Within a year, technology capable of fingerprinting agency employees by merely photographing a hand wave is expected to get the OK from the government, according to federal and industry officials.
So-called contactless fingerprinting is faster and more hygienic than ink and paper or digital touchpads, proponents say. At the same time, the idea of agencies collecting biometric data without physical contact has sparked some concerns about too-easy surveillance.
Today, biometrics company MorphoTrak is working with the National Institute of Standards and Technology and the FBI to certify a touchless system for taking prints suitable for employee ID badges. More than 72 percent of computer users governmentwide now need biometric smart cards to access agency systems, in the wake of the Office of Personnel Management breach.
Scott Swann, MorphoTrak senior director of innovation, said “the FBI is willing now to allow devices with contactless technology” to be evaluated for capturing prints for these ID cards, among other things. On Sept. 4, his company submitted documentation and fingerprint images to the bureau to prove its system meets image quality requirements for the badges and other uses.
FBI spokesman Stephen G. Fischer told Nextgov the bureau cannot discuss individual vendor products that might be presently undergoing testing and evaluation. But he said “the FBI is very interested in contactless fingerprint capture technology and is working closely with the National Institute of Standards and Technology on related research and evaluation.”
Indeed, NIST officials are trying to authorize touchless fingerprint identification for use governmentwide. It is anticipated the technology will eventually catch on at airport security checkpoints. Already, the Defense Department has tested contactless fingerprint verification as a way to prevent bad guys from accessing military facilities.
“Where the government stands to use this technology firstly,” said Michael Garris, NIST biometrics senior scientist, “is anywhere where there are long lines that require people to authenticate or to be screened or to present a credential that says who they are.”
NIST and the FBI, in partnership with companies like MorphoTrak, are developing common requirements for contactless fingerprint technology.
“Our goal, with our industry partners, is to have some really objective results that move us to testing for certification within the year,” Garris said, noting MorphoTrak’s system is a candidate.
While he is not involved in Transportation Security Administration policymaking, Garris said, “it’s pretty clear that security checkpoints at airports could benefit if they are going to use stronger authentication and therefore they’d want to start using biometrics, not only at the trusted traveler programs on the special lanes, but all the lines for example — and it wouldn’t be slowing down the traveler.”
Fliers in trusted traveler programs, who currently speed through separate aisles without disrobing, could simply wave their fingers to bypass crowds even faster.
Additionally, Swann said, “I believe that for applicant background check processing and for [identifying] unknown deceased people that this technology could completely replace what we use for touch-type fingerprint technology today.”
NIST is encouraging other companies to join the research and development effort so the final specifications align with what industry can assemble.
The Navy recently experimented with a “Gatekeeper-on-the-Move” system. That collects 3-D fingerprint, face and iris biometric data while individuals are walking to verify they are authorized to enter, “thus preventing the adversary and people of interest from exploiting potential entry point vulnerabilities,” according to a 2014 privacy impact assessment for a feasibility study of Gatekeeper on the Go.
The system could be used to protect U.S., coalition, allied government, and national security areas, as well as to identify individuals during disasters, Navy officials said at the time.
It has taken more than a decade to approve touchless fingerprinting inside the government, partly because the sensors under the hood of each manufacturer’s device are different from machine to machine, Garris said.
Another difficulty has been measuring the precision of systems when hands are near or far, moving fast or moving slow.
“At this point, it’s expected that every developer of contactless fingerprinting has devices that are going to be significantly different in terms of how they technically approach the situation,” Garris said.
One more wrinkle: Images of fingers pressed against paper or a touchpad look different than images of fingers that are not touching anything.
“They look like fingerprints, when you see it you see the ridges and the valleys of the friction skin, but the image properties are fundamentally different,” Garris said.
Like most uses of biometric technology in government, contactless fingerprinting has prompted Big Brother concerns.
Daily Dot noted: “If the technology were sufficiently advanced, federal agents could gather potential terrorism suspects’ fingerprints without ever alerting the suspects to their presence. That idea raises a host of privacy concerns, given the FBI’s civil-liberties track record.”
There also is the question of whether new biometric formats will require additional databases of the sort attractive to hackers and practitioners of warrantless surveillance.
Garris could not speak to civil liberties issues or specific deployment plans, but stressed that “we are working with industry to introduce a new fingerprint technology that will interoperate with the current uses of fingerprints.”
A key reason why NIST is wracking its brain over compatibility requirements is so the new technology can tap into existing databases at the FBI and elsewhere.
“These devices should not only be matchable with fingerprints off the same type of device or other contactless devices; they need to be matchable to all those legacy live-scan, touch-based prints: the hundreds of millions, for example, that the government has enrolled in databases,” Garris said. “The new needs to be backward-compatible with the old.”