"Major gaps exists in our understanding of the nature and extent of distinctiveness and stability of biometric traits across individuals and groups," the report states, noting that "no biometric characteristic is known to be extremely stable and distinctive across all groups."
In its skepticism about how well biometric systems perform, the report says, "A biometric match represents not certain recognition but a probability of correct recognition, while a non-match represents a probability, rather than definite conclusion that an individual is not known to the system."
The NRC report also notes, "It is generally not possible to replace a biometric that has been compromised. This is complicated by the fact that the same biometric trait can be used by different systems, and weaknesses in one system could lead to the compromise of the biometric trait for use in another system. Furthermore, such traits are not secret we expose them in the course of everyday life. … It is accordingly, essential to validate that a trait presented to gain recognition truly belongs to the subject and is not being synthesized by an imposter."
In addition to expressing doubts about the efficacy of biometric systems, the NRC report also questions whether society as a whole accepts them.
"Many fear misuse of identification technology by authorities (from data compromise, mission creep, or even use of a biometric for other than specified purposes). To be effective, biometrics deployments need to take these fears seriously."
The report also states that while "biometrics systems perform well in many existing applications, the capabilities and limitations are not yet well understood in very large-scale applications involving tens of millions of users."
Sign up for Computerworld eNewsletters.