How to solve the INS problem of letting the wrong people into the US
I hear government officials talk about using technology from Silicon Valley
to prevent a 9/11 repeat. But the single most important technology for stopping
known terrorists isn't from Silicon Valley at all.
I'd like to suggest a very important problem that we should put high priority
on solving because it's an important problem and a problem that we have
available technology to solve completely and immediately. In fact, Canada
has committed to using iris scans for their immigration (See Computerworld
story about the 8 largest airports in Canada using iris scans) and iris
recognition is in use at some US airports today (see www.iridiantech.com)
Here are a few problems that we have that we can solve today:
Suppose the FBI has just determined that whoever presented a California
driver's license with the name "Steven T Kirsch" on it 3 months ago
at the San Jose airport is a terrorist. We want to stop this person from
getting on another plane even if he presents a different phony ID next time. How can we do that
with 100% accuracy?
We want to ensure that from anyone who has been convicted a felony after
Jan 1, 2003, can't work as a security officer in a US airport even if they
change their name. How can we do an instant check for this when it takes as
long as 6 months to get a fingerprint match back from the FBI?
How can a regular employer (including private security firms!) who wants to hire people they can trust do a
background check when it takes 6 months to get fingerprints back from the FBI?
It may surprise you to learn that we can do all of this without requiring a
"national ID" or a new form of ID card. We can use existing driver's
licenses or passports or even a major credit card (any ID where the number is
machine readable). Even if you forget your ID card and left it at home, the
system is still just as accurate. In fact, we can stop our wanted suspect with
100% accuracy without requiring that person to present an ID card of any type
at the airport. It even works if the person presents a phony ID. He's still
caught. But how?
60 Minutes on March 10 aired a story which pointed out that:
- the INS systems are often down
- we don't stop the people who should be stopped
In addition we know that:
- people can enter with phony passports to escape detection/capture
- a large number of workers at our local bay area airports had criminal
- it takes up to 6 months to get a fingerprint check back from the FBI
We have the technology today to solve all of these problems. We can create a
- NEVER goes down (dual redundancy with cold standby)
- it cannot be fooled; stops anyone we want to stop guaranteed 100%, even if
they are using any form of phony ID or traveling under an alias. The only
restriction is that we know just one of the IDs the person used in the past.
So someone cannot change their identity to escape detection.
- the ID check is made in a fraction of 1 second
- does not require the use of smart cards, cards with fingerprints, etc.
- does not require the creation of a new ID card
- it works with existing forms of ID including drivers license, credit
cards, passports; it works with any ID card that has a number that can be
read by machine ; you can even ID someone if they forgot their ID
- it is not subject to human error
- the more ID cards a person uses to identify themselves, the more we know
about them (since our system will realize these are all the same person
whereas existing systems are more likely to treat each ID as distinct, e.g.,
most systems can't tell that my driver's license and my credit card are from
the same person)
How it works
The core of the idea is to tie iris code information to an existing ID at an
"enrollment station." This is done once. Then, for authentication, a
user presents his ID and his iris. The match takes less than 1/1000 of a second
and is completely foolproof.
Here are the details:
- Traveler walks up to enrollment station to enroll his ID and iris.
Acceptable IDs are US driver's license or Passport. In fact, we can choose
to allow a wide variety of IDs because any existing machine readable ID will
do. We can even accept a major credit card as the registered ID! The traveler
can enroll as many ID cards as he wants just by inserting them in the
machine (just like swiping your card in the ATM slot). His iris information
is scanned at the same time and stored in a database along with the ID card.
We do not require that we store the person's name in the database.
- The enrollment machine has two very important functions:
- It is connected to the Internet at 28.8 dialup or better
- It has an specialized hardware to scan the person's iris
- We now have a bunch of ID cards that are all tied to the same iris code.
This is critically important because the iris code is the only practical
biometric that prevents duplicate registrations because (using a
modification of the matching algorithm that I invented), we can do an iris
match against a database of billions of iris in less than a second and
determine whether that iris has been entered into the system before with
no chance of a false match. This is because iris codes have
approximately 255 degrees of freedom; they are more unique than a DNA match.
