerprint scanners are among the cheapest, most prolific, and most accurate biometric applications (Brass 2003; Brownstein 2004; Middlemiss 2004).

Fingerprint scanners use silicon, optical, thermal, or ultrasonic systems to extract biometric features for enrollment and comparison (Bolle et al. 2004; Matyas and Riha 2000). Most of the current fingerprint scanners are based on an optical system in which the fingerprint is scanned by a special camera, but newer systems tend to be silicon due to their smaller size and cost (Bolle et al. 2004). Fingerprint scanners are easy to use and offer relatively high accuracy at a low price, with scanners and accompanying software available for less than $100 (Jain, Ross, and Prabhakar 2004; Lewis 2005).

Recent tests conducted by the Department of Homeland Security and the National Institute for Standards and Technology reveal that when used for verification, fingerprint scanning systems have false nonmatch rate (FNMR) between 0.3% and 0.7% using two fingers and false match rates (FMR) as low as 0.001%, meaning that only one individual in 100,000 is wrongly identified (Krim 2004; Wilson, Garris, and Watson 2004).

Though fingerprint systems are perhaps the most accurate low-cost biometric, their widespread use does pose some unique privacy concerns. First, because fingerprints have become the de facto standard for identification in law enforcement, the collection of fingerprint data by non-law enforcement entities and the potential that the data will eventually be matched with criminal databases is a potential privacy threat. Second, as is the case with other selected biometric identifiers, it is possible for fingerprint data to be collected on an individual basis without the knowledge of the individual whose prints are gathered.

Fingerprint scanners are now incorporated into many functions including grocery chains using them as a payment mechanism, verification of employee attendance, in hospitals for access control, and even at Disney World to verify the identity of season pass holders (Fiches 2003; Gathright 2001; Supermarket News 2004).

Face Recognition

Face recognition technology analyzes distinct facial features such as the eyes, nose, and mouth through a relatively nonintrusive process (Baird 2002; Butler 2003; Fiches 2003). Though some uses of face recognition technology have reportedly been successful (Australian Customs Service 2004a), with FNMRs of only 2% and FMRs of less than 1% (Australian Customs Service 2004b), other reports indicate that face recognition functions very poorly, with an FNMR in the 10%-20% range (Bolle et al. 2004) and as high as 50% in outdoor settings (Phillips et al. 2002). One study by the German equivalent of the National Institute for Standards and Technology found FNMRs as high as 99.7%, meaning that the system functioned so poorly, almost no individuals were recognized (Bundesamt fur Sicherheit in der Informationstechnik 2003). Face recognition systems are also capable of secretly gathering biometric features, but poor performance has so far thwarted large-scale effective use of this technology for public tracking.

Notwithstanding these problems, face recognition has received a great deal of attention in the U.S. government agencies, perhaps because faces are a biometric identifier with which most people are familiar. Face recognition templates are scheduled to be incorporated into the U.S. passports in 2005 in spite of the error rates (U.S. Department of State 2004), and some U.S. cities have long used face recognition coupled with security cameras for criminal apprehension. Unfortunately, at least one city--Tampa, Florida--abandoned their project after two years because no criminals were ever identified (Howlett 2004).

Hand Geometry and Palm Print Scanning

Hand geometry measures the form and size of the whole hand, its palm, and fingers (Baird 2002). Hand scanners are relatively expensive but also have high accuracy rates (Organization for Economic Cooperation and Development [OECD] 2004). Tests of hand geometry systems report FNMRs and FMRs in the 0.2%-1% range, although some tests have found FNMRs as high as 30% when the FMR is set to near zero (Bolle et al. 2004).

Palm prints have a characteristic structure similar to fingerprints that can be analyzed separately from the underlying hand structure (Kumar et al. 2003). So far, palm prints have only had limited success in commercial biometric applications (Woodward, Orlans, and Higgins 2003); however, recent research suggests that analysis of hand geometry and palm prints together may improve accuracy without the need for multiple scans (Kumar et al. 2003).

To date, hand geometry has been an important tool for employee access control including many airports (Alster 2005). Detectors have also been introduced in bank branches for safe deposit box access (Williams 2005) and penitentiaries for transit screening (Baird 2002).

Iris Scanning

Iris scanning identifies the features of the iris, the ring-shaped colored structure that surrounds the pupil of the eye (Bolle et al. 2004). Iris features are acquired from a distance of 4 to 24 inches and require users to look calmly into a camera for quite some time before the analysis is complete (Matyas and Riha 2000). Because irises are extremely distinctive and spoofing (the process of tricking an identification system) is very difficult, iris scanners are one of the most promising biometric tools (Fowler 2003). Though FNMRs can run as high as 2 %-10%, FMRs are generally estimated to be less than 0.001%, making iris scanners perhaps the most secure biometric (Bolle et al. 2004).

Iris scanners have been used by business customers like banks to control physical access and are an integral part of the Transportation Security Administration "Registered Traveler" program (Alonso-Zaldivar 2004).

Voice Recognition

Voice recognition works by measuring the distinct intonation, pitch, and pronunciation of an individual's voice and comparing those characteristics to a stored template, as with other biometric systems. This technique appears especially suitable and convenient for telephone services (Eisenberg 2003), although transmission quality, background noise, and varying speech patterns due to aging, emotion, or sickness still stir doubts as to whether voice recognition is sufficiently technologically mature to be offered to private customers on a larger scale (Eisenberg 2003; Rockwell 2004).

Plagued by accuracy problems, voice recognition has an FNMR as high as 20%, with an accompanying FMR in the 2%-5 % range (Bolle et al. 2004). Although this biometric technique might be suitable for some lower security applications in connection with phone access, the accuracy issues present a serious problem for consumers and businesses alike that may prevent widespread adoption. In spite of accuracy problems, voice recognition has been introduced by a number of companies with some success (Middlemiss 2004).

Signature Recognition

Behavioral biometrics can measure either static or dynamic results, meaning that the input scanner can take an impression of behavioral results or can take real-time measurements of the behavior as it occurs. Static signature recognition analyzes in graphological terms the form and shape of the letters, while dynamic recognition measures a signature during the signing process for pen pressure, timing, etc. (Bolle et al. 2004; Fiches 2003).

