biometric sample should in principle be discarded. In the case of a
match, a human operator decides on further action.
Unlike the use of other forms of authentication, such as passwords
or tokens, biometric recognition provides a strong link between an
individual and a claimed identity.
One area where biometrics can provide substantial help is in
guarding against attempts to establish fraudulent multiple
identities or prevent identity fraud. By searching through the
stored references, individuals who appear to have previously
enrolled using a different identity can be highlighted for further
investigation. Biometrics is usually the only means for this type
of check.
2.8.4 THE MULTIBIOMETRIC SYSTEM APPROACH
By combining the biometric features for identification and
verification, a multi-biometric system is generally considered
better than a system which uses a single biometric feature. A
multi-biometric system captures more than one type of biometric
for enrolment in the database. This improves the accuracy in
establishing identity and in cases where a person is not able to
provide one of the biometric features, he/she can still enrol the
second biometric feature and is hence enrolled with at least one
biometric in the database.
People with criminal intentions might focus on cheating one
biometric feature, but will fail if a second biometric feature is also
verified. It is extremely challenging for criminals to obtain two
samples of biometrics of the same individual. Thus, a sophisticated
level of security helps the multi-biometric system to perform
better than the traditional system.
2.8.5 ALGORITHMS AND APTITUDE
With the use of biometric matching, engines and algorithms
must be set at certain tolerances in order to balance security and
facilitation. Like all aspects of EOI, biometrics is still working in the
realms of risk and probabilities. Some biometrics lend themselves
to more consistent matching than others, and a very high accuracy
can be achieved across most of the key biometrics used for
traveller identification. Ultimately, however, the use of biometrics
should be seen as one tool in the EOI suite, as all technologies
can be undermined. Biometrics is not a panacea: for example, a
person could have unique fraudulent identities in multiple States’
systems if the biometric information is not combined with other
EOI.
The human factor in assessing biometrics is also worth noting –
particularly for facial recognition. Recent studies indicate people’s
natural aptitude for matching faces varies greatly, and is not
influenced significantly by training. Some people are naturally
good at facial comparison, which impacts how States deal with
exceptions that fall out of facial recognition systems (e.g. watch-
lists) for manual comparison, and also who States should employ
on their front line border posts.
2.8.6 PRIVACY CONSIDERATIONS
There are some legal and ethical considerations centering on
the collection and use of biometrics, but those issues concerning
privacy rights of individuals and personal identification receive
the most attention. One concern is about the ownership and the
use and onward sharing of the stored biometric data. Stored
biometric data must be properly protected. There should not be
any unauthorized collection, use, onward sharing, or retention of
biometric data, and biometrics need to be deployed in accordance
with national law, where it is most effective and appropriate,
and in accordance with the principles of purpose, specification,
necessity and proportionality. The public must be pro-actively
informed about data usage and data retention time, to gain trust
in both the system and its use and oversight.
2.9 OBJECTIVE E APPLICANT
USES THE IDENTITY
The aim of Objective E is to provide further confidence about an
individual’s claimed identity. In particular, Objective E is concerned
with demonstrating the consistent use of the claimed identity.
Documents and records that are used to satisfy Objective E are
intended to be used for the corroboration of identity information
provided to meet other objectives. As a guide, these documents,
records and information should be from a trustworthy source,
be dated, and include the name and, where appropriate, address
of the person applying for the service. Objective E documents
and information can be used more extensively by authorities to
counter known weaknesses in other objectives. Use of identity in
the community is often referred to as ‘social footprint.’
2.9.1 SOCIAL FOOTPRINT
The social footprint is based on the premise that everyone has
dealings with a variety of organizations in their daily life, many of
whom maintain records about this engagement that are publicly
available. A person’s social footprint builds up over time, and
the continuity and longevity of identity-related information is a
valuable element of the EOI approach. It covers life events and
how a person interacts with society, and can include details of
education and qualifications, electoral roll, employment history,
driver licenses and tax numbers, healthcare and interactions with
organizations such as banks, utilities and public authorities. This
can also extend to an applicant’s digital footprint, whether that be
social media or utilising IP address.
The exact nature of the checks made will depend on the laws and
customs of the country. However, authorities should bear in mind
that the use of an identity must not always be the proof of its
legitimacy (e.g. occasionally people are known by acquaintances
and local authorities by a nickname, aliases or another assumed
name for many years). By integrating social footprint information
and checks within the application process, it is possible to deter
potential fraudsters from attempting to make false applications.
Social footprint can also enable the authority to validate the
consistency of use of information across authorities over time,
which enables the adoption of a more risk based approach.
THE EVIDENCE OF IDENTITY (EOI) APPROACH
ICAO
13