The work seemed interesting enough when Daugman, Bernoulli Professor of Mathematics at Cambridge University, patented it in 1994. But it took on a whole new importance after the terrorist attacks of September 11, 2001. Suddenly iris scanning began to look like a key technology for protecting a frightened Western populace from global terrorism. Since then “biometric” technologies of all flavors–from fingerprint scanners to voice recognition–have taken off, and Daugman’s company, Iridian Technologies of New Jersey, is no exception. “Our mission,” says the company’s Web site, “is to enable a safer world through iris recognition.” Its technology is already on show at airports from Japan to Germany to the Netherlands, and Iridian is talking with corporations and government agencies around the world. The prospects are rosy. “This is an industry waiting to happen,” says Daugman.
Although Daugman is convinced that the iris scan is the best biometric technology there is, he doesn’t put much stock in it as a security measure. Biometrics, he reckons, has been overhyped. It’s not that Iridian Technologies has made false claims. It’s true that an iris scan can match a person to a single entry in a vast database with no ambiguity, and it can do so quickly and efficiently, without causing lines at the airport or the border crossing. Daugman’s problem is not with the technology but with the expectations people have of it. He disputes the premise that the way to combat terrorism is to amass great quantities of data on individual citizens. “To confuse identification with antiterrorism is flawed reasoning,” he says. “It is an illusion to think [iris scans] could prevent terrorism. A suicide bomber is not going to be enrolled on the database.”
Daugman isn’t the only one who has these doubts. Many security experts have questioned whether the surveillance machinery that nations have been erecting since 9/11 is as effective in dealing with the threat from terrorist groups like Al Qaeda as most people believe. Relying too much on technology for fighting terrorists may make it harder for many criminals to beat the system, but by instilling a false sense of security it may also increase the rewards for the few who do. At the other end of the scale is the ordinary citizen, who is being asked to surrender privacy for security. The ritual of being scanned at the airport and the sight of cameras on the streets no doubt make people feel safer, but are they getting real security in return for the loss of privacy? So far, the answer isn’t clear.
Such doubts are rarely heeded in the corridors of power. Instead, fear of terrorism has led to a worldwide boom in state surveillance. Governments are issuing national ID cards and passports that contain computer chips with biometric data. Surveillance cameras are becoming commonplace on buses and trains, on streets and in shopping centers, and at national monuments and tourist hotspots. As new technology for sifting through all this data comes online, governments will be better able to piece together a full profile of the ordinary citizen, down to the pettiest of crimes and misdemeanors that ubiquitous eyes and ears can catch.
Nowhere is surveillance technology more visible than in London. Authorities began ringing the city’s financial district with closed-circuit television (CCTV) cameras after a spate of bombings by the Irish Republican Army in the early 1990s. Any motorist entering the City can count on being photographed by cameras mounted on 10-meter poles, which send images to the Police National Computer center. In all, about 100 police cameras shoot people walking the City’s streets. Private companies have also gotten into the act in an attempt to prevent crime: walk a kilometer or two down Oxford Street, a shopping thoroughfare, and your image will be captured by 17 cameras–far more if you wander into the shops. The average Londoner is now photographed 300 times a day. By some estimates, Britain contains a fifth of all the surveillance cameras in the world–more than 4 million. One British police force is now considering hiding cameras in their helmets.
The cameras are of little use, however, without a means of analyzing the data they record. A review by the Home Office in 2002 found that the cameras had a “small effect” on crime, but didn’t address terrorism; other studies have also been inconclusive. London’s police admit that manpower is a major limitation: for the cameras to be useful for spotting terrorists, an army of police would have to be on hand to scrutinize the images. That’s why they’re testing facial-recognition software to help pick out known criminals in the crowd. “Face recognition,” says City of London police spokesman Julian Goodchild, “will be seriously considered when it is shown to be effective.”
So far, though, face recognition hasn’t lived up to its promise. Identix, a software firm based in Minnetonka, Minnesota, developed the software, called FaceIt, being used in the British pilot study. FaceIt measures the relative distance between a person’s facial features and boils it all down to a code, or “faceprint,” which a computer can easily compare with other faceprints in a database (perhaps flagging, say, a known criminal). Since 9/11, law-enforcement agencies have cooled on the technology, largely because it isn’t always that accurate. The company says some people have false expectations about the product but acknowledges that results vary widely depending on lighting, time of day and the angle of the face to the camera.