Dynamic recognition systems are much less susceptible to forgery and other spoofing efforts and may be suitable for online authentication (Bielski 2004; Jain, Griess, and Connell 2002). However, the necessity of capturing an entire signature requires a device larger than a fingerprint scanner, making incorporation of signature scanning devices less practical for consumer electronics such as laptop computers or mobile phones (Middlemiss 2004). In addition, variability issues--similar to the ones mentioned for voice authentication--undermine the reliability of this biometric technique, with FNMRs in the 10%-20% range and FMRs of 2%-5% (Bolle et al. 2004; Kleist et al. 2005).

Although signature capture devices are common at checkout counters nationally, few incorporate biometric technology that does any signature recognition and template comparison. This will probably not happen unless and until the technology has matured sufficiently to reduce error rates to an acceptable level.

Marginal, Emerging, and Supplemental Biometrics

Keystroke

Keystroke analysis measures individual typing patterns as passwords are entered (Baird 2002). The idea is that even if a person's password is compromised, the thief will still not have access to their computer or other digital device because the thief's typing rhythm will be different. The technology has been around for more than 20 years but has yet to capture significant market share (Fiches 2003), though it is incorporated into some digital devices as a security measure. Because keystroke systems use existing keyboards as input devices and therefore require only software to function, they are relatively inexpensive (available for less than $50) and may ultimately prove to be an effective authentication technology.

Retina Scanning

Retina scanners operate by examining and measuring the structure of blood vessels in the retina, the light-sensitive back of the eye (Woodward, Orlans, and Higgins 2003). Although the retina is a highly distinctive biological feature and thus a potentially useful measurement target, retina scans are highly intrusive and there is some concern that direct laser scanning of retinal tissue can, over time, result in damage to the eye (Middlemiss 2004; Traster 2004). Coupled with high costs, the intrusiveness of retina scanning technology limits its application unless it can be shown to be safe and consumer attitudes dramatically change.

Ear and Lip Motion Recognition

The structure of the ear is used as a means of identification by the U.S. Citizenship and Immigration Services in conjunction with other facial features. In the course of the green card approval process, for example, applicants have to turn in portrait pictures that display the individual in half-profile so that not only the face but also one of the ears can be clearly seen. Face and ear recognition together have proven to be significantly more accurate than either of these biometrics alone (Chang et al. 2003). As such, ear recognition is generally considered to be a supplemental biometric for face recognition (Bolle et al. 2004). Lip motion can be used as a separate biometric characteristic or in conjunction with face recognition (Jonietz 2004) but has yet to capture significant market share among the competing biometric technologies.

Body Odor and Skin Reflection Analysis

Individuals differ in the chemical composition of their odors and also in the way their skin reflects a specific light. Both biometric techniques are still in their infancy and as yet undeveloped for commercial applications (Lawson 2003).

Nail Bed Analysis

The very limited research on nail bed analysis--using the distinctive patterns of ridges under the nails as identifiers--makes this biometric unsuitable for application in the near future (Lawson 2003).

Body Shape and Gait Analysis

Body shape analysis measures the variability of numerous, specific body points, but the results have been dissatisfying so far (Godil, Grother, and Ressler 2003). Though some promising findings have been published on gait analysis as a means of recognition, further development is needed before it can be considered for practical use (Nixon et al. 2003).

Dental Analysis

Tooth shape, dental work, and other patterns of teeth have long been used to identify the deceased as teeth patterns are unique to each individual. However, teeth are generally considered to be too variable for reliable authentication of living individuals as they usually undergo significant changes over time (Jain, Chen, and Minut 2003). Additionally, the process of capturing biometric information from teeth is relatively invasive, making teeth suitable for few applications, and perhaps limited to postmortem identification.

DNA

DNA may yet prove to be an effective biometric identifier, but so far, its use has also been limited to forensics, primarily because DNA analysis is not a process that produces immediate results (Baird 2002). While DNA patterns have been suggested as a possible future biometric identifier on British national identity cards, DNA technology is not sufficiently advanced to make this a practical possibility (Blunkett 2003). DNA analysis techniques merit close scrutiny, however, as the development of instantaneous DNA recognition systems would produce perhaps the ultimate biometric identifier (Saffo 2005).

Multimodal Biometric Systems

In order to significantly increase the safety and reliability of biometric systems, some researchers encourage the use of two or more biometrics in a multimodal system (Jain and Ross 2004; Randazzese 2003). Multimodal systems are technically much more intricate and expensive and often require additional time to use as multiple scans are generally required (Lee 2003). However, the increased accuracy offered by the use of more than one biometric has prompted the U.S. Visitor and Immigration Status Indicator Technology program to push ahead with plans for a system using both facial recognition and fingerprint scanning, and multimodal systems appear to be gaining favor among governmental users.

Soft Biometrics

Soft biometrics are nondistinctive, limitedly permanent human traits such as gender, age, hair color, weight, and height that might be applied as auxiliary features in conjunction with "classic" biometrics (Jain, Dass, and Nandakumar 2004a). Together with traditional biometric features, the incorporation of soft biometrics does appear to improve accuracy (Jain, Dass, and Nandakumar 2004b). Since biometric systems usually record soft biometric data like age during enrollment, these pieces of information could also be used for authentication (Jain, Dass, and Nandakumar 2004b). But like other multimodal biometric systems the combination of traditional and soft biometrics would entail higher costs, more inconvenience for users, and increased technical complexity (Jain, Dass, and Nandakumar 2004b).

CONSUMER IMPLICATIONS

The swift growth of biometrics has spurred a concomitant concern among many special interest groups and consumers regarding the privacy and effectiveness of the systems. While some biometric technologies offer enhanced security, the trade-offs are far from imaginary, with privacy issues leading the debate (British Journal of Administrative Management 2005; Williams 2005).

More than 30 years ago, the Department of Health, Education, and Welfare (1973) issued a report articulating a list of "fair information practice principles" that have become the de facto standard for assessing the privacy protection appropriateness of various information practices (FTC 1998). The principles are as follows:

1. Notice/awareness--No data should be collected from individuals that they are not aware is being collected.

2. Choice/consent--Individuals should have a choice as to how their information is used and distributed.

3. Access/participation--Individuals should have the fight to view any data files about them and the fight to contest the completeness and accuracy of those files.

