HID Connects Podcast Episode 5: Are We Ready for Today’s Biometric Technology?
Biometric technology is a wide-ranging topic that touches many aspects of our lives. In this episode, we will explore key trends — both technological and regulatory — as well as current barriers to adoption, and even what the future of biometrics may hold.
Join us for this episode of HID Connects where HID experts Karen Higgins, Katie Björk and Roland Fournier will share their insights as they discuss the important question: Are we ready for today’s biometric technology?
Take a minute to listen below. And while you’re at it, be sure to subscribe to receive future episodes.
Here is a transcript if you’d like to read along:
Welcome to HID Connects, the preeminent podcast on trends, technology and all things related to trusted identities.
Hello everyone. Good morning, good afternoon, good evening — whatever time it is and wherever in the world you may be. My name is Matt Winn, your podcast host and resident secure identities nerd. Welcome back to the HID Connects podcast. Today's episode is going to focus on the wide-ranging topic of biometric technology.
While we could record an entire series on biometrics, for the specific discussion for today, we'll focus on the larger question, “Are we ready for today's biometric technology?” Now our main focus areas will include key trends, both technological and regulatory, as well as current barriers to adoption, and even what the future of biometrics may hold. So, since there's so much to unpack here, let's just jump right in by introducing our expert panel.
Joining me in person bright and early from our studio is Karen Higgins, HID’s head of Legal. Karen, thanks for joining me in the studio. Mind saying hello to our listeners?
Hey, everyone, it's great to be here.
Excellent. Great to have you. And dialing in all the way from 2023 Eurovision champion Sweden is Katie Björk, Director of Communications and Solution Marketing from our Identity and Access Management group. Katie, welcome to the podcast.
Thanks for having me.
Excellent. And last but not least, beaming in from the East Coast of the United States is Roland Fournier, HID’s Senior Director of Product and Solutions within our Extended Access Technologies Biometrics Business Unit. Roland, beyond the mouthful of a title, thanks for joining. How are you?
Good, how are you?
Very good. Very good. Thank you all for joining. Not sure about you, but I am excited to get started, so let's get to it. All right. So, as I get cued up, we're going to start with some biometric trends which are plentiful, especially in today's environment.
Katie, I'd like to start with you. What are some of the things that you're seeing in the biometric space? You've got some good insights in the context of biometric passkeys and the route to passwordless. So, share your knowledge with us, please.
That's a great place to start. Getting rid of passwords or not having to enter them is something that most of us are trying to do, and using biometrics is a really good path to that.
If we look at the everyday examples that we have, if you use multi-factor authentication really often, then biometrics will be there. If you think about your phone, you most likely are using biometrics to unlock it instead of putting in the pin every time. It's a way to avoid putting in the password. It's a convenience factor. It sometimes even replaces the knowledge out of MFA by making it just easier for you.
In that very similar sense, there's something called a passkey, which I believe is something that will grow and therefore is a trend. I believe it's going to become dominant. It's basically saying instead of entering a password, you're going to get to enter a passkey. That's a very smooth process, right? You will have an application or a website that will offer you that option. So just when you're going to go and put in your password, it’ll say, “Hey, would you like to do a passkey instead?” And it's going to say, “Just put your fingerprint on your reader or scan your face,” and it will be saved on the device that you’re on. And there you go. This is something that Google, Microsoft and Apple have already adopted. That's something that HID is able to do on the authentication side, and it's something that will keep growing. Biometrics take a huge credit for the reason why it's becoming something that people are already willing to do.
Very cool. Perfect segue. Roland, over to you. You've got a lot of experience in terms of the technology behind the biometric technology. What are you seeing in terms of technological advancements in this space?
I think one of the biggest areas that we're seeing is the advent of facial recognition really coming to the forefront — coming from the traditional government use cases for identity fraud, for driver's licenses and passports, to really getting into more commercial types of applications.
I think COVID helped accelerate that whole push to contactless, and as people were going contactless, facial recognition was just that natural progression in doing that. Traditionally, well, I would say several years ago, face was far behind fingerprint biometrics as far as accuracy. What we've seen with regards to AI and machine learning is the accuracy of face has really caught up to a lot of the other biometrics including fingerprint. There's a lot of really good research and a lot of really good advancements in that area that have made it accurate and convenient.
The other advancements that we're seeing is we're developing the camera technology to be able to interact with people and be able to take pictures in all the difficult lighting positions, whether it's really dark outside or whether there's a lot of sunlight behind you, which has been a traditional issue with facial biometrics. What we're seeing now is the camera technology has caught up in not only being able to handle the lighting conditions, but also being able to do (what we call) multispectral imaging, being able to do near infrared and color, as well as being able to detect whether there's a fraud — whether the person there is alive versus whether it’s a mask, piece of paper or video screen on your phone.
