July 29, 2008
Many frazzled consumers of information security products yearn for a day when passwords take their place alongside buggy whips and 8-track tapes in the museum of obsolete technologies. For years now, one of the leading contenders for replacing the venerable user-id-and-password paradigm has been biometrics—authenticating an individual based on some inherent physical characteristic.
Such systems have been slow to be deployed, but in 2001, the U.A.E. installed an iris scanning system in an effort to speed up the immigration lines in the Dubai airport. Screening incoming passengers reliably and quickly is a priority for airport security in the U.A.E., given that in the last five years alone, more than 250,000 deported workers have been caught attempting to re-enter the country illegally. Iris scanning has many properties that make it ideal for such an application. It is fast, non-intrusive, and very reliable compared to other biometric technologies. One touching anecdote tells how a photographer used iris scanning to identify an Afghan girl he had photographed 18 years earlier.
Iris scanning, at least in its current form, does have one drawback, however: it has no "live tissue verification," meaning that the scanners have no way of telling the difference between a living eyeball and a picture of an eyeball. It appears that this shortcoming is now being exploited by individuals aiming to enter Dubai illegally—police last week arrested two Russians and a Moldovan on suspicion of smuggling fake iris scans into the country. This could be a major problem for the iris scanning program, which led to the arrests of more than 4,000 people who failed the iris test in the first six months of 2008 alone. In the near future, the U.A.E. plans to augment the iris scanning program with full facial scanning; perhaps this will mitigate the risk of relying on iris scans alone.