4. Integrity/security--Organizations in the business of data collection must take steps to ensure that the data are accurate and secure from unauthorized access.

5. Enforcement/redress--Individuals must have an avenue of redress for violations of the above principles, with an enforcement mechanism to ensure compliance.

Using the fair information practice principles as a convenient framework, it is possible to assess the impact of biometric technology on many different levels, including the unique consumer impacts that biometric technology may have. Although privacy groups have sounded alarms about the use of biometric authentication from an early developmental stage (Electronic Privacy Information Center 2004), it is clear that biometric technology does not represent a one-way street to reduced consumer privacy, offering consumers advantages as well as disadvantages. Of course, the biometrics industry is unlikely to trumpet disadvantages and the marketplace may not provide a sufficient incentive for industry to correct system deficiencies, primarily because buyers of biometric systems will not have to bear many of the costs. Instead, those costs will be borne by consumers.

It should be noted that with respect to most of the privacy issues cited below, biometric technologies do not differ from each other in any meaningful way. Concerns about data integrity and accuracy, for example, are equally applicable regardless of whether the biometric feature being analyzed is a fingerprint pattern, a face, or a hand. But biometric measures are distinguishable in important ways. First, some biometric information can be collected surreptitiously. Second, because of the ways that particular biometric information has historically been used or will be used in the future, matching of biometric information between functions can produce data sets with potentially invasive implications. Additionally, biometric data are fundamentally different from other authentication mechanisms because of its permanence and perceived infallibility. Below we detail some of the more pressing consumer concerns.

Integrity/Security

Data Storage

Perhaps, chief among privacy concerns for biometric technology is the storage and maintenance of the data files (Lucas 2005). Storage issues are particularly important from a consumer perspective because unlike other means of identification such as identity cards and passwords, biometric data cannot be erased and replaced. Credit card numbers can be discarded and account passwords changed, but if someone's fingerprint is compromised by a data theft or alteration, the corrective choices are limited or nonexistent (Saffo 2005). People already feel violated when their credit cards are used without authorization. How will they feel when their fingerprints are used in a similar manner?

Although such concerns are real, some experts argue that the irreversibility of the biometric templates stored in some systems should be considered a privacy enhancement rather than a detriment (Clark 2004). Many commercial systems store a shorthand version of biometric identifiers called a template rather than a photograph or complete scan. Because the template is designed for matching rather than reproduction, it is often impossible to reconstruct the biometric identifier from the stored template. Even in cases where a complete reproduction of biometric identifiers is used--as is the case in criminal fingerprint databases--it is technologically very difficult to make use of the information to commit fraud. "A cashier can do damaging things with a credit card number, driver's license and home address. The same cashier can do nothing with a bunch of squiggly lines placed on a piece of glass" (Clark 2004, 20A).

Notwithstanding the technical difficulty of misusing biometric data, the security of the storage system is nonetheless a real consumer concern, partly because of the irreversible havoc that a compromised biometric system might wreak. Newspapers regularly report that some Web site has had its data compromised by hackers, often including the social security numbers, financial records, and credit card numbers of the site's customers (e.g., Timmons 2005). Once notified of the security breach, however, customers can generally avert tragedy by alerting their credit card or financial services company about the theft. Individuals with stolen biometric data will not have that luxury. Unless data are inaccessible to hackers--not realistic in the commercial world--the result from a security breach could be massive headaches for the consumers whose files are compromised. Additionally, though today's typical cashier may be unable to make fraudulent use of "squiggly lines," tomorrow's cashier may well be more technically sophisticated as the technology becomes commonplace. High-security efforts of one era often appear surprisingly porous when viewed through the lens of time.

One solution to the data storage problem is for different parts of the biometric data to be stored separately. A system has already been developed that centrally stores a portion of the biometric record, while a matching and necessary portion is stored on a smart card carried by the user. That way, no individual has access to the entire record, and reconstruction of the biometric is impossible without access to both databases (Graham-Rowe 2004). This kind of system means that even if the central database is successfully attacked, the hacker will only have part of the data and be unable to duplicate anyone's biometric information.

Accuracy and Security

Though the privacy concerns with respect to biometric data storage are important, those concerns are brought into sharp relief when one considers the potential for errors in biometric devices (Mansfield and Wayman 2002). Error rates in biometric systems are also a cause for industry concern because they determine how well the devices will work on a day-to-day basis. From a consumer perspective, however, the concerns are even more pressing and the toll from errors potentially more costly.

Errors can result from either device malfunction or determined attempts to defeat the security measure. Widely publicized successful efforts to fool fingerprint scanners using melted gummy bears and silicone fingers have cast doubt in some quarters regarding the viability of biometric devices (Matsumoto et al. 2002; Schuckers 2002). However, determined attackers can circumvent virtually all security devices. Vulnerability to attacks does not necessarily mean that a particular security device should be shelved (Schuckers 2002), although vulnerability to attack is a greater concern with biometric systems than conventional security measures because biometric identification cannot be changed once compromised. Yet, the more pressing concern for consumers is the failure rate of a biometric system in ordinary use by members of the public without criminal intent. Noncriminals will constitute the vast majority of users, and when biometric devices are placed in service on a large scale, even minute errors rates can have serious consequences.

Of course, error rates vary based on the use to which the devices are put as well as the type of matching system employed. Unlike traditional authentication means such as passwords or identity cards where the individual either meets the established criteria or not, biometric identification deals with a matching system in which perfect matches do not exist because no two scans of any biometric feature are ever identical. As a result, biometric authentication systems must use a comparison algorithm to determine whether any individual scan "matches" the original enrollment (Prabhakar, Pankanti, and Jain 2003). Of course, some biometric measurements are more distinct than others and some matching algorithms more robust, varying between biometric features employed (e.g., fingerprint vs. handprint) as well as between vendors of similar systems.

