What these 2 graphs tell us about biometrics
Biometrics is 'probabilistic' by nature since it measures unpredictably variable body features of living animals in ever changing environments.
A graph below shows the False Acceptance Rates (FAR) and False Rejection Rates (FRR) of two biometrics products - one relatively more accurate and the other less accurate.
** False Acceptance is also called False Positive and False Match. False Rejection called False Negative and False Non-Match.
What this graph indicates is, firstly, that FAR and FRR are not the variables that are independent from each other, but are dependent on each other.
A FAR could be fixed only against a certain FRR, i.e., both variables can be positioned only at the same single point on the same single curve. In other words, the couple of a FAR and a FRR can exist only in a certain combination.
Secondly, it also indicates that the lower a FAR is, the higher the corresponding FRR is. The lower a FRR, the higher the corresponding FAR. That is, FAR and FRR are not just mutually dependent but are in a trade-off relation.
The level of a FAR that rejects a twin would have to bring the level of a FRR that rejects the registered user very frequently. The level of a FRR that eliminates the need of a fallback means would have to bring the level of a FAR that accepts nearly anyone.
Thirdly, also indicated is that the more accurate the biometrics sensor becomes (the lower the Equal Error Rate becomes), the curve goes downwards/leftwards in this graph. But, when a FAR is close to 0 (zero), the corresponding FRR remains close to 1 (one). When a FRR is close to 0 (zero), the corresponding FAR remains close to 1 (one).
Another graph below helps us to grasp how FAR and FRR are mutually dependent and also in a trade-off relation.
Move the threshold to the right (stricter) and we would see the combination of a lower FAR and a higher FRR. Moving it to the left (more lenient), the outcome would be the combination of a higher FAR and a lower FRR.
The presence of False Rejection, however close to 0 (zero), would require a fallback means against the False Rejection.
If the officials responsible for the Aadhaar-based PDS had been informed of the above, they must have provided a fallback means in case of the false rejection. Then this kind of misery could have been avoided. We have to wonder how it was possible that these people were not advised of the issue of false rejection.
Footnote: This is a reproduction of my earlier writing published in 2018 following a mind-boggling report from India where the biometrics; is mandatory for its Aadhaar-based Public Distribution System. The report reads ‘biometric authentication failure at the ration shop deprived a woman of the subsidized grain she was entitled to’. It refers to ‘failure’ and ‘glitch’ of biometrics, but it is not necessarily correct. 'False Rejection' as against 'False Acceptance' is inherent in biometrics; there is no biometrics that is free from False Rejection.
Incidentally, the public should have heard the above information from biometrics vendors and security professionals who tout biometrics, not from us.
For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)
< Videos on YouTube>
Digital Identity for Global Citizens (90 seconds)
Corporate website: Mnemonic Identity Solutions Limited
There is actually a valid methodology that enable us to maximize the entropy of the secret credentia ...
I today take up this The Register report - “Client-side content scanning as an unworkable, insecure ...