ntouk.com - Jerry Fishenden's technology policy blog

I've been meaning to do it for some time - so today I did. On my way out to Copenhagen, I went and introduced myself to Iris. Or, to be more accurate, IRIS: the Iris Recognition Immigration System.

I know a few other people who have been using it - and found it a little difficult to believe what they told me. Namely that once enrolled into this new system, our borders are secured solely by iris scanning. I had a long discussion with an MP recently who refused to believe that any entry system to the UK would rely on biometrics alone: and I thought he must be right, that entry would also require a swipe of a passport too (thus providing "something we are, something we have", in the old jargon of our industry). And, being somewhat obsessive when it comes to security - particularly something as important as our borders - I'd have been quite happy if it required a PIN as well ("something you know" - or, at least, something you do your best to remember).

So I thought I'd better check it out for myself. After all, there's no substitute for first hand experience in these matters.

"IRIS is open at Heathrow terminals 1, 2, 3 and 4, Gatwick North and Manchester terminals 1 and 2."

Well, what can I reveal? It does indeed turn out to be true that admission to the UK when using this system relies entirely - and solely - on iris scans. Now, I think (but cannot confirm this) it may also be supplemented by some facial recognition as well. So presumably if someone with iris prints matching mine (of which there will be quite a few in the world) turns up and tries to gain entry to the UK, but is a short green Oompa-Loompa, the system may throw up its hands in horror. With the result that the computer, it say 'no'.

Or not.

The enrolment staff were enormously helpful and professional. But some things I couldn't help noticing about the overall process:

• the server was "down" when I first arrived for enrolment - which meant they couldn't get me on the system for a while. I know it's a test system, but please: only one server? Seems rather odd: are there really people out there, even for pilot projects, still using single points of failure?
• they weren't able to print out my enrolment details as the printer had been down for several days and they weren't sure when it would be repaired. If I'd had more time on my hands, I would have offered to have a look at it for them.
• a sign in the enrolment room told would-be users that they should not wear coloured or tinted contact lenses, either at enrolment or at a later stage. Or presumably contact lenses imprinted with someone else's iris prints, since that would be very naughty indeed.

I need to go away and think about all this - and will post again. When I have successfully re-entered the UK using just my iris - and when I have been back through the research evidence I have about the reliability of such systems. I'll try to put them into some form that actually makes sense to casual readers.

In the meantime, I'm not entirely sure I'll be sleeping any easier at night knowing that our borders rely solely on iris biometrics. Of course, at the moment it's just a pilot: but even a pilot like this presumably has no way of knowing the real intentions of those enrolling into the system?

Technorati tags: security biometrics privacy identity technology policy