TAMPA, Fla.—The Defense Department official that oversees biometric efforts across the DoD enterprise, including the science and technology portfolio, said Thursday at a conference here that his focus has shifted from support to immediate warfighting needs to future threats and ways to counter those threats.

“The idea is to look out five years or so, anticipate what sort of technology threats will exist, use prototyping to figure out what sort of technology pieces can we put in place to counter the threat areas, so as threats mature we already have something in place to counter that threats,” Jon Lazar, deputy director of Defense Biometrics within Office of the Secretary of Defense for Research and Engineering, said during a panel at the Global Identity Summit presented by AFCEA.

SEEK II handheld multimodal biometrics collection device. Photo: Cross Match Technologies
SEEK II handheld multimodal biometrics collection device. Photo: Cross Match Technologies

Lazar said DoD needs help from industry and other stakeholders in several areas to make biometric systems “more robust” and better for use in all business and mission areas.

First, he said, is the need for “revocable biometrics,” just like a credit card can be revoked.

The DoD’s Information systems are “relatively secure” despite breaches, Lazar said, adding that “The risk with non-biometric information being compromised is a little lower and can often be mitigated more easily.” However, he said, “If biometric information is compromised, it undermines this entire idea of having a biometric enterprise in different business areas because just like a credit card can be revoked a fingerprint cannot be revoked.”

Lazar said he doesn’t know what the solution is here but warned that sooner or later biometric systems will be compromised so there is a need to figure out at the get-go how to “encode them, encrypt them, public-private key them” or whatever so that they are more robust.

“Otherwise, we’re just back to using PINs and passwords,” which no one wants, Lazar said.

The second area is the need for increased automation, particularly as biometric capabilities are layered into all business areas and there is a need to avoid the associated increases in manpower costs that come with use of the technology, Lazar said.

“It’s unsustainable” to increase the manpower that comes with more use of biometrics, he said.

Currently, DoD and some others are have automated processes when it comes to using algorithms to match queries to biometric databases but this is only one part of a process that begins with enrollment. How enrollments can be done without a supervisor is one area of the process that needs to be looked at for automation, Lazar said.

Another, and “bigger,” problem is how to automate the use of contextual data that is associated with a biometric match, Lazar said. He said he doesn’t know the extent to which the use of biometrics will increase but “we can’t afford” to hire “twice the number” of analysts, fingerprint examiners, and other experts that are currently required to support and exploit the technology.

“This is a problem that is going to require some clever work and thought” and there is a need for everyone’s help, Lazar said.

The last area Lazar requested help with is enterprise level detection of sophisticated spoofing.

U.S. Army Soldier capturing facial photos with a Handheld Interagency Identification Equpment device at checkpoint in Afghanistan. HIIDE is made by Safran. Photo: Biometrics Identity Management Agency
U.S. Army Soldier capturing facial photos with a Handheld Interagency Identification Equpment device at checkpoint in Afghanistan. HIIDE is made by Safran. Photo: Biometrics Identity Management Agency

“The premise is we’re going to be using biometrics a lot more in the future across a lot of different areas,” Lazar said. “I think that raises the likelihood that folks will want to penetrate the system, will want to spoof the systems for financial gain, for access logically or physically, whatever the case may be.”

Spoofing might occur through social engineering at biometric stations, use of disguises, “intentional occlusion,” Lazar said. “There’s all sort of ways to get past biometric checkpoints.”

Lazar added that his “sense is that handheld devices won’t be sophisticated and powerful enough to do that detection” and instead counter-spoofing will have to be done at the database level.

The market for these capabilities that Lazar wants help from industry, academia and others goes beyond DoD and the federal government to include any business sector where biometrics are used, he said.