Biometric technology, mainly used today in security sensitive organizations like governments and financial institutions, is soon expected to play an increasing role in all aspects of our daily lives. Some reasons for this increase are decreasing costs of the technology and improved technical quality of the systems. Combined with the generally escalated security levels across the globe and socio-political pressures for better security-related controls, the numbers of new proposals of biometric technology applications are most likely going to be increasing. Events like the terrorist attack on September 11, 2001 or the London bombings of July 2005 have precipitated an integration of biometrics into various facets of society.
Biometrics has been used for centuries to identify individuals by their own unique physical characteristics.8 Historically, the fingerprint has served as the most common method of identification. But other properties, which vary in their exactness and in users' comfort, are also candidates for widespread usage.6 Today, an increasing number of biometric companies are offering new products to be considered for general deployment beyond security identification systems.5 Some application objectives for these products include: associating computer users with their computer behavior, linking employees to their workstation performance, managing user-resource usage and activity, and e-commerce. By far, these biometric products have been aimed mostly at providing authentication for an individual to gain access to sensitive information and resources.
Biometric technologies are not without problems and come with their fair share of concerns. Some of these concerns are technical in nature, e.g., degradation of biometric features over time, variance in recorded and actual biometric characteristics, and threshold values for authentication. As the technology matures, however, the technical issues will be eventually overcome. On the other hand, many of the technology's obstacles are based on attitudes and behaviors, related to user acceptance, trust, habits, etc., ultimately presenting a greater challenge for implementation. Previous research found that some of the issues include the domains of privacy, storage and safeguarding of personal identification information, fear of intrusion into an individual's daily life, as well as concerns related to the relinquishing of personal information.10
User acceptance of biometric devices and authentication processes are key factors to the success of a biometric system. If users are fearful, hesitant, or uncomfortable around these systems, improper usage and implementation problems will surely follow. To achieve a functional implementation, bio-metric systems need to be easy to use and "transparent" to end users. While many individuals have become more comfortable with biometric measurements, many still retain negative perceptions of the technology. Some authors argue that in spite of a potential resistance to biometrics, the technology will ultimately be used for authentication and identification purposes.1,9 Specific implementations that offer ease of use can go a long way toward transforming the negative end-user perceptions into a positive experience. What remains for the designers is a challenging task to mentally and psychologically prepare the general public for the new technology.
There have been studies that focused on the adequacy of specific technological devices2 and also limited surveys of general population about the subject-area.4,7 Specific implementations where users are forced to use the technology were used to query the users' feelings towards the devices in Deane.3 In our study, we focused on potential future users of biometrics who have the choice between using and not using the technology. We attempt to examine what are their perceptions of biometrics prior to a system implementation. Then we introduced a hypothetical system and queried the potential (and voluntary) users about their concerns and apprehensions related to the technology. Our goal was to see how much technologically-aware individuals know about the technology and if they see any benefits of it given a choice to use it, which influenced our sampling choice.
We surveyed university students with a Computer Information Systems (CIS) major because they are associated with a greater affinity, understanding and acceptance of new technologies, which would be required in order to convey the concepts related to biometrics. We surveyed 86 students of a major southeastern U.S. university (45% undergraduates, 29% graduates, 26% did not specify). The average age of the respondents was 21.2 years. The survey consisted of two parts: part one was aimed at gauging the general level of familiarity of the subjects with biometric technology as a whole before mentioning anything specific about university systems. The second part's objective was to measure the subject's perceptions of costs and benefits of a hypothetical on-campus implementation of a biometrics authentication mechanism. The details about the results are discussed here.
General Biometric Awareness
The first section of the survey contained a 26-item instrument that measured the respondents' experiences with a biometric system. We measured several dimensions of familiarity with the technology that coalesced into three distinctive categories: understanding, experience, and interest. The means are presented in Table 1. Questions in the understanding category measured the subjects' overall level of awareness of biometrics at large, their familiarity with a concrete biometric system, and their level of understanding of the topic from a technical perspective (e.g., underlying technology, functionality, and system operation). Questions in the end-user experience category focused on whether the subjects had first-hand experiences as end-users of biometric technologies. Finally, the level of interest in biometrics asked about the amount of interest and the amount of time spent reading about biometric topics.
Although it could be expected that the amount of experience with biometrics was going to be very low for university students (indeed, average of 1.4 out of 7), the level of familiarity and interest was expected to be higher than shown by the results. Depicted in Figures 1, 2, and 3 are distributions of responses to the questionnaire. On the understanding section, 43% indicated "Not at all" on the extent of their familiarity with biometrics, and on the interest section 31% showed that they have no interest in the technology. This was a surprising result given that the subjects were CIS students. From a practical point of view, 77% of subjects had indicated that they never had any hands-on experience with a biometric system.