Although comparison algorithms are often proprietary, many of the basic features are similar, regardless of the application. A typical fingerprint algorithm is illustrative. When an individual is initially enrolled in the system, his or her finger is pressed to a scanning device, which takes an image of the impression. A "core point" is selected from the image, usually a central whirl in the print ridge pattern. A region around the core point is examined for variations in pixel intensity and additional key features, such as ridge gaps and intersections, are located. Once each key feature has been identified, a vector for each is computed. A collection of all such vectors in any individual print is the numerical summary of the enrollment image. In order to compare one print with another, the algorithm compares the Euclidean distance (a scale-invariant measure) between the corresponding vectors of the two impressions. If the sum of the Euclidean distances for all vectors is below a predetermined cutoff level, then the prints are said to match. Because the same finger (or any other biometric) scans slightly differently each time, the sum of the Euclidean distances will never be zero (Jain, Ross, and Prabhakar 2001).

The setting of the cutoff level is critical as there is an inevitable trade-off between Type I and Type II errors (Moore and McCabe 1993). If the level is set too low---differences between the test scan and the enrollment scans must be very small before the system concludes that the prints match--then many prints that are true matches will be rejected (a high Type II error rate), making the system cumbersome, difficult to use, and bypass measures frequently required. If the cutoff is set too high--large differences between the test scan and the enrollment scan still result in a match--then some non-matching prints may be accepted (a high Type I error rate) and the system will be less secure and easier to spoof. Either type of error is potentially serious. For example, if face recognition systems are put in place at airports to improve security and flag potential terrorists, a system that fails to detect a match and allows a terrorist to travel could have fatal consequences. Conversely, a system that wrongly flags nonterrorists as criminals threatens civil liberties. The concern is magnified when one considers that even a system with a 99.99% accuracy rating (a performance level heretofore unknown for face recognition technology under identification conditions) would wrongly flag more than 100 individuals per month for detention at a facility such as Atlanta's Hartsfield-Jackson Airport, which screened more than 14 million passengers in 2003 (Barr 2004).

Of course, the use of face recognition technology for identification (as opposed to verification) in a one-to-many biometric system represents perhaps a worst-case scenario for error rates. But problems also arise when a more accurate technology is used in a more reasonable setting, perhaps for verification purposes employing one-to-one comparisons. As noted earlier, the FNMR for fingerprint scanners using two fingerprints is between 0.3% and 0.7%, while the FMR is estimated to be between 0.001% and 0.01% (Bolle et al. 2004). Even with accuracy this impressive, errors will inevitably occur, most commonly when the system wrongly rejects authentic users. Erroneous rejection will be common enough, even in a small system with, for example, 100 users, that a backup authentication mechanism will be essential. When biometric identifiers are routinely circumvented, as will certainly be necessary in virtually all usage scenarios, the value of the system is seriously undermined, the accompanying costs considerable, and the privacy intrusions less justifiable. It is easy to see the potential for enormous problems when biometric systems are used on a large or even a small scale.

Moreover, biometric system failures are not limited to problems with the matching algorithm. Errors are certain to occur throughout any biometric identification system, especially in elements of the process where human intervention is involved, producing at times devastating results. Rene Ramon Sanchez was arrested three times and spent a total of two months in custody because his fingerprints were mistakenly switched with those of Lee Rosario, a notorious drug dealer. Even though Sanchez looked nothing like Rosario and vociferously protested the identity blunder, he spent weeks in a Manhattan detention center waiting for the mix-up to be resolved (Weiser 2004). In a similar case, Oregon attorney Brandon Mayfield was wrongly jailed for two weeks because his fingerprint purportedly matched one found at the scene of the Madrid bombings in March 2004 (Kershaw 2004). Once biometric systems become commonplace, errors of this type will surely become more common also, exacting an enormous social and financial toll.

A further problem with biometric authentication is that for any given biometric, there is some portion of society who will be unable to enroll, due to missing fingers or limbs, cataracts, throat cancers, etc. Therefore, all systems must be equipped with some process for dealing with exceptions to the security protocol, introducing another human element into the system and adding the traditional errors involved in human decision-making processes.

Choice/Consent

According to the fair information practice principles, consumers should have a choice with respect to the sharing and use of their data. Data exchange is not new. Credit reporting agencies share data with would be creditors. Insurance companies share data with each other for claims and security purposes. Financial institutions share data with "affiliated companies" for marketing purposes. Of course, many ordinary merchants and nonprofits sell customer lists including personally identifiable information. Although all this data sharing potentially provides a consumer benefit in the form of additional choice and lower prices, there is also a cost in terms of decreased privacy. The issue is particularly acute with respect to biometric information because many consumers are already uncomfortable regarding the extent to which personally identifiable information is collected and shared by governmental and private entities (Cranor, Reagle, and Ackerman 1999; Foxman and Kilcoyne 1993; Nowak and Phelps 1992).

If, for example, fingerprint records from commercial applications such as grocery or video purchases were matched with criminal files, some criminals would certainly be caught who would have otherwise evaded detection. However, there is a social cost that is often unrecognized that comes from living in a society where nobody ever gets away with anything. Even scofflaws such as parking violators who today are routinely ignored by law enforcement except in the most egregious cases might be vulnerable to instant detection and arrest in a society where fingerprint matching and law enforcement records are routinely shared. In Texas, a proposal to collect biometric information from all drivers' license applicants and make the resulting database available to law enforcement was soundly defeated in the state legislature, primarily due to concerns about the intrusiveness of a society in which the government knows perhaps too much (Goodman 2003).

Although the goal of stopping crime is laudable, the question is raised as to whether such a society would be desirable to live in. Without legislative or voluntary (perhaps trade organization based) limits on the exchange of biometric data, the era of Big Brother might exceed even Orwellian proportions. For example, with the use of biometrics widespread within a few years--not an unrealistic possibility--and government and private users sharing databases, it might be possible for some organizations to track virtually every movement of every individual as they pass through various biometric checkpoints.

