Chairman Chaffetz, Ranking Member Cummings and Members of the Committee, I am Chuck Romine, director of the Information Technology Laboratory (ITL) at the Department of Commerce’s National Institute of Standards and Technology (NIST). ITL cultivates trust in information technology and metrology through measurements, standards and testing. Thank you for the opportunity to appear before you today to discuss our role in standards and testing for facial recognition technology.
Biometric technologies can provide a means for uniquely recognizing humans based upon one or more physical or behavioral characteristics and can be used to establish or verify identity of individuals. Examples of physical characteristics include face, fingerprint and iris images. An example of behavioral characteristic is an individual’s signature. Used with other authentication technologies such as tokens, biometric technologies can provide higher degrees of security than other technologies employed alone. For decades, biometric technologies were used primarily in homeland security and law enforcement applications, and they are still a key component of these important applications. Over the past several years, the marketplace for biometric solutions has widened significantly and today includes public and private-sector applications worldwide, including physical security and retail applications. According to one industry estimate, the global biometrics market revenue will reach $15.1 billion by 2025.1 Facial recognition technologies, which compare an individual’s facial features to available images for identification or authentication, will reportedly reach a market of $9.6 billion by 2022.2
NIST has more than five decades of experience improving human identification systems. NIST responds to government and market requirements for biometric standards, including facial recognition technologies, by collaborating with other federal agencies, law enforcement, industry and academic partners to:
NIST’s work improves the accuracy, quality, usability, interoperability and consistency of identity management systems and ensures that United States interests are represented in the international arena. NIST research has provided state of the art technology benchmarks and guidance to industry, and U.S. government agencies that depend upon biometrics recognition.
Under the provisions of the National Technology Transfer and Advancement Act (PL 104-113) and OMB Circular A-119, NIST is tasked with the role of encouraging and coordinating federal agency use of voluntary consensus standards in lieu of government unique standards, and federal agency participation in the development of relevant standards, as well as promoting coordination between the public and private sectors in the development of standards and in conformity assessment activities. NIST works with other agencies to coordinate standards issues and priorities with the private sector through consensus standards developing organizations (SDOs) such as the InterNational Committee for Information Technology Standards (INCITS), Joint Technical Committee 1 of the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC), the Organization for the Advancement of Structured Information Standards (OASIS), IEEE, the Internet Engineering Task Force (IETF), and other standards organizations such as the International Civil Aviation Organization (ICAO), and the International Telecommunication Union’s Standardization Sector (ITU-T). NIST leads national and international consensus standards activities in biometrics such as facial recognition technology, but also in cryptography, electronic credentialing, secure network protocols, software and systems reliability and security conformance testing—all essential to accelerate the development and deployment of information and communication systems that are interoperable, reliable, secure and usable.
Most SDOs are industry-led private-sector organizations. Many voluntary consensus standards from those SDOs are appropriate or adaptable for the government's purposes. OMB Circular A-119 directs the use of such standards by U.S. Government Agencies, whenever practicable and appropriate, to achieve the following goals:
When properly conducted, standards development can result in increased productivity and efficiency in government and industry, greater innovation and competition, expand opportunities for international trade, conserve resources, provide consumer benefit and choice and improve health and safety.
Under accreditation by ANSI, the private-sector U.S. standards federation, NIST continues to develop consensus biometric data interchange standards. Starting in 1986, NIST has developed and approved a succession of data format standards for the interchange of biometric data. The current version of this standard is ANSI/NIST-ITL 1: 2015, Data Format for the Interchange of Fingerprint, Facial and Other Biometric Information. This standard continues to evolve to support government applications, including law enforcement, homeland security, as well as other identity management applications. This standard, used around the world, facilitates interoperable biometric data exchange across jurisdictional lines and between dissimilar systems developed by different manufacturers.
From the inception of the ISO Subcommittee on Biometrics in 2002, NIST has led and provided technical expertise to develop international biometric standards in this SDO. The subcommittee on biometrics developed standards that have received widespread international and national market acceptance. Large international organizations such as the ICAO for Machine Readable Travel Documents and the International Labour Office (ILO) of the United Nations for the verification and identification of seafarers specify in their requirements the use of some of the international biometric standards developed by this subcommittee.
Between 2006 and 2012, JTC1/SC37 published a series of standards on biometric performance testing and reporting. These documents provide guidance on the principles and framework, testing methodologies, modality-specific testing, interoperability performance testing, access control scenarios, and testing of on-card comparison algorithms for biometric performance testing and reporting.
The ICAO has moved the world’s passports to a new level of travel document security, data integrity and identity management. To facilitate the goal of global interoperability, ICAO selected facial recognition as the globally interoperable biometric (listed as mandatory) for machine-assisted identity confirmation for Machine Readable Travel Documents. ICAO selected, as options, the ability to incorporate the specifications for finger and iris. The market research estimates that there will be 817 million ePassports in circulation by 2020, with annual revenue topping $5 billion.3 These ePassports are issued by 122 countries using the JTC1/SC37 developed standards. This program serves as a model for effective collaboration and cooperation between industry through subcommittees of JTC 1 and the governments of the world through ICAO.
