[Senate Hearing 107-657]
[From the U.S. Government Publishing Office]



                                                        S. Hrg. 107-657
 
 BIOMETRIC IDENTIFIERS AND THE MODERN FACE OF TERROR: NEW TECHNOLOGIES 
                     IN THE GLOBAL WAR ON TERRORISM
=======================================================================


                                HEARING

                               before the

                 SUBCOMMITTEE ON TECHNOLOGY, TERRORISM,
                       AND GOVERNMENT INFORMATION

                                 of the

                       COMMITTEE ON THE JUDICIARY
                          UNITED STATES SENATE

                      ONE HUNDRED SEVENTH CONGRESS

                             FIRST SESSION
                               __________

                           NOVEMBER 14, 2001
                               __________

                          Serial No. J-107-46A
                               __________

         Printed for the use of the Committee on the Judiciary






                       U. S. GOVERNMENT PRINTING OFFICE
81-678                          WASHINGTON : 2002
___________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512-1800  
Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001







                       COMMITTEE ON THE JUDICIARY

                  PATRICK J. LEAHY, Vermont, Chairman
EDWARD M. KENNEDY, Massachusetts     ORRIN G. HATCH, Utah
JOSEPH R. BIDEN, Jr., Delaware       STROM THURMOND, South Carolina
HERBERT KOHL, Wisconsin              CHARLES E. GRASSLEY, Iowa
DIANNE FEINSTEIN, California         ARLEN SPECTER, Pennsylvania
RUSSELL D. FEINGOLD, Wisconsin       JON KYL, Arizona
CHARLES E. SCHUMER, New York         MIKE DeWINE, Ohio
RICHARD J. DURBIN, Illinois          JEFF SESSIONS, Alabama
MARIA CANTWELL, Washington           SAM BROWNBACK, Kansas
JOHN EDWARDS, North Carolina         MITCH McCONNELL, Kentucky
       Bruce A. Cohen, Majority Chief Counsel and Staff Director
                  Sharon Prost, Minority Chief Counsel
                Makan Delrahim, Minority Staff Director
                                 ------                                

   Subcommittee on Technology, Terrorism, and Government Information

               DIANNE FEINSTEIN, California, Chairperson
JOSEPH R. BIDEN, Jr., Delaware       JON KYL, Arizona
HERBERT KOHL, Wisconsin              MIKE DeWINE, Ohio
MARIA CANTWELL, Washington           JEFF SESSIONS, Alabama
JOHN EDWARDS, North Carolina         MITCH McCONNELL, Kentucky
                 David Hantman, Majority Chief Counsel
                Stephen Higgins, Minority Chief Counsel









                            C O N T E N T S

                              ----------                              

                    STATEMENTS OF COMMITTEE MEMBERS

                                                                   Page

Feinstein, Hon. Dianne, a U.S. Senator from the State of 
  California.....................................................     1
Hatch, Hon. Orrin G., a U.S. Senator from the State of Utah......     8
Kyl, Hon. Jon, a U.S. Senator from the State of Arizona..........     4
Thurmond, Hon. Strom, a U.S. Senator from the State of South 
  Carolina.......................................................    72

                               WITNESSES

Atick, Joseph J., Chairman and Chief Executive Officer, Visionics 
  Corp., Jersey City, New Jersey.................................    36
Belger, Monte, Acting Deputy Administrator, Federal Aviation 
  Administration, Washington, D.C................................    10
Haddock, Richard M., President, Drexler Technology Corp., 
  Mountain View, California......................................    45
Huddart, Martin, General Manager, Recognition Systems, Inc., 
  Ingersoll-Rand Co., Campbell, California.......................    40
Kirkpatrick, Michael, Assistant Director, Criminal Justice 
  Information Services Division, Federal Bureau of Investigation, 
  Washington, D.C................................................     5
Lau, Joanna, Chairman and Chief Executive Officer, Lau 
  Technologies, Littletown, Massachusetts........................    52
Lyons, Valerie J., Executive Vice President, World Sales, 
  Identix, Inc., Los Gatos, California...........................    23
Willis, William, Chief Technology Officer, Iridian Technologies, 
  Inc., Moorestown, New Jersey...................................    34

                       SUBMISSIONS FOR THE RECORD

Feinstein, Hon. Dianne and Hon. Jon Kyl, sectional analysis of 
  the Visa Entry Reform Act of 2001..............................    69
Woodward, John D., Jr., Senior Policy Analyst, RAND, Arlington, 
  Virginia, letter...............................................    73









 BIOMETRIC IDENTIFIERS AND THE MODERN FACE OF TERROR: NEW TECHNOLOGIES 
                     IN THE GLOBAL WAR ON TERRORISM

                              ----------                              


                      WEDNESDAY, NOVEMBER 14, 2001

                Subcommittee on Technology,
              Terrorism and Government Information,
                                Committee on the Judiciary,
                                                   Washington, D.C.
    Subcommittee on Technology, Terrorism, and Government 
Information, of the Committee on the Judiciary, Washington, 
D.C.
    The Subcommittee met, pursuant to notice, at 10:05 a.m., in 
Room SD-226, Dirksen Senate Office Building, Hon. Dianne 
Feinstein, Chairman of the Subcommittee, presiding.
    Present: Senators Feinstein, Cantwell, Hatch, Kyl, and 
DeWine.

OPENING STATEMENT OF HON. DIANNE FEINSTEIN, A U.S. SENATOR FROM 
                    THE STATE OF CALIFORNIA

    Chairperson Feinstein. I would like to call the meeting to 
order and welcome the witnesses, as well as the general public, 
to this hearing of the Subcommittee on Technology and Terrorism 
with respect to biometrics. That is the subject for this 
morning's panel.
    I would like to welcome the distinguished ranking member, 
Senator Kyl from Arizona, with whom I have had the great 
privilege of working now for a number of years. And I might 
just say that we feel very similarly on these issues so I think 
it makes for a good working team.
    After the September 11 attacks many Americans began to 
wonder how the hijackers were able to succeed in their plans. 
How could a large group of coordinated terrorists operate for 
more than a year in the United States without being detected 
and then get on four different airliners in a single morning 
without being stopped? The answer to this question is that we 
could not identify them. We did not know they were here. Only 
if we can identify terrorists planning attacks on the United 
States do we have a chance of stopping them. And the biometrics 
technology, the state-of-the-art technology of today, really 
offers us a very new way to identify potential terrorists.
    Now it is true that biometrics would not deter suicide 
bombers who law enforcement and intelligence officials did not 
know about. However, it would make it easier to prevent entry 
by individuals who are known, who are suspected and who might 
try to hide their identity. For example, in the case of at 
least two of the hijackers, authorities had pictures of them as 
suspects prior to the attack and airport cameras actually 
photographed them but because these cameras did not use facial 
biometric systems, security was not alerted and the hijackers 
remained free to carry out their bloody plans.
    We also know that a number of the hijackers easily secured 
false ID cards, cards that they used to disguise their 
identities. If we had biometric devices in place these attempts 
may well--we cannot say for sure, but had a chance of being 
stopped.
    Many experts believe that if we had been using biometrics 
for visa applicants and visa-holders and at customs, baggage 
and passenger checkpoints at airports, we could have 
potentially forestalled the September 11 attack.
    One reason for this hearing is to explore the types of 
biometrics out there and how they can be used by government in 
conjunction with existing infrastructure and databases to 
prevent such attacks. I am concerned about just passing 
legislation mandating that the government use biometric 
technology because we all know horror stories about mandates 
going awry.
    A month ago this Subcommittee heard from Paul Collier, the 
executive director of the Biometrics Foundation, who pointed 
out that the United States has issued 11 million driver's 
licenses and 5 million border crossing cards with biometric 
data but, and I quote, ``There are no systems in place to read 
the biometric data and authenticate the cardholders.'' The 
point is that despite the fact that we have these systems, the 
departments have not put in place the readers. Consequently, 
the systems are wasted.
    So 16 million smartcards have been effectively rendered 
dumbcards by lack of readers. Thus any biometric solution needs 
to be comprehensive and it needs to work.
    Now what is biometrics? Biometric identifiers use unique 
biological information from people. It is fingerprints, it is 
facial structure, it is hand shape, it is the characteristics 
in the iris in our eye. These characteristics, measured, ensure 
that the bearer of the card is who they say they are.
    So a biometric identifier is something that you are, a 
password or a PIN is something that you know, and a key or 
smartcard is something that you have. Biometric identifiers are 
the most secure and convenient way to authenticate and identify 
people because they cannot be borrowed, stolen, forgotten or 
forged.
    I myself went to a street in Los Angeles, Alvarado Street, 
a while back and saw people literally by the dozens purchasing 
fraudulent Social Security cards, fraudulent driver's licenses, 
fraudulent other IDs. I saw where they print them and they did 
a beautiful fraudulent copy in less than 20 minutes and for 
anywhere from $15 to $150 a copy.
    Biometrics make authentication relevant and positive. If 
you take a typical driver's license, which lists a person's eye 
color--blue, brown, green, maybe hazel, black--hundreds of 
millions of other individuals share that basic eye color. If 
you compare iris recognition technology, which also looks at 
the colored portion of a person's eye, the iris, this 
technology can identify around 270 unique characteristics of a 
person's iris and turn these characteristics into a code unique 
to that individual. So only one person alive and only one 
person who had ever lived would have that code and that code 
could easily be put on a driver's license.
    Many people assume that biometrics is something out of a 
high-tech action movie, a fancy expensive gadget with only few 
specialized uses. But, in fact, biometrics has begun to catch 
on, is becoming more and more widespread and is getting cheaper 
every day. In fact, there are $20 biometric devices you buy 
today to attach to your home computer.
    So generally, biometrics can be used in three possible 
ways. It can be used to screen employees and control access to 
sensitive areas. This obviously prevents terrorists from 
getting a job as an airline or airport employee or posing as 
one in order to get access to implement a hijacking. A recent 
GAO audit found that inspectors were able to carry weapons 
around two airport security checkpoints merely by flashing 
false credentials. Such technology is already being used at 
places such as San Francisco International, Chicago O'Hare and 
Charlotte Douglas Airport.
    Secondly, biometrics can be used to compare to a biometric 
database of criminals or terrorists to try to catch and stop 
them. So a terrorist whose picture or fingerprint is in a law 
enforcement database can be stopped before boarding a plane or 
entering the country.
    Now this kind of biometric use is only as good as the 
database it uses. British law enforcement, as well as in 
Keflavik Airport in Iceland, uses this kind of biometric 
technology and currently the FAA is working on a computer-
assisted passenger prescreening system, a system designed to 
use the passenger information system in airline databases to 
determine if an individual poses a security risk. So this 
system would be made infinitely more useful with biometrics.
    Now I have received a number of phone calls from experts on 
biometrics and these experts, including the main biometric 
industry associations and the National Security Agency, have 
suggested that the industry is extremely fragmented, lacks 
minimal standards, and does not work well together, given the 
hypercompetitiveness of the companies. Currently, for example, 
there are about 140 companies trying to sell hundreds of 
different overlapping biometric devices of multiple types. 
These include fingerprints, hands, irises, faces, retinas, 
voice, handwriting, et cetera.
    Now these companies are today aggressively marketing their 
different projects and they are criticizing their competitors. 
There is a lot of confusion about how best biometrics can be 
used in the war on terrorism. But experts are afraid that if 
government does not get involved to provide some order and 
structure, some standards if you will, then the market will 
result in a gradual and uneven adoption of biometric 
identifiers that will continue to leave our country vulnerable 
to terrorist attack.
    There is no doubt in my mind that piecemeal adoption of 
biometrics can be a disaster. For example, the United States 
has issued these 16 million smartcards but there are no systems 
in place to read them.
    I am looking, and I have suggested to the ranking member 
and Senator DeWine, who is here today, that we should also 
explore the creation of an unbiased center, a central 
clearinghouse if you will, that can test, evaluate and set 
these standards for biometric solutions. The center would be a 
federally chartered nonprofit, tax-exempt corporation charged 
with mobilizing both government and the private sector to 
achieve today's most vital national security goal--helping to 
stop terrorism. The center would involve both the government 
and the private sector to be able to advise on how to choose 
and deploy biometric solutions that help detect and deter 
terrorists.
    The center would involve the leading private sector 
biometric institutions. These would include the International 
Biometric Industry Association, the Biometric Foundation, the 
Center for Identification Technology Research at West Virginia 
University, the leading university biometrics center. The 
National Security Agency would be the initial coordinating 
agency for this center and could, at the president's 
discretion, be replaced by the Office of Homeland Security.
    In the bill that Senator Kyl and I have been doing that 
Senators Kennedy and Brownback have just accepted into the 
bioterrorism legislation, we mandate that the centralized 
database--actually it is in the immigration bill--the 
centralized database be under the jurisdiction of the director 
of homeland security, just to avoid some of these problems, but 
the center would work closely with the Biometric Management 
Office at the Department of Defense, which has been chartered 
and funded to provide advice about military uses of biometrics 
to all defense agencies.
    Of course there are many precedents for such a federally 
chartered center. The major one, of course, is the Manhattan 
Project, which enabled the United States to build the atomic 
bomb.
    So this is an idea because I am getting very concerned 
about the conflicting information we have received. Today we 
have two government witnesses that I will introduce directly 
following my colleagues' remarks and then a panel of individual 
companies who are cutting edge companies that have come forward 
with some interesting biometric technology and they will be 
speaking about that technology and they have demonstrations 
which you will see scattered around the room that they will 
share their technology on.
    Now I would like to recognize the very distinguished 
ranking member of this Committee, Senator Kyl.

  STATEMENT OF HON. JON KYL, A U.S. SENATOR FROM THE STATE OF 
                            ARIZONA

    Senator Kyl. Thank you very much, Madam Chairman. I think 
the statement that you have just made summarizes my views and 
as a result I am just going to make one quick point and then 
get on with our witnesses. I know both of us have an obligation 
at noon and so the less you hear from me and the more we hear 
from you, the better.
    We have been at this now for over seven years talking about 
the threats to our society, before those threats materialized, 
talking about the use of technology and it is comforting to me 
now at least to see a lot of colleagues and others saying, 
``You know what? We could use technology in this battle against 
terrorism.''
    So the purpose of this hearing this morning is not only to 
validate that point but to answer a couple of very specific 
questions from experts. How specifically can we use technology, 
especially biometrics, to prevent terrorism, including illegal 
entry into the United States? And what do our governmental 
agencies need by way of legal authority or financial support in 
order to achieve these objectives in a very quick fashion? 
Those are the two questions I have. So to the extent you can 
get directly to those points in your testimony, I would 
appreciate it very much and I will simply put other remarks in 
the record, Madam Chairman.
    Chairperson Feinstein. Thanks very much, Senator Kyl. 
Senator DeWine, do you have comments you would like to make?
    Senator DeWine. No. I am anxious to get to the hearing and 
I just want to thank you, Madam Chairman, for having the 
hearing.
    Chairperson Feinstein. Thank you very much.
    Then we will proceed with the first panel. I will just 
quickly introduce both witnesses and then they will proceed and 
hopefully limit their comments so that we can ask some 
questions back and forth.
    The first is Michael Kirkpatrick of the FBI. Mr. 
Kirkpatrick is a 23-year FBI veteran, currently serves as 
assistant director of the Criminal Justice Information Services 
Division of the FBI. This division is the largest within the 
FBI. It was established in 1992 to serve as the focal point and 
central repository for criminal justice information services in 
the agency.
    We also have Mr. Monte Belger with the FAA. He began his 
FAA career 28 years ago as an entry-level security inspector. 
He now serves as the acting deputy administrator of the FAA. He 
assists the administrator in leading a 49,000-person agency 
responsible for the U.S. aviation system.
    Mr. Kirkpatrick, we will begin with you.

STATEMENT OF MICHAEL KIRKPATRICK, ASSISTANT DIRECTOR, CRIMINAL 
   JUSTICE INFORMATION SERVICES DIVISION, FEDERAL BUREAU OF 
                         INVESTIGATION

    Mr. Kirkpatrick. Good morning, Madam Chairwoman and members 
of the Committee, and thank you for the opportunity to appear 
before the Committee.
    At the Criminal Justice Information Services Division of 
the FBI our mission is to reduce criminal activity by 
maximizing the ability to provide timely and relevant criminal 
justice information throughout the criminal justice community 
and to other appropriate agencies. The Congress and the 
taxpayers have invested almost $1 billion for the development 
and implementation of the sophisticated national computer 
systems housed at our West Virginia complex. Among the programs 
that we operate there of particular interest to the Committee 
this morning is our automated fingerprint identification 
program.
    The FBI has served as the nation's fingerprint repository 
since 1924. During the first 75 years of that stewardship this 
was a manual, very labor-intensive process taking weeks and 
oftentimes months to process a single fingerprint card. With 
the full support of Congress and recognizing the need to 
significantly improve this critical service, the FBI, with our 
partners in the criminal justice community and with our 
partners in private industry, primarily Lockheed Martin, 
Planning Research Corporation and Science Applications 
International Corporation, were able to develop and build the 
Integrated Automated Fingerprint Identification System or IAFIS 
which became operational in July of 1999. The IAFIS provides 
the FBI with the ability to process key biometric fingerprints 
in a totally electronic environment and we do this 24 hours a 
day, seven days a week, 365 days a year.
    Today we have approximately 42,800,000 digitized criminal 
fingerprint records in our database, which is by far the 
world's largest biometric repository of any kind. It is at 
least four times larger than all the fingerprint repositories 
in Europe combined.
    Using this state-of-the-art technology we are able to 
process in-coming electronic criminal fingerprints within two 
hours of their receipt and within 24 hours for in-coming 
electronic civil or applicant fingerprint submissions.
    The IAFIS is a high-volume system with a capacity for 
growth. Last fiscal year we processed over 15 million 
fingerprint submissions, which equals about 1.3 million per 
month. Each day we add over 7,800 new criminal entries which 
are fully electronic-searchable to this database.
    In addition to the tenprint capabilities of IAFIS, it also 
has a significant latent or crime scene fingerprint capability. 
When a latent fingerprint is lifted from a crime scene it can 
be sent in and searched against IAFIS, against the entire 42.8 
million fingerprint records. Using this technique, cold cases 
which are decades old are being solved today which never were 
before. Since the inception of this capability, the FBI's 
laboratory has made over 700 latent identifications, which was 
more than the combined total in the prior 15 years.
    On October 29 the president signed into law the USA Patriot 
Act. On behalf of the FBI I would personally like to thank you 
for the passage of this most important piece of anti-terrorism 
legislation. Pursuant to Section 405 of this law, the report on 
the Integrated Automated Fingerprint Identification System for 
ports of entry and overseas consular posts, I can report to you 
today that the FBI is already working closely with the 
Department of Justice and other federal agencies to prepare the 
report that was called for in the law on the feasibility of 
using the IAFIS to better identify individuals prior to their 
entry into the United States.
    Since the IAFIS is the world's largest biometric database 
with an infrastructure which already connects local, state and 
federal agencies, it is a tool that could be used to move our 
country's security perimeter beyond our borders.
    While the FBI believes that the IAFIS is a national asset, 
its development has also had significant international 
ramifications. On a global front, fingerprints are the most 
widely held and used forms of positive identification. In this 
regard the FBI has taken the lead in an effort to develop 
international standards for the electronic exchange of 
fingerprints. We frequently meet with our colleagues in the 
Royal Canadian Mounted Police and United Kingdom, as well as in 
Interpol, on this topic.
    Technology for the capture, search, storage and 
transmission of fingerprints is widely available and, as you 
will hear today, becoming more economical. Fingerprint 
databases already exist at the federal, state and local levels 
and all existing criminal history records are based on 
fingerprints. I invite the members of the Committee and their 
staffs to West Virginia to visit our complex and to witness 
firsthand this investment in state-of-the-art technology.
    Again I thank you for the privilege of addressing this 
Committee and I am available to answer any questions that you 
may have.
    [The prepared statement of Mr. Kirkpatrick follows:]

Michael D. Kirkpatrick, Assistant Director in Charge, Federal Bureau of 
     Investigation, Criminal Justice Information Services Division

    Good morning Madam Chairwoman and Members of the Committee. I am 
Michael D. Kirkpatrick, Assistant Director in Charge of the FBI'S 
Criminal Justice Information Services Division, or CJIS, and I Thank 
you for the opportunity to appear before this Committee.
    I have served in the FBI for more than 23 years. In that time, I 
have served as a special agent in our Cleveland and Kansas City field 
divisions, and in various supervisory and management capacities in San 
Antonio, Texas; pocatello, idaho; and at FBI headquarters. In 1996, I 
was appointed as an Assistant Special Agent in charge of the New 
Orleans Field Division, where I oversaw investigations throughout the 
State of Louisiana. In August 1998, I was assigned to CJIS. Since my 
arrival in CJIS, I have served as the Chief of the Resources Management 
Section, and as the Deputy Assistant Director of the Policy, 
Administrative, and Liaison Branch. On April 4 of this year, the 
Attorney General approved my appointment as the Assistant Director in 
charge of CJIS.
    CJIS was established in february 1992 and is the largest division 
within the FBI, with a current work force of 2,685. The division is 
located in Clarksburg, West Virginia, on a 986 acre campus. 
Construction of this world class facility started in October 1991 and 
was completed in July 1995, and I am proud to say on-time and under 
budget.
    Our mission is to reduce criminal activity by maximizing the 
ability to provide timely and relevant criminal justice information to 
the criminal justice community and other appropriate agencies. The 
congress and the taxpayers have invested close to one billion dollars 
for the development and implementation of the sophisticated national 
computer systems housed at the West Virginia complex. Among the major 
programs managed and operated out of this division are: (1) the 
national crime information center, and (2) of interest to this 
committee today--the automated fingerprint identification program.
    Since 1924, the FBI serves as the national fingerprint repository. 
For our first 75 years, the processing of incoming fingerprint cards 
was largely a manual, labor intensive process, taking weeks or 
sometimes months to process a single fingerprint card.
    With the full support of congress and recognizing the dire need to 
significantly improve this critical service, the FBI, with our partners 
in the criminal justice community and leaders in private industry, 
including Lockheed Martin, Planning Research Corporation (PRC), and 
Science Applications International Corporation (SAIC), was able to 
develop and build the integrated Automated Fingerprint Identification 
System, or IAFIS. IAFIS became operational on July 28, 1999, and 
provides the FBI with a totally electronic environment in which to 
process fingerprint submissions 24/7/365. Today over 42.8 million 
digitized criminal fingerprint records reside in the IAFIS database, 
which is by far the world's largest biometric repository of any kind. 
It is at least four times larger than all of the fingerprint 
repositories in europe combined.
    Using state-of-the art technology, the IAFIS receives, searches, 
and stores incoming fingerprint submissions, and generates responses 
within two hours of receipt for electronic criminal fingerprint 
submissions and within 24 hours for electronic civil submissions. IAFIS 
is a high volume system with a capacity for growth. In fiscal year 
2001, our fingerprint receipts totaled 15,451,543 (7,991,125 criminal 
and 7,460,418 civil), which equates to 1.3 million receipts per month. 
Our FY 2001 receipts mark a six percent increase over those for the 
previous fiscal year. In addition, each day on average we add 7,853 new 
searchable criminal entries to this database.
    At this point, I have only spoken about IAFIS's ten-print 
capabilities. This system can also process latent fingerprints 
collected as evidence of a crime. When a latent print is lifted from a 
crime scene, a latent fingerprint examiner can initiate a search of the 
entire IAFIS database to determine the suspect's identity. This 
technique has permitted the identification of criminal perpetrators 
from latent prints submitted from previously unsolved, ``cold'' cases. 
Since the inception of this latent search technique, the FBI's 
laboratory division has made 700 latent identifications using IAFIS 
technology. These 700 identifications are more than three times the 
total number of latent identifications made in the 15 years prior to 
IAFIS. These crimes would have otherwise been unsolved. This capability 
has had a tremendous impact on our public safety.
    In response to the september 11 terrorists attacks, CJIS mobilized, 
along with the latent print units of the FBI's Laboratory Division, to 
provide disaster relief. This assistance included our ``flyaway'' 
interim distributed image system, or idis, terminals and remote latent 
fingerprint terminals. These computer systems allow disaster relief 
teams to submit both ten-print and latent fingerprints electronically 
to the IAFIS from remote locations. IDIS systems have also been 
deployed in other recent events, such as the summit of the Americas in 
Quebec.
    Seven IDIS terminals, three latent work stations, and 32 CJIS 
employees were deployed to New York City; Dover, Delaware; and 
Shanksville, Pennsylvania, to Assist with Victim Identification. The 
New York disaster relief team reported 22 successful identifications, 
four using IDIS technology, and two using remote latent fingerprint 
technology. The Pennsylvania disaster relief team made one latent 
fingerprint identification.
    On October 29, 2001, the president signed public law 107-56, the 
usa patriot act of 2001. On behalf of the FBI, I personally want to 
thank you for passage of this most important piece of anti-terrorism 
legislation. I can report that, pursuant to section 405 of this law, 
report on the integrated automated fingerprint identification system 
for ports of entry and overseas consular posts, the FBI is working 
closely with the department of justice and other federal agencies to 
prepare this report on the feasibility of using the IAFIS to better 
identify individuals prior to their entry into the united states. Since 
the IAFIS is the world's largest biometric database, with an 
infrastructure already connecting local, state, and federal agencies, 
it is a tool that could be used to move our country's security 
perimeter beyond our borders.
    While the FBI believes that the IAFIS is a national asset, its 
development has had significant international ramifications. On a 
global front, fingerprints are the most widely held and used form of 
positive identification. In this regard, the FBI took the lead in an 
effort to develop an international standard for the electronic exchange 
of fingerprints. We frequently meet with our counterparts in the royal 
canadian mounted police and the united kingdom, as well as many 
representatives from interpol, on this topic. I am proud to say that 
international standards for the exchange and transmission of 
fingerprints, developed by the FBI, have been accepted by all member 
countries of interpol. We continue to have regular dialogue with our 
international partners in the rcmp, uk, and interpol on matters of 
mutual interest.
    Technology for the capture, search, storage, and transmission of 
fingerprints is widely available and becoming more economical every 
day. Fingerprint databases already exist at the local, state, and 
federal levels, and all existing criminal history records are based on 
fingerprints. As I just stated, international standards have been 
accepted by all interpol member countries. These existing biometric 
systems form the foundation for coordinated domestic and international 
efforts and present opportunities to share information that can improve 
our national security and combat terrorism and trans-national crime.
    I invite the members of this committee to visit the CJIS complex in 
Clarksburg and witness first-hand this investment in state-of-the-art 
technology. In closing, I again thank you for the privilege of 
addressing this committee. I am available to answer any questions the 
committee may have.