Not only do we take that technology, but we've also seen the trend of bringing those smarts and facial biometrics to the edge. What that means is we're taking the algorithms and the matching capabilities that were traditionally big server databases and really making and pushing that matching capability to the side of the camera — being able to have that right there and being able to make decisions very quickly really improves the user experience overall for face.
Thank you for sharing that. Karen, Katie and Roland both talked about technological advancements, whether it's on Apple/Google accessing various accounts, or whether it's cameras with facial recognition technology. What are you seeing in terms of the regulatory environment, keeping up with all of these advancements? What trends are you seeing in that regard?
So perhaps mine is a little more mundane, but certainly there is the constant expansion of privacy laws and regulations globally. I think we're all pretty familiar with GDPR now, and certainly GDPR regards biometric information as very sensitive data. It's very challenging to commercialize, quite honestly, under the GDPR regime. But it's not just the EU, it's also other nations. China's rolled out a very comprehensive data privacy law and security regulations. Then the US — while we don't have a unified federal law, there are certainly bills that are percolating and moving up through the system, and states are enacting a patchwork of laws around privacy — laws around security and laws around AI technology.
Regulators are enforcing in all of these areas. The trend is certainly the expansion of these laws, the enforcement of the laws. I think that the trend is balancing the importance of protecting the privacy of the biometric data, making sure that companies use the data responsibly, that they source the AI technology responsibly.
But I think what gets lost at times is that this very biometric information can be used to protect the integrity, the privacy of your identification, your assets, the places where you go. That needs to be respected too, but certainly not to undermine the importance of regulating how companies are using this information. Because losing a password is one thing. You can change it. But if a company is not really responsible with your biometric data, that is a problem and that is scary to people. But we don't want that fear to prevail over all the use cases, so we’re making sure that we emphasize how this information really can secure the privacy of many things.
Very well said. You bring up a great point around this balance between the benefits of biometrics and perhaps some of the fear that goes into it. We actually conducted a study late last year where we saw that a lot of organizations are very excited about biometrics, but there are a lot of organizations that are very hesitant to even start testing biometric technology.
With all of the talk and promise around the benefits of biometrics, again, there are a lot of people who are reluctant to even start adopting. So Katie, I'd like to start with you. What do you see as some of the main barriers of adoption to biometrics?
What's important to say before we start listing is this: it's very different when you look at different cases. It's very different if you're looking at companies that are looking to use biometrics to address the needs of their customers, or if it's something that they're trying to do to address the needs of their workforce. The regulations are different, the needs are different, the use cases are different. And the acceptance for giving that information is different.
So that's a constant moving target that companies need to see. Now, when it comes to challenges, I like to say that there are three. The reputation — and Karen just touched on it — people are worried. Sometimes the biometric data is only stored on that device because it just makes it more simple for the user. There's usually a bit less to worry about there. It's still important to follow, but that's something that people have a concern about. So that's something that blocks companies from implementing it or seeing a higher adoption. The second is the consistency, because biometrics are highly dependent on the environment on which they’re captured, they’re dependent on the device. If it's the camera, then how good is the camera, how good is the reader, and how good are the sounds, voices, biometrics — how much is happening in the background. Then the third is — well, it doesn't apply to every situation. If you're driving a car, you’re probably not going to have an easy time to just go and scan your face or fingerprint. Voice might be better for you if it happens to be something that can be done, but it doesn't apply to every situation. So those top three.
Thank you for sharing that. Roland, same question to you around barriers to adoption.
Roland, we can't hear you.
Sorry, it's the bass bar. So, very similar to what Katie and Karen mentioned. It always starts with privacy concerns in that regard. When there are lawsuits that have happened because they’re in various states, some of the commercial customers are very apprehensive in really understanding that. So it's a lot about education and communication with not only the employees but also the end consumers with regards to how biometrics are being used.
Again, user acceptance and usability are really critical to this as well. So really working with this, the customers need to look at their stakeholders in the business for their use case and really understand how biometrics are being used and educating them. If their employees are using biometrics for time and attendance, for example, or point of sale for anti-fraud purposes, how are those biometrics helping the overall business as well as what are the biometrics being used for and why are they collected, etc. Then on the user experience side as well, the best practice with regards to biometrics is looking for a partner and companies that have a modular approach. Start small based on the various use cases, get comfortable, understand the concerns, and understand education and their use cases. Then build upon that capability and expand the solution within their environment. I think those are the critical points.
