Biometrics will have the greatest impact on physical and logical access and, secondarily, sometime in the not-too-distant future, perhaps in tactical warfare situations, according to officials from the Department of Defense, whose interviews appear in a new U.S. Department of Defense (DoD) publication.
Released last month (August 2004), the 25-page report titled “What DoD Thinks of Biometrics” is based on a survey conducted by DoD Biometrics and the RAND Corporation’s Arroyo Center, between January and June 2003, when 54 interviews were conducted across the United States and at U.S. military installations overseas. Highlights of 13 of those interviews are included in the report. “Though obviously not statistically representative of DoD’s views on biometrics, the short publication does provide informative, and insightful comments on the technology,” says the document’s the introduction.
Coincidentally, the DoD released on its web site at the same time a Biometrics 101 tutorial video, a collaborative effort between the National Defense University at Fort McNair, Washington D.C. and DoD Biometrics. It covers basic biometric concepts, and societal issues associated with biometrics.
“It is important for Department of Defense Biometrics to provide this educational service to DoD members who may be unfamiliar with biometric technologies,” said John D. Woodward, Jr., Director of the DoD Biometrics Management Office. What DoD Thinks of Biometrics…reports how members of the national security community view the technology.”
Purpose of the report was best stated in its introduction: “In reviewing the biometric literature, one is struck by the limited amount of information describing how potential implementers and users perceive the technology. This lack of information exists particularly with respect to the national security community. In light of this situation, DoD Biometrics hopes that this document will contribute to the DoD community’s, and the general public’s, understanding of biometrics.”
Interviewees included current and former political appointees, senior executive service and general officers, senior level and mid level DoD employees, representatives from the Federal Bureau of Investigation (FBI), and the National Institute of Standards & Technology (NIST), as well as academic experts.
According to the introduction, no names were used “to protect the anonymity of the interviewee, as many interviewees provided their personal opinions regarding biometrics, and were not speaking officially for their offices or organizations.”
“We are going to have to have biometrics. Biometrics gives you that third level you need with what you have, what you know, and what you are,” said one interviewee, identified only as “a former senior program director at a U.S. military research facility” and who views physical access control as “the most promising use for biometrics.
“Currently, ‘the man at the gate’ who physically inspects photo identification largely fulfills this role. ‘Experience tells us that an individual looking at a card is not reliable… We need the technology to do the work for us,’ he said. He sees biometrics as being able “to reduce manpower” because it can be used with unmanned systems.
“Smart gates, which ‘let the good guys in,’ is one of the best future applications for biometrics.” He sees biometrics being used in combination with smart gates and prox cards. “If I tell you 100 feet before I get to the gate that I am coming in, you bring up my record [in the database].” The interviewee said there was a critical need for developing technologies for
A mid-level officer with criminal investigation experience sees contractors and other personnel (e.g., garbage collectors, delivery drivers) routinely access U.S. installations with minimal background checks. He noted that contractors or other workers who are dismissed from such a job (e.g., for being a security risk, for criminal behavior, for poor performance) can easily assume another identity supported by fraudulently-obtained paper-based documentation. He thinks if all contractors were fingerprinted when they apply for a job on base this could be prevented.
Another interviewee noted that about 40,000 foreign visitors access DoD research facilities each year. The current admittance process involves the guest signing in on a paper and ink guest log maintained by a security guard. A former political appointee thanks it would be beneficial from a security standpoint to be able to track these visitors—to know how many facilities they accessed, where, and when. Biometrics could help.
For logical access, one military department official doesn’t see biometrics replacing passwords. He said he would like to introduce this technology “by binding biometric data to smart cards like the CAC (Common Access Card).” This same person thinks that as biometric costs decrease, computer keyboards and other devices, would be equipped with biometric scanners and swipe card readers.
An official at a Combatant Command regards the “insider threat” as the greatest danger to DoD security and thinks biometrics would lead to a better audit trail. “Biometrics are much harder to repudiate, whereas something like a cipher lock, combination, or even a password does not necessarily tie access to a particular individual the way a biometric, like a fingerprint, does.”
Another official, unfamiliar with biometrics, wonders if there are practical reasons for doing away with passwords. “For example, he asks, “how much data do we have that shows negative results from forgotten or misplaced passwords in DoD?”
One biometric application that hasn’t been discussed as much is its use militarily. A General Officer at a Combatant Command, said he has an immediate use for being able to authenticate “the identity of U.S. personnel transmitting sensitive information.” As an example. .
“In Afghanistan, U.S. aircraft were stacked up in the skies, waiting for target coordinates to be verified. If you expedite this process by letting the agents dial directly to the aircraft, you set yourself up to be deceived if, for example, the enemy captures the transmission device and uses it to send a false transmission to bomb U.S. positions. The interviewee emphasized that he has a short-term requirement for a highly reliable, high performance way to verify that the person sending the coordinates is who he says he is. Again, he thinks biometrics might be able to help him with his requirement.”
Of course, the same official said, biometrics “could provide a quick means to identify casualties, a long-standing requirement, if biometric records of service members are kept in a searchable database…This use of biometrics would probably be faster than using DNA in many cases.”
A mid-level Army officer at the National Defense University said that given the current state of biometrics, he would use the technology only for very high assurance operations, “like nuclear release activity or very high variance message traffic.” He does not think the technology is ready for deployment to enable basic weapons systems.
But putting the whole thing into perspective is this comment from another DoD official who, stresses that a case should be made for a particular technology before it is utilized. “The question shouldn’t be, ‘Can we build this?’ It should be, ‘Is there a need?’
About DoD Biometrics Management Office
A definition of the Biometrics Management Office (BMO), as noted in the report, it that it “is responsible for leading, consolidating, and coordinating the development, adoption, and use of biometric technologies for the Combatant Commands, Services, and Agencies, to support the warfighter and enhance Joint Service interoperability. The BMO reports to the Army Chief Information Officer who acts on behalf of the DoD Executive Agent for Biometrics, the Secretary of the Army. The recently formed Identity Management Senior Coordinating Group provides senior-level, DoD-wide strategic guidance to the BMO, given its mission to oversee efforts in the areas of biometrics, public key infrastructure, and smart cards.”
To access a copy of the report on the BMO website, click here