    Chairperson Feinstein. Thanks very much, Mr. Kirkpatrick.
    The Ranking Member of the Full Committee has come, Senator 
Hatch, and I would like to recognize him and ask him if he has 
a statement he would like to make.

STATEMENT OF HON. ORRIN G. HATCH, A U.S. SENATOR FROM THE STATE 
                            OF UTAH

    Senator Hatch. Thank you so much, Madam Chairman. I 
certainly appreciate it. I want to thank you and Senator Kyl 
personally for holding this important hearing and I also want 
to thank each of you for your steadfast resolve in helping to 
lead our nation's fight against terrorism.
    Just recently your bipartisan support proved invaluable to 
our efforts to enact the USA Patriot Act of 2001, which 
provided much-needed anti-terrorism tools to our law 
enforcement and intelligence communities. While the USA Patriot 
Act is a critical first step, more can and must be done to 
protect our nation from terrorists.
    In particular, we need to tighten our border security, 
including our overseas embassies and consulates that function 
as our extended borders against terrorists. The Visa Entry 
Reform Act of 2001, recently introduced by the chairwoman, 
Senator Kyl and myself and others, will, by embracing new 
pioneering technologies, enhance our ability to prevent 
terrorists from ever setting foot in this country. As a proud 
cosponsor of this legislation I will help to see to it that it 
is passed into law.
    The key to the legislation is its commitment to the use of 
biometric technology. Biometrics, the science of using physical 
characteristics to identify an individual, has long held 
promise in the areas of law enforcement and immigration. While 
individuals may be able to disguise their appearance 
sufficiently to fool the human eye, the technology we will hear 
described today can thwart the most sophisticated criminal 
mind.
    One use for these technologies is in the immigration area 
where, by using biometric identifiers, we can conclusively 
confirm the identity of those seeking entry into the United 
States. Impersonation would be dramatically curtailed, if not 
eliminated all together. And in conjunction with law 
enforcement and intelligence databases, these technologies will 
enable us to identify potential terrorists before they are 
among us.
    We had just yesterday a group call us claiming that they 
have a very low-cost iris identification system that may be 
very beneficial in these areas. We will be interested in 
following up on that, as we will with what every witness here 
is testifying to today, or at least the witnesses' testimony 
that we will receive today.
    So I want to thank all of you witnesses who have agreed to 
come here to enlighten us and help us to know better what we 
should be doing in these areas and, above all, I want to 
compliment our chairwoman and ranking member for the leadership 
that they have provided against terrorism. And having lived 
through putting together the final anti-terrorism package that 
we have passed, an awful lot of that bill has been the work of 
this Subcommittee and the work of these two bipartisan senators 
who have worked so well together.
    So I wanted to just personally come and congratulate them, 
thank them for the leadership they are providing, and tell them 
I am going to work very closely with them to make sure that 
what they do comes to fruition. And I want to thank each of you 
for helping us to do so. Thank you, Madam Chairwoman.
    [The prepared statement of Senator Hatch follows.]

Statement of Hon. Orrin G. Hatch, a U.S. Senator from the State of Utah

    Madame Chairwoman, I want to thank you and Senator Kyl for holding 
this important hearing. I also want to thank the two of you for your 
steadfast resolve in helping lead our nation's fight against terrorism. 
Just recently, your bipartisan support proved invaluable to our efforts 
to enact the USA PATRIOT Act of 2001, which provided much-need 
antiterrorism tools to our law enforcement and intelligence 
communities.
    While the USA PATRIOT Act is a critical first step, more can--and 
must--be done to protect our Nation from terrorists. In particular, we 
need to tighten our border security, including our overseas embassies 
and consulates that function as our extended borders, against 
terrorists. The ``Visa Entry Reform Act of 2001,'' recently introduced 
by the Chairwoman, Senator Kyl, myself and others, will, by embracing 
new pioneering new technologies, enhance our ability to prevent 
terrorists from ever setting foot in this country. As a proud cosponsor 
of this legislation, I will help see to it that it is passed into law.
    The key to the legislation is its commitment to the use of 
biometric technology. Biometrics, the science of using physical 
characteristics to identify an individual, has long held promise in the 
areas of law enforcement and immigration. While individuals may be able 
to disguise their appearance sufficiently to fool the human eye, the 
technology we will hear described today can thwart the most 
sophisticated criminal mind.
    One use for these technologies is in the immigration area, where by 
using biometric identifiers, we can conclusively confirm the identity 
of those seeking entry into the United States. Impersonation would be 
dramatically curtailed, if not eliminated altogether. And in 
conjunction with law enforcement and intelligence databases, these 
technologies will enable us to identify potential terrorists before 
they are among us.

    Chairperson Feinstein. Thanks very much, Senator Hatch. 
Your comments are very much appreciated. Thank you.
    Now we will turn to Mr. Belger of the FAA.

STATEMENT OF MONTE BELGER, ACTING DEPUTY ADMINISTRATOR, FEDERAL 
                    AVIATION ADMINISTRATION

    Mr. Belger. Thank you. Madam Chairwoman, Senator Kyl, 
Senator Hatch and members of the Committee. I appreciate the 
opportunity this morning to represent the Federal Aviation 
Administration and talk briefly about the availability of 
modern security equipment and the development of future 
technologies, such as biometrics, for use at our nation's 
airports.
    With the support of the Congress we have invested at the 
FAA over $440 million, every dollar that the Congress has 
provided over the past five years, to purchase and deploy 
explosive detection systems, explosive trace detection systems, 
threat image projection x-ray machines, and other technology. 
And in fiscal year 1902, this current fiscal year, we plan to 
spend an additional $293 million, the full production level, 
for explosive detection systems should we receive the 
president's funding request.
    We are aggressively pursuing new technologies that can be 
deployed quickly. For example, in the area of explosive 
detection systems we have three vendors at our technical center 
who are developing a smaller version of explosive detection 
systems and we are working with them to develop and certify 
these systems as quickly as possible.
    In response to one of the recommendations made by one of 
the two rapid response teams that were convened by Secretary 
Mineta, we have been working with both government and private 
sector technical experts to identify security technologies that 
are ready for deployment now, as well as those technologies 
that merit accelerated development.
    As you suggested, Madam Chairwoman, we are getting involved 
and we are trying to bring some structure to these issues, at 
least as they pertain to application at airports, and I just 
want to mention three things that we have done in the past 
several weeks.
    On October 25 we convened a subgroup of one of our security 
research and advisory Committees to evaluate the concepts in 
over 1,200 recommendations that have been made to the FAA. We 
have asked this group, which is both FAA and industry folks, 
for a report of initial short-term recommendations by the end 
of this month and we have also asked that the advisory 
Committee provide a report to us to identify promising longer-
term technologies.
    Secondly, we are sponsoring what is now the third 
international aviation security technology symposium in 
Atlantic City later this month. This symposium will be 
important in helping to identify those technologies that can 
help meet the challenges we face. Right now we have over 40 
vendors who will be present at this symposium later this month.
    And thirdly, directly related to the biometrics issue for 
today, we have already formed an aviation security biometrics 
working group. This group is chaired by the FAA and the 
National Institute of Justice and we have brought together 
Federal agencies, both industry groups and law enforcement 
groups to develop a comprehensive concept of operations and 
application of some of these biometric systems in the aviation 
system and at our airports.
    This group is particularly focusing on areas which 
biometrics can be used to improve aviation security and I 
think, Madam Chairwoman, the three issues I am going to mention 
are identical to the three that you mentioned that our group is 
focussing on. Those are employee identity verification 
protection of public areas through surveillance capabilities 
and passenger identity verification.
    Biometrics that can be applied for purposes of passenger 
and employee identification include iris, hand geometry, 
fingerprint, voice, and facial recognition. And facial 
recognition also has the potential to be used for surveillance 
in public areas of airports.
    Even before the September 11 attacks, some airports, a 
small number, but some airports, had started to test biometrics 
and integrate these systems into their security programs. For 
example, as you mentioned, San Francisco has been using hand 
geometry systems to control access to secured areas actually 
since 1992. Chicago O'Hare installed a pilot system for using 
fingerprint biometrics for increasing both the speed and the 
security checks for cargo truck deliveries at the airport. And 
Charlotte International Airport, in cooperation with U.S. 
Airways, tested a program in which iris recognition technology 
was used to verify employee identification before permitting 
access to secure areas.
    The bottom line from the FAA is that biometric technology 
has the potential to improve aviation security and these 
systems are eligible for funding under the airport improvement 
program.
    As we move ahead, I think we should keep in mind that there 
probably is no one solution, that probably technology by itself 
will not be the solution to the issues that we are facing, but 
these technologies hold great promise. As you also mentioned 
there are some significant challenges and in the world of 
aviation security we are anxious and willing and want to get 
involved to address these challenges and make these systems 
become operational at our nation's airports.
    Our fundamental goal is 100 percent screening of all 
passengers, baggage, airport and airline personnel, and we 
believe that these systems have a role in the future.
    So that concludes my remarks and I will be glad to answer 
any questions.
    [The prepared statement of Mr. Belger follows:]

   Statement of Monte R. Belger, Acting Deputy Administrator of the 
                    Federal Aviation Administration

    Chair Feinstein, Senator Kyl, Members of the Subcommittee:
    I am pleased to appear before you today to discuss the availability 
of security related equipment and the status of the development of 
future technologies, in particular biometrics. In the aftermath of the 
tragedy that occurred on September 11, the Federal Aviation 
Administration (FAA), like the rest of the government, is rethinking 
our approach to security. The assumptions and strategies that were the 
basis of aviation security a few short weeks ago are being reassessed. 
No matter what overall direction and strategies we finally adopt, I 
want to assure you that the employees of the FAA continue to work 
tirelessly to identify and implement needed changes.
    At the outset, I would like to discuss our most recent initiatives 
to ensure that all viable security technologies including biometrics, 
are being adequately considered, and that there is a plan in place to 
quickly take advantage of those promising technologies that can assist 
us in our fight against terrorism. In response to one of the 
recommendations made by the rapid response teams convened by Secretary 
Mineta in the aftermath of September 11, the FAA was tasked with 
working with both government and private sector technical experts to 
identify beneficial security technologies that are ready for 
deployment, as well as those technologies that merit accelerated 
development. We will identify technologies that we can deploy, both 
short term and long term, which can significantly augment the screening 
of passengers, checked luggage, cargo, and airport and airline 
employees.
    The FAA's efforts to increase airport security since September 11 
include the formation of the Aviation Security Biometrics Working 
Group. This working group, chaired by FAA and the Department of 
Justice's National Institute of Justice, has brought together 
representatives of Federal agencies, industry and law enforcement to 
develop a comprehensive concept of operations for the application of 
biometrics in aviation security.
    The biometrics working group has identified four areas in which 
biometrics can be used to improve aviation security: (1) employee 
identity verification and access authorization to secured areas within 
an airport; (2) protection of public areas in and around airports 
through surveillance to prevent harm to airports and aircraft; (3) 
passenger protection and identity verification which would involve 
enrolling passengers in a national identification system, and likely to 
have multiple biometrics; and (4) aircrew identity verification both on 
the ground and en-route. Biometrics that can be applied for the purpose 
of passenger, employee and aircrew identification include iris, hand 
geometry, fingerprint, voice and facial recognition. Facial recognition 
has potential to enhance aviation security through surveillance, as the 
technology matures.
    Prior to the September 11th attacks, airports had started to test 
the utility of biometrics for improving airport security, and 
integrating biometric systems into their security programs. For 
example, San Francisco International Airport has been using hand 
geometry systems to control access to secure areas since 1992. 
Chicago's O'Hare airport installed a pilot system using fingerprint 
biometrics for increasing speed and security for cargo truck deliveries 
at the airport. Also, Charlotte/Douglas International Airport, in 
cooperation with US Airways, conducted a pilot program in which iris 
recognition technology was used to verify employee identification 
before allowing access to secure areas. Additionally, the Immigration 
and Naturalization Service uses the INS Passenger Accelerated Service 
System (INSPASS), a hand geometry technology, at nine international 
airports to expedite frequent travelers' processing into the United 
States.
    Biometric technology has the potential to greatly improve aviation 
security and is one of the most commonly recommended technologies for 
doing so. Although there are still questions regarding this promising 
technology and its effects on the privacy and civil rights of the 
American people, resolving these issues remains a priority for both 
Secretary Mineta and the Administrator. Of course, the new security 
measures have been and would continue to be implemented in a manner 
consistent with our commitment to protecting passenger and employee 
civil rights.
    In addition to the biometrics working group initiative, on October 
25, the FAA convened its security research and advisory committee, 
chaired by John Klinkenberg, Vice-President for Security for Northwest 
Airlines, to work toward achieving our security goals. This Committee 
will evaluate over 1,000 recommendations made to the FAA by various 
industry sources. The Administrator asked that the Committee provide 
her with a report on its initial recommendations by the end of 
November. The Administrator expects the report to identify the most 
promising technologies for providing early security benefits to the 
flying public, as well as their suggested implementation strategies. 
Likewise, the report will identify promising longer term technologies 
that are worthy of accelerated development.
    The FAA is also sponsoring its third International Aviation 
Security Technology Symposium in Atlantic City, New Jersey from 
November 27 through November 30. This symposium will feature numerous 
sessions on diverse security topics including human factors, deployment 
of new explosives detection equipment, emerging technologies, aircraft 
hardening initiatives, cargo screening, and integrated security 
systems. Attendees will have the opportunity to view, first hand, 
vendors' security technologies. The symposium, which is also sponsored 
by the National Safe Skies Alliance, Airports Council International, 
Air Transport Association, and the American Association of Airport 
Executives, was planned before the terrorist attacks, but it is now 
that much more critical for identifying those technologies that can 
help meet the challenges we face in this new era of heightened aviation 
security.
    Now that I have provided an overview of some of our most recent 
security initiatives, I would also like to provide a broader overview 
of our efforts to enhance security through technology. The goal of 
aviation security is to prevent harm to passengers, crew and aircraft, 
as well as to support national security and counter-terrorism policy. 
How we achieve that goal now requires that we take a comprehensive look 
at how airport screening is undertaken from workforce, technology, and 
procedural standpoints. The Administration is looking at all options 
and has not ruled out any alternative at this time.
    Four years ago, the White House Commission on Aviation Safety and 
Security (the Commission) issued 57 recommendations, the majority of 
which focused on improving aviation security. Most importantly, the 
Commission acknowledged that aviation security was a national issue 
that required a national focus and reliable funding. In the area of 
security technology, it was recommended that FAA deploy existing 
security technologies, establish standards for developing technologies, 
and work with other government agencies and industry to develop new 
technologies. Thanks to Congressional support of these recommendations, 
the FAA has spent $445 million in the past 5 years to purchase 
explosives detection systems (EDS), explosives trace detection (ETD) 
devices and threat image projection (TIP) ready x-ray machines. In 
fiscal year 2002, we plan to spend an additional $293 million, the full 
production level for EDS equipment, should we receive the President's 
funding requests.
    One hundred fifty-nine EDS machines have been installed at airports 
across the country and we are working to deploy over 20 more in the 
coming months. In addition, we need to work with the companies that 
manufacture the systems to see how quickly they can produce more 
systems for continued deployment. Products of two EDS vendors have been 
certified and variations of these products are currently going through 
the certification process. Prior to September 11, EDS was primarily 
used to screen checked bags belonging to persons identified by the 
Computer Assisted Passenger Prescreening System (CAPPS). CAPPS allows 
the air carrier to focus EDS screening on a manageable number of 
passengers, for example, those whom we cannot discount as potential 
threats to civil aviation, based on parameters developed within the 
counter-terrorism community and reviewed by the Department of Justice 
to ensure that the methods of passenger selection do not result in 
illegal discrimination. CAPPS also selects passenger bags on a random 
basis for additional screening. In the aftermath of September 11, FAA 
has committed to increasing the number of passenger bags that are 
randomly screened. Furthermore, EDS machines are now running 
continuously at those airports to which they have been deployed, CAPPS 
has been adjusted and passengers and their carry-on items are being 
screened on a continuous basis at the boarding gate.
    In addition to EDS, FAA is currently purchasing ETD devices from 
the three vendors with FAA approved products. These devices can detect 
the presence of explosive materials in a passenger's checked or carry-
on bags. As of last Friday, we had installed 884 ETD devices in 177 
airports across the country.
    Another tool available to test and measure screener proficiency is 
software technology, known as the Threat Image Projection (TIP) system, 
installed on conventional x-ray machines. TIP electronically inserts 
images of possible threats (e.g., a gun, a knife, or an explosive 
device) on a x-ray monitor. The monitors show the image as if it were 
within a bag being screened. Its purpose is to provide training, keep 
screeners alert, and measure screener performance. High scores 
detecting TIP images equate to a high probability of detecting actual 
bombs and dangerous weapons. Not only can TIP data be potentially used 
to assess screener performance over time, but the results can also be 
used to analyze any correlation between performance and experience. New 
images will be added to the FAA-approved TIP library being installed on 
the x-ray machines at the security checkpoints to improve screener 
vigilance and training. To date, 741 of these units have been deployed 
to 75 U.S. airports for checkpoint screening.
    Aside from those technologies approved by the FAA, there are a 
variety of technologies in various stages of development. As is the 
case with other areas in which the FAA has regulatory oversight, FAA 
sets a security standard airlines and airports must meet. It is routine 
in the airline industry for individual carriers or airports to exceed 
FAA standards in certain areas and I think we need to look at how that 
approach might be incorporated with respect to aviation security.
    Although, FAA does not currently require airports or airlines to 
have EDS, if they do have the equipment, we require them to use it. We 
will continue to work aggressively so that every screening checkpoint 
gets the equipment it needs to ensure a more effective aviation 
security system
    We also need to determine whether other security technologies 
currently in development can be effectively used by airlines and 
airports. For example, there are a number of backscatter technologies, 
chem/bio trace detection, and portal screening technologies that are in 
different stages of development. As I mentioned earlier, biometrics 
(e.g., iris and finger print identification) are currently being tested 
in the operational environment. The Rapid Response Team on Airport 
Security also recommended that we should move to a greater use of 
positive identification technologies. We are considering this 
recommendation and we are working with industry to see whether and how 
all of these efforts can be incorporated into airline and airport 
operations to improve aviation security, while upholding America's 
steadfast commitment to the protection of civil rights. To this end, we 
have met and will continue to meet with civil rights groups to discuss 
how we can ensure continued protection of Americans' civil rights as we 
incorporate enhanced security measures, including some of the new 
technologies.
    Just to make sure that we are not missing anything that is out 
there, FAA issued an announcement that appears on our web site 
(www.faa.gov) requesting information about any product or technology 
that could be helpful in improving aviation security. As you can 
imagine, this requires sorting through a great deal of information. So, 
while there does not appear to be a single technology that addresses 
all of our security concerns, we are committed to working through the 
various options available to us.
    The Secretary of Transportation, the FAA Administrator and the 
entire Administration are doing everything in our power to bring the 
nation's air transportation system back into full operation with the 
highest levels of safety possible. Recently, Secretary Mineta directed 
FAA special agents to crack down on airport and air carrier security 
deficiencies by taking decisive steps, including clearing concourses, 
re-screening passengers, and even holding flights where appropriate. 
This action reflects both the Department's and the FAA's unyielding 
commitment to civil aviation security and the restoration of public 
confidence in the nation's air transportation system. It is clear that 
through constant vigilance, the application of new technologies and 
procedures, and assistance from its national and international 
partners, the FAA will succeed in its civil aviation security mission.
    Because civil aviation exists in a dynamic environment, the FAA 
must develop a security system that optimizes the strengths of a number 
of different technologies. This system must be responsive to potential 
means of attack and must be able to anticipate future risk to the civil 
aviation environment. In a democracy, there is always a need to balance 
freedom and security. Our transportation systems, reflecting the value 
of our society, have always operated in an open and accessible manner, 
and we are working hard to ensure that they will do so again.
    This concludes my prepared remarks. I would be happy to answer any 
questions you may have.