Right. Thanks, Roland. Karen, back to you. What are your thoughts on barriers to adoption?
As Roland touched on, companies are fearful of some of the laws and how they've been enacted and enforced by some class action lawsuits and the draconian damages that can result from it.
There is a particular statute in Illinois that I say has been weaponized in some cases, because you don't have to prove any harm or really any exposure of your biometric identifying information, but you can still sue. The way the statute is currently being interpreted, it can result in hundreds of millions of dollars of losses for a company. That's a huge risk to take on. Insurance companies are continuing to erode coverage for these types of situations. I think another barrier and concern is when this data is hosted in a cloud environment versus the data sitting at the device level. As more and more companies want to roll out hosting of this information, people then think of the cybersecurity aspects to that. If there is an incident that occurs and that information then is exposed, that is a scary thing. As we touched on reputationally, it's hard to recover from that. But it's also hard to navigate the patchwork of laws around the world and the local data hosting requirements that you would have to stand up to in different cloud environments in different countries. You have to navigate the variances to the laws, how they're enforced. So there's a lot of complexity to it. Some companies aren't willing to challenge that risk, even though there is a huge upside as well.
You bring up excellent points across the board around why companies may be reluctant to adopt. But I also think there's something interesting to talk about around just everyday users becoming more and more willing to adopt.
You know, for the longest time, I refused to use any type of face ID with my iPhone or even the fingerprint because I didn't want Apple to have my data. Then when I was trying to get back into traveling and going through airports and having to go through the long security lines, I finally acquiesced and signed up for Clear, and it’s like, you know what? This is actually worth it. I can get through the line. I don't have to wait an extra hour at the airport. You can have “my data.” It's worth it.
So, as we go along this adoption curve, and knowing a lot of these very important barriers to adoption on the company side or the organizational side, what best practices do we suggest for teams looking to introduce or increase their use of biometrics?
To really complicate that question, how do we balance security, privacy, compliance and of course, user convenience? Katie, I'll start with you on that question.
I mean, the real answer is you have to make it easy for people to do the right thing. That's where it starts, right? Then you need to have the right security for the right users based on regulations, laws and use cases that they have.
If you have the right security and the right technology for the right users, instead of trying to go one-size-fits-all, you're already getting ahead in your strategy, in terms of implementing your whole security within your enterprise or your channels, to perhaps avoid people trying to circumvent what you're trying to do. Again, biometrics give you a leg up in terms of the user experience; you're already ahead. But if you try to do the same thing for everybody and make it too complex, people will find ways around it. So that's the way to start. Right security for the right user.
Very good. Roland, what's your take? Best practices. How do we strike that balance?
I think it all starts with — the user experience is the key, right? Whether that's biometrics or any other kind of technology, that really needs to be the focus, for the end user standpoint to really reduce that level of friction. The foundation of that is with regards to all the privacy. But you know, companies are really communicating to our customers that we have a privacy, security by design in our products from a technology perspective. It may be facial biometrics; it may be fingerprint biometrics, etc. But the underlying key is that we develop very secure products that use encryption for consent. It really helps to make that very easy and then create different components that allow resellers — our end customers — to integrate into their applications to make biometrics as seamless as possible, as Katie was talking about — really tailoring it to their various use cases or maybe even their geographic regions. As Karen kind of pointed out, the various privacy laws are different across the globe.
So make it easy to implement and sell the value. Makes sense. Karen, what's your take on this one?
You know, in terms of best practices, it's kind of the full lifecycle of biometric technology that it starts with the AI that you're sourcing.
You have to be responsible, understand where do those data sets come from? Are there concerns of built-in bias? How do we navigate those challenging questions that all companies are trying to figure out? There's no easy answer there, but it starts at that level; it starts in the very beginning of the process and during the development of the biometric technology.
Then from there — that's already been touched on — it’s making sure that we are trying, as HID and other companies are following leading standards, to comply with privacy and security requirements, that we try to de-identify the data as much as you can through encryption and other methods. Again, just making sure we emphasize that it's a privacy concern, it's a security concern. We need to continue to convey that information, give customers that comfort level to the extent we can, and also help foster other companies and advise (not legally advise) ways to navigate some of these laws in terms of the transparency of notice of the information. If there is consent needed to use the information, that the products also come with those helpful user guides, if you will, to help give consumers some comfort, but also to give companies and the downstream sales process of these products.
But it's a very holistic path and along each aspect of that path, security and privacy are behind it, and the ethical considerations need to not be lost as well.
