Biometric identity solutions have been much in the news this month – from UK Post Office services to biometric passports in Ghana and Angola – as government agencies in particular advance major projects based on the principle of verification through ‘something I am’, typically a facial or fingerprint scan. The United States Customs and Border Protection agency for instance announced earlier this month that it is seeking quotes to deliver a planned wholesale upgrade to its passenger admissions systems – with a guide tender value of $960 million.
Biometric scanners are already in use at some US airports, but sweeping deployment on this scale suggests progress towards seamless air travel across the USA of the type being piloted between Canada and the Netherlands through KTDI, which combines biometrics with blockchain to obviate passports and physical barriers at the border entirely. This appetite is in evidence globally, according to IT firm SITA, which finds that 77% of airports plan to invest in biometric facial recognition tech, with Asia Pacific leading the way: data from IBM’s ‘Future of Identity’ report shows that 78% of people in APAC are already comfortable with using biometric authentication, with 94% keen to use it in future.
There are some potentially serious bumps in the road, however – without public comfort and trust in the way these technologies are being rolled out, their adoption is at risk of stalling or even being rolled back. In one recent case in the UK, biometric data including fingerprints and facial scans belonging to over a million people were found to have been leaked from the Biostar 2 locking system onto a publicly accessible database. The web-based tool Biostar 2 was integrated last month with globally deployed locking system AEOS – used by UK banks, defence firms and the police – and then last week was discovered by Israeli researchers to have been connected to an open network, exposing nearly 28 million records.
As the researchers explained to the Guardian, perhaps the most concerning thing about cases like these is that where biometric data is breached, it is effectively lost forever, as it is no small feat to reset one’s fingerprints or facial features. It also emerged last week that the 67-acre London King’s Cross estate is using facial recognition systems to track around 140,000 passersby daily without their knowledge, adding to concerns that the general public may grow increasingly discomfited if they feel adoption is being undertaken by the back door. In response the Chair of the CIPR’s AI Panel Kerry Sheehan warned that “Facial recognition technology has and will deliver significant improvements to society and the economy – but the benefits will not be gained if issues around public trust are not addressed.”
The mobile industry is well placed to help here: with global network infrastructure of unequalled security, a stated commitment to safeguard privacy through the pan-industry identity API Mobile Connect, and a consensus on the necessity of two-factor authentication (2FA) where practicable. Operators are in a strong position to support the development of biometric solutions while helping to allay public concerns over whether their biometric data is secure, or where it has been compromised whether it can be used fraudulently. If you can match users with something they are (a biometric scan), something they know (a PIN), and something they have (their mobile device) – and can do so securely and with their express consent for any use of their data – the value of these technologies can be realised without creating public unease.
A great deal of work is already being done – the three German operators for instance launched Mobile Connect this month, bringing those offering the pan-industry 2FA solution above 70 across 40 countries – but there remains enormous room for growth. A major report by Juniper Research found this month that mobile devices are set to become the “primary source of identity” for over 3 billion people – due in part to the superior scalability of mobile solutions over card-based systems, and greater attractiveness to private-sector support – with particularly swift adoption in regions where existing state-issued identity schemes are less common. Juniper values the potential gains to operators over the next five years at $7 billion, up from around $859 billion today.
As cybersecurity firm F-Secure pointed out at MWC19 Shanghai, market research shows that an absolute majority of consumers at 60% trust operators above all to deliver connected security – yet the mobile industry still has only a 10% share of this $100 billion dollar business. With the news this month that the commercial opportunity is poised to grow exponentially, we can expect to see more operators treating digital identity as a business priority in the near future.