    Chairperson Feinstein. Thank you very much. We appreciate 
your comments.
    I will ask two quick questions, the first one to Mr. 
Kirkpatrick.
    In your view, which biometric would be the most effective 
against terrorists? And if you should indicate fingerprints, 
what do you say about the fact that we do not have fingerprints 
for many of our terrorists in the database and part of that 
question is were the fingerprints of any of the September 11 
hijackers in an FBI database?
    Mr. Kirkpatrick. Madam Chairwoman, I think that as Mr. 
Belger said, there is no single biometric application that is 
going to be the be-all-and-end-all. I think you have to look at 
the use that it would be put to.
    Fingerprints would play a very important part in positively 
identifying someone and, along with a digital photograph or 
other biometric, enrolling them in a system and then possibly 
some other type of biometric hand geometry, iris recognition 
could be used to control access in and out of areas.
    To my knowledge, there were none of the September 11 
terrorists who were in the FBI fingerprint database, no.
    Chairperson Feinstein. Thank you very much.
    And one for Mr. Belger. Can you tell me how many airports 
are submitting the fingerprints of their new employees for a 
criminal fingerprint check?
    Mr. Belger. Yes. Today and since December of last year the 
21 airports, what we call the category X airports in this 
country, under legislation that was passed last year have been 
submitting fingerprint checks for all new employees who are 
working as passenger screeners or who are working in secured 
areas of the airport. We would like to extend that to all 
airports and we would like to extend it to all employees, not 
just those that are being hired now but all current employees. 
As the administrator said a couple of weeks ago, we are working 
on a rule to do that and I hope to be able to have that on the 
street very soon.
    Chairperson Feinstein. I think that is extraordinarily 
important in terms of saying to people that our airports are 
secure. How soon do you estimate that will be?
    Mr. Belger. We are talking days.
    Chairperson Feinstein. Days. And that will be for 
everybody--
    Mr. Belger. Yes, we would include--
    Chairperson Feinstein. --who works at an airport. It will 
go back even if--not just new employees.
    Mr. Belger. That is correct. We would like to ensure that 
every employee at every airport who is working as a screener or 
is involved in that process or who has access to the very 
sensitive and secured areas of the airport has gone through a 
criminal history records check, which requires a fingerprint.
    Chairperson Feinstein. Right. And can you tell us what 
biometric technologies the FAA is currently using?
    Mr. Belger. Well, the three airports I mentioned are using 
different systems. We are currently testing and evaluating the 
whole range of capabilities and we are trying, as you 
suggested, to bring some order in the form of a concept of 
operations of how these systems can most effectively be used at 
airports and that is where we are focusing right now. There is 
very little use today at our nation's airports of these 
biometric systems. We are trying as best we can, within the 
aviation world at least, to establish some operational concepts 
and some standards so that we can help our airports pick the 
right ones to use.
    Chairperson Feinstein. I have to ask one more quickly. Do 
you feel you are equipped to set the standards? I do not mean 
that in a derogatory sense. I mean there is just so much 
competition out there; it is very difficult.
    Mr. Belger. It is. I talked to one of the gentlemen this 
morning who is working on this full-time at our technical 
center up in Atlantic City and he expressed that same thought. 
We are doing the best we can. I think we would be delighted to 
work with an organization, as you suggested, that would be 
charged with setting some national standards. We would be 
delighted to do that.
    Chairperson Feinstein. Thank you very much.
    Senator Kyl?
    Senator Kyl. Thank you.
    First Mr. Belger. You indicate that you are working hard to 
I prove the passenger manifest system, would like to make it 
mandatory, and that all airlines would be required to 
participate, and also to expand that to other types of travel--
cruise lines and cross-border bus lines, and the like.
    Is there any way that we can require all passenger manifest 
information prior to departure and boarding, rather than prior 
to arrival? And would it not make sense in trying to prevent 
terrorism to prevent the terrorists from actually boarding the 
actual mode of transportation? How could that all be done?
    Mr. Belger. If I could answer that perhaps in two ways, 
one, for passengers who are departing from the United States, 
we do have a system in the FAA or with the carriers where we do 
apply a preboard screening profiling system which is rather 
effective.
    In terms of arriving passengers into the U.S., which I 
think was the first part of your question, that is really an 
INS and a Customs responsibility more so than the FAA's but 
your suggestion that it would be a good idea to know who is on 
that airplane before they get here is certainly a good one.
    Senator Kyl. It is my understanding that the fingerprint 
check for employees will soon be required for everyone having 
access to secured areas in airports. That includes people like 
food service people and the like, does it?
    Mr. Belger. Yes, sir. It would be anybody who has access to 
those areas.
    Senator Kyl. Now that system is only as good as the 
continued check of the identification of people who are coming 
in and we have evidence that there was on the person of some of 
the people that are being investigated in connection with the 
September 11 events forged documents for different airline 
personnel positions, some of which presumably would permit them 
entry into a secure area. You may determine that John Doe has 
no criminal background and therefore could be hired to work at 
the airport but if someone steals John Doe's identification or 
it is not a tamper-proof kind of identification, what is to 
prevent somebody from gaining unauthorized access today to a 
secure area?
    Mr. Belger. Those are vulnerabilities and we do require the 
airports who issue these identification cards to periodically 
inventory and check to make sure that the cards they have 
issued are, in fact, in the possession of the person they 
issued them to. So we do require them to periodically check 
their database and check the cards that they have issued to 
make sure that they are still in the hands of--
    Senator Kyl. But there is not any biometric identifier 
required today.
    Mr. Belger. That is correct.
    Senator Kyl. There is none today.
    Mr. Belger. That is correct.
    Senator Kyl. Would that not be a necessity, to have 
security?
    Mr. Belger. It would certainly help. No doubt about it; it 
would help to ensure that the person is the person who applied 
for and received that card. We are encouraging airports to go 
ahead and start using these systems. There is really nothing 
today that prevents an airport from--
    Senator Kyl. Well, I think leadership has to come from the 
top and it has to be--this is a matter of national security 
now. I do not think it is sufficient to simply say we have 
encouraged airports to figure out how to ensure the security of 
their own perimeters and of their own personnel.
    We believe, I think, that there has to be a national 
standard applicable to all of the major airports and we believe 
that biometric technology is a way to ensure that the people 
who show up for work can be identified as the appropriate 
people. Should it not be FAA policy to develop that national 
system and try to put it into place as soon as possible?
    Mr. Belger. I believe it is and we are starting to do that. 
We are trying to do that. To the extent that there are other 
folks who are working on national standards, we would love to 
be a part of that.
    Senator Kyl. I think we will be sure you are part of it. 
One of the things that Senator Feinstein pointed out and she 
actually demonstrated this to the audience at the last hearing 
we had is that many federal documents like pilot licenses are 
not fraud-proof. They are, she pointed out, just a little 
cardboard with a perforated edge that you kind of tear out of a 
sheet and obviously there are other documents that permit a 
pilot to gain entry to secure areas but those are the kinds of 
documents that should have a biometric identifier, are they 
not, in your opinion?
    Mr. Belger. I think they should in the future, yes, sir.
    Senator Kyl. Mr. Kirkpatrick, do you agree with that?
    Mr. Kirkpatrick. Yes, sir. I would just add that I think 
that a criminal history check based upon fingerprints could 
serve as a strong foundation upon which the biometrically based 
access systems that you are referring to could be added on top 
of.
    Senator Kyl. Right. One of the things that--this will be my 
last question and it is directed to you. In response to Senator 
Feinstein's first question relating to the terrorists and not 
having fingerprints on them, and so on, you said basically all 
of these tools are useful in different ways for different 
functions. We all understand the need for a national 
fingerprint database to catch criminals here in it U.S. and 
identify people and the like, but it may not be the most useful 
with respect to preventing terrorists from other countries 
coming into our country.
    What we need from you is testimony today and 
recommendations later about how to integrate those systems and 
how to prevent having too many duplicative systems to try to 
reduce the cost so that we have one way of looking at things 
hopefully over time. Any particular thought on that?
    Mr. Kirkpatrick. Well, my thought on that, sir, would be 
that we need to build upon the infrastructure that is already 
in place and have a greater integration of information that 
exists in various different agencies' stovepipe-type systems 
today. I think that the attorney general and the director have 
both spoken very vocally about the need to share information 
better and I think that that would certainly fall underneath 
that.
    Senator Kyl. Thank you.
    Chairperson Feinstein. Senator DeWine?
    Senator DeWine. Madam Chairman, thank you very much.
    Mr. Kirkpatrick, thank you for your testimony. You 
reference Section 405 of the Patriot Act, which is a provision 
that I wrote that you are now beginning to implement. I am glad 
to see that you are moving forward.
    I wonder if you could give us some idea about what the 
FBI's concept is for applying this IAFIS system to the 
embassies. I am sure you have some idea. We are not asking for 
your report yet but maybe a little preview of what is possible 
there.
    Mr. Kirkpatrick. Yes, sir. And this is very preliminary in 
terms of--
    Senator DeWine. We will take it that way.
    Mr. Kirkpatrick. --the concept.
    We believe that livescan fingerprint devices could be 
deployed out at the embassies and consulates to take 10 
fingerprints and also capture a digital photograph of 
individuals who are applying for visas in their home countries. 
Those could then be transmitted to the FBI for a criminal check 
but in addition to that, and this would be a new developmental 
effort, a visa or visitor file could be developed in which 
these could then be stored. When the person arrives at our 
country at the airport or the seaport they could then put down 
one fingerprint, which could be used to verify that the person 
who the checks were done on prior to them coming to our country 
is, in fact, the person who shows up at our borders to enter 
the country.
    Additionally, that could be expanded to use that one 
fingerprint to verify, upon their departure from the country, 
that this is, in fact, the same person leaving. It would give 
you some kind of an inventory of who is here and who is not.
    Senator DeWine. So you really have the potential for two, 
three different uses, at least, different functions, different 
tasks.
    Mr. Kirkpatrick. Yes, sir.
    Senator DeWine. Well, we wish you well. Thank you very 
much.
    Mr. Kirkpatrick. Thank you.
    Senator DeWine. Mr. Belger, let me ask, I do not quite 
understand the FAA's jurisdiction for airport security in 
regard to federal law enforcement and intelligence agencies. 
Who has what responsibility and how are you working together in 
light of the new world after September 11?
    Mr. Belger. Well, in terms of law enforcement and 
intelligence specifically, the FAA first of all is not an 
intelligence-gathering organization. We rely upon the FBI and 
others for intelligence information. We do have within the FAA 
security organization a very good sophisticated intelligence 
analysis capability. We work very closely with the FBI and the 
CIA and others and we actually have people assigned full-time 
to those agencies as liaisons. We are constantly in touch. We 
get information from them. We assess that, along with the 
intelligence agencies, for application for aviation purposes 
and then if it is appropriate, send that information out to the 
airports and the air carriers for implementation.
    Senator DeWine. Has that relationship changed since 
September 11?
    Mr. Belger. Well, I think it has changed over the years. I 
think it is even better and closer than it was before September 
11. We are constantly in touch to the extent that we have 
people at those intelligence agencies representing the FAA.
    Senator DeWine. You talked a little bit about the use of 
technology that electronically captures fingerprints for 
background checks and it is my understanding that airports in 
SEAttle, Los Angeles, Denver, Dallas-Fort Worth, JFK, Chicago 
use that technology to transmit into the database to do the 
background check.
    What is the plan as far as expanding the program? Question 
for either one of you.
    Mr. Belger. I will answer in terms of expanding the 
requirement to other airports. Those large airports that you 
mentioned, they do, most of them, probably all of them, have 
electronic fingerprint transmission capability, which obviously 
speeds up the process. What used to take weeks now probably 
takes a day or two to get a reading back.
    So as we had said earlier, we are in the process of putting 
together a requirement that would expand the requirement to do 
criminal history records checks to all airports. We are also 
making available under the airport improvement program funding 
for those electronic fingerprint machines for any airport to 
purchase should they want to.
    Senator DeWine. What kind of cost is that?
    Mr. Belger. I am not really sure what the cost is. I do not 
think they are real expensive but I honestly do not know, per 
machine, what the cost is.
    Senator DeWine. Thank you, Madam Chair.
    Chairperson Feinstein. Thank you, Senator.
    Senator Cantwell, welcome.
    Senator Cantwell. Thank you, Madam Chair, and thank you for 
holding this important hearing. I know that your commitment and 
Senator Kyl's commitment to this very important issue is 
helping us put a shape and, if you will, face to what we need 
to do in biometrics.
    I was very happy to get language added to the anti-
terrorism bill that specifies that the Department of Justice 
and the Department of State should work together in adopting a 
biometrics standard to be used for the visa program and 
hopefully to be used by our allies abroad in also identifying 
people who want access to the United States. So I think this 
hearing is very helpful in talking about where we have been 
today on biometrics and how we can get that standard 
established.
    Mr. Kirkpatrick, I appreciated your testimony. I wanted to 
ask a few questions about the IAFIS system and where you have 
been today because I think actually part of that technology is 
perhaps a company that is based in Washington State that is the 
basis for that. But your system is currently fingerprint only 
or are you already adding in facial recognition to the 
fingerprint system?
    Mr. Kirkpatrick. We have the capability to store 
photographs in that system. It is at this time not searchable 
by photograph. However, there is the capability to associate a 
photograph with a particular set of fingerprints.
    Senator Cantwell. Do you have any idea of how many records 
like that you have?
    Mr. Kirkpatrick. No, I do not.
    Senator Cantwell. Is it 10 percent or 15 percent?
    Mr. Kirkpatrick. I do not know, no.
    Senator Cantwell. Is the FBI at a point where it is 
recommending that the database should be a compilation of both 
facial recognition and fingerprints or have they made that 
determination?
    Mr. Kirkpatrick. We would like to have a photograph 
associated with every record. We have the capability to store 
that, as I said. We need to work with our partners in state and 
local and other federal law enforcement agencies to make sure 
that they have the capabilities to take those photographs and 
associate them with the records and forward them on to us.
    Senator Cantwell. Given your involvement on an 
international basis, and I believe that the IAFIS system is 
also the basis of what Interpol uses so we have gotten some 
international standards established here, at least as it 
relates to fingerprints; is that correct?
    Mr. Kirkpatrick. FBI fingerprint transmission standards 
have been adopted by Interpol, yes, ma'am.
    Senator Cantwell. And if we were going to go to the next 
level on a broader biometric standard using both facial 
recognition and fingerprints, how do you think we should best 
go about that?
    Mr. Kirkpatrick. Given that there are already international 
standards for fingerprints, I believe that we would have to 
have some type of a concerted international effort to allow the 
routine sharing of those. What we have found, working with some 
of our international partners, is that many times their privacy 
laws are much more restrictive in those countries than even 
here in the United States and that has precluded routine 
sharing of that.
    So it is going to require, I believe, a fairly broad 
diplomatic effort to make that happen.
    Senator Cantwell. And given that you have been involved in 
that before, do you think that is the State Department?
    Mr. Kirkpatrick. We are trying to resolve that. In fact, we 
are very close with one of our international partners to being 
able to routinely exchange electronic fingerprint information 
with them. We are working with another very closely and are 
trying to work through the legalities of doing that. I am not 
sure at this point it is a State Department situation but it is 
certainly something that we would need to focus greater efforts 
on.
    Senator Cantwell. And is it your understanding--I think I 
saw in your testimony that all of the Interpol members have 
adopted that standard? Is that correct?
    Mr. Kirkpatrick. Interpol has adopted the FBI standard for 
electronic transmission of fingerprint information; yes, ma'am.
    Senator Cantwell. So what does that mean as far as the 
Middle East is concerned?
    Mr. Kirkpatrick. It would mean, and I think, as you will 
hear possibly later from some of the biometrics vendors, it 
means that, for instance, fingerprint livescan machines are all 
developed according to this standard so that one company's 
fingerprint capture machine can, if you will, talk to another 
company's and that type of thing. It would mean that the 
fingerprints that are taken by another country electronically 
are in the same format as those here in the United States. It 
allows for a much easier sharing across countries of those 
fingerprints.
    Senator Cantwell. Thank you.
    Thank you, Madam Chair. I see my time has expired.
    Chairperson Feinstein. Thank you very much, Senator.
    Just a quick point of clarification, Mr. Belger. You 
mentioned that a rule is going to be published momentarily 
requiring all employees at airports to have a criminal 
background check. Are these just employees in secure areas or 
all employees? And secondly, how many employees will that 
cover?
    Mr. Belger. It would be employees in two categories. The 
first category would be people who are performing the passenger 
screening functions and supervisors and anybody related to that 
function. And the second category would be all employees who 
have unescorted access privileges to the secure areas of the 
airport. In other words, people who can be on the ramp or in 
the baggage make-up area, around airplanes, in those areas, 
before they, number one, could be employed and number two, 
within a certain time period, they would have to go through a 
criminal background check.
    Chairperson Feinstein. And how many people does this 
involve?
    Mr. Belger. We have estimates at this point but the number 
that I think we are most comfortable with right now is in the 
neighborhood of 700,000 people.
    Chairperson Feinstein. I see. And are airline personnel 
included?
    Mr. Belger. Yes, they are.
    Chairperson Feinstein. Thank you very much.
    Well, we thank you both. You were very helpful. We really 
appreciate your being here this morning. Thank you so much.
    Senator Kyl. Senator Feinstein, I am going to have a series 
of written questions. Because we do want to complete the 
hearing before noon, we need to move to the next panel but I 
have a series of written questions that I would like to get 
both of you to respond to.
    Mr. Kirkpatrick. Yes, sir.
    Senator Kyl. Thank you very much.
    Chairperson Feinstein. Thank you and we will excuse these 
witnesses and ask the following--Dr. Atick, Joanna Lau, Valerie 
Lyons, Bill Willis, Martin Huddart, and Richard Haddock to 
please come forward.
    I am going to, if it is all right with Senator Kyl, just 
proceed and introduce all of you at one time. Then we will 
begin and go right down the table with comments. I would ask 
you to keep your comments to five minutes so we will have an 
opportunity to ask questions.
    I will begin on my right, the audience's left, with Valerie 
Lyons of Identix. She serves as executive vice president of 
world sales of Identix. She was formerly president of Cytel, a 
privately held e-business infrastructure services firm. Identix 
is the leading developer of finger biometric systems and is and 
has already installed biometrics fingerprinting-based screening 
systems for job applicants in some of the nation's largest 
airlines and airports, including United, Continental, JFK, and 
Dulles International Airports.
    Next is Mr. Bill Willis of Iridian Technologies. He joined 
Iridian as chief technology officer this year, brings more than 
20 years of technology management. Iridian is the leading 
developer of authentication technologies based on iris 
recognition, which they claim is the most accurate biometric 
identifier.
    Next is Dr. Joseph Atick of Visionics Corporation. He 
serves as chairman and CEO of Visionics, a company that 
produces facial recognition and fingerprint matching systems. 
Prior to founding Visionics he served at the Computational 
Neuroscience Laboratory at Rockefeller University and prior to 
that, the Neurocybernetics Group at the Institute for Advanced 
Studies in Princeton, New Jersey. He will testify on the 
benefits of facial and fingerprint biometrics and is therefore 
uniquely qualified to speak on the deployment and benefits of 
both products.
    Martin Huddart of Recognition Systems serves as general 
manager of Recognition Systems. This company was founded in 
1986. It specializes in the development of hand geometry 
biometric systems identifying people by the size and shape of 
their hand. The company has 55,000 units installed throughout 
the world and serves clients that includes private industries, 
law enforcement, and the Olympic Games.
    Mr. Richard M. Haddock of Drexler Technology. He has been 
president since 1997 and of LaserCard, a Drexler subsidiary, 
since 1989. LaserCard makes optical memory cards and high 
security ID card systems. It is employed by the Immigration and 
Naturalization Service, the Department of Defense and the State 
Department. These smartcards are variously used as multiple 
entry visas for qualified Mexican citizens, as INS permanent 
resident cards, green cards, and as U.S. Army automated 
manifest cards. Last month LaserCard received a $4.8 million 
order for LaserCard ID cards for the current U.S. border ID 
card program. They currently make about 4 million cards 
annually for North America.
    And then finally, Joanna Lau of Lau Technologies. She is 
the founder and CEO of Lau Technologies. This is a systems 
integration company with decades of experience in the 
development and delivery of high-end electronic systems for 
military applications and secure identification and 
surveillance systems. Lau Technologies and its subsidiaries 
provide security products to the Department of Defense, the 
FAA, the Department of State, and private industry.
    I might say that the company created Viisage Technology, 
which develops facial recognition technologies. This company's 
products are used in a variety of ways, from screening crowds 
at last year's Superbowl to increasing security at airports, 
including Fresno International, to producing digital licenses.
    So we will now begin with Miss Lyons and we will go right 
down the line. Welcome.