Just do it the right way. All right. So, Karen, sticking with you, let's take a pause on what's going on today, and let's look into the crystal ball moving into tomorrow and beyond.
So it's a simple question. That is a short question. But what do you see for the future of biometrics?
I think and I hope that ultimately biometrics will be seen as a way to secure privacy and to enable an easier way to access your things, the places of business and protect your identities, that ultimately that will drive the continued development and adoption of biometrics. I do think that we'll be able to overcome some of these challenges. And I certainly have seen so many advancements in this area and strategies to bring a more comfortable level and expand that adoption that I think will happen. I mean, look at Clear. People seem to be comfortable with that and with the enhanced security that is behind it. But it's also easy. So those things will continue, and the use cases will continue to expand. That's what I envision.
I like it. Roland, what's your take on the future of biometrics?
I think the trend that's already started with COVID is really going to evolve around the seamless and contactless experience.
That whole evolution is going to continue. We're really starting to see facial go from very government-focused to smart commercial use cases. You're starting to see a lot of facial and seamless biometrics to really help the flow in the airport. I think you mentioned that earlier, and things like intent detection as someone's approaching a door, for example, to be able to say, “Is that person intending to do that and have it very seamless? Do we go ahead and identify that person and give them access rights?” And in those types of use cases, fraudsters are always going to try to circumvent the system. So you're going to really see not only liveness detection really get more towards the mobile devices, but also, how do we attack deep fakes and those kinds of things that are going ahead and creating these videos of people that look just like Roland.
Then really on the contactless side are other modalities such as a palm — we kind of saw some early use cases with Amazon trying to use the palm for paying inside of stores. It’s just really helping to make biometrics a part of your everyday life and very unobtrusive. So we'll continue that trend into the future.
Excellent. That would be a great podcast episode in and of itself. So, Roland, stay tuned. We'll have you back. Katie, your thoughts. What's the future hold?
The crystal ball tells us behavioral biometrics are things that are already available today and growing. To touch on what Karen said earlier, you have to make it easier to protect. You have to make it easier for the user.
I often like to say that you have to be able to offer the best security without compromising the user experience. That's what behavioral biometrics give you, right? We're familiar with physical biometrics — with the fingerprint, face and eye scan. But now you're able to actually use your behavior online to help identify who you are, identify those behaviors, the things that are usual for you. So that perhaps if somebody else has access to your credential, they won't act like you, they won't do things like you. And that can help protect. That's an additional layer, right? So it's an additional and different way of doing biometrics.
Another piece is we're seeing a lot of development touching on what Roland was saying about the AI driven facial recognition, you know, the liveness aspect of things which Roland was talking about, that's used a lot. Both of those technologies we see in the banking field growing a lot of interest.
It's because it's even making the lives of the people in the background that are working to protect, that much easier.
More use cases. More verticals. More people impacted all in the name of security and user experience. Okay, cool. Future seems bright but complicated at the same time, which is probably true for all of our lives, but that's okay.
Katie, let's stick with you. For the final thought, which just happens to be a question that is the title of today's episode coming out of the crystal ball and coming back to today: When it comes to biometrics, in your opinion, are we ready for today's technology?
I think the best is yet to come and we're ready to make our lives easier.
Very succinct. I like that.
Roland, same question. Are we ready for today's biometric technology?
Absolutely. Absolutely. As Katie mentioned earlier, you have to pick the right biometrics for your right use case and in the right scenario. Having a vendor that has a choice, whether it be finger, face or behavioral biometrics for your various use cases and having a very modular approach, will really help customers be ready and be able to implement the right level of biometrics for their various use cases.
Choice matters. Okay. Karen, you get the final word because we dragged you in here to the studio bright and early on a Friday morning. So final word goes to you. Same question. Are we ready for today's biometric technology?
You know, I'm not the most concise answerer: Yes.
I love it. What a better way to end.
A lawyer made it short. That doesn't always happen.
Put that on the record. That's a legal thing, right? Excellent.
Well, thank you all, everyone on our panel — Karen, Katie, Roland — for sharing your thoughts and your perspectives on this important topic that will, as we discussed, only grow more relevant as time goes on. And as always, an even bigger thanks to you for joining us and listening to this episode.
Even on a Friday morning, we truly enjoy creating this podcast and hope you equally enjoy listening. Now, while you're with us, be sure to subscribe to HID Connects. Doing so will ensure that you stay connected and do not miss future episodes, and you can subscribe wherever you get your podcasts. In the spirit of connection, send us your questions, ideas for future episodes and different topics.
All you have to do is drop me a line at [email protected]. So, until our next episode, thanks again for listening.
May your identities forever be secure.