A more likely scenario would be a consortium of private companies that share data for the purpose of tracking the spending habits of consumers and delivering advertisements or coupons. Internet surf tracking and ad serving is already common online. Additional tracking in the brick-and-mortar world is within realistic reach. Once tracking data are collected and available, it is only a matter of time before the data will be commercially exploited; there is simply too much money at stake for terabytes of consumer data to go unused. Experience also suggests that once data are assembled for commercial purposes, availability to law enforcement is only a court order away. While the potential harm to society is easily articulated if police are not allowed to access a database that could catch a pedophile or a murderer, for example, it is not nearly as compelling to argue that we all lose something when our movements are subjected to close scrutiny. Courts faced with a law enforcement petition for data access seem unlikely to resist when vague concerns about broad social implications are competing with immediate genuinely harmful threats, especially if related, perhaps, to terrorist activity or other national security matters. The threat of terrorism has already been used to successfully justify a wide range of privacy intrusions heretofore unknown prior to the September 11th attacks (see, e.g., USA PATRIOT Act 2001). Indeed, the political arguments are highly compelling: "After all, whose side are you on, ours or the terrorists?" Once data are employed for one law enforcement purpose, it is only a minor stretch to expand the use to all law enforcement under the guise of making society safer. The question then becomes whether a society can be so controlled that it is undesirable notwithstanding its safety.

There is evidence to suggest that consumers are willing to accept some loss of privacy in exchange for enhanced security (Davis and Silver 2004). The problem with biometric data sharing is that the choice is not left to the consumer; it is made for her. Moreover, any security enhancement generally inures to the benefit of the organization, but the privacy cost is paid by the consumer. The dangers of biometric data exchange, known as "function creep" within the biometric community (OECD 2004), can be reduced if data are not stored centrally or if biometric templates are not reversible and thus cannot reproduce the biological features from which they are extracted. But such safeguards must be employed at the outset or the temptation to use valuable data for important purposes may be impossible to resist.

Privacy loss is insidious. Consumers are often unaware of the scrutiny they are under until it is brought to their attention, and only then do they become cognizant of any invasion. But privacy invasion is a consumer cost, nonetheless. One area of particular concern for consumers is the ability of governments and commercial organizations to assemble complete dossiers on them by exchanging data among multiple collection points. Although this kind of capability already exists, biometric data collection and exchange has the potential to enable organizations to track consumer behavior as never before, as data collection points proliferate.

Ubiquity

Closely related to issues involving the exchange of biometric data are those associated with system ubiquity. As biometrics become increasingly common, what will be the effect on society? Commonplace usage does seem to be on the horizon, and in fact, some biometric systems cannot be effectively deployed unless an extraordinary number of individuals are enrolled. For example, Boston's Logan Airport experimented with iris scanners, face recognition, hand geometry, and fingerprint scans as supplemental identification tools. Unfortunately, although the systems worked reasonably well in accurately identifying enrolled individuals, the database of potentially dangerous people that it hoped to identify was too incomplete to be of much use (Goodman 2003).

Dangerous individuals are unfortunately unlikely to voluntarily come forward and enroll in a system designed to identify them and aid in their apprehension. Of course, known criminals can be enrolled while in custody, but individuals identified as criminals who are not in custody cannot be enrolled until capture. Unless a database containing the biometric data of all members of society is established, biometric identification will only be effective in capturing repeat offenders who have been previously caught and enrolled. Even though the goal of increased security may be important, the establishment of such a database is somewhat troubling. When ordinary citizens who have engaged in no wrongdoing are being scrutinized, it poses a privacy threat to all and opens the door to potential abuse.

Notice/Awareness

Biometric system ubiquity is particularly troubling when taking into consideration the possibility that biometric information can be increasingly captured without the input or knowledge of the individual being identified. Face recognition technology is surreptitiously used in casinos to recognize known cheats and card counters, and in the United Kingdom, some city streets are monitored with cameras and face recognition systems to find and capture criminals. Iris scans can now be performed at a distance of 18-24 inches, and the possibility of image capture from greater distances without user involvement or awareness is on the horizon (OECD 2004).

Widespread use of secret biometric data collection poses a privacy concern because it threatens the anonymity that many individuals carefully guard. Although the lessons of Internet surfing teach that genuine anonymity and perceived anonymity are very different, it is still disconcerting for many to have their movements and everyday behaviors tracked by commercial or governmental entities, even if accomplished invisibly, as may soon be possible. Genuine freedom means not only the freedom to choose but also the freedom to be left alone, unburdened by the scrutiny of watchful machines or people. When individuals can no longer behave anonymously, real freedom is threatened.

Enforcement and Access

Biometric technology is pervading consumer culture at a pace dictated by commercial and financial pressures, not by privacy concerns. Consequently, mechanisms for enforcement of privacy principles governing biometric data collection, storage, exchange, security, and accuracy have not yet emerged. This regulatory vacuum may result in real consumer harm as each collecting entity manages these issues in its own way with its own set of priorities. The absence of any trade organization-based regulatory mechanism may ultimately result in more draconian governmental restrictions if consumer harm is sufficient.

One problem faced by individuals who encounter errors in their biometric profiles is the tacit assumption that biometric data are 100% error free. Though virtually all data sets of a given size contain some errors, biometrics are often thought to be immune to such problems. The cases of Ramon Sanchez and Brandon Mayfield discussed earlier are illustrative. If biometric data were not widely believed to be error free and some redress mechanism was in place, the harm suffered by those individuals would likely have been considerably less.

CONSUMER AND POLICY CONSIDERATIONS

Biometric technology has the potential to improve security without seriously compromising individual privacy. It is possible to imagine a biometric system in which data are securely stored, are exchanged between commercial and governmental entities only with a court order, are implemented only when it offers organizations and individuals appreciable advantages that outweigh the costs, and accuracy is fully tested and guaranteed before implementation. However, such a scenario will almost certainly not emerge without some mechanism for guidance.

It is an easy and often simplistic reaction to call for regulation when technological developments seem likely to impose costs on consumers that have been previously unknown. Indeed, governmental regulation may yet have a role to play as biometric technology becomes more common and the true costs become more apparent. Given the backlash that might be spawned by a poorly implemented biometric scheme, it would seem to be in the biometric industry's own interest to implement some form of self-regulation before a less-palatable alternative is imposed via the legislative process.