STATEMENT OF VALERIE J. LYONS, EXECUTIVE VICE PRESIDENT, WORLD 
          SALES, IDENTIX, INC., LOS GATOS, CALIFORNIA

    Ms. Lyons. Thank you very much. Good morning, Madam 
Chairwoman, Senator Kyl.
    Identix is a biometrics company founded in 1982. We are the 
leading provider of fingerprint biometric technology for 
solutions with criminal justice, airport security and 
commercial markets, headquartered in Los Gatos, California with 
a significant presence here in the Washington metropolitan 
area. Our FBI-certified technology is currently in use 
worldwide to identify criminals, screen job applicants, control 
physical access, protect information and prevent identity theft 
and fraud in cyberspace.
    Fingerprint biometrics are extremely accurate, easy to use 
and already deployed on a large scale. For example, all U.S. 
military recruits and current holders of California driver's 
licenses already have fingerprint images as identification on 
ID cards. As you pointed out though, no one is reading those 
cards. California teachers and day-care providers are 
fingerprinted for background checks.
    With the implementation of the Airport Security Improvement 
Act of 2000, we are proud to have helped airports comply with 
mandated security improvements for the category X airports. 
Identix fingerprint biometric solutions are now in use for 
background checks at the majority of large airports. Those 
include Dulles, Reagan National, BWI, San Francisco, O'Hare, 
Logan, Orlando and Houston's Bush and Hobby Airports. Identix 
also provides applicant screening for United, Continental and 
Horizon Airlines. This law puts in place critical safeguards 
against potential threats and we urge Congress to expand its 
scope to apply to all airports.
    At the back of this room--we can do demos later, as opposed 
to doing those right now--is an Identix fingerprint capture 
device. Those are used for criminal and job applicant screening 
at the airports that I just mentioned. In about 10 minutes time 
an operator can record a forensic quality fingerprint, 10 
fingerprints, and then for job applicants this record is 
transmitted to the U.S. Office of Personnel Management, which 
forwards it to the FBI for a search. The results are sent 
quickly and confidentially to the prospective employers.
    Now when these fingerprints are used as part of a 
comprehensive security effort, fingerprint applicant screening 
can prevent persons from being employed in sensitive jobs who 
have a criminal history, citizenship issues, or who might 
otherwise be connected with unlawful activity. It is important 
to remember that fingerprint checks are effective because there 
are databases against which checks can be made. Virtually all 
police and law enforcement networks worldwide and many border 
entry and visa control systems are fingerprint-based.
    Fingerprint biometric applicant background checking is 
essential as the first step in authenticating employees in 
sensitive jobs. However, once their identity has been 
established, it is important to ensure that this identity is 
not compromised once they become employees and have access to 
secure areas and computers. Today employees are typically given 
a badge and the only connection between the badge and the 
employee is a picture on the badge. There is currently no 
method of ensuring that the badge owner and the user is indeed 
the person that had the background check.
    We can enhance security by putting the fingerprint image, 
which we captured during the applicant processing, on a badge, 
a smartcard, if you will, thereby creating that direct 
relationship between the individual, their badge and the 
background check.
    This smartcard here has a chip on it and the image is on 
this card and no one can use this badge without me and my 
finger.
    Chairperson Feinstein. Could we take a look at that badge? 
Maybe someone could go down and bring it up; that would be very 
useful. Thank you very much. Please continue on.
    Ms. Lyons. This is a biometric doorlock. So with the 
fingerprint image on that badge, you can also prevent or allow 
for physical access to secure areas using a badge with a 
biometric on it. It recognizes my finger image when prompted to 
do so by the badge and it will only open for me, with my badge 
and my finger.
    The same is true for computers. Here is a reading device 
that can be used in concert with the badge to allow only access 
to my computer, again with my badge and my fingerprint, 
assuming my fingerprint image is on that smartcard.
    So while my testimony is focussed on personnel security 
matters, this same approach can be applied to the frequent 
traveler to expedite check-in, boarding for the airline travel, 
and other forms of transportation. Like the employee ID, the 
frequent traveler card starts with a form of identity-proofing 
as might be prescribed by the federal government, something 
clearly more than a driver's license but several forms of 
identification to do identity-proofing. The finger image is 
placed on a smartcard so that the card cannot be exchanged or 
counterfeited.
    However, unlike the employee ID, the frequent traveler card 
would keep the finger image on the card and not in a central 
database. This card would be voluntary. Its principal purpose 
is to authenticate the traveler, promote convenience and 
increase public confidence in our transportation 
infrastructure.
    Fingerprint biometric solutions can raise the level of 
security for travelers without further raising concerns of 
privacy because they hold the image in reference to the 
traveler.
    Madam Chairwoman, we appreciate having the opportunity to 
share our views with the Committee today. We commend you for 
your leadership in focussing attention on the role that 
technology can play in these challenging times. Your recently-
introduced legislation promoting visa reform demonstrates 
another area in which biometric technology can be used to 
enhance homeland security. The use of fingerprint biometric 
technology is already widespread. The technology itself is 
reliable, cost-effective and proven.
    The challenge we all face from 9/11 is to restore safety 
and traveler confidence. Any solution that Congress mandates or 
industry is asked to deliver must be deployed rapidly, reliably 
and integrate with existing processes and current investment. 
Fingerprint biometrics delivers on all those requirements. We 
would be privileged to do whatever we can to improve aviation 
and homeland security through the application of fingerprint 
biometric technology and we look forward to continuing to work 
with you.
    [The prepared statement and attachments of Ms. Lyons 
follow:]

  Statement of Valerie J. Lyons, Executive Vice President of Identix 
                  Incorporated, Los Gatos, California

    Good Morning, Madam Chairwoman, Senator Kyl, and other members of 
the Subcommittee. My name is Valerie J. Lyons and I am Executive Vice 
President of Identix Incorporated. Founded in 1982, Identix is the 
leading global provider of fingerprint biometric solutions for the 
criminal justice, airport security and commercial business markets. We 
are headquartered in Los Gatos, California and have offices in Fairfax, 
Virginia and other cities in the U.S., Europe and Australia. Our 
technology is currently in use around the world. Our FBI-certified 
technology for capturing and managing fingerprint images electronically 
is used to identify criminals, screen job applicants, control physical 
access, protect proprietary information, and prevent identity theft and 
fraud in cyberspace.
    Our fingerprint biometric solutions are extremely accurate, easy to 
use and already deployed on a large scale as a standard procedure. All 
U.S. military recruits and current holders of California drivers' 
licenses have had Identix finger images captured for purposes of 
identification. California teachers and day care providers are 
fingerprinted for background checks.
    With the implementation of the Airport Security Improvement Act of 
2000 in January, Identix fingerprint biometric solutions for background 
checks are now at the majority of large airports, including: Dulles, 
Reagan National, Baltimore-Washington, San Francisco, O'Hare, Logan, 
Orlando and Houston's Bush and Hobby airports. Identix also provides 
job applicant screening for United, Continental, and Horizon airlines. 
This law puts in place critical safeguards against potential threats. 
We urge Congress to expand its scope to apply to all airports.
    On display is the Identix fingerprint capture device used for 
criminal and job applicant screening at the airports I just mentioned. 
In the law enforcement community this is known as a ``livescan'' or 
``tenprint'' machine. Using this machine, the screening process is 
simple and straightforward. In about 10 minutes time, an operator can 
record forensic quality electronic images of the applicant's full ten 
fingerprints. For job applicants, this record is submitted 
electronically to the U.S. Office of Personnel Management, which in 
turn forwards the record to the FBI for a search of its Integrated 
Automated Fingerprint Identification System, known as the ``IAFIS''. 
The results of the IAFIS search are transmitted confidentially to the 
prospective employer within a window of time that varies from a few 
hours to no more than 72 hours. A search of this sort costs 
approximately $35 to $50 per applicant. The cost of the machine ranges 
from $20K to $40K depending on the functionality desired.
    When used in a timely manner as part of a comprehensive security 
effort, fingerprint based job applicant screening can prevent persons 
from being employed in sensitive jobs who have a criminal history or 
are otherwise wanted in connection with unlawful activity. It is 
important to remember that fingerprint checks are effective because 
there are existing, ``back-end'' databases storing fingerprints against 
which checks can be made. Virtually all police and law enforcement 
networks worldwide and many border entry and visa control systems are 
fingerprint based. There is a worldwide network of skilled, 
professional fingerprint examiners and a core set of systems that are 
maintained and updated routinely, as a matter of standard practice.
    Fingerprint biometric based job applicant background checking is an 
essential first step in authenticating employees in sensitive 
transportation and critical infrastructure related jobs. However, once 
this form of identity has been established for workers it is important 
to ensure that their identity is not compromised once they become 
employees and have access to secure areas and computers.
    In many so-called secure enterprises today, employees are given an 
ID Badge for access purposes, however, this method does not ensure that 
the badge owner and user is in fact the person whose background was 
checked.
    To test the integrity of any badging system we can ask 5 simple 
questions:

        1) Is the employee who was cleared by the FBI the same person 
        who receives the badge? The answer should be yes.
        2) Is the rightful badge owner the same person gaining access 
        through a door to a secure area? The answer should be yes.
        3) Can the badge owner gain access through a door to a secure 
        area without a badge? The answer should be no.
        4) Is the rightful badge owner, the same person gaining access 
        to a computer? The answer should be yes.
        5) Can the badge owner gain access to a computer without a 
        badge? The answer should be no.

    We can enhance security through the concept of ``continuity of 
authentication'' for an individual's identity through the direct 
relationship between an individual, their badge, and the background 
check.
    Allow me to demonstrate. On display is the fingerprint based job 
applicant system machine. Here is a smart card ID badge, with a 
fingerprint image on it. The background check results and my badge are 
tied together because they both have the image of my finger. No one 
else can use this badge without me.
    This is a biometric door lock control. It can recognize my finger 
image when it is prompted to do so by this badge. It will only open for 
me with my badge and my finger. The same holds true for my computer. I 
insert this badge into a biometric enabled card reader that scans my 
finger and only I can enter a computer and exercise only the 
authorities assigned to me.
    The ``continuity of authentication'' through biometric based 
badging offers greatly improved security that can be conveniently added 
to many existing systems for a relatively low cost. This approach can 
serve as a first line of defense against individuals who want to 
infiltrate airport facilities or other critical parts of the 
transportation infrastructure.
    The U.S. Department of Defense paid $6 per card for smart card 
stock such as this. A computer can be locked down with biometric 
readers and software that are commercially available from most major 
brands of computer makers for about $100. Doors cost about $1000 per 
door in volume. Biometric based badging takes the next logical step to 
ensure that precautionary measures are in place in a way that maximizes 
background checks and physical access controls.
    This technology and the concepts associated with it can be quickly 
implemented in transportation enterprises through timely and 
coordinated policy and management control. The General Services 
Administration has made smart ID badges available to the Executive and 
Legislative Branches through several vendors. Congress and the 
Administration should examine the merits of using biometric badging 
systems to improve the security of physical and computer access control 
systems in government buildings.
    While my testimony has focused on personnel security matters, our 
approach can also be applied cheaply and conveniently to the frequent 
traveler to expedite check in and boarding for airline travel and other 
forms of transportation. Like the employee ID, the frequent traveler 
card starts with some form of identity proofing, not necessarily an FBI 
check, perhaps a bank process using applicable authority to check 
personal records. Also like the employee ID, a finger image is placed 
on a smart card so that the card cannot be swapped or counterfeited.
    However, very much unlike the employee ID, the frequent traveler 
card would keep the finger image on the card and not in a central 
database. Also unlike a mandatory employee ID, a frequent traveler card 
would be voluntary, its principal purpose being to promote convenience 
and increased public confidence in the U.S. transportation 
infrastructure. There are very real privacy concerns with respect to 
the array of security solutions being considered. Identix believes that 
we can raise the level of security for travelers without undermining 
civil liberties.
    Madame Chairwoman, we appreciate having had the opportunity to 
share our views with you and your colleagues today. We commend you for 
your leadership and vision in focusing attention on the role that 
technology can play in these challenging times. Your recently 
introduced legislation promoting visa reform demonstrates another area 
in which biometric technology can be used to enhance homeland security. 
We would be privileged to do whatever we can to improve safety and 
security in our nation through the application of biometric technology. 
We look forward to continuing to work with you.
    Thank you very much.
    [GRAPHIC] [TIFF OMITTED] T0746.001
    
    [GRAPHIC] [TIFF OMITTED] T0746.002
    
    [GRAPHIC] [TIFF OMITTED] T0746.003
    
                  Securing our Airports and Air Travel
                       prepared by identix, inc.
       Identix authenticates people for secure and trusted access
                authenticating passengers and personnel
                 securing physical and computer access
                                Overview
    The seemingly impossible--four hijacked US airplanes and the 
ensuing tragedy--has proven all too real. In the aftermath, airport 
security has gone under the microscope for examination. And there is a 
common realization that restoring safety, security and trust to airline 
travel is critical to our National defense and public psyche.
    However, it is important to realize that airport security concerns 
have been escalating for some time. Not only are airports ``attractive 
targets'' for terrorist activities, they also serve as magnets for 
criminal activities such as theft and smuggling. At the same time, 
airline and airport reliance on computer systems has opened the virtual 
door to hackers as another threat to our skyways.
    Providing protection against these threats presents a special 
challenge. Because airports support activities that are both public--
passengers, visitors and airport employees--and private--such as air 
cargo and mail--these locations are part transportation hub, shopping 
mall and industrial complex. As a consequence, requirements for public 
safety and security are a hybrid of both commercial and industrial 
needs similar to a small or medium-sized U.S. town or city.
    The resulting challenge is to balance security, safety and 
government regulatory compliance with the privacy rights and 
convenience of individuals. Addressing this challenge is the lynchpin 
of ldentix' airport security solution. Today, Identix is the leading 
provider of biometric security solutions for airports and other 
government-regulated organizations.
                  Identix--Airport Security Components
    The Identix airport security approach components consist of 
products available today that can be integrated to:

        Screen airport and airline workers before hiring to ensure no 
        past criminal history;
        Grant physical access rights to different airport locations 
        easily;
        Control access to computer systems; and,
        Uniquely link passengers to their boarding pass, baggage and 
        passport control.
                         Fingerprint Biometrics
    The approach is based on two Identix core technologies: fingerprint 
biometric software and hardware tied to the itrust access control 
platform.
    Identix is the leading provider of finger biometrics for the 
criminal justice, airport security and enterprise markets. Its 
technology is used to identify criminals, screen job applicants, 
control physical access, protect proprietary information, and prevent 
identity theft and fraud. Several million fingerprint templates have 
been enrolled using its technology. Finger biometrics are accurate, 
easy to administer and convenient.
    The itrust Internet access control platform supports multi-factor 
authentication, including finger biometrics, smart cards, facial 
recognition, etc. In addition, itrust is a complete authentication, 
authorization and transaction management solution that allows an 
airport to establish strict multifactor authentication policies to 
ensure the identity of the end-user while maintaining the 
confidentiality of the information.
            Identix Offers a Full Range of Components Today
    No other company offers physical, logical and passenger/personnel 
screening using the same method--the human finger--for immediate and 
cost effective implementation. Identix provides:

        Positive identification and protection of privacy against ID 
        theft;
        Finger biometrics that are convenient, reliable and cost 
        effective;
        Criminal history identification database inquiries;
        FBI-certified products;
        Technology options and form factors to meet your needs; and,
        Easy to use, comprehensive systems administration capabilities.
     Identix--Leader in Providing Biometric Products to Government
    Identix has been working with airports and government agencies 
regarding applicant screening for over 6 years. Already, the company 
has installed job applicant security solutions to the nation's largest 
airports including JFK International, Dulles International, Boston 
Logan, Chicago O'Hare International, Baltimore-Washington 
International, Reagan National, Orlando International and San Francisco 
International.
    The Identix/Sylvan joint venture handles all job applicant 
screening for United, Continental and Horizon Airlines and a 
substantial portion of the American Transportation Association's 
screening needs.
    Because of airport security concerns, Congress has mandated a high 
level of security vigilance and recent events promise even more 
legislation. For instance, the Airport Security Improvement Act of 2000 
took effect in early 2001. This new law clearly signaled Congress' 
intent to improve passenger safety and airport security in the 
following areas:

        Criminal history background checks for all airport employees 
        coupled with identification badges for secure areas;
        Restricted access to certain areas;
        Baggage and cargo loading inspection; and,
        Passenger screening to airport concourses.
    Identix' airport security products not only address this recent 
mandate but also extends the security net to passenger authentication.
     Airport and Airline Employee Identification and Access Control
    Airport security begins with the people who work there. It is 
critical that employees be citizens in good standing with no past 
criminal history. For optimum security, physical and network access 
should be controlled based on specific requirements of the job. The 
Identix approach addresses these issues and integrates identification 
with access control.
    Personnel screening. Before an employee is hired--baggage handlers, 
airport vendors, ticket agents, etc.--background checks are performed 
using fingerprint images which are electronically submitted to the 
FBI's Integrated Automated Identification System (AFIS).
    Employee ID issuance. Once an employee has passed the background 
check, demographic information can be matched with fingerprint 
templates stored in a centralized ID management server database and on 
a smart card.
    Integrated physical and network access authorization. The 
centralized ID management server database defines each employee's 
authorization access path that includes both physical access and 
networks. Access to both physical locations and network nodes can be 
authorized for each location or PC and can require integrated access 
control. For instance, pilots may have access to the cockpit and all 
doors; reservation staff to internal terminal doors but not baggage 
areas and specified PC terminals; baggage handlers may be restricted to 
a few doors in certain areas, etc. A combination of multifactor 
authentication types may be applied depending on security requirements.
    Roaming airline employee authorization. Pilots, flight attendants 
and other airline personnel routinely travel from airport to airport 
requiring authorized access to several locations. Identix provides a 
platform which can recognize and handles remote authentication and 
authorization.
                    Secure Passenger Travel System 
[GRAPHIC] [TIFF OMITTED] T0746.004

    Passenger security requires knowing who the passenger is, where 
they go and what they have with them. This involves a continuous, exact 
match of travelers and their bags to an aircraft passenger manifest.
    Frequent flyer ID card. As a service to frequent flyers who 
comprise almost 70% of air travelers, membership cards can include 
fingerprint templates that allow road warriors to move from one airport 
to another quickly. Because the smart card requires re-authentication--
a touch of a finger--at each secured access point, security is not 
compromised and customer loyalty rewarded.
    Check-in identification. When a passenger purchases a ticket at the 
counter or electronic ticketing kiosk, background checks are performed 
to identify known terrorists or criminals using automated fingerprint 
images that are electronically submitted to a database of known 
terrorists or criminals. Once a passenger has passed the background 
check, the fingerprint template is stored on a smart card or 2D bar 
code on the passenger's boarding pass.
    Baggage control and matching. At the curb or at the ticket counter, 
each baggage claim ticket is marked with the passenger's same 
fingerprint template stored on a smart card or 2D bar code on the 
boarding pass. Now, airlines can easily and accurately match passengers 
on board with baggage in the hull. Upon arrival, matching the baggage 
claim ticket to the passenger can be accomplished in seconds.
    Boarding identification. Knowing that passengers boarding a plane 
have been identified and cleared is crucial to security. At the gate, 
as the boarding pass is inserted into the kiosk, the passenger is 
authenticated once more using a smart card or 2D bar code on the 
boarding pass. This final step validates the passenger manifest and 
protects passengers from known criminals and terrorists.
             Immigration, Passport and Visa Administration
    Access to the U.S. from many countries usually requires a Visa. 
Imagine the value of identifying foreign visitors prior to a trip and 
linking identity to airline ticket and passport control. At the same 
time, native born and naturalized citizens can enjoy added security as 
they travel from country to country. Currently, some countries have 
already deployed Identix solutions for immigration control.
    Visa and passport issuance. At time of issuance, travelers' 
background can be checked using automated fingerprint images and 
submitted to the FBI (or other agencies such as the INS) for a criminal 
and terrorist history check. The fingerprint template is stored on the 
Visa or passport as a 2D bar code or magnetic stripe or smart card.
    Clearing customs. Upon country entry or exit, the passenger is re-
authenticated with a touch of a finger and compared to the template 
stored on the Visa or passport. The process takes seconds and validates 
that the passenger is not a known terrorist or criminal.
             Identix Balances Privacy Rights with Security
    Today, everyone understands the need for higher levels of security 
to protect the lives of travelers, visitors, and the airline and 
airport personnel who serve them. Yet the question remains, ``At what 
cost to personal privacy?'' Identix is committed to delivering 
biometric solutions that place a priority on maintaining individual 
privacy. At the same time, Identix provides the flexibility to engage 
and enhance security measures on an as-needed basis, so that security 
is appropriate to a person's particular role.
    Identix believes in protecting an individual's privacy. Our 
minutiae-based algorithms analyze the position of the end points and 
junctions of print ridges and create fingerprint templates--
mathematical representation of the print characteristics.
    For identifying criminals or terrorists, the templates are used for 
identification purposes--the process of selecting one person's 
characteristics from a group of records. Called a ``one-to-many'' 
search, the question put to the system is, ``Do you know this 
person?''The algorithm searches the database and returns a result of 
likely candidates. If no match is found, the template is deleted.
    Verification, on the other hand, occurs when a person makes a claim 
to a specific identity. Called a ``one-to-one'' match, the question put 
to the system is, ``Is this person who he claims to be?'' The automated 
system compares the individuals measured characteristics against a 
previously registered record to determine whether the match is valid. 
The templates are used for matching purposes only and are destroyed at 
the match point.
    Of course, the effectiveness of technology is determined by the 
people who implement it and create policies for its use. For this 
reason, Identix is committed to working with officials from airlines, 
airports and government agencies, as well as members of Congress and 
other policymakers, to implement biometric security practices that 
maximize safety while preserving privacy.
                 Identix--Architects of Authentication
    Founded in 1982, Identix Incorporated (AMEX:IDX) develops, 
manufactures and markets the world's leading finger biometric software, 
hardware and services and an open Internet access control platform. 
Identix solutions are installed worldwide to protect proprietary 
information, prevent fraud and identity theft, identify criminals, 
control physical access, safeguard airports, screen job applicants and 
protect patient records. The leader in biometric technology, Identix 
believes it has enrolled millions of fingerprint templates worldwide.
    Identix's products and services are categorized into three major 
groups:
    Finger biometrics--Used in the enterprise to verify the person is 
who they say they are, Identix biometrics protect PCs, laptops, servers 
and PDAs from fraud and unauthorized access. Law enforcement and other 
government agencies use our biometrics to create forensic-quality 
images that can be transmitted directly to AFIS or other identification 
bureaus.
    itrust--Internet access control platform leverages the efficiency 
of conducting business over the Internet while ensuring the trust and 
integrity of transactions with complete authentication, authorization 
and administration tools.
    Consulting services--IT security, engineering sciences and complex 
project management services to the public and commercial sectors.
             Air Travel Safety and Security Recommendations
    1) Expand the Airport Security Improvement Act of 2000 to All U.S. 
Airports. The Act requires an FBI fingerprint background check for any 
individuals applying as a security screener, a screener supervisor, or 
one with privileged access to secure areas of an airport. The Act 
currently applies only to the 20 largest airports in the U.S. It should 
be expanded to include all airports in the U.S., regardless of size.
    2) Implement a Biometric System to Identify Those with Legitimate 
Access to Aircraft, Equipment, Computers and Secure Areas within an 
Airport. Even before the September I I attacks, there were concerns 
raised about the level of physical and computer access security for-
airport personnel. GAO investigators were able to carry weapons around 
two airport security checkpoints using phony credentials. Biometric 
technology, specifically fingerprint imaging, is currently being used 
to control personnel access at Chicago's O'Hare airport. Congress and 
the administration should adopt legislation that would require the FAA 
to use fingerprint and other biometric devices to control physical and 
computer access at airport facilities. This effort could be 
accomplished through the use of a smart card ID badge issued to 
personnel containing a biometric identifier. With a fingerprint image 
biometric, based on an FBI background check, a lost or stolen card 
cannot be used by anyone else.
    3) Create an Electronic Watch List of Suspected Terrorist by 
Integrating Federal Agency ``Back End'' Databases. One of the current 
passenger information shortcomings is the lack of coordination and 
communication among the various agencies monitoring, screening and 
finding suspected terrorists. So called ``watch lists'' are only as 
good as the ``back end'' databases and networks to which they are 
linked. Congress and the Administration should authorize the 
integration of these databases in order to create a more accurate and 
timely ``watch list'' of suspected terrorists and others involved in 
criminal activity. The INS, FBI, State Department, Interpol and 
relevant Intelligence agencies should be party to the database 
integration effort.
    4) Require a Biometric Enabled Match Among Passengers, Boarding 
Pass and Baggage. One of the fundamental elements of airport security 
is information on who passengers are, where they go, and what they have 
with them. The recent attacks were a direct result of passengers on 
planes. In the wake of the TWA Flight 800 disaster, the govermnent 
commission analyzing findings called for a higher standard of passenger 
identification that ties the traveler to his or her baggage, boarding 
pass and flight manifest. This ``iron triangle'' of identity 
authentication provides: positive identification of all travelers at 
all points in the airport, including the gate; accountability for all 
checked baggage against boarding pass, and; complete and accurate 
passenger manifests. Congress and the Administration should adopt 
legislation that requires a standard for airline passenger 
identification derived from the principles of the ``iron triangle'' 
concept, thus enhancing airport and traveler security.

    Chairperson Feinstein. Thanks very much, Miss Lyons.
    Mr. Willis?

