Govt biometric ID cards could be vulnerable to fraud, warn experts

A leading biometrics expert has warned the government that biometric ID cards, due to be rolled out from 2007, could be...

A leading biometrics expert has warned the government that biometric ID cards, due to be rolled out from 2007, could be vulnerable to fraud unless it invests in more sophisticated iris recognition technology.

Professor John Daugman, who pioneered the developed of iris recognition at Cambridge University said that the biometric systems under test by the government were not sophisticated enough to distinguish between real and fake eye images.

"I am quite worried about the way that national ID cards will work out if the wrong camera is chosen. This is a technology that depends on choosing the right camera," he said.

Daugman was speaking after a Japanese academic revealed new research at the Biometrics 2004 conference in London, demonstrating that commercial iris recognition readers can be fooled by using eye images printed on paper.

Professor Tsutomo Matsumoto, of Yokohama National University, found that two commercial iris readers could be fooled 100% of the time and a third was fooled 50% of the time.

In the wake of the research, Daugman said it was essential for the government to choose advanced iris recognition cameras cable of distinguishing between real and fake eyes.

Biometric suppliers are in the process of developing readers capable of distinguishing the movement and light reflections of living eyes from iris images, he said.

Fingerprint readers are also at risk from spoofing from "gummy fingers" - artificial fingers made from gelatine, Matsumoto revealed.

He presented research to show how researchers were able to crack the fingerprint protection in a mobile phone and secure PKI token using the fake fingers.

The success of the UK’s ID card scheme would depend on how securely the government is able to store biometric on the central population database, he told Computer Weekly.

"The storage of data on the central database is a crucial issue. Once such information is disclosed, if there is no mechanism to protect the information that might be a problem," he said.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Antivirus, firewall and IDS products



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...