September 11, 2001 : Attack on America
Richard E. Norton Executive Director, International Biometric Industry Association Before the U.S. Senate Judiciary Committee Subcommittee on Immigration; October 17, 2001

Richard E. Norton
Executive Director,
International Biometric Industry Association
Before the
U.S. Senate Judiciary Committee
Subcommittee on Immigration
October 17, 2001

Mr. Chairman and members of the subcommittee, thank you for inviting the biometric industry to offer its views at this important proceeding. My name is Richard E. Norton, and I am the Executive Director of the International Biometric Industry Association (IBIA). IBIA is based in Washington, D.C. and represents the collective interests of manufacturers and developers of biometric technology.

Biometric Technology

Biometrics are defined as the automatic identification or identity verification of an individual based on physiological or behavioral characteristics. The authentication of identity is accomplished by using computer technology in a noninvasive way to match patterns of live individuals in real time against enrolled records. Examples of the patterns used for biometric identification include those made from a finger image, the geometry of the hand, an iris, voice, signature, or face. It is important to note that most biometric applications do not store the actual image of the feature being measured. Instead, biometrics secure systems and protect an individual’s identity by converting the measurement into an encrypted file. This biometric record cannot be reverse engineered to determine a person’s age, sex, race or other sensitive information. Likewise, it cannot be used to steal someone’s identity.

With these characteristics, biometrics are the only technologies that can offer both increased security and greater convenience. The U.S. Government has been an early adopter of biometrics, first using the devices to control access to highly sensitive facilities such as nuclear power plants and weapons facilities. Now biometrics are routinely employed to protect networks against intrusion by hackers, to secure records from identity theft, to ensure benefits are disbursed to the lawful recipient, and to protect borders.

Biometrics and Border Clearance

The U.S. has nearly a decade of experience with this latter application. The Immigration & Naturalization Service has experimented with biometric technologies at land and air ports of entry, and has deployed its INSPASS automated kiosks at a number of major airports in the U.S. and at immigration pre-clearance sites in Canada. While the INSPASS system has not been implemented on a broad enough scale to reduce the burden on the INS inspection mission, it is widely regarded as a successful experiment that has worked as planned – in complete security – for over eight years. Other countries have had similar results: Canada, the Netherlands, Singapore, and Israel have implemented biometrics in this demanding national security role and found them to be robust and effective.

The question is how we take these low volume trials and efficiently convert the lessons learned into a comprehensive system of controls that tighten our border without causing service levels to deteriorate to unacceptable levels. Fortunately, the tools are in place to accomplish this goal: not only are the technologies reliable and standards in place, but in several significant areas the U.S. has taken preliminary steps that will enable us to make a measurable difference at a reasonable cost. Furthermore, we are convinced there are ways to accomplish our objectives at the border without having to resort to a national identity card.

Elements of a Solution

In many respects the U.S. has the key elements of biometric-based systems in place, ready to be converted into information that can be tapped to identify travelers at ports of entry, applicants at visa issuance posts overseas, and potential threats to national security as they attempt to enter or move about the country.

First, INS has issued over five million of its highly secure Alien Resident Cards (ARC) to permanent residents of the U.S. The Department of State has used the same technology on nearly five million Border Crosser Cards (BCC) that have been issued to Mexican citizens since 1999. By the end of 2002, over 20 million such cards will be in circulation; by 2007, all ARCs will have been converted to the new format. Both cards contain an image of the bearer’s fingerprint that is encoded in the optical zone of the card – a feature analogous to the appearance and storage capacity of a CD-ROM, but with strong built-in encryption that has effectively prevented forgery.

Second, all U.S. visas are produced from a digital file that includes an image of the bearer. This image is now retained in State Department files and, as with the image of the ARC or BCC holder, can be used to help verify the identity of the person presenting the visa through face recognition technology.

Third, border agencies have established a nearly universal system for checking on the identity of passengers as they travel to the U.S. The Advance Passenger Information System (APIS) calls for airlines to forward biographical information to the Interagency Border Inspection System, where lookouts are run and ports notified if U.S. authorities want to closely examine a particular passenger. IBIS, if it is converted to a real time, two-way communication system and expanded to include automated links to ARC, BCC and passport data, can be used to validate the identity of travelers before they board their flight to the U.S. (see “Recommendations” below).

