A BIOMETRIC trait is not just unique, it is also for life. That is one of the claims often made for biometric-based security systems like iris recognition. Now it appears that iris scans can produce subtly different patterns over time, so the older the image of a person's iris stored on a computer, the more likely that the system will fail to match it to a new scan of their iris.
Iris has been touted as the most durable biometric available for identity management applications that are practical for some uses given today's technology.
That still may be the case. Biometric identity management systems are not replacements for current security systems and protocols. They are augmentations of those systems. Very few security solutions are completely unstaffed.
The lock on your front door is apparently unstaffed, but is it? If you live in an apartment or are staying in a hotel and you lock yourself out, the front desk staff will verify your identity and issue you a new key. If you live in a house, a locksmith can verify your identity and gain access to your abode for you.
The deployment of biometric identity management solutions has more to do with making better use of the existing security staff rather than putting computers in charge of security.
Using the example from the linked article -- the false rejection error rate increases by 75% over four years -- it is not clear that this is a big problem for iris matching technology.
First, if the false rejection rate the day after you enroll in the system is one rejection in 1,000 verifications, then your odds of having to check in with the security guard are 1/1,000 or a .1% chance. Four years later, your odds are .175%.
Compare that number to the odds of getting to work without your prox-card or ID badge. If the false reject rate is lower than the forgotten ID rate, it is appropriate to proceed to a comparison of the costs of each alternative.
The scientific- and business communities are concerned with two very different metrics. The scientists are, and should be, obsessed with perfection -- forcing error rates seen in the lab into the infinitesimal. Businesses/consumers should concentrate on ROI asking: If I do this, will I be better off than I was?