Specific Biometric Implementation
The main goal of the second part of the survey was to first educate the subjects about biometrics and then to ask them whether, based on their more informed point-of-view, could they see some benefits of a hypothetical on-campus implementation of a biometrics system. More specifically, first, we gave a short explanation of biometrics and the technology involved. Then we proposed a student authentication system that was to be implemented in a university library with the purpose of replacing the usage of student identification cards in order to access the library's resources. Finally, the subjects were asked for their feedback in order to see whether a similar system should be implemented in a university-wide setting, completely eliminating the ID card system in areas such as sport and health facilities, dormitories, on-campus stores, and food outlets. Our questions focused on three specific areas of interest: security, privacy, and willingness to give up personal information.
Security questions were aimed at measuring the extent to which subjects felt that the biometric system would enhance on-campus security. Additional items measured the overall level of benefits that the subjects felt would occur as a direct result of the implementation, however, analysis did not provide sufficient confidence that the subjects were able to differentiate between the two concepts. Consequently, the questions were combined into a measure of perceived security benefits. The second area focused on the subjects' level of concern with issues of privacy associated with the implementation of the system. Finally, questions regarding the willingness to provide personal biometric information for collection, use, and storage were addressed. The average responses to these questions are presented in Table 2.
Of the three areas surveyed, only the privacy concerns show a statistically significant departure from the neutral middle value of 4. In other words, even after explaining to the subjects how the proposed system works and what it can do for them, the opinions toward the system's security benefits were neutral and they showed no significant opinion on their willingness to share their biometric information. On average, they were only mildly concerned with the potential privacy issues associated with the system, however, we were not able to uncover a specific reason for this apprehension.
Furthermore, a look at the individual correlations among the responses (Table 3) reveals that understanding of biometrics, end-user experience, and interest in the technology are highly associated with each other. The strongest relationship is between seeing security benefits and willingness to give up personal information (r=.86), followed by understanding and interest (r=.75) and understanding and experience (r=.67). A noteworthy observation is that high perception of security benefits is more associated with high interest (r=.40) than with either experience (r=.28) or understanding (r=.24).
The levels of familiarity with the biometric technology were quite low overall. It seems that the technology is in the early stages of the "production cycle" when it comes to the minds of the users. Some users had some general idea about the technology, but it was definitely below our expectations. The level of interest in the technology emerged with the highest (relatively speaking) scores, but overall it was again quite disappointing given the recent buzz in the popular media. Given the target sample, it could be argued that end-user experience is going to be low. The survey results confirmed that assumption, but on the other hand, CIS students are expected to be familiar with the cutting-edge technologies and providing them with hands-on experiences should be perhaps a part of the curriculum. In summary, few really understand the technical details or have an extensive experience with the technology. As biometric solutions mature and move from the periphery into the center of user attention, perhaps more people will be informed in greater depth about the biometric systems and their intricacies, stimulating concerns about privacy, security, and other benefits or costs that might exist when biometric technology is used.
Given the low levels of general familiarity and experience with biometrics, it appears that the subjects could not clearly assess the security benefits that such system would provide, nor the potential privacy concerns that are inherent in use of the technology. The overall level of familiarity was so minimal that most students lacked the necessary knowledge to see what privacy issues could arise from the system's implementation. However, they did indicate that privacy concerns might play an important role in their choice of technology usage.
In this study we tried to focus on implementation of a biometric system in a specific setting where users have a choice between accepting or refusing to use it. Most other settings, such as in high security industries, give their users no choice in the matter. Therefore, they might not encounter the same difficulties as in situations where the users of the systems are the organization's customers. At universities, where the students are ultimately customers with a choice, implementations of biometric systems might be met with some level of resistance due to the sensitive nature of identification, storage, and usage of personal data, notwithstanding whether the "sensitivity" is real or only perceived. However, the students in this study failed to show a strong opinion on the privacy issue. By the same token, they mostly failed to express their attitude toward any benefits of the technology as well.
Our findings of low understanding of biometrics among the student population are even more distressing when we consider that CIS students are generally more exposed to new technologies than the population at large, which has major implications for growth in the biometric industry and its acceptance by users. One would expect that university students with a major in computer-related field, more so than other focus groups, would understand and relate to the implications of utilizing biometrics. The lack of knowledge in the student body about the nature of biometrics only underscores the need for education of the general public about the technology. More than anything, generating interest in the topic seems to be a suitable vehicle for improvement in the area of general familiarity, as well as better technical understanding of the subject. Through a better comprehension of the technology, better informed users will be able to achieve a sense of comfort while using it, as well as deeper appreciation for the benefits it provides. A sound understanding of the basic operation will also go a long way towards eliminating apprehensions about privacy issues that are today perceived as one of the inhibiting factors in adoption. Once the potential users can make an informed choice about biometric usage, then the technology can become a transparent part of everyday life where the benefits will outweigh the unavoidable costs.
2. Coventry, L., De Angeli, A., and Johnson, G. Usability and Biometric Verification at the ATM Interface. Proceedings of the conference on Human factors in computing systems. April 2003, Ft. Lauderdale, Florida, 2003.
©2008 ACM 0001-0782/08/0900 $5.00
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.
The Digital Library is published by the Association for Computing Machinery. Copyright © 2008 ACM, Inc.