Issue No.05 - September/October (2005 vol.3)
Published by the IEEE Computer Society
Katharine W. Webb , RAND Corporation
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2005.117
A book review of "Biometrics for Network Security," by Paul Reid.
Paul Ried's Biometrics for Network Security is intended to help network managers evaluate biometric security solutions for information systems. It's easy to see why the author feels biometrics will take hold and replace (or augment) other common forms of identification such as passwords and identity cards. Rather than remembering multiple passwords or carrying around multiple cards, as many of us do today, biometric access is controlled with identifiers we carry around daily: fingers, eyes, hands, and voices. Although the private sector continues to expand its use of biometrics in the workplace at a deliberate pace, the government's interest in using it for workplace security and, more importantly, for border security and identification of suspected terrorists has increased rapidly and substantially.
Biometrics for Network Security provides a framework for thinking about how to use biometrics for network security, along with useful commentary on the attributes of different commercially viable technologies and guidance for implementing biometrics in a workplace environment. The author begins with a succinct review of different reasons for using biometrics in network security and a discussion about the rights to privacy of customers, employees, and employers. The choice of biometric technology can affect privacy and perceptions of privacy: biometrics are unique identifiers that can't be reissued or changed, so protecting this information and the privacy rights of individuals using biometrics is a big concern.
The author's checklist of what makes a good biometric is useful, although some of the criteria seem to be redundant, and, curiously, the consideration of privacy that he highlights earlier in the book is missing from the list. He also discusses different biometrics and offers an evaluation of how they work, including how they might be spoofed or fooled. Ried then provides important information on evaluating biometrics based on workplace needs and environment, including a useful discussion on error rates and balancing false acceptances (allowing access to people you want to keep out) versus false rejections (not allowing access to people you want to let in).
Ried's experience with biometrics system implementation is most obvious toward the end of the book. Having witnessed the rollout of biometrics systems that weren't as well tested as they should have been, I found his suggestions for preparing for proof of concept, selecting a vendor, and pilot development very much on the mark.
Readers responsible for implementing biometrics as well as those who consult on the topic or are interested in using biometric technologies will find this book helpful. Although I might have organized it differently, the chapter headings are informative and incorporate detailed subcategory listings that can help you quickly find relevant materials for your specific needs. Although biometric technology continues to evolve, the author's criteria for considering and choosing among biometrics and his descriptions of the pros and cons of alternative biometrics remain relevant. Anyone involved with implementing new systems should read the last several chapters, regardless of their experience.
Katharine W. Webb is a senior policy researcher at the RAND Corporation. Her research interests include program evaluation, resource allocation, decision-making, and biometrics. Webb has a PhD in policy analysis from the Pardee-RAND Graduate School. She is a member of the Association for Public Policy and Management. Contact her at firstname.lastname@example.org.