There are signs of industry cohesion, and perhaps some market leader has the clout to forge the way in the development of industry standards for security, accuracy, and privacy that might be mandated in order to receive some sort of standardized quality seal of approval. But so far, this has not been done. In the meantime, governmental and private organizations are racing ahead with implementation, often ignoring the very real concerns of privacy groups and industry experts. Biometric identification has the potential to truly enhance consumer lives. Systems that work offer added convenience, less risk of fraud, and greater security than password or card-based systems. But unless the implementation process proceeds with caution, there is a substantial certainty that many consumer lives will be thrown into upheaval while the kinks get worked out. That would be a bad move from both a strategic and policy perspective, especially for a technology that offers so much promise.

Whether in the form of a governmentally imposed mandate, a softer form of regulation as led by an industry consortium, or some combination thereof, any regulatory mechanism should address the following concerns in order to truly provide protection to the one group without a significant voice in the process--the consuming public:

1. Consistent with the fair information practice principles discussed above, no biometric data should be collected by a private entity without notice, or in the case of governmental data collection, no secret collection should be allowed without a court order.

2. Biometric systems should not be mandatory except in cases of criminal arrest.

3. Entities that employ biometric identifiers should establish a system for the correction of errors and a mechanism to petition for correction.

4. Whenever feasible, biometric data should be at least partially stored in a decentralized manner--perhaps on smart cards carried by individuals enrolled in the system--unless there is a demonstrated necessity for central storage to protect security interests.

5. Biometric data should be stored in encrypted form to lessen the possibility of data compromise.

6. Data should be stored using templates that cannot reconstruct the original biometric identifier when possible, to minimize the damage that might accrue to enrolled individuals in the event the data are compromised.

7. Biometric data should never be shared with other entities without the express written consent of enrolled individuals, except for law enforcement, and then only in cases of demonstrated need for serious crimes.

8. All biometric systems should include a method for users to petition for the correction of errors and explicitly acknowledge the possibility that errors can and will occur.

9. Biometric authentication should only be used when necessary for the security of the enterprise.

Employing these safeguards can ensure that the promise of biometrics is realized. But if these basic measures are not established before the world rushes headlong to embrace this fantastic technology, consumers will surely be the losers.

CONCLUSIONS

The rapid growth of biometric authentication technology represents a double-edged sword for consumers. One the one hand, the increased use of biometrics is likely to reduce the incidence of identity theft, improve consumer convenience by eliminating or reducing password use, and lower prices by reducing fraud costs to retailers. On the other hand, although overall security will likely be enhanced, security breaches will be more costly when they do occur and require considerably more effort to correct. In addition, the "Big Brother" intrusiveness of commercial and governmental entities with large databases of biological information cannot be ignored. Although the forces driving the increased use of biometric technology are largely benign, the intrusions are nonetheless real.

   Experience should teach us to be most on our guard to protect
   liberty when the Government's purposes are beneficent. Men born
   to freedom are naturally alert to repel invasion of their
   liberty by evil-minded rulers. The greatest dangers to liberty
   lurk in insidious encroachment by men of zeal, well meaning but
   without understanding (Olmstead v. United States 1928, Brandeis,
   J dissenting, p. 479).

And so it is with biometrics. The goals of governmental and private entities to improve security, reduce fraud, and enhance convenience are well meant and perhaps within our grasp. Without awareness of the lurking dangers, however, the consumer costs may be too steep a price to pay.

REFERENCES

Alonso-Zaldivar, Ricardo. 2004. Airports Test Express Security Lane. Los Angeles Times, July 8. Alster, Norm. 2005. A Touchy Subject. CFO, 21 (5): 39-42.

Australian Customs Service. 2004a. SmartGate Trial. http://www.customs.gov.au/site/page. cfm?u=4418.

--. 2004b. Overview of SmartGate Trial. http://www.customs.gov.au/webdata/resources]files/ FS_overview_smartgate0406.pdf.

Baird, Stephen L. 2002. Biometrics: Security Technology. The Technology Teacher, 61 (5): 18-22.

Barr, Arlene. 2004. Senior Market Analyst, Atlanta Hartsfield-Jackson Airport. Personal Interview, September 9.

Bielski, Lauren. 2004. Keeping Check Fraud in Check. ABA Banking Journal, 96 (8): 48-56.

Blunkett, David. 2003. Identity Cards, the Next Steps. Presented to Parliament by the Secretary of State for the Home Department by Command of Her Majesty, November. http://www.homeoffice. gov.uk/docs2/identity_cards_nextsteps_031111.pdf.

Bolle, Ruud M., Jonathan H. Connell, Sharath Pankanti, Nalini K. Ratha, and Andrew W. Senior. 2004. Guide to Biometrics. New York: Springer-Verlag.

Brass, Larissa. 2003. Firms Dealing with Fingerprint Technology See Growing Demand. Knight Ridder Tribune Business News, December 1.

British Journal of Administrative Management. 2005. Giving Body to Biometrics. 46 (April/May): 32-34.

Brownstein, Rob. 2004. E-Commerce Becomes Mainstream amidst Security Concerns. Electronic Design, 52 (13): 75-76.

Bundesamt fur Sicherheit in der Informationstechnik. 2003. BioFace: Comparative Study of Facial Recognition Systems. http://www.bsi.bund.de/english/fachthem/BioFace/index.htm.

Butler, Richard. 2003. Biometric Passports. Chemistry & Industry, 5 (March): 12-13.

Chang, Kyong, Kevin W. Bowyer, Sudeep Sarkar, and Barnabas Victor. 2003. Comparison and Combination of Ear and Face Images in Appearance-Based Biometrics. IEEE Transactions on Pattern Analysis and Machine Intelligence, 25 (9): 1160-1165.

Clark, Ken. 2004. Biometrics Technology Touches Down. Chain Store Age, 80 (5): 20A.

Cranor, Lorrie Faith, Joseph Reagle, and Mark S. Ackerman. 1999. Beyond Concern: Understanding Net Users' Attitudes about Online Privacy. AT&T Labs-Research Technical Report TR 99.4.3. http://www.research.att.com/projects/privacystudy/.

Davis, Darren W, and Brian D. Silver. 2004. Civil Liberties vs. Security: Public Opinion in the Context of the Terrorist Attacks on America. American Journal of Political Science, 48 (1): 28-46.

Department of Health, Education, and Welfare. 1973. Records, Computers, and the Rights of Citizens. Washington, DC: U.S. Government Printing Office.

