Truth in Advertising
Biometrics are hot--including voice-based biometrics. For those of us who have been in the industry for a while, it is like the beginning of spring after a long, hard winter. Being popular is delightful and financially rewarding. At the same time, success brings with it temptations that could make the entire biometrics industry appear to be a giant scam. That turn of events could easily send the industry into a bitter winter. There are a number of dangerous temptations that have already surfaced since September. This column is dedicated to one that is most often seen in speech processing. I call it the "non-biometric biometric."
Non-biometric biometrics
This is a beguiling temptation for developers of speech recognition. It is predicated on the faulty premise that speaker verification is nothing more than a variant of speaker-dependent speech recognition. The belief is that one need only tweak the speech recognition and voila!, you have speaker verification. Unfortunately, the practice of substituting speech recognition for speaker verification did not originate in September. It is a long tradition in speech processing. I encountered a striking example a couple of years ago when an integrator told me about his wonderful new product for home health services. It was a handheld device for logging start and end times of patient treatments along with other treatment information. And, it was secured by speaker verification! The marketing literature described this product as "biometric" security and pointed out that because it was biometric, it was more secure than mere passwords. According to the integrator, one of the benefits of using speaker verification was that the voices of home health patients saying their passwords could be registered and used to authenticate the start and end times of their treatment sessions. Such use of biometric authentication is an ideal fraud-reduction tool for the fraud-ridden home health industry. Further questioning revealed that the integrator was actually using speech recognition to recognize passwords. I pointed out that he was using speech recognition rather than biometric-based speaker verification. Consequently, anyone whose voice resembled that of the authorized user could break the security. He replied that he knew he was using speech recognition and that he would continue using it "because it is cheaper" than speaker verification.
Dangerous proposition
While the home health product referenced above no longer exists, there are other products that have taken its place. When speaker verification products are used in toys, it is a misrepresentation that probably causes no serious harm. When it is marketed for security, fraud-prevention or to monitor felons, it becomes fraud. This kind of misuse of speech recognition -- tweaked or not -- is damaging to companies offering such systems, because when customers discover that it does not work, the company will gain a reputation for having bad technology. It is very bad for speaker verification because it adds fuel to the belief that voice-based biometrics do not work. It is damaging to the biometrics industry because it threatens the newly established confidence in biometrics. Most of all, it is dangerous for the customers who are using such products because they think they are secure when they are not.
Validate your technology
If you have speaker verification technology and you have not done a performance evaluation to see how well it performs as a speaker-verification system, you should run such tests before you begin marketing your technology. If you need assistance in the design of a valid test, I recommend you obtain a copy of "Best Practices in Testing and Reporting Performance of Biometric Devices" by the United Kingdom's National Physical Laboratory. It can be downloaded from http://www.cesg.gov.uk/technology/biometrics. This report will help you look at false rejection, false acceptance, failure to acquire, failure to enroll, tape recorded attacks, performance with different kinds of voices, and other concerns that are part of the effective operation of voice-based security. If you have not tested your product in this way, please do not market it as speaker verification. In this age of terrorism, I can hardly think of any fraud that would be worse than making people think they are secure when they are not.
Judith Markowitz is the technology editor of Speech Technology Magazineand is a leading independent analyst in the speech technology and voicebiometric fields. She can be reached at (773) 769-9243 or jmarkowitz@pobox.com.