ShareThis Page
News

Former Charleroi resident helping to shape world of biometrics

| Sunday, Dec. 15, 2002

Biometrics is an unfamiliar word to most, but to former Charleroi resident John D. Woodward Jr., it is a vital part of his work at RAND, a nonprofit institution that helps improve policy and decision-making through research and analysis, as a senior policy analyst and researcher on the biometric team.

Of RAND, Woodward said the name is a contraction of the term research and development and the first organization to be called a "think tank."

The use of a person's physical characteristics or personal traits for individual identification, or how we recognize one another, is what biometrics is all about, he explained. Fingerprints, faces, voices and handwritten signatures are known ways of identification.

In the booklet, "Biometrics, Facing Up to Terrorism," Woodward said, "Biometric-based systems provide automatic, nearly instantaneous identification of a person by converting the biometric, a fingerprint for example, into a digital form and then comparing it against a computerized database. Fingerprints, faces, voices, iris and retinal images of the eye, hand geometry and signature dynamics can now identify us."

Woodward admits these technologies seem exotic, but in this age of terrorism, there use is becoming common. The January 2000, MIT Technology Review named biometrics as one of the top- 0 emerging technologies that will change the world, he noted. "And after Sept. 11, biometric technologies may prove to be one of the emerging technologies that will help safeguard the nation."

Woodward said biometrics, not a complete solution to the terrorist problem, "is more of a tool." It can be used to improve security in three critical areas: Controlling access to sensitive facilities at airports, preventing identity theft and fraud in the use of travel documents, and identifying known or suspected terrorists.

Currently, badges, keys or passcards provide access to sensitive areas at airports. Whoever has them is granted access and since they can be easily forged, stolen or misplaced, they are not particularly secure, Woodward said. Combining that with something a person must know like a PIN number helps, but that system too is easily compromised. But if a person in a sensitive area of an airport must present a biometric of the iris to a sensor, this device would capture the person's iris image and convert it to a template or computer-readable representation, then search the database for a match. This system was already in use at the Charlotte-Douglas International Airport in North Carolina at the time Woodward's booklet was published in October of 2001.

Controlling access to sensitive facilities, and preventing immigration fraud and identity theft, can be accomplished with a variety of biometric systems such as a fingerprint on a bar code, chip, or magnetic strip and encrypted bar codes on travel documents or badges. This technology is readily available, said Woodward.

Several suspected terrorists later involved in the Sept. 11 attack, came to the United States with valid travel documents. At least three were known to the Central Intelligence Agency and the Immigration and Naturalization Service. The agencies were advised to be on the lookout for Khalid Almihdhar and Nawaf Alhazmi because they were videotaped talking to people implicated in the USS Cole bombing. When the INS checked its database, it found the pair had already passed procedures and were in our country. The FBI searched for them, "like looking for two needles in a haystack," said Woodward. The FBI was still searching for them when the Sept. 11 hijackers struck. The pair is believed to have been on American Airlines Flight 77 that crashed into the Pentagon.

Woodward said another biometric, facial recognition could help authorities particularly if they already have a photograph of the suspected terrorist they seek. Facial recognition systems that use a camera to capture a digital image, matched as a watch list or computerized database of suspected terrorists templates, could alert authorities to a potential threat. Clearly, it would have kept Almihdhar and Alhazmi from entering the country, he said.

Though facial recognition systems show promise, they are not yet advanced enough to be considered fully mature. Woodward cites a leading biometrics expert, Dr. James L. Wayman of San Jose State University, who stressed that there is room for improvement in both the algorithms used to match sampled faces and in databases of file images.

While civil libertarians decry the use of facial recognition systems as an invasion of privacy, the key lies in balancing the need for security with the need to protect civil liberties, said the RAND analyst.

Woodward, a graduate of Georgetown University Law Center, a business graduate of the University of Pennsylvania's Wharton School of Economics, and a former operations officer with the Central Intelligence Agency, said law and policy concerns need to grow simultaneously.

When Congress appropriated $15 million to the U.S. Army to examine the social, legal and ethical implication of military use of biometrics technology, Woodward worked with the Defense Department's biometrics management office on the project.

"The Defense Department is very serious about using biometrics aggressively. In their Bridgeport, W.Va., offices, they are doing independent testing and evaluations," he said.

In the book, "Army Biometric Applications," authored in part by Woodward, the RAND study notes a digitized Army of the 21st century depends on secure command, control, communications, and computers. Biometrics has been suggested as a means to enhance this security.

The study found the three main sociocultural concerns, information privacy, physical privacy and religious objections, is more positive than negative for the future of biometrics. Woodward said, biometrics safeguards information integrity and thwarts identity theft. Religious objection based on language from the Book of Revelations, raised by a certain Christian sect, is small. Yet, some in the military may hold the same view and they must be prepared to address the objections.

In the RAND booklet, titled Super Bowl Surveillance, Woodward said, "as with any new technology, public understanding of its operation and uses may mitigate many of the fears about Big Brother."

Woodward, who has been called upon several times to give testimony before Congress about biometrics, has contributed to a number of books, booklets and articles for his work at RAND. Now his own book will be in bookstores by this Christmas. Titled "Biometrics: Identity Assurance in the Information Age," the publisher is Osborne McGraw Hill.

Woodward is one of "about 1,000 plus professionals" who work in RAND offices in Arlington, Va.; Santa Monica, Calif., and Pittsburgh. Woodward works at the RAND Arroyo Center in Virginia.

Son of retired Washington County Recorder of Deeds Olga Woodward, he is married to the former Shirley Cassin. She served for a year as law clerk for U.S. Supreme Court Justice Sandra Day O'Connor.

When the pair of legal experts leave their offices, the Woodwards retreat to a cabin in the Shenandoah Mountains in Madison County, Va. They don hip boots to enjoy their No. 1 hobby, fishing for brook trout.

Biometrics a tool in war against terrorism

John D. Woodward Jr. said biometrics is not a complete solution to the terrorist problem, but rather a tool.

The following examples illustrate challenges authorities face as they attempt to keep our country secure.

An article called Homeland Insecurity by Charles C. Mann that appeared in the September issue of The Atlantic Monthly points out some of the ways biometric tools are fooled.

In a face recognition system, by showing the sensor a short digital movie of someone known to the system, on a laptop screen, the system was fooled.

For the iris scanner, someone photographed an authorized user, took the photo and created a detailed, life-size image of his eyes, cut out the pupils, and held the image up before their face like a mask. The scanner read the iris, detected the presence of a human pupil and accepted the impostor.

Fingerprint readers can be tricked by breathing on them, reactivating the last user's fingerprint. In another instance, graphite powder was used to dust the latent fingerprint left on a glass by the last authorized user, then the image was picked up on adhesive tape. When the tape was pressed to the reader, the system was fooled.

Mann's article also points to a National Research Council study that states biometric identification cards can be vulnerable, and that raises the economic incentive to counterfeit or steal them, with potentially disastrous consequences to the victims.

Mann cited a statement by Bruce Schneier, a prominent creator of codes and ciphers, and author of a 1993 book called "Applied Cryptography." If somebody steals "your biometric thumbprint," Schneier explained, "because we've centralized all the functions, a thief can tap your credit, open your medical records, start your car, any number of things. With a credit card, the bank can issue you a new card with a new number. But this is your thumb — you can't get a new one."

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.

click me