For more than a decade, NIST has been organizing and conducting large biometric technology challenge programs and evaluations for a variety of purposes. NIST biometric evaluations measure the core algorithmic capability of biometric recognition algorithms and report the accuracy, throughput, reliability and sensitivity of algorithms to image characteristics; for example, noise or compression and subject characteristics—for example, age or gender. NIST biometric evaluations advance the technology by identifying and reporting gaps and limitations of current biometric recognition technologies. NIST evaluations advance measurement science by providing scientific basis for “what to measure” and “how to measure.” NIST evaluations also facilitate development of consensus based standards by providing quantitative data for development of scientifically sound, fit-for-purpose standards.
NIST conducted the Multiple Biometric Grand Challenge and Face Recognition Grand Challenge programs to challenge the face recognition community to break new ground solving research problems on the biometric frontier. NIST conducted the Face Recognition Vendor Tests (FRVT) and the Multi-Biometric Evaluation to assess capabilities of prototype face recognition systems for one-to-many identification and one-to-one verification.
Since 2010, NIST has, in cooperation with the United Kingdom National Physical Laboratory and the European Association for Biometrics, organized the biennial International Biometric Performance Testing Conference. This series of conferences accelerate adoption and effectiveness of biometric technologies by providing a forum to discuss and identify fundamental, relevant and effective performance metrics and disseminating best practices for performance design, calibration, evaluation and monitoring.
NIST FRVT provides independent evaluations of commercially available and prototype face recognition technologies. These evaluations provide the U.S. government with information to assist in determining where and how facial recognition technology can best be deployed. FRVT results also help identify future research directions for the face recognition community. The 2013 FRVT tested facial recognition algorithms submitted by 16 organizations and showed that algorithms made significant improvement since NIST last tested in 2010. NIST defined performance by recognition accuracy—how many times the software correctly identified the photo—and the time the algorithms took to match one photo against large photo data sets.
The latest FRVT, launched February 2017, will measure face recognition performance gains on an ongoing basis. NIST is running the FRVT continually to more closely align evaluation and development schedules. Previous FRVTs were one-time evaluations, performed roughly every three years, that focused on large-scale one-to-many face recognition algorithms from still face photos and from video, along with testing automated methods for estimating pose, expression and gender.
Face in Video Evaluation (FIVE) assesses the capability of face recognition algorithms to correctly identify or ignore persons appearing in video sequences. FIVE was an assessment of how well an algorithm could identify a subjects who appears on without explicit direction. The recently released FIVE report enumerates accuracy and speed of face recognition algorithms applied to the identification of persons appearing in video sequences drawn from six different video datasets.
NIST is researching how to measure the accuracy of forensic examiners matching identity across different photographs. NIST’s first study in this effort measured the accuracy of forensic examiners when comparing faces displayed on a computer screen for 30 seconds. The key results of the study showed that trained examiners performed better than untrained individuals and trained examiners’ accuracy improved with more time to make a decision. NIST is currently conducting a study to measure performance when trained examiners have access to tools they commonly use.
To better align NIST’s evaluation schedule with the pace of face recognition advancement in industry and academia, NIST is currently expanding its face recognition evaluations. NIST broadened the scope of its work in this area to understand the upper limits of human capabilities to recognize faces and how these capabilities fit into face recognition applications. On the research side, following NIST’s success and global leadership in fingerprint image quality and iris image quality, NIST plans to initiate research to better understand how to measure face image quality.
NIST research has provided U.S. government agencies, with missions that involve biometrics collection and matching, with technology benchmarks and guidance. NIST’s research has helped enhance identity systems and operations including the Federal Bureau of Investigation (FBI) Next Generation Identification (NGI) System, the Department of Homeland Security (DHS) Automated Biometric Identification System (IDENT)/US-VISIT, the Department of Defense Automated Biometric Identification System, the Department of State Biometric Visa (BioVisa) Program, and the Intelligence Community systems. For example, virtually all law enforcement biometric collections worldwide use the ANSI/NIST standard. NIST biometric technology evaluations in fingerprint, face and iris have provided the government with timely analysis of market capabilities to guide biometric technology procurements and deployments. The FBI has co-sponsored the challenge problems and evaluations, and leveraged this market analysis in its acquisition of NGI system evolution. NIST biometrics research assisted DHS in its transition to ten prints for the US-VISIT program. NIST is currently working with DHS to provide standards guidance, best practices and analysis in support of designing biometrics-enabled U.S. immigration processes.
NIST is proud of the positive impact it has had in the last 54 years on the evolution of biometrics capabilities. With NIST’s extensive experience and broad expertise both in its laboratories and in successful collaborations with the private sector and other government agencies, NIST is actively pursuing the standards and measurement research necessary to deploy interoperable, secure, reliable and usable identity management systems.
Thank you for the opportunity to testify on NIST’s activities in facial recognition and identity management. I would be happy to answer any questions that you may have.
1 “Biometrics Market Forecasts,” Tractica, February 2017.
2 “Facial Recognition Market Report,” Allied Market Research, June 2016.
3 “Global ePassport Program Update,” Acuity Market Intelligence, 2016.