Fourth, the biometric industry has worked diligently to establish the standards needed for true interoperability. In cooperation with the National Institute of Standards & Technology, IBIA has created a registry that enables any biometric device to be recognized on a network. The industry and government also have worked together to publish rules on how biometrics are to be integrated into computer operating systems. . This is an exceptionally important advancement for several reasons:

It allows multiple biometrics to be accommodated;

It allows the quick adoption of new biometric technologies as they are developed in the future;

It permits the rapid exchange of information for record checks; and

It enables the use of biometric information that has been acquired by other sources, such as employers, airlines, and government agencies.


With these pieces in place, there are a number of steps that can be taken immediately to improve our capacity to properly identify people who are arriving at U.S. borders:

Deploy optical card and finger image readers. ARCs and BCCs contain a finger image of the bearer. This image can be extracted from the card by an optical card reader, and compared to the “live” image of the person applying for admission to the U.S. by using a low-cost finger image reader. The card is virtually immune to compromise, and the process can be conducted without having to establish a network connection to a central database.

Standardize the retention of, and centralize, digital images for all U.S. documents. U.S. visa, ARC and BCC records contain digital images of the bearer that, if centralized, can be used to verify the identity of the traveler. The same process could be used to link U.S. passports to their holders if the Department of State updates its system to include the digital image of bearers of that document. If this information is made available through IBIS, U.S. border authorities can have real-time access to images of all applicants for admission, with the exception of travelers entering under the Visa Waiver Program.

Apply the use of face recognition technology to automate the identification of U.S. document holders. As an extension of the centralization process described above, any image that is stored in the system can be used to generate a face recognition template. This template can be compared to the template that is produced by scanning the image on a travel document, or by using an image from a video camera.

Extend the document verification process to the airline check-in counter. Any system of border control and terrorist interdiction requires airlines to be an intrinsic and effective part of the process. Currently, airlines have little to go on to determine if a traveler may be improperly documented, or if a passenger poses a danger to the aircraft. Being able to verify the identity of a U.S. document holder – or compare a suspect against a terrorist database – will enable resources to be focused on identifying those who cannot be quickly verified against accurate records. Such improvements to our current screening processes can be made by centralizing data and images in IBIS, upgrading that system to enable near-real-time interactive messaging between government and airlines, and by expanding the use of advanced, “full field of view” document readers that can automatically scan all of the information on the travel document data page.

Other Initiatives

Other programs are certain to follow these first steps in building an effective system for screening visa applicants and streamlining the admission of bona fide visitors, U.S. citizens and returning residents. Improvements to the Federal Bureau of Investigation Automated Fingerprint Identification System can expedite the kind of record checks envisioned in Senate Bill 1452, which was introduced by the Chairman of this Subcommittee on September 21, 2001; cooperative efforts such as the multi-stakeholder Simplifying Passenger Travel initiative, sponsored by the International Air Transport Association, will help the U.S. to identify a broader range of bona fide travelers who have been vetted through biometric control systems implemented in other countries; and further standardization on the use and storage of biometrics on passports under the auspices of the International Civil Aviation Organization (ICAO) will make counterfeiting, identity theft, and imposter fraud more difficult for those with ill intent.

In closing, the industry would like to mention its efforts to pursue these innovations without eroding the privacy and civil liberties of American citizens, and without disrupting international commerce. Biometric data is inherently secure and serves as a digital lock and key on personal information; but ultimately the success of these systems will depend on a traveler’s trust that they will be administered responsibly. The industry’s policies and guidelines on how to implement biometrics without diminishing public confidence is described in detail at our website, www.ibia.org.

Thank you again, Mr. Chairman, for this opportunity to participate in this distinguished panel. I would be pleased to answer any questions you have about these recommendations, or about biometric applications in general.

U.S. Government Website

September 11 Page

127 Wall Street, New Haven, CT 06511.