Despite its inconsistency, FaceIt software is up and running in Reykjavik’s airport in Iceland and on the boardwalk at Virginia Beach, Virginia. Identix’s software isn’t ideal for catching terrorists, because there would likely be too many false positives. It’s better, says Identix, at more mundane tasks like matching the photos of applicants for a driver’s license, or voters, against a photo database.
Other biometrics can be similarly unreliable and expensive to implement, so authorities are loath to invest in any one method. To hedge their bets, many governments are putting one or more types of biometrics on digital ID cards. This spring Italy will start replacing its carta d’identita with the microchip-powered carta d’identita elettronica. The card will carry faceprints and fingerprints–and eventually iris scans. “This new e-passport will provide significant help in the fight against global terrorism by minimizing the risk of forgeries,” says government spokesman Mario Baccini. The EU is proposing a common combination of biometrics for all travel documents, and there’s loud talk of an eventual EU-wide identity card. Even ID-averse Britain is considering issuing its own form of card.
Germany may go one step farther: it is talking about building a central database to supplement its biometric ID card. The government would then be able to link a citizen’s biometric identifiers with virtually all of the information the state keeps on him or her. Privacy advocates have objected on the ground that over time the information will be made available to tax offices, insurance companies and other recipients.
Giving up some privacy might be worth it to many people if they were assured a corresponding benefit in safety and security. Do national ID cards and databases provide it? It’s too early to know for sure, but many experts think not. Databases may sometimes hold faulty information, as anybody who’s ever had to correct a credit agency’s error can attest. The larger the database, the more likely that imperfect data will throw up a false match. “In the fight against terrorism you need to target,” says Tony Bunyan of Statewatch, a civil-liberties group in London, “otherwise you are just building a bigger and bigger haystack to find the same number of needles.” The ability to search vast databases for that nugget of useful information has so far eluded security experts.
That’s not to say, of course, that the technology won’t come of age. So-called data-mining software already allows Wal-Mart and other stores to crunch sales and demographic trends and figure out what people are likely to buy on any given day. In recent years, U.S. intelligence authorities have tried to harness the work done by commercial firms to crack the problem of “sense making”–deciphering reams of information, often in several languages. “Without information management,” says Gilman Louie, head of In-Q-Tel, the CIA’s venture-capital fund, “the job of the analyst is like drinking from a fire hose.”
One of In-Q-Tel’s first investments was in a San Diego-based company called Mohomine, which specializes in sorting and classifying “unstructured data”–the kind of information trapped in e-mails, correspondence, published materials and Web pages. The firm’s parent, Kofax, has developed “document exploitation” technology to make sense of mountains of paper documents. Soldiers in Afghanistan and Iraq were able to scan documents and send them back to headquarters, where software translated them into English and distributed them to government agencies. The goal, says Sameer Samat, a Mohomine founder, is to create a “prioritized, digital archive” of critical documents. “We get data, transform it and deliver it in actionable form.”
In-Q-Tel’s Louie is adamant that the United States can use new technologies in a way that doesn’t infringe on privacy. But technology has a way of finding its market. Consider China’s Golden Shield project to create a computerized national network of citizens. The project includes a roster of technologies developed largely in the West: surveillance cameras with face-recognition software, fingerprint databases and speech-recognition software to monitor telephone conversations. Beijing is mum on how far along the project has come, but it may turn out to be more useful against dissidents than terrorists.
The current surveillance boom is to a great extent an export of the United States. Not only do private U.S. firms generate much of the technology, and military agencies fund much of the development, but the Bush administration has been aggressive in imposing security measures on other nations. New U.S. immigration rules have prompted some countries to include biometric data on machine-readable passports so their citizens won’t risk being turned away at the border. The United States has been pushing other nations to raise security standards at airports, as well as to adopt standards for intercepting Internet communications and wiretapping telephone and electronic communications.
The great irony, of course, is that while Western Europeans have largely accepted the greater surveillance, Americans have begun to object. The U.S. Congress has acted to kill or curtail several of the Bush administration’s security initiatives. If all these security technologies aren’t really what they’re cracked up to be, Europeans may wind up paying a disproportionately high price.