STATEMENT OF WILLIAM WILLIS, CHIEF TECHNOLOGY OFFICER, IRIDIAN 
           TECHNOLOGIES, INC., MOORESTOWN, NEW JERSEY

    Mr. Willis. Good morning, Madam Chairman, Senator Kyl. I 
appreciate the opportunity.
    I am representing Iridian Technologies. We are the 
developer of iris recognition technology, a superior biometric 
authenticator that can do both verification and identification. 
As part of our biometric, we do not require having a card. We 
can actually search a database very quickly in a matter of a 
couple of seconds and millions and millions of people. So you 
literally would not have to carry a second piece of 
identification. You just carry your eyes with you, if you will.
    We are able to do that by taking a simple picture of the 
eye with a regular camera that is enhanced to be able to give a 
good quality component of the iris, which is the colored part 
of your eye. We are able to then do the authentication and make 
sure that it is totally distinct, as you said earlier, from any 
other person in the world.
    Senator Kyl made a comment on how we could help 
specifically, if you will give me a moment. How can we use this 
for terrorist information? An example would be being able to 
put that at the borders of our other countries, be able at the 
visa point to take the picture of the iris, put that in a 
central database which only takes a few seconds, and I will be 
happy to show that to you, and then, at the time that they come 
back into the country, do the same test. You can then either do 
that with the card or without a card. That will be actually up 
to you in the deployment and in the cost scenario. If you 
choose to eliminate the cost of the card, you would not have to 
do that.
    There are numerous third-party studies which are available 
upon your request that confirm that the iris is the most 
information-rich and accurate biometric. Iridian has developed 
these proprietary technologies to take advantage of the natural 
characteristics of the human iris to produce products both in 
physical and information security. Again I will show you in my 
five minutes both those things.
    The technology is widely deployed today for both physical 
security in corporate America and in the United States 
government. New imaging products for major manufacturing 
partners of Iridian have created a situation where products are 
ready for deployment today on a very large scale.
    Iris recognition is a natural identification component of 
anti-terrorist security systems. It is capable of high-speed, 
real-time, extremely accurate operations in a very large 
database environment, such as immigration and border security, 
national transportation system security, information network 
protection, and access control for security of critical 
infrastructure assets.
    I have some examples of that. Schiphol Airport in 
Amsterdam, Netherlands is doing that for immigration control of 
the European Union, Heathrow Airport in London in the United 
Kingdom and Douglas International Airport again in Charlotte.
    The tragedies of September 11 have made us keenly aware of 
the fragility of our nation's infrastructure. Iris recognition 
technology can rebalance the equation of open access and 
controlled access without sacrificing the rights of privacy and 
free movement in our society. Americans now understand that it 
is in the country's best interest to manage access to America's 
infrastructure by applying technology in a way that is 
efficient, reliable and trustworthy and Iridian Technologies 
standards ready to make its innovative products available to do 
that.
    Chairperson Feinstein. Thanks very much, Mr. Willis.
    Mr. Willis. I have--
    Chairperson Feinstein. Would you like to show that?
    Mr. Willis. I would like to show that in my five minutes. 
That is why I cut it short.
    Chairperson Feinstein. Proceed. You have your five minutes.
    Mr. Willis. Hopefully I answered the question that you had, 
Senator.
    Two quick ones. I will be able to log on. I have just 
looked at the camera. It has seen me, it knows that it is Bill 
and it is logging me onto the computer. This is what we see for 
information security. Obviously the physical security is only 
as good as the network infrastructure you are going to put on 
it so you make sure that the terrorism is not only at the 
physical layer but also at the information layer, as well. You 
can see that I can from a very comfortable distance be able to 
run this. I will be able to now use this. We see this as an 
example of being able to take access badge-readers off of 
places that are secure, be able to put the camera--you do not 
need the second factor, which would be a card--and be able to 
enroll.
    As you can see, in a couple of seconds you have a picture 
of my eye and at the same time we have the ability to do an 
unlimited database search. So instead of a day or a few hours, 
you literally could have the response within a few seconds if 
there is someone that would be suspected of looking into 
farther.
    [The prepared statement of Mr. Willis follows:]

    Statement of William Willis, Chief Technology Officer, Iridian 
                            Technology, Inc.

    Iridian Technologies, Inc. (Iridian) is the developer of iris 
recognition technology, a superior biometric authenticator that 
performs either verification or identification of a claimed identity. 
Identification is accomplished by a complete search of a database using 
a mathematical representation created from the image of the iris in the 
human eye. Images of the iris, the colored ring around the pupil, are 
acquired by a camera at a comfortable distance, and converted by 
algorithm into a secure IrisCode. This IrisCode is used as a template 
for comparison when a new eye is presented for authentication. Iris 
recognition technology is totally distinct from an earlier and 
unrelated approach, retinal scanning. Retinal scanning relies on an 
active laser probing inside the eye to view the retina at the back of 
the eye. Iris recognition uses the external colored part of the eye via 
a simple photographic image.
    Numerous third party studies [available upon request] have 
confirmed that the iris is the most-information rich biometric. Iridian 
Technologies has developed proprietary technology to take advantage of 
the natural characteristics of the human iris to produce products that 
support both physical security and information security applications. 
Iris recognition was in development from the mid-80's, and its first 
products for physical security were deployed in 1996. The technology is 
widely deployed today for physical security in corporate America and 
the government. New imaging products from major manufacturing partners 
of Iridian Technologies have created a situation where the products are 
ready for deployment on a large scale.
    Iris recognition is a natural identification component of anti-
terrorist security systems. It is capable of high-speed, real-time, 
extremely accurate operations in very large data base environments such 
as Immigration and Border security, National Transportation system 
security, information network protection, and access control for 
security of critical infrastructure assets. Examples of scalable 
deployments include Schiphol Airport, Amsterdam Netherlands, Heathrow 
Airport, London United Kingdom, and Douglas International Airport, 
Charlotte North Carolina.
    The tragedies of September 11 have made us all keenly aware of the 
fragility of our nation's infrastructures. Iris recognition technology 
can rebalance the equation of open access and controlled access without 
sacrificing the rights of privacy and free movement in our society. 
Americans now understand that it is in the country's interest to manage 
access to America's infrastructure by applying technology in a way that 
is efficient, reliable, and trustworthy. Iridian Technologies stands 
ready to make its innovative products available to achieve these ends.

    Chairperson Feinstein. Thank you very much. Very 
interesting. Thank you.
    Dr. Atick?

   STATEMENT OF JOSEPH J. ATICK, CHAIRMAN AND CEO, VISIONICS 
                 CORP., JERSEY CITY, NEW JERSEY

    Mr. Atick. Good morning everyone and thank you for inviting 
me to share with you my views regarding this timely subject.
    I am the CEO and chairman of Visionics. Visionics is a 
company that has pioneered fingerprinting, as well as facial 
recognition. We supply livescan technology to all of the INS 
today, so all immigrants today that apply for citizenship have 
to touch the surface that we make to authenticate or to check 
that they do not have a criminal record. We are in about half 
of the category X airports in about 600 police departments and 
300 courts.
    That is not the part of the business that excites me 
because I see now a new generation of innovative technology in 
the area of fingerprinting that we are producing, which has to 
do with mobility. It has to do with the ability to deploy on-
demand identification in the field. We have deployed in 
California for the first time ever in October a technology that 
allows officers in the field to capture fingerprints, as well 
as facial images on a mobile device and to submit them to the 
local as well as the federal databases to establish if somebody 
is wanted for a crime. The first week of operation alone has 
produced 100 identifications of criminals, including six 
fugitives who were wanted for major drug warrants and 
outstanding warrants. So this is the power of identification 
and I think with innovative technology we can deliver it.
    I want to focus on the other side of our business, which is 
the facial recognition part. This is a technology that I have 
been intimately involved with for the last 14 years when I used 
to be a scientist at Rockefeller and Princeton and it has to do 
with the ability of a computer to establish somebody's identity 
by looking at their image and measuring the physical structure 
of their face.
    The way we are proposing to implement this technology in an 
airport environment would be to use standard video cameras that 
are attached to the frame of the security checkpoint. As people 
walk through that frame, the technology in real time and 
continuously, at a distance in motion, will capture every face, 
will scan every face, convert it into a mathematical code 
called your faceprint. Your faceprint is a very small amount of 
data, about 84 bytes of data, shorter than a quick e-mail 
message that you send to a friend, but it contains the physical 
measurements of your skull and your face and it is identity-
specific. It is unique to you, it does not change with aging 
and it is not affected by viewing conditions and also not 
affected by superficial disguises. If you put facial hair, 
mustache, beard, change your hairstyle, that is not what the 
facial print is doing.
    So what you can do is submit that faceprint automatically 
against a database of known terrorists and criminals so that 
you can ensure that every person boarding the plane has been 
checked against that database. If a match happens, an alarm 
sounds in an alarm-monitoring station, either at the airport or 
somewhere centrally, and then you can dispatch a message to the 
security at the checkpoint and say please interview this 
passenger because his facial structure matches a terrorist. It 
does not create new lines and it does not inconvenience the 
traveling public. It is just behind the scenes, matching faces 
against the watchlist.
    Chairperson Feinstein. Is it instantaneous?
    Mr. Atick. It is instantaneous. It does a million matches a 
second, so you cannot even measure the time it does it. But 
there are concerns and I would like to address them very 
quickly. This is, in my opinion, a powerful tool that should be 
added to the list of tools that we use at the airports, 
including the luggage scanning and the metal detectors, but 
there are two concerns that you have heard about and you will 
continue to hear about as you consider this technology. One is 
the concern for privacy and the other one is the concern for 
accuracy.
    The concern for privacy has to do with the misconception 
that this is an ID system that is identifying every one of us. 
This is not a national ID system. It does not identify you or 
me. It is simply a criminal and terrorist alarm. If your face 
does not match one on the database, on the watchlist, there 
will be no alarm. There will be no record of you even going 
through the system. If there is a match, then somebody 
investigates. The key here is that Congress should make sure 
that watchlists do not get expanded to include noncriminals.
    On the issue of accuracy, I want to say that you may have 
been hearing a lot of conflicting statements, either from 
vendors or from people who have specific agendas. The fact is 
it is very hard to answer the question of how accurate is 
facial recognition in a responsible short sentence because it 
depends on the quality of the images and the degree of control 
that you can implement on the imaging environment.
    Using databases that are available to the FBI and using 
that type of quality, which is all we have today, we have done 
extensive benchmarks since September 11 and we believe, as a 
responsible company, we believe we can deliver the probability 
of capture of a terrorist between 60 to 90 percent probability. 
I am not saying that this is the accuracy of facial 
recognition. I am saying given how bad the images are in the 
FBI databases, we can give you confidence that 60 to 90 percent 
of terrorists will be spotted as they go through metal 
detectors and checkpoints, with very low false alarm rate.
    This, in my opinion, is a phenomenal performance because it 
means that it will deter terrorists from entering into these 
areas because there is a high probability if they do, they will 
be captured.
    One final point. A lot of improvements are being done in 
this area. DARPA is funding a major initiative called Human ID 
at a Distance, which we are part of, and we are in the process 
of beginning to install at two U.S. airports next week, 
including a category X airport. We have been in Keflavik 
Airport for a couple of months now and the belief we have is 
that the experience we have gathered is going to allow us to 
form a consortium of airports that will be tied in together and 
submitting against a common database. We believe we will be 
able to work as an industry with the FBI and the FAA to 
establish standards, as well as potentially down the line a 
better understanding that would help them mandate this 
capability.
    My final sentence is that as a scientist, I am proud to say 
that we have as a country a technology that can make the 
difference in the war against terror and we can make it 
responsibly and peacefully and I would like to see us as a 
nation embarking in evaluating this technology.
    [The prepared statement of Mr. Atick follows:]

     Statement of Dr. Joseph J. Atick, Chairman and CEO, Visionics 
                  Corporation, Jersey City, New Jersey

    Let me begin by stating what I see as the corner stone of our 
defense, as a civilized world against crime and terrorism in this new 
era:
    ``I believe it is our ability--in the context of a free society--to 
identify those who pose a threat to public safety and to prevent their 
actions.''
    Essential to the success of this defense strategy are two 
ingredients:

        (1) Intelligence Data
        (2) Identification Technology such as facial biometrics

    Fact is, terrorists do not emerge overnight. They require 
indoctrination and constant reinforcement over an extended period of 
time. This affords intelligence agencies opportunities to establish 
identities of many of them and to build watch lists. Ultimately terror 
is not faceless.
    Today, even without systematic cooperation between intelligence 
agencies there are watch lists that contain large numbers of terrorists 
and fugitives. Check out the FBI's website for the monthly posting's of 
fugitives.
    According to published news reports--two of the terrorists in the 
September 11 hacking were already on a watch list and were sought by 
the FBI since August 23, a third was already known to the French 
authorities. I suspect we will find out several others were already 
known either to the Germans, Belgium, French, British or Israeli 
intelligence organizations.
    While there is no guarantee that all terrorists will be known in 
advance--at the very least we have the responsibility to try to prevent 
the actions of the thousands already known.
    Given a watch list, the question becomes: does the technology exist 
that can spot these individuals as they enter a country or attempt to 
board a plane?
    The demands on such a technology are very high make no mistake 
about it. Such a technology has to be able to:
    (a) Scale: in the sense that it should work across many security 
checkpoints at hundreds of airports and borders and not just one 
location.
    (b) Sift through more than 600 million travelers per year in the US 
alone and spot terrorists and criminals among them without interfering 
with passenger flow or throughput.
    (c) Function without infringing on the rights or inconveniencing 
the honest majority.
    The good news here is that such a technology exists. It is 
computerized facial scanning such as the FaceIt' face 
recognition technology. I can speak about this technology because I am 
not only the CEO of Visionics, the company that has pioneered and 
commercially developed this technology but I am one of its main 
inventors. I have worked on facial recognition and identification 
technology over the last fourteen years starting with my days as a Head 
of Two research Laboratories in Academia.
    The technology works as follows: FaceIt' automatically 
detects faces in the field of view of a standard video camera, in 
motion, at a distance and without subject participation. It converts 
each visible face into a mathematical code, which captures the relative 
measurements between the landmarks of the human face--know as the 
faceprint.
    The faceprint is a code that only a computer could interpret. It is 
encrypted and cannot be used to reconstitute the image of the face. It 
is unique to a given face and it does not change with age, lighting or 
viewing conditions. It ignores facial hair or other superficial changes 
to the face. In a sense it is a fingerprint in your face.
    The extracted live faceprint is automatically sent via the network 
to a watch list database-residing either locally at the airport or 
centrally say in Washington. If a match exceeds a certain confidence 
threshold, then a human operator at the control room confirms the match 
and alert local security guards to intercept and interview passenger. 
The whole process could be a few seconds. If there is no match then 
there is no memory--the image is dropped.
    The system does not record, store or alter the watch list database 
in any way. The watch list database cannot be hacked into as it only 
accepts faceprint queries through the network.
    Over the years, in the world of aviation security we have seen 
successive technology adoption to enhance security. Today at the 
security checkpoint, X-ray luggage scanners, metal detectors and 
chemical trace detectors are deployed to check for concealed weapons 
and explosives on our body or in our carry-on luggage. I see facial 
scanning and matching against a watch-list as an integral component in 
tomorrow's airport security systems.
    It is time to ensure that airports are no longer safe havens for 
criminals and terrorists. The American public agrees. In a recent 
Harris Poll conducted after September 11, 86% endorsed the use of 
facial recognition to spot terrorists.
    Still there are some questions regarding this solution that have 
come come.
    I would like to quickly address two:

    (1) On the issue of privacy: It is important to emphasize that the 
FaceIt' surveillance system is not a national ID, it does 
not identify you or me. It is simply an alarm system that alerts when a 
terrorist on a watch list passes through a metal detector at the 
airport. If there is no match, I repeat there is no memory.

    Furthermore, such a system delivers security in a non-
discriminatory fashion. FaceIt' technology performs matches 
on the face based on analytical measurements that are independent of 
race, ethnic origin or religion. It is free of the human prejudices of 
profiling.
    We have gone further and have called for Congressional oversight 
and for Federal legislation to ensure that watchlists contain only 
individuals who threaten public safety and to penalize for misuse of 
such technology down the line. Congress will take action in due time 
but at the moment their priorities are focused on the real and present 
danger of terrorism and not the theoretical potential for misuse down 
the line.
    (2) Another question concerns the accuracy of facial recognition
    How accurate is facial recognition?
    There is no responsible short answer to this question as it depends 
on the quality of the images in the database and the degree of control. 
It also depends on whether you are performing 1-to-1 or 1-to-many 
matching and whether you can enroll people or must use existing images 
for watchlist. We believe facial recognition is as accurate as 
fingerprinting if you have control over all these variables. In the 
airport terrorist and criminal alarm scenario we do not have the luxury 
of enrolling terrorists, we have to use the information available to 
intelligence agencies.
    We recently conducted scientific benchmarks on existing and 
simulated terrorist watchlists and they show that the probability of 
spotting any given terrorist can be in the 60-90% with low false alarm 
rates. This is phenomenal because it means that the majority of the 
terrorists and criminals will be spotted using current technology. This 
will deter terrorists from attempting to board planes because if they 
do there is a high probability they will be caught.
    So we must think of facial recognition at airports as a tool like 
the metal detectors and luggage scanners are tools. They enhance 
security tremendously without being technologically perfect. A facial 
scanning system at the security checkpoint will alert security to 
investigate just like they do today when the metal detector beeps.
    I would also like to point out that facial recognition is 
constantly evolving and advancing. The state of the art today is a 
quantum leap of where it was even a year ago let alone 5 years ago and 
of course with the accelerated R&D initiatives underway the technology 
will rapidly become even more reliable and robust. FaceIt' 
has already been used in real world environments and has produced 
significant benefits--Mexican Election System, police Mugshot systems 
in many places around the world, Criminal Alarm systems in London, 
Birmingham, England, Iceland International Airport, Tampa and so on and 
we are seeing accelerated real world adoption based on a real value 
proposition.
    This week we have announced that we are beginning to install facial 
recognition technology at two US airports including one Category X 
airport. The two airports will remain unnamed until the installation is 
completed. These are in addition to what Logan is doing.
                             In Conclusion:
    We owe it to the traveling public to do everything in our capacity 
to ensure their safety. We have the technology today as a nation to 
peacefully and responsibly make a difference in the war against terror 
and to restore the publics trust in the travel process without a cost 
to the privacy of the honest majority. I see no legitimate objection 
why we should not do it.

    Chairperson Feinstein. Thanks very much, Dr. Atick.
    Mr. Huddart?

   STATEMENT OF MARTIN HUDDART, GENERAL MANAGER, RECOGNITION 
    SYSTEMS, INC., INGERSOLL-RAND CO., CAMPBELL, CALIFORNIA

    Mr. Huddart. Thank you, Madam Chairwoman and Senator Kyl.
    My name is Martin Huddart. I am the general manager of 
Recognition Systems. We were the first commercial biometric 
company in the world. We were found in 1986, based in Silicon 
Valley, California. We are now a division of Ingersoll-Rand, a 
Fortune 200, $9 billion company which has a significance 
presence in security and safety through a variety of products 
and services, including the Schlage Lock Company that is 
present in millions of households throughout the world.
    Recognition Systems is certainly a tried and tested 
technology and my testimony today will hopefully demonstrate 
that. We have over 60,000 systems in 80 countries throughout 
the world and there are literally millions of people enrolled 
in our systems.
    Hand geometry is the science of looking at the size and 
shape of your hand. We are looking at 31,000 datapoints making 
90 unique measurements. The interesting part about this 
particular technology, it is very fast, as we will show in a 
demonstration later. It is also very reliable in a coupled of 
environments that I think relate directly to many of the 
environments we have talked about today, such as airports, 
which is a high volume application where you need to process 
large numbers of people, say at an immigration or airport 
access control points. And it is very robust for difficult 
environments--light, heat. We have outdoor units which operate 
at subzero temperatures.
    As we have participated and listened to the on-going debate 
about using technology there is a continuum that starts at 
experimentation and goes through implementation. It is our view 
we are very much on the implementation end of the spectrum. The 
reason is that this technology, many technologies are available 
today and have already been implemented by many private sector 
companies but also many government agencies, and that is what I 
would like to focus on. I want to talk about what has already 
been done, as I think that is a way to look at what can be done 
further, in two key areas that were mentioned in earlier 
testimony. One is immigration, identity verification, which 
could also include passenger verification, and then also access 
control to critical facilities in our national infrastructure, 
including airports as a key example.
    So let us start out with immigration identity verification. 
One of the tasks here is we have a very large haystack to look 
through. Our technology is already being used in programs which 
prescreen travelers through immigration points, which allow the 
immigration officials to focus on the higher-risk passengers, 
and that is leveraging our resources more effectively.
    Inspass is a system that is already using biometrics for 
immigration in the United States and Canada today and it has 
been doing so for the past seven years. Over 50,000 frequent 
travelers to the U.S. are enrolled in this program where they 
can bypass often the long immigration lines at nine North 
American airports, including Dulles, San Francisco, JFJ, 
Newark. Passengers approach this kiosk that you can see on the 
screen. They use a card, the card is used to claim who they 
are, and then the biometric, in this case hand geometry, is 
used to verify that they are actually who they claim to be, and 
this allows expedited arrivals back into the United States.
    A similar system is in place today at Ben Gurion Airport in 
Tel Aviv, Israel, one of the world's most security-conscious 
airports. Twenty-one kiosks process 50,000 passengers per month 
today. This is not a trial; it is in process today. The line to 
get through immigration can go from 60 minutes down to 20 
seconds by verifying the identity of those frequent travelers 
back to Israel. This system will be shortly expanded to the 
Israel-Palestinian border where both hand geometry and face 
recognition with Visionics is being used at the land border, 
also.
    The second area that biometric technology can be used in 
the war against terrorism is employee identity verification. We 
have talked a lot about the fact that cards are not people and 
biometrics is a way to go beyond the security that simple card 
technologies give us today.
    The nuclear industry were the first industry to widely 
adopt biometrics. Over 90 percent of the nation's nuclear 
facilities use hand geometry readers and recognition systems to 
validate the identity of the employees going through the 
facilities and it has been installed for over a decade at many 
facilities, supported by the Department of Energy.
    Airports. We have talked about San Francisco airport is the 
only fully deployed biometric system in the country where all 
airport operations doors are protected with biometrics, with 
over 30,000 employees using the system today. It has been in 
place since 1991.
    FAA regulations currently specify that only authorized 
people are allowed access to the operations areas and San 
Francisco has been very aggressive in interpreting that to mean 
badges are not people; people are people, and using biometrics 
validates that. This was installed during your tenure as mayor 
of San Francisco, Senator, and you are welcome to come visit 
and you may have seen the readers at San Francisco as you have 
passed through there many times.
    Seaports is another area of risk for national 
infrastructure. Rotterdam, the world's largest port and the 
gateway to European commerce, uses hand recognition technology 
to identify and validate the truck drivers who come into the 
petrochemical storage areas, a key area that you want to make 
sure only authorized people are allowed access to.
    Many, many government facilities have already adopted this 
technology, including the Pentagon, the State Department, 
DARPA, several post offices, Federal Reserve Bank, which you 
see in the picture. Many American embassies, which have also 
talked about today, use this technology to protect their 
facilities, and many state prisons systems do the same.
    Private industry has been a long adopter also of this 
technology. For example, the NASDAQ uses this technology to 
protect their service from unauthorized access, to protect the 
trading. Many research labs, banks, office buildings, colleges, 
schools, even day care centers use this technology to make sure 
only authorized parents pick up the children.
    So I will leave you with the words, this is not a test. 
Usually in a security environment that is not a good statement 
but this is actually good news in that we have a significant 
library of identity verification solutions already in place and 
those solutions can be copied and pasted to many different 
areas of risk within our nation.
    And if I can do a very quick demonstration that lasts 30 
seconds?
    Chairperson Feinstein. Fine.
    Mr. Huddart. If I can ask Gordon to help me here, I will 
come around so you can see. This is an example of the 
smartcard, which I enrolled Gordon earlier with. It is a 
contactless smartcard that is a biometric template. You can see 
by the green light at the top of the unit that his identity was 
verified. If I get possession of Gordon's smartcard and I try 
to use it for unauthorized access, if you watch the top of the 
panel you will see the red light and I was rejected and we keep 
a record of that event having taken place.
    I would like to present you with your own card.
    [The prepared statement of Mr. Huddart follows:]

