Biometric maturity: the key to a successful government policing strategy
Jason Tooley comments on how to turn the tide of public acceptance and implement the most effective digital policing strategy
Cressida Dick, the Met Police Commissioner, recently stated that crime solving rates in certain areas are ‘woefully low.’ These controversial comments came only weeks after she commented that ‘facial recognition is ‘very useful’ within law enforcement and that the technology needs to make its way towards public acceptance or Britain risks being ‘really, really, really left behind.’
With police forces across the country facing increasing cost pressures – funding has fallen 19 per cent in the last eight years – biometrics are rapidly making their way into government policy as the final frontier in safeguarding the public whilst reducing costs.
While technological advancements are making new forms of biometric techniques available, such as behavioural biometrics, digital fingerprint based authentication is still regarded as having the highest level of maturity. Fingerprint technology has an implicit acceptance linked to the identity of the individual and delivers a lower false positive result. Facial recognition, however, when used as a stand-alone biometric, suffers from the risk of challenge and public consent to accept usage based on scenario as seen in the case of the South Wales Police pilot program. In addition, gender and racial bias as well as external factors such as poor lighting and wearing accessories impact on reliability and are likely to therefore be challenged more frequently.
There is clearly a need to focus on how biometrics as a whole, as technology matures, can support identity verification at scale and gain widespread public acceptance as part of a broader digital policing and security initiative. While it has been recognised by the Home Office that biometrics can be used as an effective way of linking people to their records at key decision points, data from a single biometric technique is rarely, if ever, used as the sole source of evidence in sensitive decision making. It’s also important to note that the legal validity is often dependent on the way in which biometric data is collected, handled and processed. Gaining public consent in the creation of a broader digital identity program is one of the critical success factors however this can more easily be achieved by tapping into the consumer acceptance of the use of biometric techniques and the individual’s digital identity on their own consumer technology.
Because of these points, it is essential to take a strategic approach when embracing biometric technology. This entails going back to the basics and understanding the needs of the end user, whether employee or customer, and then taking an open approach to selecting the right biometric technique, for the right use case, based on the scenario. For example, processing a passport application is very different to crime scene DNA collection.
Understandable concerns around street crime and public security are further amplified on a national level due to the potential catastrophic consequences of failed security checks. One of the most important places this can be seen is at airport security checks, with both the general public and employees keen to see security measures improve. More rigorous identification must be enforced that begins from the onboarding process, as currently passport and visa applications are based on outdated techniques such as physical IDs or even third-person referrals. This is an area where a digital identity program with high adoption levels can gain consent. The ability to gain consent really lies in providing the combination of a great digital user experience on mobile whilst ensuring a highly secure experience for the individual. Consent is easily gained if this balance can be achieved.
Many public sector services still rely heavily on a combination of passwords and hardware technologies to create a One Time Passcode, despite a drive towards adopting Bring Your Own Device strategies, in which employees can access corporate data through personal technology. This, in combination with biometrics, can achieve the digital identity required to enhance user experience and productivity, whilst increasing the security for the user and enterprise. The reliance on passwords and the costs associated with the peripheral technologies like tokens or the use of SMS to deliver the One Time Passcode capabilities is an area that organisations have recognised as a weakness in their security strategy.
Delivering stronger authentication capabilities without the higher costs is a common goal. Yet despite a big push from the government to adopt both biometrics and widely used consumer technology, the use of mobile and biometrics to increase security remains unfulfilled. It presents a great opportunity to embed a security transformation within a wider digital transformation.
Whether focusing on employees or the public, a security transformation is required. Expectations are linked to digital, mobile and ease of use creating productivity. Organisations have the opportunity to take advantage of some of the work done within the biometrics test programs to date, but by taking a multifactor approach focusing on consent, mobile and user experience, significant progress can be achieved.
In short, the opportunity to transform and leverage widespread consumer adoption will drive greater acceptance. The user experience today has become the single most important factor in security, as the connection with productivity and performance has long since been proven. Taking advantage of these market and individual requirements remains the key to improved security and ultimately will accelerate any digital identity program.
Jason Tooley is chief revenue officer at Veridium and a board member at techUK.