Biometrics has become a favored security technology by the federal government, which is using it in Iraq to catch bomb makers, safeguard U.S. borders and as a government ID card.
TAMPA, FLA. -- A biometrics "jumpkit" is helping American soldiers in Iraq to identify dangerous persons by immediately comparing detainees’ fingerprints against an Army database in the United States, using a satellite link for speedy analysis.
See slideshow: The changing face of biometrics
"When we roll with a target we need quick, rapid identification of who we have," said Konrad Trautman, director of intelligence at the U.S. Special Operations Command, describing how the biometrics kits kits can help zero in on gangs making improvised explosive devices (IED) in Iraq.
These terrorist groups leave their fingerprints everywhere, including on scraps of already exploded devices, said Trautman, who described the process at the Biometric Consortium Conference held last week in Tampa.
The U.S. military in Iraq over the last two years has amassed a large database of fingerprints and photos that can be instantly accessed using the biometrics jumpkit. Soldiers submit a Web-based inquiry with a detainee’s fingerprint scan to the Army’s Biometrics Fusion Center via a small Inmarsat satellite antenna link that’s part of the kit, and in about 15 minutes can find out if the fingerprint matches a prior entry.
In situations that involve high-value targets, interrogations, or door-to-door searches, “for us to come in with knowledge that there has been bomb-making sets the tone for the discussion,” Trautman said.
Soldiers have made about 28,000 biometric submissions over the past two years, resulting in 1,722 positive matches for individuals linked to IEDs, which has greatly helped reduce the bomb-making violence in Iraq, Trautman said.
“If I find a fingerprint off a mortar fin that landed, I can probably figure out who did it,” said Lt. Col. Thomas Pratt from the U.S. Central Command. Entire groups of bomb-makers are being identified through biometrics, Pratt said.
In addition to collecting fingerprints, the military is storing iris and DNA captures from the most dangerous individuals and using that information to link people to terrorist events.
But it hasn’t always worked that way, said U.S. military officials at the conference.
“Eight years ago we were writing a number across the forehead of a detainee with a pen,” said Dr. Myra Gray, director of the Defense Department's Biometrics Task Force, which centrally organizes the military’s efforts to use biometrics technologies. “Terrorists have no borders. For us to be effective, we have to break down barriers and have effective data sharing between agencies.”
She said the use of biometrics has directly led to 379 of the most dangerous terrorists being “taken off the street.”
The Defense Department's arduous collection of biometrics from Iraqi detainees (both the innocent and the guilty) is being carried out under an agreement with the Iraqi government, but military officials acknowledge the collection methods “are more permissive than what you’d find in this country,” Pratt said.
The soldier’s biometrics jumpkits are just one example of how the U.S. government has embraced the science of collecting fingerprint, face, iris and other biometrics to identify individuals since the Sept. 11, 2001, terrorist attacks.
“We’ve always had the issue of identity fraud. It took 9/11 as a catalyst for Congress to say we need something better,” said Robert Mocny, director of the Department of Homeland Security’s US-VISIT program, which requires foreign visitors coming to the United States to submit to an electronic fingerprint scan to be checked against a watch database. The program, which originally started as a two-finger scan for foreign visitors, is being updated to 10 fingers and both palm prints at U.S. ports of entry and places where visas are obtained.
Although the US-VISIT biometrics program initially faced controversy, it now successfully checks 23 million prints per year, Mocny said. Other countries, including Canada, Japan, Peru and Argentina, have either launched or will soon launch similar visitor biometrics systems.
The next step Congress wants is “some kind of biometrics exit,” Mocny said, to ensure those who entered the United States as visitors actually left the country. “Standing that up for us will be a challenge.”
DHS would like airlines to assist in the biometrics collection process at departure gates, for example, but Mocny acknowledged, “The airlines aren’t happy about it.”
Another large-scale government biometrics project just getting ramped up is the Transportation Workers Identification Credential (TWIC) program. This joint project initiated by the Coast Guard and the Transportation Security Administration (TSA) requires workers at port facilities, vessels, drilling rigs and docks to carry a card-based credential with their digital fingerprints stored on it to prove their identity in on-the-spot fingerprint checks using mobile card readers.
The credential costs more than $100 and must be paid for by the worker’s employer or the worker directly.
“We have an enrollment now of 500,000,” said Maurine Fanguy, TWIC program director at TSA. “We’ve been able to take this out to the worker.” TSA estimates about 1.2 million workers will get a TWIC card, with a mandate this should be completed by April of next year.
TWIC field tests will soon commence in five locations, including with Watermark Cruises in Annapolis, Md., and Magnolia Marine in Vicksburg, Miss.
Some equipment has had to be modified to the environment: Dock workers tend to have much bigger hands than average, for example. “We’re encountering people with hands so big, they can palm the standard reader,” Fanguy said. “Fingerprints like you’ve never seen in your life.”
The TSA also wants airport operators and airlines to migrate from the physical access-control methods they now use to government-approved biometrics-based access methods. Carter Morris, senior vice president at the American Association of Airport Executives, who spoke on the topic at the conference, said 40 airports have formed the “Biometric Airport Security Identification Consortium” to speak with a common voice to the government on the topic.
Morris said the airport industry and airport operators want a very clear idea of what to invest in, hopefully based on a “standards-based framework,” for the biometric verification of aviation workers so whatever is put in place would be interoperable.
Deploying biometrics is not easy, and the General Services Administration (GSA) is finding that out in its effort to outfit government employees and contractors with the Personal Identity Verification (PIV) card required under the Homeland Security Presidential Directive 12 (HSPD-12) signed by President Bush in August 2004.
HSPD-12 called into creation the PIV smart card with digital credentials and a two-fingerprint biometric, provided upon completion of a background and criminal check.
Civilian federal agencies — and increasingly the Defense Department, which has long has its own Common Access Card — are looking at PIV to be the credential for physical and logical access. But David Temoshok, director of identity policy and management at GSA, acknowledged “interoperability is very hard across 19 systems. I won’t say it’s impossible, but it will be very hard to do.”
At GSA, which has issued about 100,000 PIV cards, the card still isn’t actually being used for physical or logical access at this point, Temoshok said.
Another challenge is combating false identities.
Experts point out that biometrics, while connecting a person with a physical attribute as proof of identity, is only as good as the underlying process for vetting the real identity of the person, lest biometrics be exploited to give cover to someone using a false identity.
“It’s the ‘breeder document’ problem,” said Gail Nix, global executive director for border management and public safety at consultancy Accenture, who spoke at the conference. “There is worry about terrorists gaining multiple identities.”