Dvorak, Phred. 2004. Testing the TV Tuners and Fingerprint Checks in Cellphones in Japan. Wall Street Journal, June 3.

Economist. 2000. Science and Technology: Fingering Fingerprints. 357 (8201), December 16, 89-91.

Eisenberg, Anne. 2003. Is That You, Son? Voice Authentication Trips Up the Experts. New York Times, November 13.

Electronic Privacy Information Center. 2004. Biometric Identifiers. http://www.epic.org/privacy/biometrics/.

Fiches, Michael. 2003. Bio Metrics: The Future Is Today. Access Control & Security Systems, 46 (7): 20-26.

Fowler, David. 2003. Behind the Hype. The Engineer, 292, June 27, 31-32.

Foxman, Ellen R. and Paula Kilcoyne. 1993. Information Technology, Marketing Practice, and Consumer Privacy: Ethical Issues. Journal of Public Policy & Marketing, 12 (Spring): 106-119.

FTC. 1998. Privacy Online: A Report to Congress. Washington, DC: Federal Trade Commission.

Gathright, Alan. 2001. Biometric Technology Raises Hopes, Fears and Skepticism. San Francisco Chronicle, October 30, A1.

Godil, Afzal, Patrick Grother, and Sandy Ressler. 2003. Human Identification from Body Shape. In Proceedings of 4th International Conference on 3D Digital Imaging and Modeling (October 6-10, Banff, Canada), edited by Guy Godin, Pierre Boulanger, J.-Angelo Beraldin, and Marc Rioux, 1-7. Los Alamitos, CA: IEEE Computer Society Press.

Goodman, Josh. 2003. Big Brother's Imprint. Governing, 16 (12): 42-46.

Graham-Rowe, Duncan. 2004. Secure Signature Means No One Can Steal Your ID: A New Approach to ID Card Biometrics Will Enhance Security and Privacy. New Scientist, 182, May 22, 23.

Greenemeier, Larry. 2005. U.S. Pushes for Advances in Facial Recognition. Information Week, 1030: 30.

Howlett, Debbie. 2004. Chicago Plans Advanced Surveillance. USA Today, September 9. http://www.usatoday.com/news/nation/2004-09-09-chicago-surveillance_x.htm.

International Biometric Group. 2004. How Do Biometric Systems Determine Matches? http://www.biometricgroup.com/reports/public/reports/biometric_match.html.

Jain, Anil K., Hong Chen, and Silviu Minut. 2003. Dental Biometrics: Human Identification Using Dental Radiographs. In Proceedings of the 4th International Conference on Audio- and Video-Based Biometric Person Authentication (Guildford, UK, June 9-11), edited by Josef Kitler and Mark S. Nixon, 429-437. Berlin: Springer-Verlag.

Jain, Anil K., Sarat C. Dass, and Karthik Nandakumar. 2004a. Can Soft Biometric Traits Assist User Recognition? In Proceedings of SPIE Defense and Security Symposium (Orlando, Florida, April), edited by Edward M. Carapezza, 112. Bellingham, WA: International Society for Optical Engineering.

--. 2004b. Soft Biometric Traits for Personal Recognition Systems. In Proceedings of the International Conference on Biometric Authentication (Hong Kong, July) edited by David Zhang and Anil K. Jain, 731-738. Berlin: Springer-Verlag.

Jain, Anil K., Friederike D. Griess, and Scott D. Connell. 2002. On-line Signature Verification. Pattern Recognition, 35 (12): 2963-2972.

Jain, Anil K., Sharath Pankanti, Salil Prabhakar, Lin Hong, Arun Ross, and James L. Wayman. 2004. Biometrics: A Grand Challenge. In Proceedings of the International Conference on Pattern Recognition (Cambridge, UK, August, vol. II), 935-942. Surrey, UK: British Machine Vision Association and Society for Pattern Recognition. http://biometrics.cse.msu.edu/biometricsgrandchallenge.pdf.

Jain, Anil K. and Arun Ross. 2004. Multibiometric Systems. Communications of the ACM, 47 (1): 34-40.

Jain, Anil K., Arun Ross, and Salil Prabhakar. 2001. Fingerprint Matching Using Minutiae and Texture Features. In Proceedings of the International Conference on Image Processing, 282-285. Los Alamitos, CA: IEEE Computer Society Press.

--. 2004. An Introduction to Biometric Recognition. IEEE Transactions on Circuits and Systems for Video Technology, Special Issue on Image- and Video-Based Biometrics, 14 (1): 4-20. http://biometrics.cse.msu.edu/JainRossPrabhakarCSVT_v15.pdf.

Jonietz, Erika. 2004. Boosting Biometrics. Technology Review, 107 (5): 20-21.

Kershaw, Sarah. 2004. Lawyer Linked to Bombings Is Released. New York Times, May 20.

Kleist, Virginia Franke, Richard A. Riley, Jr., and Timothy A. Pearson. 2005. Evaluating Biometrics as Internal Control Solutions to Organizational Risk. Journal of American Academy of Business, 6 (2): 339-344.

Krim, Jonathan. 2004. Passport ID Technology Has High Error Rate. Washington Post, August 6.

Kumar, Ajay, David C. M. Wong, Helen C. Shen, and Anil K. Jain. 2003. Personal Verification Using Palmprint and Hand Geometry Biometrics. In Proceedings of the Fourth International Conference on Audio- and Video-based Biometric Personal Authentication (June), edited by Josef Kittler and Mark S. Nixon, 1-8. Berlin: Springer-Verlag.

Lawson, William J. 2003. Enhancing Assistive Technologies: Through the Theoretical Adaptation of Biometric Technologies to People of Variable Abilities. Dissertation, School of Business, Kennedy-Western University.

Lee, Andrew. 2003. Identity Crisis. The Engineer, 292, June 13, 26-31.

Lewis, Peter. 2005. Let Your Fingers Do the Locking. Fortune, 151 (2): 42-44.

Linnhoff, Stefan and Jeff Langenderfer. 2004. Identity Theft Legislation: The Fair and Accurate Credit Transactions Act of 2003 and the Road Not Taken. Journal of Consumer Affairs, 38 (2): 204-216.

