We have so many subject matter experts at GDIT – people who have spent their entire careers focused on a technology or a capability and who have seen its evolution over time, largely because they’ve been part of it along the way. Recently, I had the pleasure of speaking to Mike Wagner, a vice president at GDIT and a biometrics expert who has spent 16 years working in the field, largely in support of immigration work for clients.
Mike talked with me about how the U.S. government is using biometrics as part of a mosaic of authentication tools that allow us to confidently confirm identities. He also talked about the unique security considerations related to biometric data such as fingerprints or iris scans, and its position as “super PII” because it is not only personally identifiable information but information that, unlike your address or even your name, can never change.
Here are a few more insights he shared.
Biometrics is more than what you see in movies.
Biometrics can be used in different ways. We call them different “modalities” referring to things like fingerprints or iris scans. The movies will often talk about retinal scans. That’s incorrect; the retina is in the back of your eye. The iris, the colored part around the pupil, is what’s scanned. The movies also brought us the idea that colored contacts can spoof these scanners; that’s not the case anymore and it is very hard to trick the advanced technologies that are used nowadays. And that’s important, because biometrics are increasingly used as part of a mosaic of user authentication tools. We think about things like your password telling us what you know; a token telling us what you have in your possession to authenticate yourself; and then biometrics telling us who you are. Taken together, all three of those things contribute to security in a meaningful way.
GDIT’s lab is customizing solutions for government missions.
Biometrics, as part of the mosaic I described above, are a great tool to positively identify a person. They’re used a lot for data sharing and interoperability, and when compared to names, addresses or social security numbers alone, they’re much more sophisticated. That’s why the U.S. government is especially interested in biometrics for things like immigration or law enforcement use cases. In our Identity and Biometrics Lab at GDIT we are focused on understanding these use cases and working with customers and technology providers to understand what’s available, what innovations we can bring about together, and how we can tailor solutions to a unique mission need. We’re also prototyping and testing these innovations in an effort to bring them to market, and ultimately meet the mission, faster.
Biometrics and zero trust go hand in hand.
Biometrics supports a zero trust approach to securing data and systems. In environments where identities must be validated at every layer, biometrics can provide an additional way to confirm identities and regulate access as part of a suite of comprehensive and complementary authentication tools. At the same time, biometric data itself is in need of protection and sophisticated security. Integrators need to draw on the strengths of all of the existing authentication technologies and GDIT takes that role very seriously in the work we do, the integrations we provide, and the support we give the government.
The acceleration in biometric use is here to stay.
Following the coronavirus pandemic, we saw a lot of acceleration in biometric technology – and for good reason. Contact-less solutions of all forms were in high demand. Technology providers helped facilitate biometric interactions by accelerating the development of contactless capture methods and tools. But along with that come real privacy and security considerations – and they exist on a spectrum. Facial recognition tools on social media can, for example, identify people in photos. But would we all consent to being surveilled in public and having our biometric data passively collected? The acceleration in biometric use is going to require us to confront questions like this. To date, the U.S. government has opted for an opt-in model where we authorize the use of our biometric data for convenience or security purposes – such as faster check-ins at an airport or more secure access to banking applications on our phones. The use of biometric technology is only going to become more ubiquitous and it’s up to us to define how we can securely, without compromising our principles around privacy, interact in this new world.
I’m grateful to Mike for the time he spent with me – we could have spent twice as much time together and still only scratched the surface of this exciting topic area. I hope you’ll watch the full video for more of our conversation about this important capability we are leveraging for essential and evolving customer missions.