The Standards Driving Biometric Adoption in Physical Security

SIA Education @ISC West will provide conferees with more than 70 sessions of valuable information on important topics in the security industry at the Sands Expo in Las Vegas on April 10-12.

John Santini Jr., Chief Engineer, Princeton Identity, based in Stonington, Connecticut, will team up with Blaine Frederick, Vice President of Product Management, EyeLock, to present The Standards Driving Biometric Adoption in Physical Security, on Tuesday, April 10, at 1:30 p.m. Santini chatted with SIA about his session in an exclusive interview for the SIA Blog. Register for ISC West at http://www.iscwest.com, and find more info on our education sessions at http://www.iscwest.com/Education/.

SIA: Can you tell us a little bit about your background and how you were inspired to present on the topic of “The Standards Driving Biometric Adoption in Physical Security” at ISC West?

Santini: I spent most of the early part of my career supporting the Department of Defense (DoD), and particularly the U.S. Navy, in new technology development and transition. The adoption of standards by DoD over the last two decades has enhanced system capability through interoperability while reducing cost. Standards now play an important role in the design, development, maintenance and acquisition of DoD systems. Early on, I learned the value of standards for the end users as well as the product and technology providers—and the penalties in both cost and capability when they are lacking or not adopted. I am relatively new to the physical security industry but see that standards are taking hold, and I am anxious to lend my passion for them to their adoption and further development and application here.

SIA: Briefly, what do you anticipate are key important takeaways concerning biometrics and standards in your session?

Santini: Emerson reminded us that “A foolish consistency is the hobgoblin of little minds…,” and I think this observation is important to our discussion of standards adoption and not merely tongue-in-cheek. The operative word here is “foolish,” and in the design and adherence to standards this could not be more relevant.

It is easy for brilliant innovators to stand firm against standards with the claim that they stifle creativity and normalize to the mundane and marginally effective. A good standard, however, does not stifle but supports by normalizing the mundane and freeing those who work to further technology to attend solely to where they excel. They also make the environment more accessible to newcomers, who often bring the disruptive improvements to a field. In this way, standards are good for producers of technology. As a result, the state of technology advances and superior product offerings are available to consumers. I think the most important takeaway is that it is essential that standards are good, and that good standards are good for everyone involved.

SIA: How do we best make the business case for implementing a standards-based approach to biometric product development and adoption?

Santini: Each of us is in this business because we believe that our organization brings unique capabilities to our customers. The business case for a standards-based approach is simply that it allows us to focus on developing and selling our strengths. Standards support and promote interoperability, which frees business from the many distractions of single-source solutions. They facilitate collaboration which invariably brings quality offerings to new markets.

SIA: What important biometrics standards exist that should be considered? How do they apply to identity management and access control?

Santini: I think the most important source for biometric standards is the U.S. National Institute of Standards and Technology (NIST). NIST has established standards for the most common biometric modalities applied to the domain of physical security. The FBI biometric specifications are also well researched, mature and operational in a variety of applications and industries.

The many standards from these organizations address quality, management and interchange of biometrics, each of which is important to physical security. At this time, I believe the standards relating to the interchange of biometrics are of crucial importance as those enable interoperability, as I mentioned before, bring advantages to businesses as well as consumers. Most are familiar with the biometric leg of authentication being “something that you are.” At the very least, the existence of biometric standards provides confidence that best practices are applied to an enterprise that is fraught with risk. Tracking those standards, very much like tracking standards in cryptography, affords a method to maintain security in a dynamic and difficult field.

SIA: Are there key privacy considerations in play when considering biometrics standards?

Santini: The power of biometrics is their potential to render an objective identification based on the measurement of a physiological property of a person. The beauty of such a measurement is that it is at once convenient, persistent and definitive. The first two of those constitute the greatest risk of biometrics. Convenience suggests that without care, someone’s biometric measurements might be obtained by a malintent. Persistence implies that such a property, used directly as a credential, is potentially singular and irrevocable. These conspire to make privacy a paramount concern of biometrics. Around the world, nations are wrestling with the issue of management of biometrics. Standards continue to evolve in this area, and it is important that the physical security industry follow their development as a tool to ensure responsible application of a precious commodity.

SIA: What’s one thing you would like folks to think about prior to attending the session?

Santini: I would like everyone to consider barriers to the application of biometric standards in physical security. I imagine these will vary, depending on an individual’s relationship to the industry. But whatever they may be, I hope that in some measure they are addressed in the session; and when they are not, I hope that they are raised as questions. I believe in the importance of standards, and such claims are hollow if they are not challenged. I believe that vetting the concerns of this diverse group will be a worthwhile step toward addressing challenges.