No two people will every have the same iris until the end of time. Unlike
with any other biometric, there has never been a false positive iris
- Unlike with any other biometric, by using iris codes, we can
resolve any "aliases" to the same person. For example, if I
register with a mastercard with "john doe" today and then come
back and enroll a visa card from "steve kirsch" and tell the
system I am a new user, the system will spot the deception and link up the
two cards because I presented the same iris code. The unique feature that
iris code technology enables is that a single person cannot have more than
one entry in the database.
- In order to pass through airport security, you choose any one of the
enrolled cards and insert it in a reader and look into the iris scanner for
under 1 second. We use this card to lookup the enrolled iris code and
compare it with the current person. If they match, and there is no
"detain this person" noted on the record, the person is allowed to
- So now if we wanted to arrest every person that traveled on United
airlines flight 813 on May 12, 2000, we could do that with 100% certainty if
they every tried to travel again, regardless of whether they enrolled a new
or fraudulent ID.
- If police want to stop someone, they would enter the information from any
one of the enrolled cards (such as my driver's license number) into the
system, and the person would be flagged to be detained. This is data that
would be entered into the airline's system, for example, to identify the
passenger. But the airline does NOT have a database of iris codes.
- Personal privacy is maintained because the database that is used consists
of iris codes and driver's license or passport numbers. That's useless to
anyone. It has no names and cannot be used for identity theft, etc. However,
if a person voluntarily chooses to enter a second piece of ID, then the
database would have an association between the two numbers which might be
semi-useful to someone, e.g., if they knew your passport #, they could find
out your driver's license or vice versa.
- A person may choose to "register" all of his ID cards. To do
this, he doesn't need to have his iris scanned again. He just swipes any
previously registered card (such as his driver's license), and then swipes
every credit card and ID card he has. These cards will then all be linked to
the same iris information as the registered card. Thereafter, all of these
cards will be useless to anyone but the real owner for confirming ID.
- A simpler version of the above method is just to use a "federal stop
list" of iris codes. So when people are arrested or convicted, we enter
their iris code in a federal database. If we want to prevent them from
boarding a plane, we just put their iris in the "stop list". Each
passenger is then scanned to see if their iris code matches the stop list.
This keeps the database size very small and there is no privacy issue
whatsoever. No cards or enrollments are required, just iris scanners at
airports. This might be a nice way to start.
- For blind people with no iris that travel, you require a passport and an
alternate biometric such as facial geometry. This is subject to duplicate
enrollment so if there is a match on enrollment, a human would have to
resolve the ambiguity. This is a much smaller database so the problem is
There are three key technologies you need to be able to do this cost
effectively (under $10M one time investment in hardware). All three are
available to us (or can be made available) immediately:
- Technique to do an iris match in a database of 200M iris codes in under 1
second and do at least 1,000 matches per second. I've disclosed this
technique to Iridian who verified it would work. This is 1,000 times faster
than today's methods.
- High speed client-server communications to millions of nodes. This is
pretty widely available, but Propel has a very high performance server that
makes this very easy to program and has extremely high performance.
- The basic hardware and software to do iris coding, enrollment, and
matching has been around for years. Canada will be using this for their
Cheap iris scanners are under $200 in single unit quantities. However, for
high volume, I'd recommend the LuckyGoldstar scanners available from Iridian
Technologies which cost $2K for the camera plus video card in volumes of 10,000. The total cost here depends on the total
number of scanning stations installed. You'd want one at security and at each
The computer housing the iris codes for lookup can be just a few machines
running Netscape LDAP server (which supports multi mastering). Price is very
negotiable. If they charge you more than $2M, it would be cheaper to use open
LDAP and write your own multi-mastering.
The computers doing the iris lookup for enrollment are where the expense is.
You can put 1M iris codes on each computer (with 2G of RAM). The iris codes are
512 bytes each; the rest of RAM is filled with fast lookup hash tables to enable
the ultrafast comparisons. So 100M unique registered travelers would require
only 100 computers or $200K in computer expense. You'd want double redundancy in
case a machine crashed, so you'd need $400K in computer expense (plus a few cold
Magnetic stripe readers are very cheap.
Computers to hook the iris scanner and mag stripe scanner to are $1K.
To develop all the software to do this would cost $4M.
San Jose blue ribbon- iris ID
Presentation for San Jose blue ribbon committee
a different variation on the same idea
Powerpoint prezo of this web page. slightly different variation of this web
Steve Kirsch Political Home Page