
                   Foolproof ID: Opening Locks With Your Body

                             by Stanley N. Wellborn

                         from U.S. News & World Report

                               December 17, 1984



      Before soldiers at Fort Benjamin Harrison, Ind., get their paychecks, they literally put their bodies on the line - allowing high-tech palm readers to scan their hands and fingers. Resultj: Foolproof identification.

     At a federal laboratory in New Mexico, access to top-secret rooms is
controlled by a device that focuses on blood vessels behind the eye and provides an ID that cannot be faked.

     Such electronic technology - using one-of-a-kind characteristics of the
human body - is being introduced across the U.S. in a controversial attempt to
prevent fraud in identifying individuals.

     In an era when virtually all Americans are asked to show ID's ranging from
driver's licenses to credit cards, the process of insuring that a person is who
he or she claims to be is big business and a matter of growing concern.

     No longer is the simple password, the ID badge or the magnetic-encoded card sufficient, say security experts. Those traditional devices can be falsified, stolen or discovered accidentally.

     "So much everyday business is being done by machines that a verifiable ID
is an absolute necissity," says Dennis Branstad, an expert in the new field of
biometric access control at the National Bureau of Standards. "When a bank
customer makes an elecronic transfer of 10 billion dollars from an account, the
bank wants to know for certain that the customer is who he says he is."

     Systems using biometrics - the statistical study of the body - are expected to fill a growing range of routine ID needs in coming years. Such identification may be demanded for automated bank money dispensers, employee entry to job sites, access to computer networks, and as substitutes for hotel-room keys.

     Example: The Rensselaer Polytechnic Institute has designed a voice-
activated lock for doors of high-security areas, opening only for individuals it recognizes.

     But because the new systems can discern human physical attributes with
startling accuracy, they have raised concern about both personal privacy and the legal liability of institutions using them.

     Says Robert Ellis Smith, publisher of the Washington, D.C.-based "Privacy
Journal": "When a person's most subtle and unique physical traits can be stored
in a computer's memory, then who is safe from unwarranted intrusion? The system
doesn't just know your ID number; it knows your flesh and bones."

     Worries about privacy have not deterred technicians from exploring
fingerprints, signatures, brain waves and even typing rhythms to obtain
sure-fire identification.

     Experts know, for example,t hat every computer user follows certain
patterns in manipulating data on a screen, in entering commands and even in
making mistakes. some firms are experimenting with systems that will disconnect
a user the computer suspects of being fraudulent, even though the user has given the correct password.

     Another operation, being explored by IBM and others, requires a person to
sign with a pen measuring pressure, speed and direction of the signature. "You
can forge a signature that even an expert can't detect," says George Warfel, a
biometrics consultant in San Francisco. "But the machine knows exactly how you
write your name, not just the way it looks on paper."

     For years, the major drawback to these systems was high cost. Now, most
units retail for under $10,000 each, and mnaufacturers say the devices wil be
half of that price in two years.

     Many companies are betting thaty consumers will be glad to give up their
plastic cards and forget their passwords and personal ID nmbers in favor of a
system that measures a unique physical characteristic.

     But the head of security for a major Chicago bank is skeptical after
testing a voice-recognition system to verify the identity of callers making
financial transactions over the phone. The bank decided against the technique
because of high cost and low reliability.

     "Right now, the cost of biometric systems is too high for general retail
use," he says. "You can still get a high degree of security with passwords,
plastic cards and internal codes within the computer."

     Employees in high-security jobs, however, will increasingly find themselves subject to biometric surveillance, say industry officials. "The big market will be within large financial institutions or high-tech companies that need to control exchanges of data between employees," explains Branstad of the National Bureau of Standards.

     Will personal rights be infringed upon by such electronic intrusion?
Perhaps, say experts, and whether to tolerate it will present each individual
employee with a choice to make.

     "The success of these devices depends on the cooperation of the user,"
observes Russ Maxwell, a technical security engineer at Sandia National
Laboratories in Albuquerque. "A person who doesn't want a machine to trespass on his personal freedom probably shouldn't take a job where such security measures are required."