Lucas, Peter. 2005. Biometrics Come into Focus. Collections & Credit Risk, 10 (3): 18-21.

Mansfield, A.J. and J.L. Wayman. 2002. Best Practices in Testing and Reporting Performance of Biometric Devices, Centre for Mathematics and Scientific Computing, National Physical Laboratory. http://www.npl.co.uk/scientific_software/publications/biometrics/ bestprac_v2_1.pdf.

Matsumoto, Tsutomu, Hiroyuki Matsumoto, Koji Yamada, and Satoshi Hoshino. 2002. Impact of Artificial "Gummy" Fingers on Fingerprint Systems. In Proceedings of SPIE--Optical Security and Counterfeit Deterrence Techniques IV, 4677 (April), edited by Rudolf L. van Renesse, 275-289. Bellingham, WA: International Society for Optical Engineering.

Matyas Jr., Vaclav and Zdenek Riha. 2000. Biometric Authentication Systems. Brno, Czech Republic: Faculty of Informatics, Masaryk University. http://www.fi.muni.cz/veda/reports/files/older/FIMURS-2000-08.pdf.

Middlemiss, Jim. 2004. Biometrics Add Security in Insecure Times. Wall Street & Technology, March 26, 42-46.

Moore, David S. and George P. McCabe. 1993. Introduction to the Practice of Statistics. New York: W.H. Freeman and Co.

Nixon, Mark S., John N. Carter, Michael G. Grant, Layla Gordon, and James B. Hayfron-Acquah. 2003. Automatic Recognition by Gait: Progress and Prospects. Sensor Review, 23 (4): 323-331.

Nowak, Glen J. and Joseph Phelps. 1992. Understanding Privacy Concerns: An Assessment of Consumers' Information Related Knowledge and Beliefs. Journal of Direct Marketing, 6 (Autumn): 28-39.

Olmstead v. United States. 277 U. S. 438. 1928.

Organization for Economic Cooperation and Development (OECD). 2004. Directorate for Science, Technology and Industry, Committee for Information, Computer and Communications Policy, Working Party on Information Security and Privacy. Biometric-based Technologies. DSTI/ICCP/REG(2003)2/FINAL, June 30. http://applil.oecd.org/olis/2003doc.nsf/linkto/dsti-iccp-reg(2003)2final.

Phillips, P. Jonathon, Patrick Grother, Ross Micheals, Duane M. Blackburn, Elham Tabassi, and J. Mike Bone. 2002. Face Recognition Vendor Test 2002: Overview and Summary. http://www.frvt.org/DLs/FRVT_2002_Overview_and_Summary.pdf.

Piazza, Peter. 2005. The Smart Cards Are Coming ... Really. Security Management, 49 (1): 40-52.

Prabhakar, Salil, Sharath Pankanti, and Anil K. Jain. 2003. Biometric Recognition: Security and Privacy Concerns. IEEE Security & Privacy, 1 (March/April): 33-42.

Randazzese, Vincent A. 2003. Multimodal Biometrics Beef Up Security. CRN, 1054, July 21, 44.

Ratha, Nalini K., Jonathan H. Connell, and Ruud M. Bolle. 2001. Enhancing Security and Privacy in Biometrics-Based Authentication Systems. IBM Systems Journal, 40 (3): 614-634.

Reid, Paul. 2004. Biometrics for Network Security. Upper Saddle River, N J: Prentice Hall PTR.

Rockwell, Mark. 2004. Can Voice Recognition Answer the Call? Wireless Week, 10 (10): 21-23.

Rotella, Mark, Charlotte Abbott, and Sarah F. Gold. 2001. Fingerprints: The Origins of Crime Detection and the Murder Case That Launched Forensic Science. Publishers Weekly, April 9, 248 (15): 59.

Saffo, Paul. 2005. A Trail of DNA and Data. Washington Post (Washington, DC), April 3.

Schuckers, Stephanie A.C. 2002. Spoofing and Anti-Spoofing Measures. Information Security Technical Report, 7 (4): 56-62.

Smith, Brad. 2005. Input Technologies Aimed at Ease-of-Use. Wireless Week, 11(7): 56.

Sraeel, Holly. 2005. Hot on the ID Theft Trail: Will the Real Jane Doe Stand Up? Bank Technology News, 18 (2): 8.

Stein, Nicholas. 2004. The Fruits of Safety: Accenture's Contract for the US-VISIT Program. Fortune, June 28, 149 (13): 27-30.

Supermarket News. 2004. Piggly Wiggly to Implement Finger-Scan Payment System, March 4. http://www.supermarketnews.com/xref.cfm?&ID=6169&xref=Piggly%20Wiggly.

Timmons, Heather. 2005. Security Breach at LexisNexis Now Appears Larger. New York Times, April 13.

Traster, Tina. 2004. Biometric Tools for Access Don't Measure Up. Crain's New York Business, 20 (11): 19.

USA PATRIOT Act. 2001. Public Law No. 107-56.

U.S. Department of State. 2004. Deadline for Biometric Passport Requirements Extended by One Year, President Bush signs legislation, August 9. http://usinfo.state.gov/gi/Archive/2004/Aug/11-130419.html.

Weiser, Benjamin. 2004. Can Prints Lie? Yes, Man Finds to His Dismay. New York Times, May 31.

Wildstrom, Stephen H. 2005. New Weapons to Stop Identity Thieves. Business Week, 3924, 24.

Williams, Steve. 2005. 'Big Brother' Biometrics? Credit Union Management, 28 (4): 44-46.

Wilson, Charles L., Michael D. Garris, and Craig I. Watson. 2004. Matching Performance for the US-VISIT IDENT System Using Flat Fingerprints NISTIR 7110. NIST Image Group's Fingerprint Research, May. http://sequoyah.nist.gov/pub/nist_internal_reports/ir_7110.pdf.

Woodward, John D., Jr., Nicholas M. Orlans, and Peter T. Higgins. 2003. Biometrics. New York: McGraw-Hill/Osborne.

Jeff Langenderfer is an associate professor of marketing and law at the Campbell School of Business, Berry College, Georgia. Stefan Linnhoff is an MBA student at the Campbell School of Business at Berry College and holds a German law degree (Assessor iuris).