Tactical Information Systems
Biometric Identification Software
SERVER.png

Tactical Information Systems Blog

Identity & Technology

Engineers Are Like the Jedi - They Don't Like to Deal in Absolutes

Only the Sith deal in absolutes.
— Obi-Wan Kenobi
Roulette wheel in action.

Biometric Errors: False Match & False Non Match

It is impossible to work in biometrics without thinking about probability. A biometric match is never a sure thing - it is a matter of probability. When you unlock your phone with a fingerprint, your phone is not 100% sure that it is you. And that's a problem because we instinctively want important things to be 100% true. It's just not possible.

Both Google and Apple require the probability of false match (the wrong person incorrectly matches) to be 99.998% or better for fingerprint sensors. That means there is a 1 in 50,000 chance that your phone will accidentally identify someone else as you. Is that good enough? Well, that is a hard question to answer because humans aren't very good at thinking rationally about probability.

As a poignant example of this, a woman named Sally Clark was convicted of murdering her two children because they both died of Sudden Infant Death Syndrome, which happens with a probability of 1 in 8,500. The prosecution asserted that two deaths had a probability of 1 in 73,000,000, a chance so unlikely that it must have been murder. There are many problems with this, but the main problem is that SIDS deaths are not independent probabilities - if you have one child die of SIDS, you are much more likely to have second child die of it (by a factor of 5x-10x). However, it also illustrates an important issue tied to low-probability events. Around 130 million children are born each year, so even if the events were independent it will happen. Thinking about it another way, the chance of winning the lottery is very. very low, but someone wins it almost every time because there are so many trials.

When we talk about biometrics, I have a hard time because the English language fails me as an engineer. In many of the biometric systems we work with, the probability of a false match with one finger may be 1 in 100,000,000. (1 x 10E7). However, we usually use  eight fingers, so the chance of a false match would be 1 x 10E56. (it is actually a bit more complex, but this is within a few orders of magnitude) This is such a ridiculously low probability that humans really can't conceive of it in any meaningful way. But I can't say the probability of a false match is zero, because it isn't. I sometimes say "effectively zero," but that is such a weak way to describe it compared to the actual probability that I am really under-selling it. 1 in 50,000 is effectively zero, but 1 in 1x10E56 is just a whole other level. I have searched in vain for a proper way to talk about it, but I just don't think the human language, or the human brain is set up to deal with low probability events in a way that is understandable. 

As an interesting aside, it is possible for two people completely unrelated to each other to have the exact same fingerprints. It is a random, probabilistic process after all. It's just very unlikely.