Biometrics for a National Identity System: Security, Privacy and Convenience

Biometric’s long history in science fiction

Biometrics technology has long been portrayed in science fiction. The movie Gattaca paints a dystopian future where human beings are identified and even categorised using DNA. Minority Report shows personalised ads via iris scans, and the police force of the future tracking and apprehending potential criminals.

DNA authentication in Gattaca

Iris authentication in Minority Report

Use of biometrics technology today

Today’s biometrics technology is no longer the stuff of science fiction. Most of us experience it when using our fingerprint or face to unlock our mobile devices. Biometrics is widespread in the business world. Companies can allow payments for shopping using biometrics, and users perform secure banking simply by presenting their face.

Considerations implementing biometrics for Singapore’s national digital identity

Our journey of implementing biometrics has thrown up many challenges for the team. Privacy has and always will be our key consideration given Singapore’s rigorous data protection standards. Biometric data points are encoded as biometric templates that cannot be reverse-engineered to an individual’s photo. Convenience of use is also another important consideration in our design.

If the system is not easy to use, nobody will use it.

Other considerations quickly surfaced as we dug deeper. We contended whether biometrics was necessary for certain use cases. We pondered over the ethical implications presented by our solution. We also went through the legal implications on the use of biometrics, and of course, the risk mitigation measures when using biometrics.

The use of biometrics for the system should also be consent-based, and this should be made known to the public before they use the system.

Then there is public perception. Given the common misconceptions in mainstream media about the use of biometrics, we took a transparent and proactive approach with our use of biometrics.

In general, our biometric use cases would be limited to authentication, verification (1:1) and identification (1:N) types of use cases.

For the initial pilots, the implementation of our biometrics system will be based on a 1:1 verification only, be strictly limited to authentication and verification purposes, and not for any form of surveillance. Surveillance use cases, which are typically employed for public safety, are typically many-to-many matching (N:N). N:N types of use cases will not be covered by our biometrics system.

Authentication and verification answer the question: “Are you really who you say you are?”. In this case, biometrics allows an individual’s identity to be certified by comparing their biometric data that they provide with pre-enrolled government-verified data for the person they claim to be (1:1 matching).

Identification answers the question “Who are you?”. In this case, an individual is identified among a group of others (1: N matching), by comparing the individual’s biometric data with other templates in the same database to find a unique match.

Comparison of biometric modalities

The technical aspects were no less challenging. Which mode of biometrics — from fingerprint, face, iris, to voice — was appropriate for our use case? Through a series of studies on the various biometric modalities, we decided to start with the adoption of facial biometrics.

Different modalities for biometrics

Why facial biometrics?

• Facial biometrics was ranked more favourably in factors such as implementation pervasiveness, public acceptance, and technology maturity
• The ubiquity and proliferation of mobile phones meant most people have access to a camera that facilitates facial scans
• Apple’s FaceID and Android’s implementation of facial recognition have helped boost public awareness and acceptance of the technology

From an inclusivity angle, facial biometrics technology is friendlier for the elderly and the physically challenged, who might find it difficult to remember passwords, and would typically have to visit a customer service centre, with someone else assisting them, in order to complete a transaction. With this technology, all they have to do now is use their facial biometrics to transact.

With all mentioned, biometrics technology remains rather nascent in our selected use cases, and we intend to run a pilot for a year while gathering feedback to improve the system and user experience, using both mobile app and kiosk channels.

Those with mobile devices can use the mobile app from the comforts of their home or on-the-go. Those without mobile devices or data plans can choose to visit selected agencies’ customer service centres to login via kiosks that are specially set up to allow facial biometrics verification.

Bringing digital identity to the public

Our biometric system is provided as-a-service to both government and private sectors. As an alternative means of identity verification, it can also be used as a form of step-up authentication or proof of presence. Using government-verified biometrics technology, citizens can look forward to improved service journeys and processes (no passwords, just biometrics!) when transacting with the government and private sectors. Businesses can rejoice with shorter on-boarding process for new customers and leaner back-office processes, reducing business costs.

Some of the potential use cases include access and onboarding to government e-services, building entry and access to certain government facilities, as well as authentication to several private sector services.

Striking a balance

We continue to find a balance between security, privacy, and convenience. Due to the sensitivity of transactions, while biometrics promises seamless verification, the addition of anti-spoofing measures invariably requires that extra step for authentication.

These anti-spoofing measures include the prevention of attacks from photo replay, video replay, 3D facial reconstructed mask attacks, and also the use of deepfakes to fool the facial biometrics system. These security measures are necessary, especially so for a national biometrics system.

An individual’s photos can easily be found through social media networks and could be used to spoof our biometrics system. That is why it is important for our system to have anti-spoofing systems in place to protect sensitive data, reduce theft, and mitigate fraud. We rely on liveness detection to validate an individual’s identity. These checks can verify whether an individual is actually present and performing a transaction, or in the worst case, be using a photo, video, or mask to spoof the system.

We understand this may deter adoption, yet we still have a duty to protect our users as best as we can.

While it has been immensely challenging to plan and implement a biometrics system, we are working to make a difference — in achieving easier and more secure access to digital services.