UK Borders Bill
1:30 pm
Professor Ross Anderson: The word “biometrics” covers several different things. The Bill refers principally to three biometrics, which will be facilitated by it. The first is a facial image that is a digital representation of the kind of photograph that you have in your passport already. It is not very accurate. Randomised controlled trials show that you can easily pass off someone else’s photo if you are allowed to choose from, let us say, a couple of dozen photographs of people of the same sex and race. You can get one that is a good enough match that it will fool almost anybody on inspection.
Secondly, there are fingerprints, which are significantly better but definitely not infallible. There have been cases of misidentification recently, most notoriously the McKie case in Scotland. We do not know for sure precisely what the error rates of fingerprint scanners are because to measure them one must consider the equipment, algorithm and actual data that are used. If you take at face value the claim of the Metropolitan police that the error rate is one in a billion, fingerprints are fine for matching a crime scene print against the dabs of 100 known local active burglars, but they are less satisfactory if you are trying to match thousands of crime scene prints per year against a library of millions of prints held on file. That is how advances in information technology have led to more and more misidentifications.
Fingerprint technology is almost certainly not good enough if you are matching one population against another, say 90 million people a year arriving at Heathrow versus 60 million people in the UK. You will get absolutely swamped by false matches.
The third biometric that we are talking about here is iris codes. A declaration of interest, I suppose, is that these were invented by my Cambridge colleague, John Daugman. These give very much better resolution than fingerprints. The error rate is very much lower and as far as we are aware they are the only biometric whichis powerful enough to be able to match a population against itself. If you are matching tens of millions against tens of millions you have to go for iris codes.