  Statement of Martin Huddart, General Manager, Recognition Systems, 
                       Inc., Campbell, California

    Madam Chairwoman and members of the Senate Subcommittee on 
Technology, Terrorism and Government Information:
    Good morning. I am Martin Huddart, General Manager of Recognition 
Systems, Inc. (RSI) based in Campbell, California, in the heart of 
Silicon Valley.
    We are a pioneer in the application of biometric systems. Our 
primary technology is Hand Geometry. RSI's HandReaders have been 
installed in high security environments around the United States and 
worldwide since 1985. Today, there are more than 60,000 HandReader 
systems installed in 80 countries around the world, reading millions of 
hands every day. We are the industry leader in providing biometric 
technology solutions that protect important U.S. economic, energy, 
military, and transportation infrastructure.
    RSI is a division of Ingersoll-Rand Company (IR), a Fortune 200 
diversified industrial manufacturer and a world leader in security and 
safety. RSI and IR provide integrated security solutions--including 
hardware, biometrics and electronic technologies, software 
applications, maintenance and consulting services to government, 
military, commercial and industrial customers.
    RSI's technology solutions have been installed in high-security, 
high volume access control environments for more than a decade. These 
include over 90 percent of the nation's nuclear power plants, as well 
as in leading scientific laboratories, Federal prisons, commercial 
airports, U.S. military bases, seaport cargo facilities, hospitals, 
universities, government buildings, industrial plants and commercial 
office buildings. Our technology is even used at day care centers to 
protect unauthorized persons from having access to the children.
    In the wake of the terrorist attacks on September 11, one task is 
certain: we must significantly increase and upgrade security not only 
at U.S. commercial airports, but at other critical national 
infrastructure that could potentially be targeted by terrorists. The 
President's establishment of the Office of Homeland Security is an 
important initiative to better coordinate the efforts of more than 40 
Federal agencies. Hearings like this--and others that RSI has 
participated in the past month--can help legislators better understand 
existing and new technologies, enabling you to make critical policy 
decisions that will better protect America's important infrastructure 
from future terrorist attacks.
    Biometric systems lie at the core of technologies that can provide 
heightened security at a variety of infrastructure installations. 
Biometrics is the science of using physical characteristics to identify 
an individual. Modern biometric systems were developed in the 1970s. 
Early commercial products were expensive and therefore limited to very 
high security applications, such as nuclear facilities and 
laboratories. In recent years, developments in microprocessors and 
advanced imaging electronics have greatly reduced the cost and 
increased the accuracy of biometric devices. These developments have 
made biometrics increasingly common in commercial applications for 
access control, and even accurate personnel time and attendance 
monitoring.
    RSI's HandReader was designed to be used in high-volume 
environments, where the identity of hundreds or even thousands of 
individuals must be accurately verified in a quick and efficient 
manner. These devices ensure that only authorized individuals gain 
access to specific places. This technology has been engineered to work 
reliably for a wide variety of users in difficult operating 
environments, including even sub-zero outdoor applications. The 
accuracy, reliability, durability and successful track record of 
biometric hand reading technology is unparalleled in the industry.
    Members of Congress and Federal and local authorities have been 
inundated with proposals for new technologies since September 11. This 
includes many different biometric systems, including hand, iris, 
fingerprint, facial and voice recognition. While there is no 
disagreement that technology has a vital role in finding new security 
solutions for U.S. infrastructure, we must understand that this is not 
the time to experiment with new and unproven systems. Only those 
technologies and products that have already been proven in high-
security environments, and which have an established reputation for 
performance, should be in the forefront of our decision-making 
processes in the weeks and months ahead.
    To this end, one fact is well-established and should be clear: Of 
all the biometric systems currently in use, hand readers are the 
technology that today best meets the essential tests of performance and 
reliability in high-security environments. This is a mature system that 
can be put in place quickly to meet a variety of security applications. 
That is what differentiates this technology from others.
    This technology can be used for different types of security 
applications. One is preventing unauthorized employees from gaining 
access to specific areas and assets. Another is to quickly and 
efficiently identify low-risk users, such as pre-screened airport 
passengers, so that security personnel can focus on a much smaller 
category of people--high-risk passengers. RSI HandReaders can reduce 
the size of the haystack, so we have better chance of finding the 
needle in it.
    RSI has worked with several U.S. Government agencies over many 
years to incorporate biometric systems into their security 
infrastructure. We have worked with the Immigration and Naturalization 
Service, U.S. Department of Energy, General Services Administration, 
Federal Bureau of Prisons, Drug Enforcement Agency, The Federal Reserve 
Board, U.S. Department of State, Federal Bureau of Investigation and 
most branches of the U.S. armed forces.
    The Department of Energy has long realized the weaknesses of 
conventional card based access control systems at nuclear facilities. 
Concerned with stolen or forged access cards, 90% of the nation's 
nuclear facilities installed HandReaders at sensitive access points 
during the 1990s. These installations are not new, they are not a test, 
and they work reliably.
    Given the new security concerns created by the terrorist attacks of 
September 11, I would propose that this proven model of security needs 
to be applied to other critical elements of our national infrastructure 
such as airports, power plants, chemical plants, port facilities, and 
transportation control facilities. There is a critical role for 
Congress and Federal regulatory agencies to play in mandating that new 
security procedures and technologies be put in place.
    Nowhere is there a more immediate security challenge to address 
than that of U.S. commercial airports. Already, this Congress and the 
Department of Transportation have proposed several new initiatives. 
Some of these will take time to implement. One example of how we can 
very quickly improve airport security would be for Congress to improve 
existing Federal regulations to reflect the new security environment we 
all face. For example, the Federal Aviation Administration's directive 
FAR 107.14a mandates that only authorized people are allowed access to 
flight operations at commercial airports. Most airport authorities used 
card-based access systems to implement this mandate. These systems are 
inadequate because they can only accurately identify cards, not people. 
Only a biometric system that reads an individual's hand to provide 
positive identification of that person can do this.
    One U.S. airport which has correctly interpreted the intent of this 
FAA mandate is San Francisco International Airport (SFO). At SFO, all 
30,000 airport employees use RSI HandReaders throughout the entire 
facility. This is not a pilot program or a demonstration project; it is 
an integral component of the airport's security infrastructure. It has 
been in place for more than a decade. This system was installed during 
the Chairwoman's tenure as Mayor of San Francisco. I would urge other 
members of the Subcommittee and the Congress to examine how this 
technology has been used at SFO and to consider utilizing it throughout 
our national air transportation system.
    In addition, while we applaud the Federal government's interest in 
exploring new security technologies through ``pilot'' projects, we must 
understand that these will take time to identify, test and implement. 
Time is our enemy. Therefore, we can ill afford to delay bringing the 
added security benefits of proven biometric applications while we 
investigate potential future enhancements.
    At the top of any national priority list must be the desire to 
improve security and procedures at U.S. airports, seaports, land border 
crossings and high-profile government buildings. In each of these 
areas, hand geometry biometrics is already in use in some of the 
world's most sensitive security environments:

        RSI HandReaders are used not only at San Francisco 
        International Airport and several other leading U.S. airports, 
        but also at Ben Gurion International Airport in Tel Aviv. 
        Passengers returning to Israel insert a simple credit card into 
        a biometric kiosk as a means of presenting their identity. This 
        identity is verified through the placement of their hand in the 
        kiosk. Successful processing can be achieved in 15 seconds, 
        much faster than the hour it can take to clear the regular 
        immigration lines. Similar biometric immigration kiosks have 
        been in place for the past 7 years at 9 North American airports 
        including Dulles, JFK, Newark and Dallas airports as part of 
        the INS sponsored INSPASS program. With over 50,000 frequent 
        travelers enrolled in the program, there are 23,000 pre-
        screened passengers per month using this immigration process.
        A voluntary frequent traveler program is very powerful because 
        it allows officials to focus resources on higher risk 
        individuals and allows pre-screened passenger travelers to 
        proceed quickly through airport security. I will demonstrate 
        how a proximity smart card loaded with a biometric template can 
        be used to validate a passenger's identity in such a program. 
        Also, our vision is that biometric screening processes can be 
        applied to the check in and security check points of an 
        airport, to make sure that the person who checked in is the 
        same one who entered the plane.
        In addition to the airport, the Israeli border crossing 
        application will be extended in 2002 to the provide security at 
        one of the most high-profile land border crossings in the 
        world--the Israeli-Palestinian border crossed by more than 
        50,000 individuals daily. Again, biometric solutions will help 
        manage visa and immigration procedures by reducing the risk of 
        identity fraud.
        Our technology solutions are used at the port facility in 
        Rotterdam, Netherlands, the world's largest seaport facility 
        and the primary sea transport gateway to the European continent 
        to verify the identity of truck drivers accessing petrochemical 
        storage areas.
        U.S. Federal agencies use RSI's HandReaders at sensitive 
        government installations including the Pentagon, U.S. military 
        bases, the State Department, the NSA, DARPA, the US Postal 
        Service the Federal Reserve Bank and American embassies abroad.
        HandReaders protect access to hundreds of critical computer 
        server facilities including the computers which run the Nasdaq 
        stock exchange.
        During the 1996 Olympic games in Atlanta, HandReaders reliably 
        secured access to the Olympic village so that only athletes and 
        authorized personnel entered the secured area.

    As our nation moves forward following the tragic events of 
September 11, the overriding security issue will be to better manage 
identity verification and access control in a variety of high-volume 
environments. While machines can never fully replace highly trained and 
vigilant officials, a biometric hand reader will not get tired at the 
end of the shift, it will never take a day off, it won't ``loan'' its 
access code to cousins, friends or co-workers, and it won't accept a 
forged identity card. When integrated with other security technologies 
and procedures, hand geometry readers can significantly cut down the 
risk of unauthorized individuals gaining access to places and assets 
where they can cause damage.
    I'd like to leave this Subcommittee with a piece of good news. The 
good news is that we can copy from a large library of proven identity 
verification solutions, then cost effectively paste these into the 
highest risk applications of our choice. We urge this Subcommittee, the 
Congress and Federal agencies to support the adoption of processes and 
technologies which will validate the identity of those accessing our 
borders, airports, ports and other critical national assets.
    Thank you.

    Chairperson Feinstein. Thank you. Thank you very much, Mr. 
Huddart.
    Mr. Haddock?

STATEMENT OF RICHARD M. HADDOCK, PRESIDENT, DREXLER TECHNOLOGY 
                    CORP., MOUNTAIN VIEW, CA

    Mr. Haddock. Thank you very much. I thank Senators 
Feinstein and Kyl for having me here today. I only discovered 
yesterday at noon that I was able to come so my remarks are 
perhaps briefer.
    One thing I would like to point out is that Drexler 
Technology Corporation has been the manufacturer of optimal 
memory cards in Silicon Valley for over 10 years and has been 
the supplier to the INS for both the INS's green card, 
permanent resident card, as well as the Department of State's 
border crosser card since 1997 and the supplier to the U.S. 
Army since about 1991.
    The main feature of optimal memory cards is it how very 
large capacity. It has about 500 times more capacity than any 
other type of data storage card used in a wild-type environment 
and coupled with that, it is a very secure medium that allows 
data to be written to an area of the card only once, meaning 
that if you put a biometric on, say, track 1,000, you know that 
no one else can ever change that. This is a key feature that 
caused the INS to adopt the card, to upgrade from their 
previous pink paper card, and essentially stopped all the 
counterfeiting and fraud that they had from that purpose.
    But these cards contain biometrics. They contain the 
digitized color photograph of the card carrier. They contain 
what the INS views as an FBI-quality high resolution greyscale 
fingerprint. From that fingerprint can be extracted minutia 
from any formats because there are a number of proprietary 
minutia formats in the industry and the INS wanted to have a 
format that crossed industry boundaries and therefore, they 
wanted a high resolution image that could be used anywhere by 
anyone if they so authorized it. So it is a flexible biometric 
in that form. They have a digitized signature.
    And in the Department of State version, which was 
implemented a year later, they also have two different 
fingerprint minutia templates.
    To date there are about 10 million of these two cards in 
circulation in the United States held by permanent residents 
and Mexican citizens entering the United States and as such, it 
represents the highest security card in the country, the only 
card containing that type of biometrics in the United States 
and certainly one of the most secure cards in the world in our 
opinion, as well as at INS Forensics Department.
    Part of the thing that I would like to testify here today 
at your panel is that we have been making these cards for over 
10 years and there has been a great deal of interest in putting 
biometrics on the cards because of the high data capacity. I am 
probably the only one here that has business dealings with 
everyone on this panel. I have teamed on subcontracts with 
some; I have been resellers to others. Almost all of these 
technologies have been implemented successfully with optical 
memory cards so for more of an end-user point of view, we have 
a look at all of the biometrics that you are discussing here 
today. And having been involved in looking at biometrics for 
the past 10 years, we feel that we agree with your view of the 
fragmentation of the industry. All of these biometric devices 
have strengths and weaknesses and we have come to the opinion 
that the best thing that can be done is to put more than one 
biometric on a card. I do not think you can choose the right 
one. I think that it takes more than one and the type of 
biometric that should be applied is application-specific. I 
think the FBI testimony pointed that out earlier.
    I think starting off with an FBI-cleared personal clearance 
so you know that you have the right person I think is the right 
basis of issuing a card but after that you can add any types of 
biometrics you want. Essentially with the data capacity 
available in our cards you can put everybody's biometrics on 
this card today. You can verify face, hand, fingerprint, any 
type of biometrics, and use them randomly and selectively.
    This is a key factor because if you choose only one 
biometric, people will focus on that and there can be ways to 
break any given biometric if that becomes the standard for the 
country. So we feel it is much better to include multiple 
biometrics and be able to choose them as you need them and 
randomly, perhaps. Sometimes you use a fingerprint; sometimes a 
hand.
    Additionally, you want to be able to upgrade this. The 
cards you issue need to be available for a long period of time. 
The technology will change; the templates will change. You want 
to be able to add that new technology to the card or adapt it 
without having to reissue cards. And having a secure medium to 
build on, you have the ability to do that.
    In my testimony there are a number of references to 
programs that we have done with many of these vendors and we 
found the advantage of multiple biometrics in actual practice. 
So what we would like to recommend, one thought to leave you 
with is whatever the solution is, that you should consider 
multiple biometrics and also allowing those biometrics to be 
used selectively and perhaps even randomly, given different 
types of security concerns at different points of entry, and so 
forth.
    So that is the substance of what I would like to say today 
and I am available for any questions you may have.
    [The prepared statement of Mr. Haddock follows:]

      Statement of Richard Haddock, President, Drexler Technology 
                 Corporation, Mountain View, California

    Madam Chairperson, distinguished members of the Senate Subcommittee 
on Technology, Terrorism, and Government Information, my fellow 
panelists:
    Thank you for the opportunity to share my professional opinion with 
you regarding the application of biometric identifiers in our global 
war on terrorism. My name is Richard Haddock. I am President and Chief 
Operating Officer of Drexler Technology Corporation, a public company 
located in Mountain View, California, and traded on the NASDAQ as DRXR. 
We market our optical memory card products through our subsidiary, 
LaserCard Systems Corporation.
    I have personally been involved with the invention and 
commercialization of highly secure optical memory cards for more than 
20 years. These unique cards--called LASERCARDS'--have come 
to be known as the ``world's most counterfeit resistant'' 
identification cards.
    This technology was invented here in the United States by Drexler 
Technology, an American company. Drexler manufactures optical cards and 
systems for sale worldwide from our facilities in Silicon Valley. I am 
here today because my company has extensive experience utilizing 
various biometric technologies as part of the unique security design of 
an optical card identification system.
    Each of the technologies discussed by my fellow panel members could 
be and, in some cases, already are being used in secure optical memory 
card identification systems. In fact, ALL of the technologies described 
here today, plus others currently available, could be combined on one 
card to facilitate various levels of secure authorization and multiple 
site interfaces without the need for a central database of personal 
information or required on-line access everywhere identification is 
needed.
    I would like to organize my remarks into three parts--

        1. How to best use biometric identifiers for personal 
        identification;
        2. What a secure identification card is;
        3. Field experience with biometrics on secure ID cards
   How to Best Use Biometric Identifiers for Personal Identification.
    It is important at this point to recognize that I am a technologist 
and not someone who makes public policy. However, as an American, I can 
also see both sides of the long-standing debate over personal privacy 
as it relates to recent discussions in the press about national 
databases and even a national ID card.
    I enjoy my personal freedoms but I am also greatly disturbed by the 
ease with which innocent people can be horribly impacted by persons 
having criminal intent--whether it be by gaining unauthorized access to 
our Nation and its services or by simply stealing one person's 
identity.
    This must stop. And, we have the technology to do so today.
    From my perspective in the Silicon Valley, it seems that the 
primary focus of the current national identification debate is (1) 
whether or not we need a national database containing each citizen's 
personal information; and (2) whether the American public would feel 
comfortable having to show an identification card to receive services.
    From my perspective, there is no question that there needs to be 
some form of national database or, at the very least, a sharing of 
information between key databases to ensure that threats are identified 
and cannot hide. Without such information, how could we ever expect to 
issue valid personal identification of any type?
    The issuance of personal identification, such as drivers licenses, 
must be based upon an assurance that the persons being provided such 
documents are who they say they are and, further, that they are 
qualified to receive specific services and are not perceived to be a 
threat to those services or for any other services for which the 
personal identification might be used. The only way to do this is to 
check their applications against databases deemed appropriate by the 
issuing authority and positively identify them each time they request 
controlled services, such as air transportation. However, those 
databases do not need and should not contain personal information about 
our citizens.
    The requirement that I show personal identification to receive 
services has never concerned me, nor does it appear to concern the 
majority of Americans.
    In addition, I must have shown my drivers license at least a dozen 
times just getting here to meet with you today. It seems that everyone 
wants to see a ``photo ID'' these days. Unfortunately, I would be very 
surprised if anyone who inspected my drivers license could really tell 
if it was a valid ID and that I am really who I say I am.
    That's where biometric identifiers come in.
    As you might expect, my primary concern is the security of the 
personal identification document, itself--how certain can we be that 
the document is valid and that the person presenting it is in fact the 
person authorized by it? This is true whether the document is a 
passport, visa, pilot's license, drivers license, or frequent flyer 
card.
    We can no longer permit any identification document, like a drivers 
license, to be used for higher level authorizations, like airline 
passenger check-in, without first considering the security level of the 
issuance criteria and the security of the document, itself.
    It is this fundamental fact that tends to lead us all into the 
debate about central databases and national identification. In my 
opinion, such a debate is not necessary.
    One central identification database or on-line identification card 
will not solve our Nation's security problem--it is far too complex an 
issue. Such a solution would merely create more problems by requiring 
that extraordinary amounts of personal information must be kept in 
central databases for even the most basic level of service request.
    Even beyond privacy concerns is the technical reality that highly 
centralized, on-line systems are subject to overload, system-related 
failures, hacking, and cyber-terrorism. Creating a central database, 
national identification system that is always online could provide a 
single point of failure for our entire society if our enemies ever 
targeted it.
                 What a Secure Identification Card Is.
    No matter whether it is a drivers license or frequent flyer card, a 
secure identification card is a personal identification document, which 
verifies that a person is who he says he is, is not a threat, and has 
authorization for the requested service or activity.
    As I have said, authorization for the requested service or activity 
must be determined at application and re-validated periodically during 
the life of that authorization. This requires some form of national 
database screening at a level consistent with the security needs of the 
authorization. Such checking can also be used to verify that the person 
is not a potential threat.
    Verifying that the person is really who he says he is requires 
three things: (1) a secure identification card that cannot be easily 
counterfeited; (2) a biometric means to link the person to that card 
with certainty; and (3) a secure automated interface to verify that the 
person and card links are valid.
    To avoid privacy concerns, the databases used during application 
should only be those determined to be relevant to the requested 
services. All other personal data, including biometric identifiers, 
should be retained by the individual on his or her secure 
identification card.
    How would this work?
    When an individual requests specific services or benefits (for 
example, an airline frequent flyer card to minimize check-in delays), 
an application would be submitted, reviewed, and approved. Next, a 
secure card would be issued containing multiple biometric identifiers, 
which can be read and verified by automatic readers at access or 
authorization points.
    When the cardholder requests specific services (such as e-ticket 
check-in at an airport kiosk), the cardholder's identity can be quickly 
run against an on-line threat database without any personal information 
being transmitted from the card. Moving through screening stations, 
such as carry-on inspection and gate check-in at an airport, can be 
accomplished with off-line access control readers. The cardholder would 
be matched against a selected biometric or combination of biometrics 
found on his or her card (such as a fingerprint, iris scan, face, hand, 
or finger geometry). The time required to make such a match, linking 
the cardholder to the card, is less than 5 seconds.
    Please note that I suggested a ``selected biometric or combination 
of biometrics'' in this brief scenario.
    Biometric identifiers are not perfect. Each has a margin for error. 
To avoid rejection as well as the possibility that someone might try to 
defeat a one-biometric system, multiple biometric identifiers are 
highly recommended.
    We have also found that not all locations will necessarily want to 
use the same method of biometric identification. In fact, our 
experience indicates that there is considerable interest in using a 
random combination of biometrics so that the cardholder will not know 
what biometric is being evaluated at any given time. This is definitely 
possible with current technology.
         Field Experiences with Biometrics and Secure ID Cards
    The product we manufacture, the LASERCARD' optical 
memory card, has the highest memory capacity of any standard ISO credit 
card format. This capacity is about 200--500 times more than the 
highest smart ``IC'' cards on the market today.
    More importantly, we have had this high capacity card in the market 
for more than a decade, which has allowed our users to implement any 
and all biometric solutions offered in the market for many years, 
including all you have heard about here today.
    It is due to the optical card's ability to store multiple biometric 
files and templates that almost all industry biometric devices have 
been linked into optical cards, and in most cases, more than one type 
of biometric data has been stored. The permanent, non-erasable laser 
recorded media makes optical cards the natural vehicle for secure, 
biometric based ID cards.
    Examples of these applications include, most significantly, the US 
Immigration and Naturalization Service's Permanent Resident Card (the 
``Green Card''), which contains about 80,000 bytes of biometric 
information. Biometric files are stored in an INS secure partition on 
the card, accessible only through the use of INS controlled secure 
field readers. Included in this data zone are:

        High quality color image of the card holder (as printed on the 
        card surface);
        FBI quality gray scale fingerprint image of the card holder; 
        and
        Digitized image of the card holders signature

    Additionally, the US Department of States' ``LaserVisa'' border 
crossing card for Mexican citizens entering the U.S. has the same 
technology used on it, but adds even more biometric information to the 
card by the addition of two fingerprint minutiae files on the card to 
supplement the full image files stored.
    Together, with more than 10 million of such cards in circulation 
within the US today, these cards represent the largest high security, 
biometrics-based, ID card program in US history. It is estimated that 
by the end of next year, this total will rise to 20 million 
cardholders.
    Many smaller programs have been launched using optical cards and 
biometrics in the past 10 years, and these programs give a good insight 
into what is necessary to achieve a secure and cost-effective ID card 
system.
    We have teamed with Unisys to design a border entry system using 
both Iris Scan and Digital Persona fingerprint systems.
    We have worked in Hong Kong on the implementation of a pilot 
immigration control system there using both Identix fingerprint 
scanners and Recognition Systems Hand Geometry Systems.
    We have implemented Identix fingerprint scanners for a banking card 
in the Czech Republic, and have supplied hand geometry systems to our 
resellers worldwide.
    We have implemented signature verification systems using Checkmate 
systems, and those from CIC. Our cards have been used with voice 
recognition and face recognition, as well as two finger ``Digi-Two'' 
finger geometry biometric systems.
    In short, we believe that we have the most extensive biometric 
based experience of any card supplier, since we have always had the 
ability to store and implement any and all biometrics from a single 
card. No database connection is required for our totally off-line 
verification system approach to these biometric systems.
    Based on this long-term experience with all forms of biometric 
devices, we have developed our own view of the best approach to a 
biometric ID system. The key elements of such a system are:

        Implement more than one type of biometric;
        Allow room to add new biometrics seamlessly;
        Assure off-line verification ability;
        Provide for selection of appropriate biometric based on 
        application requirements; and
        Assure integrity of the biometric files from issuer to user.

