Market Trends

Why Facial Recognition is the Wrong Choice for Biometric Exit

Twenty years after Congress first mandated a biometric exit system, the Department of Homeland Security (DHS) is finally showing signs of movement on implementation.

Much to the industry’s collective chagrin, DHS has yet to decide on an operating concept. That’s not to say that DHS isn’t trying out a few solutions, however. The so-called “experiments” underway at Customs and Border Protection (CBP) are an early indication of what it may be interested in buying in the future. At the recent Connect:ID conference, the Science and Technology (S&T) Directorate also presented some of its technical findings from a multi-year study of collection technologies designed to inform the ultimate decision on an operating concept.

Piecing together various public statements, facial recognition is getting some serious consideration.

Why is CBP considering facial recognition so strongly? There are many reasons. There’s no device to touch. Capture happens passively, even automatically, which reduces its personnel footprint. It feels futuristic. And in the tests they’ve run, it’s pretty accurate. What’s not to like?

In a word, everything. Facial recognition is a fine technology with many strong use cases. Yet for biometric exit, facial recognition is simply the wrong choice.

Here’s why:

Facial recognition isn’t “lights out.” The algorithms for facial recognition have improved dramatically over the years. They are getting better and better at producing fully automated matches. But the reality is this: at the scale CBP operates on, facial recognition algorithms are not reliable enough to operate without human intervention.

The statement of objectives for the forthcoming HART database targets the automated facial recognition rate at 95%. Current technology cannot deliver that. If CBP goes forward with a facial recognition solution, sorting through the sea of images which the system cannot identify automatically will require a lot of effort and probably staff time. Facial recognition might be used in a layered system to narrow down searches of other biometrics, but that involves increasing the number of biometrics captured on entry.

Testing data collected in the “experiments” may appear at first blush to demonstrate that facial recognition can operate reliably enough for a “lights out” system to work. But again, there’s a humongous caveat in those tests: they are running against small back-end systems purposely built for the test rather than against IDENT, DHS’s current biometric database. When facial recognition is used “in the wild” (a 1: many scenario), the results will be far less reliable.

Timing is another area where the current “experiments” may indicate a deceptive result.  As in 2009, CBP does not seem to be taking delays to travelers into account. If the system fails to capture or match in time, CBP suspends the test and passengers are allowed to board the aircraft. In a live biometric exit system, flights would have to be delayed so everyone boarding the plane could be accounted for. In an operational environment, only “lights out” will do.

Facial recognition ignores the huge value of IDENT. Fingerprints are the core of the US travel security system. DHS has captured fingerprints from foreign travelers for well over a decade. IDENT represents a treasure trove of information about travel histories, criminal records and visa data, all of which use fingerprints as the common identifier. The value of existing systems is immense and should not be thrown away on a whim.

If CBP switched to facial recognition for exit, it would have to build up a database of faces to match against – even if face was only part of an exit solution. That would take many years, delaying the basic utility of an exit program. In order to build a face database from scratch, CBP would have to capture faces on entry as well, essentially doubling the required investment in equipment, resources and database capacity.

“We should use fingerprints. That’s what’s in law enforcement databases. Why create a new system?””
— Senator Jeff Sessions, June 2016

— Senator Jeff Sessions, June 2016

One of the basic justifications for an exit program is to identify criminals before they flee the country. Only fingerprints can search against the complete holdings of US law enforcement agencies and the military. If all we know about a person is that their fingerprints were found on a bomb fragment in Iraq, CBP will not be able to identify them through facial recognition or an ID check alone.

Reliable capture is an issue. Face appears attractive as a biometric modality because it can be captured passively, at least in theory. This avoids the necessity of a manned system and allows for a solution which sits in the background, unnoticed by travelers.

Unfortunately, the reality is much more complicated. In a recent experiment performed by S&T, cameras were placed in a jetway to read faces as passengers boarded a plane. The results were not encouraging. People moved too fast for the camera to identify them. Obstructions like hats, glasses and hair prevented quality capture. Multiple people in a single frame confused the algorithm. In the end, the data turned out to be unusable for the kind of mass-level deployment CBP has in mind. Similar capture issues are common in facial recognition solutions deployed around the world.

In the end, facial recognition just doesn’t measure up to the high standards required for a biometric exit system. The technology has many effective uses, but this does not appear to be one of them. At an operational and technical level, it simply cannot meet the requirements of biometric exit.

Ben Ball is the Government Market Director at Crossmatch, where he oversees market intelligence and strategic outreach to government customers around the world. A ten year veteran of the Federal government, Ben was a Foreign Service Officer and worked in the Department of Homeland Security.
Crossmatch Supports NIST Guidance on SMS OTP
A Bridge Too DFARS: Authentication and the DoD Deadline for Cyber Compliance
The New Security Perimeter in a Borderless Enterprise
There are currently no comments.