Another commerical biometric failure

Well just after I finished blogging about failures with biometrics in Tampa a few weeks ago, USA Today reports that a trial at Boston's Logan Airport failed miserably.

For a refresher, Logan airport is where more than half the terrorists boarded during the 9/11 attacks.

I really hope biometrics get better soon. Up here in Canada we are now looking at new passports with biometrics, and the arguement at government is which one is the best.

Look, technology is not going to solve this if we don't have enough diligence to deal with everything else relating to it. The weakest link is the human factor. You know what would be better than a computer catching a terrorist? How about a well trained person doing passport checks and weeding out suspicious activity? How about MORE enforcement with better trained police and airport security to prevent the acts that HUMANS are taking. How about better cockpit doors to prevent unauthorized access. Look, directing huge airplanes into buildings isn't all that technical. Why do people think it will be solved with technology? I am all for better methods in detecting threats, but what happens when the "terrorists" are not yet in the database? At that point, facial recognition is useless.

But I digress. The point is that risk mitigation, even in physical security has to go beyond whats in front of us. What good is detection if we have no real mechanisms of measurement, and worse yet response. What do I mean? Consider this. In government "clean room" tests, the USA Today article says it had a 90% success rate. Sounds good right? Well I don't think so. What happens when we throw more security at something? We normally get a false sense of security, and become lax in our procedures. It is human nature. In other words, 10% of the time KNOWN terrorists will get through, and will probably increase as our methods for detection and response are left to technology, which is prone to fail. The article doesn't go on to explain the levels of false positives and how they weed out the events, but the false negatives are way to high.

Someday biometrics will mature. But its not quite there yet. We need to take some of these resources and train the personnel that work with these systems better. We need to hire more agents responsible for protection (from police to bodies properly checking luggage) to deal with detection, and hire even more people to deal with response. The level of competancy and bodies to deal with forensic investigation, signal analysis etc at all levels has a ways to go. And we need to get biometric companies to get more involved. To look beyond the fast buck and really make systems that work.

There is nothing wrong in making money in the security industry. But you need to do so in a responsible manner, and avoid using the FUD factor as an agent of your marketing efforts. Build systems that work and that you can be proud of. Thresholds HAVE to be better than 90%. Get with it.