    Explaining in more detail:
               implement more than one type of biometric:
    There is no perfect biometric system. All systems have their 
strengths, weaknesses, and vulnerabilities. The selection of a single 
biometric for any large-scale system invites a concerted effort to 
defeat any given biometric, which will be done. This was the experience 
in the Hong Kong pilot, where both fingerprint and hand geometry 
systems were targeted by the test system, and both were shown to have 
vulnerabilities. The same is true for Iris scan and face recognition 
systems. Examples of failure modes include false fingertips, rubber 
hand molds, glass eyes, contact lens, and actors face make-up 
techniques.
    Adding to the complexity is the need to accommodate the disabled 
and handicapped in any public access system. Considerations include:

        IrisScan system needs to accommodate the height ranges from 
        children, wheelchairs, and basketball players, blind eye 
        without eyes or glass eyes.
        Hand Geometry system needs to work in hand size ranges from 
        small children and Asian women's hands through football 
        players, plus the fact that not all people have right hands. 
        Sanitation concerns must be addressed as well, given concern 
        over germs and disease.
        Fingerprint systems need to address the same sanitation 
        concerns as Hand Geometry, plus the ease of false fingertips 
        and other substitution methods. Proprietary template algorithms 
        and changing standards need to be addressed as well. The fact 
        that many older people and some from the manual labor ranks 
        have essentially non-existent or non-usable fingerprints needs 
        to be accommodated as well. The inclusion of all ten 
        fingerprint files and templates onto the card would help to 
        eliminate this problem.
        Face recognition will not be acceptable to many in the Muslim 
        religion and is subject to many ACLU concerns. A best ``one-to-
        one'' match of the highest reliability requires several views 
        to be stored, increasing template file sixes to the range of 
        30,000 bytes. While this is no problem when stored on an 
        optical memory card, it is beyond the range of any other ID 
        card to deal with.
        Signature, voice, fingers, retina, and other biometrics all 
        have similar weaknesses
    In summary, it is our opinion that more than one biometric should 
be implemented on any secure ID card system, and that the selection of 
the biometric to be used by any given application at any given time not 
be known to the cardholder in advance.
    This ``redundant and random'' biometric approach will greatly 
enhance the overall system security, reduce single vendor dependence, 
and allow tailoring the system to accommodate all citizens, regardless 
of their race, religion, age, handicap status, or other limitations 
relative to a given biometric approach.
    It is for the above reasons we recommend the use of two or more 
biometric elements in any secure ID card system.
              allow room to add new biometrics seamlessly:
    Any ID card system storing biometrics in a secure form will have a 
significant card issuing cost, which means card life and updatability 
are important. The INS and Department of State optical cards have a 10-
year expiration period, more than 5 years beyond any smart ``IC'' card 
warranty. This is a long time, and technology will change. The card 
should be capable of being updated and upgraded in this period, as new 
biometrics, software, and application requirements come along. This 
means one of two things--either (1) you have an erasable, changeable 
media, like a smart ``IC'' chip card, and live with the risk of 
changeable and erasable media, or (2) use mediahaving enough 
updateable memory, such as the permanent recording media on the optical 
card, to provide an audit trail to the previous information. This was a 
key feature for both the INS and the State Department in the selection 
of the optical card, since it allows them to update the card without 
the need to re-issue it.
                 assure off-line verification ability:
    Any ID card system should be capable of complete, secure 
verification of the cardholder to the card without any dependence on a 
on-line database, although it may be present. The failure of many 
online systems to be effective, including the INS ``INSPASS'' program, 
is their total dependence on a nationwide 100% uptime, on-line database 
to verify the cardholder ID and allow entry. Most INSPASS system 
downtime is due to network and communication failures and has 
constricted the system implementation to less than 100,000 people 
across the many years the program has been in place.
    Having the ability to completely verify the cardholder off-line, 
using local black-lists in each terminal, would eliminate this problem. 
Additionally, the off-line capability allows the implementation of 
mobile and hand-held reader terminals, which can greatly expand the 
value and usefulness of any ID card system.
  provide for selection of appropriate biometric based on application 
                             requirements:
    Having multiple biometrics on one card means you have the ability 
to select the most appropriate type for a given situation or 
application. Using Hand Geometry on doors, face recognition in terminal 
access points, Iris scan at high security zones, and fingerprints for 
ticket check in, could all be accomplished seamlessly with one card, 
optimizing each technology for a given area. The added benefit of this 
is that the use of multiple biometrics throughout a given system 
greatly enhances the overall system security, since breaching one 
biometric does not cause a total system failure. If such a breach is 
recognized, the system applications could easily be re-programmed to 
select another card biometric, without the need to re-issue cards. 
Given the growth of technology and biometrics in general, this is a 
very important consideration of any new system design.
      assure integrity of the biometric files from issuer to user:
    In any system design using biometrics for ID, it is essential to 
ensure that the biometric file added to the card at the time of 
issuance cannot be tampered with, erased, or substituted. Without such 
safeguards in place, there is no security, since anyone can obtain a 
similar biometric system, create their own biometric template files, 
and substitute them into the valid ID card. All card systems attempt to 
minimize this risk, however, only the non-erasable optical memory card 
can intrinsically eliminate this concern, because the laser writing 
process, like punching holes in paper, is physically impossible to 
erase or overwrite.
    All Smart ``IC'' chip cards hold such critical information in their 
``EEPROM'' memory, meaning ``Electrically Erasable Programmable Read 
Only Memory'', which means no such assurance can be had. No other card 
data storage technology, from barcodes to magnetic stripes, is 
appropriate for secure biometric information that must be updated, yet 
secure.
                                summary
    In closing, I would like to point out that the INS and Department 
of State LaserVisa secure ID cards represent the most advanced 
biometric card systems in the US, and perhaps the world. The cards have 
a minimum of three biometric files each, and are vendor independent in 
their ability to be verified. The card's storage of up to 80,000 bytes 
of biometric data is ten times more biometric information than 
available on any other type of ID card, and yet uses less than 20% of 
the total available card memory.
    Other governments are following the lead of the INS. The Italian 
government has started issuing optical memory-based ID cards as the 
basis of their new National ID card, and tenders from many other 
countries are specifying the use of optical memory upon which to base 
their biometrically secured ID card systems.
    Use biometrics for any ID card system. And for full security, 
flexibility, and long-term system life, the use of more than one 
biometric on the card is highly recommended.
    I will be pleased to answer any questions you may have.

    Chairperson Feinstein. Thank you very much, Mr. Haddock.
    Miss Lau?

 STATEMENT OF JOANNA LAU, CHAIRMAN AND CEO, LAU TECHNOLOGIES, 
                   LITTLETOWN, MASSACHUSETTS

    Ms. Lau. First, let me thank you for giving us the 
opportunity to present here. I want to say that it is 
unfortunate that it often takes a crisis to create an 
opportunity to make change. About 11 years ago my company was 
involved with Desert Storm and that certainly brought us a 
tremendous opportunity during that crisis and also gave us the 
opportunity to learn about the defense and learn more about 
technologies, how it could improve our nation.
    Well, we are now here at an urgency to really make change 
because even though we win the war, we are going to create more 
terrorists around us, so it is important we make change at our 
borders, as well as what is going on here--not only terrorism, 
also the most wanted list that could be endangering us 
domestically, as well.
    That being said, let me say that Dr. Atick basically 
touched on a lot of the basics regarding facial recognitions. I 
am here to also talk about facial recognition so I am not going 
to bore you with all the technical data. Let me go straight to 
the success story.
    Again I think a lot of my colleagues have said this is not 
a test. This is reality. We have spent a lot of money among all 
of us in this technology to try to improve the nation, so the 
timing is just right that we have now come here to answer the 
call. So let me put this to you, some of the success stories, 
some of the events, some of the installations. And, of course, 
in my case I will be just talking facial recognition.
    In Pinellas County, Florida this year we were funded by the 
Congress for the sheriff's office to implement facial 
recognition to assist the jail operations and criminal 
investigations. Within a couple of weeks we found over hundreds 
of individuals who are duplicates, with false IDs and what-not, 
in a total of 350,000 images.
    As my colleague pointed out, this is real data. This 
individual in Pinellas County, it pulls up his face. As you can 
tell, he has many different looks. He lost weight, he shaved 
his hair, shaved his beard, and who knows who else he has done 
to himself but more importantly, he has different identities, 
he has different names, different Social Security numbers. So 
we were able to run that and pull him out. As you can tell, he 
showed up about 15 times.
    This is also a system that is currently being piloted at 
the Department of State to also scrub the database to reduce 
some of the lists that are not as big as we thought they were.
    In the casinos, of course, the casinos has used it for 
surveillance. Over 100 casinos worldwide have used this facial 
recognition to scan cheaters, card-counters, and what-not as 
they walk into the casinos. It became a deterrence for them. 
They now know to stay away. We have actually found quite a 
number of cheats at Trump Tower in Atlantic City. It is a 
fascinating place to go see.
    Then access control is another arena and a lot of my 
colleagues here have talked about access control, getting in 
and out of places where one belongs to or one should not belong 
to. We have been active in that for the Department of Defense.
    And, of course, the Superbowl has again gotten a lot of 
attention but that is a tested concept, again that it is 
possible, although we only identified 19 people but it is 
enough to save a lot of lives.
    In the state of Illinois, it is probably the biggest 
database we have. It has about 8.5 million images in the 
database. Every night about 15,000 driver's license 
applications go into this database and it is searched to see if 
there is any redundancy or duplicates or false identifications. 
We currently have learned that the U.S. Marshal has used the 
Illinois system to confirm information that one of the 15 most 
wanted fugitives--using the facial recognition, they were able 
to find Mr. Escabedo's driver's license. From that, they 
arrested him in Mexico. I think he was a drug trafficker or 
something like that.
    So with that, there is a lot to say about technologies but 
I urge the Senate to work with industry, to also work with the 
agencies to make it work for all of us. There is always the 
barriers to get into agencies, to get them to comply, to work 
with us. Academia, industry, government could work together and 
we have proved this over and over again.
    We do have another demo here. I am taking a very big chance 
here. This is a live demo. As you can see the screen, on the 
right side it is pure white. This is going to make Dr. Atick 
very panicked now. He is going to say, ``Make sure it works, 
Joanna.''
    The live screen is where you see the image being captured 
right now. Carl is not in the database so we will not do 
anything with him but we did enroll one of your interns. I just 
wanted to show it to you. I knew nothing about your intern. 
Ally has been so good.
    Chairperson Feinstein. Ally,, what is your problem?
    Ms. Lau. So with that, I think I will leave it to the panel 
to answer questions.
    [The prepared statement of Ms. Lau follows:]

    Statement of Joanna Lau, Founder, Lau Technologies and Viisage 
                               Technology

    MADAME CHAIRWOMAN AND MEMBERS OF THE COMMITTEE, I want to thank you 
for the opportunity to testify on the important issue of how biometric 
technology, and specifically facial recognition technology can be used 
to prevent persons who wish to carry out acts of terrorism from 
entering the United States.
    As the founder and CEO of Lau Technologies I have devoted the last 
decade to the use of technology to ensure National Defense. This has 
led us to create our affiliate, VIISAGE Technology to advance the use 
of facial recognition technology; a technology that I believe has the 
potential to fill an important role in this Nation's current border 
security strategy.
    Almost all Americans believe that September 11, 2001 has shown that 
our borders are not as secure as we once thought that they were. 
However, it is only by reviewing and changing the current border 
security measures, as you are doing Madame Chairwoman, that we will be 
able to move forward and stay abreast with the threats that our Nation 
now faces. We must admit that there is no single answer, or ``silver 
bullet'' to solving our border security issues. Those of us in the 
private sector must be careful about over-promising or exaggerating 
``ready made solutions.'' Clearly, we have tools that can help, one of 
which I will explain and demonstrate today. Our fellow citizens are 
demanding better technology and better law enforcement and I am pleased 
that my company is in a position to contribute. Let me tell you about 
facial recognition technology.
              Background on Facial Recognition Technology
    Almost a decade ago, researchers at the Massachusetts Institute of 
Technology (MIT) pioneered a facial recognition method known as 
``Eigenfaces''. Using this technique, any facial image taken from still 
photographs, live or recorded video or composite sketches, can be 
enrolled into the ``Eigenface'' system, which then reduces an 
individual's face characteristics to 128 coefficients. Once enrolled, 
and using our algorithm, these images can be compared for possible 
matches.
    Lau Technologies acquired the rights to the MIT technology in 1994. 
Since that time we have spent millions of dollars and over 100 person-
years to build on the original Eiganface algorithm. Today we have 25 
patents in place or pending and each face that is compared using our 
system is subjected to several different algorithms.
    From an operational perspective, this software allows law 
enforcement to compare any face against a digital ``mug-shot book'' of 
images in real time to determine if there are possible matches. In the 
past, it would have taken an indidual hours to manually make this type 
of comparision with even a few thousand images--In the State of 
Illinois, we are currenly matching all new driver license applications 
against a database of 8.4 million existing drivers licenses, to 
identify fraud and duplicates. Once a search is completed and a gallery 
is displayed, it is then up to the operator to review the possible 
matches and determine how to proceed. In this way, facial recogntion 
technology acts as a powerful force multiplier for investigators.
    To date, the technology has been used successfully by Federal, 
State and local government and the private sector for close to 5 years. 
Let me give you several examples:

         Pinellas County, Florid--This year with funding 
        provided by Congress, the Pinellas County, FL Sheriff's Office 
        began implementing facial recognition to assist with jail 
        operations and criminal investigations.
         Casino Surveillance--Our technology is currently being 
        used in over 100 casinos worldwide. These establishments have 
        enhanced their existing cameras with our technology to allow 
        security officers to compare visitors against a database of 
        close to 10,000 known cheats. Since then, the system has 
        identified hundreds of unwanted individuals.
         Access Control--today, the United States Army, Navy, 
        Air Force and the Federal Aviation Administration use the 
        technology for access control.
         NFL Super Bowl--In cooperation with Federal, State and 
        local law enforcement, our company provided facial recognition 
        technology at last year's Super Bowl in Tampa, FL. Over 60,000 
        faces were scanned as they entered the stadium and their 
        pictures were compared to a database that included terrorists, 
        fugitives as well as known scalpers and pickpockets. While no 
        one was arrested, 19 probable matches were made using the 
        software. After each comparison that did not result in a match, 
        the individuals image was immediately destroyed.
         State of Illinois--Perhaps one of the most successful 
        applications is the 8.4 million drivers license images that are 
        being scanned everyday for duplicates and fraud, which I 
        described earlier. This is by far the largest facial 
        recognition database in the world.
        We recently learned that the U.S. Marshals used the Illinois 
        system to confirm information about one of their 15 Most Wanted 
        Fugitives. Using only facial recognition, the Marshals compared 
        a booking photograph of Daniel Escobedo to the DMV database. 
        Within seconds, Mr. Escabedo's driver's license came up first 
        in a database of over 8 million images. The driver's license 
        confirmed information that the Marshals had recently discovered 
        using more traditional investigative techniques, that helped 
        led to Mr. Escabido's arrest.

    Since September 11th, we have obviously focused on how we can help 
ensure the security of our borders. We are working with various Federal 
Agencies to determine how to best utilize this technology and I wanted 
to bring to your attention a few applications that we feel could be 
particularly useful.
                             Visa Issuance
    As you are well aware, last month Ambassador Mary Ryan indicated in 
testimony before this very Subcommittee that she would like to expand 
the use of facial recognition technology with the Visa program. We 
believe an immediate use of facial recognition technology would be the 
full enrollment and comparison of the State Department's visa database. 
With an estimated 10 million images already in the database, facial 
recognition is the only biometric that can compare every individual in 
this database against every other individual to look for multiple visas 
under assumed names. In addition, we could immediately run all 10 
million images against the FBI and Intelligence community's database of 
wanted terrorists. Most important to the on-going War on Terrorism, we 
have the capability to carry out this entire process in less than 90 
days.
    Going forward, as new visas are issued around the world there will 
continue to be a need to run these images against the faces of wanted 
terrorists. In almost every case, the only biometric information that 
we have about these terrorists is a picture. We would propose that as 
part of the application process, in addition to the security checks 
already undertaken, every individual's picture would be compared to the 
watch-list before a visa is issued.
                        Port of Entry Screening
    After a visa has been issued, we see a further use of facial 
recognition technology as a method of screening passengers at the Point 
of Entry. The use of biometric technology for airport security was 
recently endorsed in the Department of Transportation's Airport 
Security report. We currently have deployed this surveillance 
technology at the International airport in Fresno, California and we 
are in talks with over a dozen additional airports throughout the 
United States.
    In these airports, cameras will be used to quickly capture images 
of passengers and compare them against the terrorist watch-list. If a 
match is not made, the passenger's image is immediately destroyed. In 
the event that a possible match is made, the passenger is further 
investigated.
                                Summary
    As Congress undertakes the vitally important task of securing our 
borders, it is clear that biometric technology can play a role. 
Specifically, if a face is available, and time is limited, facial 
recognition technology is a valuable tool to further ensure 
identification and security.
    With that, I am available to answer any questions you might have 
and would be happy to demonstrate for you how the technology works.
        Security Applications for Facial Recognition Technology
[GRAPHIC] [TIFF OMITTED] T0746.005

[GRAPHIC] [TIFF OMITTED] T0746.006

[GRAPHIC] [TIFF OMITTED] T0746.007

[GRAPHIC] [TIFF OMITTED] T0746.008

[GRAPHIC] [TIFF OMITTED] T0746.009

[GRAPHIC] [TIFF OMITTED] T0746.010

[GRAPHIC] [TIFF OMITTED] T0746.011

[GRAPHIC] [TIFF OMITTED] T0746.012


    Chairperson Feinstein. Thank you very much. Thank you. I 
appreciate all of your testimony. It is a dazzling array of 
technology.
    Senator Kyl, why do you not begin this round?
    Senator Kyl. Thank you very much.
    All of you have been very, very helpful to us and we can 
see, I am sure, the advantage of each of these systems in 
different applications.
    One question I have, and this applies to a couple of you 
but let me start with Mr. Haddock and I think it also applies 
to Miss Lyons. Where you have a card--in fact, let me just take 
this with the INS because INS uses your card now, as I 
understand it. Is that correct?
    Mr. Haddock. That is correct, yes.
    Senator Kyl. How do you verify that the individual in 
possession of the card is, in fact, the individual whose data 
is on the card when that person comes through?
    Mr. Haddock. At the moment the INS does not do that. The 
data is on the card that they could do that but they never 
implemented the readers on the border to do it.
    Senator Kyl. What would that take?
    Mr. Haddock. It would take--I have a reader in my briefcase 
there, a small unit like a CD-ROM drive that could be put on 
the existing PCs at the border, in any airport. Anywhere the 
INS has an inspector, they could put this unit on there and it 
can read the card in a matter of a few seconds.
    In the case of the INS card, they put the FBI-quality 
fingerprint image on it. They intended to select a minutia file 
to pull from that image to compare against, which can still be 
done on the existing cards.
    Chairperson Feinstein. What is a minutia file?
    Mr. Haddock. It is the mathematical representation of the 
picture that actually these technologies match against. They do 
not match against the entire picture. They pull key points out 
and make a much smaller file called a minutia file and that is 
what electronically is matched.
    So in the case of the INS file, because these minutia 
templates, as they are called, are proprietary to the vendors, 
they did not want to select any given vendor's technology at 
the offset of this program so they took the whole image with 
the idea that whenever they wished, they could pull from that 
image the minutia they needed and it could even be done 
dynamically even today.
    Senator Kyl. But it is fine to have the fingerprint on the 
card. It is a tamper-proof card but it is not a theft-proof 
card. So I get somebody else's card; I am driving in my car 
through the port of entry. I show them the card, it is too 
quick for them to really look at the photo very well and they 
say okay.
    In order to verify that it is, in fact, the person to whom 
the card was issued, they would have to have the reader there, 
as well.
    Mr. Haddock. Absolutely.
    Senator Kyl. It would take a couple of seconds for that 
reader?
    Mr. Haddock. It typically takes about four seconds. When we 
have shown the INS here is the method to implement it, we show 
them about a four-second time.
    Senator Kyl. And how much would that cost for the ports of 
entry?
    Mr. Haddock. Today's reader prices, about $2,000 per drive. 
This is in the quantities--
    Senator Kyl. $2,000 per machine?
    Mr. Haddock. Per machine, and that is about the only cost 
because the rest, you just connect it to the PC.
    Senator Kyl. And how many machines are there supposed to 
be?
    Mr. Haddock. The maximum points would be 3,000. To equip 
the INS all the way around the country, every back office, 
front office, would take about 3,000. You could hit obviously 
the key high-volume points with a lot less. I think probably 85 
percent of the entries come through a few hundred ports so it 
could be a small amount of money.
    Senator Kyl. So we need to get at that.
    Mr. Haddock. I would think so. We have been trying to 
deliver that message for a number of years.
    Senator Kyl. I just now got it. Because our time is very 
short, and we will follow up on that, by the way--where, for 
example, Mr. Willis, and this applies to Mr. Atick, I think, 
and others, as well, where you have the facial recognition or 
the hand you would have to still get the hand of the terrorist 
or whoever you are seeking to identify into the system somehow 
the first time, right?
    Mr. Willis. Right. All of our technologies require 
enrollment so you know who it is, to be able to compare it 
with.
    Senator Kyl. Right. Now contrast that with a photograph. 
And I guess this is a question to you, Mr. Atick. Do I 
understand what you were saying is that we have photographs of 
a lot of these terrorists? They are not necessarily great 
quality. If you could take the photograph with your own machine 
what would the percentage be of identification?
    Mr. Atick. The studies that were done in England regarding 
the effectiveness of facial recognition shows you that it is as 
effective as the best fingerprint technology if you could do 
the enrollment yourself using the controls that the system 
requires. But the point that I made in my testimony is that 
even with the FBI's database that is just taken in the field 
from surveillance cameras and covert operations, we can still 
give you a value, that 60 to 90 percent of these terrorists 
will be intercepted.
    Senator Kyl. Right. Thank you.
    Chairperson Feinstein. Sixty to--
    Mr. Atick. Sixty to 90 percent, according to some recent 
studies that were done over the last two months.
    Senator Kyl. Just one other thing with regard to the hand. 
You said that the facial does not change over the aging 
process?
    Mr. Atick. The geometry.
    Senator Kyl. The aging process or through attempts at 
modifying the visual appearance. The hand changes over time. It 
can get very arthritic, for example. I happen to know that. And 
it looks a whole lot different at age 60 than it did at age 20.
    Mr. Huddart. If I can answer that?
    Senator Kyl. Yes, please.
    Mr. Huddart. Our template is adaptive so that every time 
you use the device it is looking for small changes that might 
occur, for example, in pregnant women whose hands tend to swell 
or over a longer period of time, the arthritic condition you 
mentioned. So the template adapts every time you use the 
device. We are looking for small changes and it will adapt for 
that.
    Senator Kyl. Okay. Rather than take the whole time here let 
me turn it back to you, Senator Feinstein.
    Chairperson Feinstein. Just very quickly, what is clear to 
me is that you are going to have to have a combination of 
technologies to really do it right.
    Secondly, the other problem is it looks like there is going 
to be a kind of--I don't want to use the word hodge-podge but a 
lot of different technologies. Everybody is competing in this 
field. How do we get the standards that develop the 
combinations that can be the most widely used with an eventual 
aim of having sort of the worldwide database with other 
countries entering into it? Anybody have any thoughts?
    Ms. Lau. I would comment that if you were to do today, for 
example, if you were to do just one or two or six airports, it 
is not going to solve the problem.
    Chairperson Feinstein. Right.
    Ms. Lau. You have to deploy it universally to really solve 
the problem. We are really in this war to fight terrorists. I 
think our allies will have to work with us. Individuals were 
asked, the two officials here, regarding sharing databases with 
Interpol. I do not think this is acceptable. From a citizen's 
standpoint I think that if we are in this together, why could 
not our policy be such that we could share the database? That 
is one thing.
    True, there are a lot of technologies in place but not one 
single technology is going to provide your silver bullet. And 
the other thing is that every application and environment is 
very different and we rely on some of the experts that you have 
working in your government to work with industry. We are here 
to offer our expertise and help but we are not taking over 
their job. We have to work with them.
    Chairperson Feinstein. See, one of my concerns is whether 
we do have the expertise that is necessary. I think in a way, 
the INS example is classic and my experience with government 
has been, whether it is local government or now national 
government, there really is not the level of expertise that 
exists in the private sector, for obvious reasons. You know, we 
do not pay our people as well as the private sector does. Most 
of the hottest people go into the private sector.
    So absent this kind of consortium--we get very informal in 
these Subcommittees meetings, Senator Kyl--absent the ability 
to develop the standard and have the private-public partnership 
that is effective, I am not sure we will ever get at it. I am 
frankly appalled that INS would do a system whereby you have 
one half of the system and all these people have their cards 
and the other half is not in place.
    Mr. Haddock. To give the INS some credit, the card brought 
with it anti-counterfeiting features which stopped their main 
concern, which was counterfeiting on the street corner. The 
previous paper pink cards that were in issue were widely 
counterfeited. They needed to stop that immediately. By 
implementing the optical card, putting the etched image of the 
person on it, they effectively stopped that immediately.
    Chairperson Feinstein. Are you saying that the counterfeit 
business is out of business? Because I do not believe it is.
    Mr. Haddock. The previous card was a laminated pink piece 
of paper which anybody could make. The problem is they left 
them out there. They are still there. They are still valid for 
another six years, this previous generation, very easy to 
defraud cards. I asked the INS two weeks ago, ``Can't you do 
something about that?'' and they said they cannot do it; 
Congress has to do it. Somebody has to tell them to recall 
these cards.
    The Department of State did. For the border-crossing cards 
with Mexico, they stopped those. They stopped them on September 
30. They no longer accept the paper previous generation cards. 
But the INS still takes the old generation, the pink cards, and 
so forth, and no one is doing anything about that. No one even 
talks about it.
    Senator Kyl. If I could just add to that, I think it is 
because they have not completed the issuance of the tamper-
proof cards yet.
    Mr. Haddock. But the cards have a 10-year life so the pink 
ones are just slowly trickling in, so it will take another five 
years before you really have a tamper-proof card, unless 
someone says to do it today.
    Ms. Lyons. Excuse me. If I might add?
    Chairperson Feinstein. Go right ahead.
    Ms. Lyons. For what it is worth.
    I think the point that Mr. Haddock made in terms of it is a 
combination of biometrics that might be most appropriate--the 
point that you made at the beginning of the hearing in terms of 
a consortium is necessary, I absolutely think it is. We can 
create the expertise that we need to make the decisions. Even 
this panel, experts that we are, we have a blind spot as it 
relates to the other technologies.
    So I do think that it is a consortium that needs to come 
together to make those decisions. To balance, if you are 
talking widespread, you know, you probably want a technology 
that has been honed, is reliable, and is inexpensive. In more 
critical areas, facial may be more appropriate in some areas. 
So I think together we have to conclude those decisions.
    Mr. Haddock, his view of the reader cost, these readers 
today, when plugged into an existing computer system, run 
around 20 bucks. That is how the technology has gone down in 
price relative to some of this technology. It has been around 
for a while and price has now come way down and these door 
devices are less than $1,000 today.
    Mr. Huddart. If I can comment, too, on that question?
    Chairperson Feinstein. Yes.
    Mr. Huddart. There are several pockets of government 
agencies that already have significant experience with 
biometrics--Sandia National Labs, for example. The FAA have 
done a lot of work, also. So I think if we could draw from that 
experience that have used a lot of the products represented 
here, the industry association, which myself and Dr. Atick are 
on the board. The International Biometrics Industry Association 
has proposed the national biometric security project, which 
would take those best practices and in an unbiased fashion make 
recommendations for applications and further testing.
    But if I could also say that while that is all important to 
do, the fact remains that, for example, San Francisco airport 
is safer today because it has already done something and my 
concern is that we spend two years developing standards and we 
are not any more secure than we are today. There are proven 
systems represented here that can address those concerns.
    Chairperson Feinstein. I must tell you when I was mayor I 
told the director of the airports that if there is ever a bomb 
out of San Francisco, do not show up the next day because you 
do not have a job. And at that time there were even bogus bomb 
dogs, so they got the message and really went to work and, I 
think, produced.
    But what we have here, you are all rugged individualists. 
You are all obviously extraordinarily bright. Could you put 
together to Senator Kyl and myself a kind of, if you would, 
quick compendium of what we would have to do to have the kind 
of system standardization that is necessary? Does that make 
sense? Because the result of this hearing, for me, is we have 
some wonderful things out there but it is such a dazzling 
array, it is very hard for lay people to know what works better 
in what kind of situation. And because you are all 
individualists, you all have different companies and it would 
be very useful if you could come together and say we think 
these are the imperatives that you need to have to move 
forward.
    Mr. Haddock. If I could answer that briefly, there is an 
international standards working group on international travel 
documents, WG-3, and in that there is a machine-readable data 
segment which allows each type of data element that is encoded 
on a card to be read by any other reader so that people could 
know whether it had a hand or an eye or an iris or whatever, by 
reading it.
    So you could have multiple biometrics, the cards could be 
different, they could be used for different applications, but 
there is a standard to help sort that out. So there is some 
sense to all this.
    Mr. Willis. Madam Chairman, there is also some cooperation 
amongst the panel here already. We have been working together 
to look at--
    Chairperson Feinstein. Would you excuse me just for a 
minute? I have a meeting with the prime minister of Mongolia. 
He has just arrived. So I am going to have to leave but I am 
going to turn this hearing--and thank you very much--and turn 
it over to the very able hands of Senator Kyl, if I might.
    Senator Kyl. Thank you. I am already late, as well.
    Please finish and then--
    Mr. Willis. What I want to say is I think we are as 
sensitive as an industry as you are to the solutions and we 
have been informally having discussions on making a tool set. 
When you are trying to make a solution you need a tool or a set 
of tools based on what you are trying to solve and I think we 
are starting that informally and I think this would certainly 
help expedite that.
    Senator Kyl. One final thing. I should announce that the 
record will be open until November 21 at 5 p.m., which means 
that each of you who would like to submit any additional 
testimony or information may do so. I will try to get my 
questions, if there are any more, to you well in advance of 
that.
    I just did have one final question. Are any of you 
suggesting that any of the data that goes into these cards be 
data on an Internet system or do each of you agree that these 
need to be discrete systems separate from the Internet?
    Mr. Atick. They need to be networked at the end of the day.
    Senator Kyl. They need to be networked?
    Mr. Atick. They need to be networked if they are to give 
you the power of controlling access and the power of 
scalability. But obviously that produces a whole slew of issues 
associated with the privacy and security of that data.
    Senator Kyl. It produces a whole slew of issues with me, so 
that is something we have to talk about.
    Mr. Atick. Absolutely.
    Mr. Haddock. We think it should be completely 
decentralized, off-line, secure on the card.
    Senator Kyl. Yes, that is my inclination. So could I ask 
all of you to maybe just submit us a little memo reflecting 
your thoughts on that particular question? I know there are 
pros and cons of both. I have my prejudices but would 
appreciate being edified by the opinions of each of you.
    Thank you again. This was a very, very helpful hearing. We 
appreciate all of you being here. The hearing is adjourned.
    [Whereupon, at 12:04 p.m., the Subcommittee was adjourned.]
    [Submissions for the record follow.]
    [Additional material is being retained in the Committee 
files.]

                       SUBMISSIONS FOR THE RECORD

              Senator Dianne Feinstein and Senator Jon Kyl

                   ``Visa Entry Reform Act of 2001''
      strengthening counterterrorism efforts at the ports of entry
    The legislation to strengthen counterterrorism efforts at the ports 
of entry will do the following:
Section 1: Short title. ``Visa Entry Reform Act of 2001.''
Section 2: Establishment of a Comprehensive ``Lookout'' Database
    Mandate the creation of a comprehensive, integrated ``lookout'' 
database of visa holders and other nonU.S. citizens who enter the U.S. 
Require all immigration, intelligence, and law enforcement agencies to 
contribute relevant information, and the require the database to be 
accessible at all ports of entry. Centralized data system must be 
flexible and scalable to meet ongoing immigration and law enforcement 
needs in the future.
    Direct the Homeland Defense Director to oversee the development of 
the database in conjunction with the Department of Justice, the INS, 
Department of State, Department of Transportation, CIA, and private 
industry, to identify and track terrorists and suspected terrorists.
    Require the database to be designed to connect law enforcement, 
intelligence, INS and State Department information in one centralized 
data system so that information may be readily shared among agencies.
    Require the Director to submit report to Congress within 3 months 
of enactment regarding the type of data contained in centralized 
database; levels of access to such data; methods to secure such data 
from abuse and/or unlawful access; and infrastructure needs to 
implement system through national and overseas offices of relevant 
Federal agencies.
    Require the INS to upgrade its electronic data system to include 
biometric data (i.e., fingerprints, photographs, facial recognition 
technology) on all foreign nationals applying to enter the U.S. within 
6 months.
    Require the INS to place into a centralized data base all foreign 
nationals who have violated the terms of their visas (e.g., remained in 
U.S. after visa expired, committed a crime, performed unauthorized work 
or took unauthorized classes).
    Not later than 30 days of enactment, require the Secretary of State 
to establish within each U.S. embassy a terrorist lookout committee.
Section 3: Implementation of a New Biometric ``SmartVisa''
    Require the INS and State Department to establish a biometric 
``smart visa'' to enable the INS to track foreign nationals upon 
entering and exiting the U.S.
    Authorize funding for biometric card readers and scanners to be 
deployed at all U.S. land, air and sea ports of entry to implement 
process.
Section 4: Reform of the Visa Waiver Program
    Mandate that within 1 year, countries wishing to participate in the 
visa waiver program first provide a tamper-resistant, machine-readable 
passports.
    Within 2 years, all countries must also include biometric data on 
those passports, which conforms to U.S. standards.
    The Attorney General and the Secretary of State shall jointly 
determine standard biometric identifier(s) that would be required on 
all U.S. and foreign passports and visas.
    Mandate that the INS check all Visa Waiver passport numbers, names, 
and, where available, biometric data with the new, centralized 
database.
    Require participating countries to report stolen passports to the 
State Department.
Section 5: Pre-Screening of Foreign Nationals Prior to Arrival in the 
        U.S.
    Repeal Sec. 286(g) of the Immigration and Nationality Act, which 
requires that all in-transit flights to the U.S. be cleared by the INS 
within 45 minutes.
    Require all nonimmigrants to submit fingerprints and/or other 
designated biometric data to the State Department when applying for a 
visa.
    Require the State Department to electronically transmit versions of 
its visa files to the centralized lookout database, so that information 
on arriving aliens is available to the INS prior to the time of 
inspection.
    Access to database shall be limited to authorized immigration and 
law enforcement personnel. Require the Attorney General and Secretary 
of State to develop regulations specifying the limitations of use.
    New and increased penalties for the misuse or theft of information 
contained in database.
Section 6: Passenger Manifest Information
    Require all airlines, cruise lines, vessels and cross-border bus 
lines submit passenger and crew manifests to the central database prior 
to departure.
    Require the INS to check passenger information against the lookout 
list.
Section 7: Requirements for Federal Documents
    Mandate that all U.S. Federal identification documents be fraud- 
and tamper-resistant.
    Mandate that all immigration related documents, including work 
authorization and visas, be fraud- and tamper-resistant, contain 
biometric data, and, if applicable, include the visa's expiration date.
    Where minimum Federal standards apply to state commercial licenses, 
those standards are amended to require that such documents and 
licenses:

        provide positive identification of the holder;
        are tamper- and fraud-resistant; and
        contains biometric data.

    Any person conferring a personal identity document on an 
unauthorized basis would be in violation of Federal law.
Section 8: Bar on Entry of Foreign Students from Terrorist-sponsoring 
        countries
    Prohibit the State Department from issuing student visas to 
individuals from countries included on the Department's list of 
terrorist-sponsoring states.
    Permit the Secretary of State to waive the bar on student visa 
issuance for a foreign student if he performs an extensive background 
check and certifies that the student does not pose a threat to the 
national security.
Section 9: Reform of the Foreign Student Visa Process
    Require any additional costs to fully implement and expand the 
tracking program established under Sec. 641(a) of the Illegal 
Immigration Reform and Immigrant Reform Act. [8 U.S.C. 1372a]--beyond 
that covered by Congressional appropriations--to be covered by 
application fees paid by foreign students.
    Prohibit educational institutions from providing INS Form 1-20 to 
foreign nationals applying for foreign student visas.
    Require educational institutions to submit the INS Form I-20 
directly to the Department of State. The form must provide:

        a. the identity of the student;
        b. the student's address in the country of origin;
        c. names and addresses of parents and siblings;
        d. contacts in country of residence, including organization 
        affiliations, or close associates who could verify information 
        about the student;
        list of prior work experience;
        f. academic course of study at institution;
        g. period of enrollment at the institution; and
        h. the consulate at which the foreign national will apply for a 
        student visa.

    Require the State Department to notify the school at which the 
alien intends to enroll upon the issuance of a foreign student visa.
    Require all such data to be entered into the centralized database 
established under Sec. 1.
    Require the INS to conduct a background check prior to the issuance 
of a foreign student visa, which would include, but not be limited to:

        a. a name check, and biometric data check where available, on 
        the INS lookout system, the INS IDENT system, the Interagency 
        Border Inspection System; and the FBI's IAFIS system; and
        b. a check to ensure that the alien is not subject to a bar to 
        reentry as a result of a previous violation of immigration law.

    Require all educational institutions to submit data to the INS 
within 30 days of the foreign student's enrollment, including:

        a. the student's full name;
        b. address in country of origin;
        c. actual address in the U.S.;
        e. date of commencement of studies;
        f. degree program and list of courses;
        g. status of student (e.g., full-time or part-time); and
        h. date of the last day of classes.

    Require schools to provide the INS status report on a quarterly 
basis to:

        a. certify that the student has enrolled and registered; and
        b. notify authorities of any disciplinary or law enforcement 
        action involving the foreign student.

    Require all schools to immediately report to the INS within 30 
days:
        a. the failure of a student to register, enroll or appear at 
        designated institution;
        b. the foreign student's withdrawal from the institution; and
        c. any failure to comply with the terms of his or her visa.

    Require the INS to notify the State Department and immigration 
authorities when foreign students fail to meet the requirements of 
their visas. Require the INS to enter relevant data regarding the 
students' immigration violations in the central database.
    Prohibit the automatic extension of a foreign student visa. Foreign 
nationals must apply for an extension of their student visas and submit 
to second background check. Students who have violated the terms of 
their visa while in the U.S. would not be eligible for an extension and 
would be immediately deportable.
    Modifies current definition of an ``approved institution of higher 
definition'' under the current law to include vocational, trade, flight 
training and language training schools. This effectively expands the 
list of schools and type of foreign students the INS is required to 
track.
Section 10. Requirements Relating to the Admission of Nonimmigrant 
        Aliens
    Require all nonimmigrant visa applicants to submit to 
fingerprinting and/or other biometric requirements to enable the INS 
and State Department to perform extensive background checks on 
individuals before they enter the U.S.
    Require the Secretary of State to assign such additional number of 
consular officers as may be necessary to achieve effective screening of 
visa applicants. Authorizes such sums as necessary.
    Require the INS to perform a background check before the State 
Department can issue a visa. Authorize such sums as necessary.
Section 11. Additional Port of Entry PerSOnneL
    Authorize an increase of not less than 200 INS inspectors in each 
of the fiscal years 2002 through 2006.
    Authorize an increase in INS investigatory personnel for the 
purposes of identifying and locating visa violators, particularly those 
who pose a risk to national security.
    Authorize an increase of not less than 200 U.S. Customs inspectors 
in each of the fiscal years 2002 through 2006.
Section 12. General Accounting Office Study.
    Requires a study on the feasibility of implementing a plan wherein 
nonimmigrants are required to present to the Commissioner each year to 
provide certain status information. Requires GAO to report within 1 
year on the findings of the study.

                                

  Statement of Hon. Strom Thurmond, a U.S. Senator from the State of 
                             South Carolina

    Madam Chairwoman:
    I am pleased that this Committee is considering the use of 
biometric identifiers in the war against terrorism. Biometric 
identifiers, including fingerprints and photographs, have national 
security implications because they would make the forgery of 
identification documents more difficult. Visas and immigrationrelated 
documents should contain these identifiers, which will make it harder 
for terrorists who enter the country to conceal their true identities. 
Biometric identifiers should also be added to a comprehensive database 
that would include information about all noncitizens entering the 
United States. These safety measures would assist immigration officials 
in identifying terrorists who attempt to cross our borders.
    While I recognize that most aliens are law-abiding people who make 
valuable contributions to our society, it is apparent that there are 
some who wish to do us harm. The colleagues.
    The bill would require aliens to present a SmartVisa upon entry 
into or exit from the United States. This is a good start. However, I 
would like to extend the SmartVisa system beyond entry and exit 
purposes. We should require that aliens use the SmartVisa card when 
applying for jobs -and registering for courses. By swiping the 
SmartVisa, employers and educational institutions would be alerted to 
the expiration of a visa or the withdrawal from classes by an alien on 
a student visa.
    The use of biometric data and the careful monitoring of aliens is 
especially necessary in light of the large number of immigrant and 
nonimmigrant visas granted each year to people from terrorist-
supporting countries. In Fiscal Year 2000, we issued more than 3,000 
visas to aliens from Iraq and more than 5,000 to people from Sudan. 
Almost 16,000 visas were issued to aliens from Syria and more than 
30,000 were issued to people from Iran. We also annually admit 
individuals from terrorist-supporting states such as Libya, Cuba, and 
North Korea. Because of the large numbers of people who obtain visas 
from states that support terrorism, it is critical to our National 
security that we monitor alien activity inside our borders.
    Beyond the use of SmartVisas, I believe that we should take further 
steps to protect the American people. In light of the recent terrorist 
activity within our borders, Congress should consider the annual 
registration of aliens. Annual registration was required in the past 
but was discontinued in 1981. Currently, aliens are required to notify 
the Attorney General of changes in an address but are not required to 
update information on a yearly basis.
    The Federal Government has the power and the responsibility to 
verify that aliens are in the country for authorized reasons. At the 
least, annual registration should be required for nonimmigrants, most 
of whom will not become U.S. citizens. Annual registration of 
nonimmigrants would help the government to monitor the movements and 
activities of aliens who hold work and study visas. It is important to 
note that according to media reports, one of the hijackers of September 
11 arrived in the United States on a student visa but did not attend 
classes.
    Madam Chairwoman, thank you for holding this hearing on a timely 
and important topic. The use of biometric data on a SmartVisa System 
and the development of a centralized database would be very beneficial 
to the fight against terrorism. If used in conjunction with annual 
registration, I believe that the Federal Government would have the 
tools necessary to ensure that terrorists do not take advantage of our 
open society to murder more Americans. In this fight against terrorism, 
it is essential that we use the newest technology feasible, and 
biometric data is a step in the right direction. The use of biometric 
data will assist immigration officials in determining whether an alien 
is a threat to the safety of Americans. We should not miss out on this 
opportunity to make our country safer and more secure.

                                

                                                       RAND
                                   Arlington, VA 22202-5050
                                                  November 14, 2001

The Hon.Dianne Feinstein, Chairwoman
Subcommittee on Technology, Terrorism and Government Information
Senate Judiciary Committee
224 Dirksen Senate Office Building
Washington, D.C. 20510

    Dear Chairwoman Feinstein:

    Thank you for asking me to submit written testimony for your 
subcommittee's hearing on ``Biometric Identifiers and the Modern Face 
of Terror: New Technologies in the Global War on Terrorism.'' I am 
honored by this consideration. As my written testimony, I am submitting 
Biometrics: Facing Up to Terrorism, RAND Issue Paper (IP-218) published 
this year.
    To help protect RAND's legal responsibilities, please include the 
following information with the written testimony: ``John D. Woodward, 
Jr. is a senior policy analyst at RAND. He has testified on biometrics 
before the U.S. Congress and the Commission on Online Child Protection. 
RAND is a nonprofit institution that helps improve policy and 
decisionmaking through research and analysis. This testimony is based 
on a variety of sources, including research conducted at RAND. However, 
the opinions and conclusions expressed are those of the author and 
should not be interpreted as representing those of RAND or any of the 
agencies or others sponsoring its research.''
    If you have any questions or require additional information, please 
contact me at (703) 413-1100, extension 5242. Thank you again for your 
invitation.
            Sincerely yours,

                                John D. Woodward, Jr., Esq.

                             


