“Biometrics,” or the use of pattern recognition and algorithms to identify people based on physical characteristics often in a range of security programs, is all the rage in technology this year as people grow increasingly concerned about threats of hacking and identity theft. The newest trend is iris recognition, much more sophisticated than its fingerprint predecessor, as irises are even more complex and distinctive as individual identifiers.

Many schools are interested in the new technology as a supplementary or alternate method of identification and tracking to that easily forgotten, misplaced or stolen accessory: the ID badge. Security companies that manufacture iris recognition technology are anxious to plant their roots across a range of institutions, from elementary schools and universities to airports and high-security establishments like banks.

Blinkspot in South Dakota makes iris recognition technology for elementary school buses that look like binoculars, into which children look when they board and disembark. The machines will not only honk if the child is on the wrong bus, but also trigger a mobile app to send a message to the a parent’s or guardian’s email or phone with location, time and date. IrisID in New Jersey provides the scanning technology used by Winthrop University in South Carolina for the test run they conducted this June during freshman orientation. Another company called EyeLock manufactures the eye scanners that are currently in use in foreign airports, as well as at Bank of America’s headquarters in North Carolina.

This technology works by using an algorithm to find the best image of the iris from video footage, so it is a hands-free, simple technology that processes the images in less than two seconds. The image created is actually a small “encrypted digital template,” a 512-byte binary code representation of the biometric data, against which future images of the iris can be matched to verify identity. The encryption helps protect biometric data from being hacked and reconfigured to steal identities. Furthermore, the companies themselves do not store this information but provide it only to the institution that employs their technology.

While iris recognition is the latest in security technology, it is not, as companies have implied because of high levels of encryption and iris specificity, perfectly secure or unhackable. Companies producing this technology similarly insist, like this claim on EyeLock’s official website, that it “provides the most accurate identification and access control solutions available in the market,” which is likely true, but they provide no statistics to support that point. The digital template can be reverse-engineered to reconstruct an image of the iris, just as with encrypted fingerprint data. At a cybersecurity conference this year, researchers from Spain demonstrated a method of recreating an image from the binary code template, which they then stretched into a circle and fed into the iris scanner; they reported an 87 percent success rate because the scanner failed to recognize that the image was not of an actual human eye, an oversight that must be adjusted to protect this sensitive data from hacking.

If iris recognition technology is implemented in schools, communication is key. Because no laws currently exist regulating biometric data collection and what information institutions can share with the government, the American Civil Liberties Union (ACLU) suggests that iris technology may represent a grave invasion of privacy. Some parents in Florida have already spoken out against the unauthorized scanning of their children’s eyes by the school district and their recent security partner Eye-Swipe Nano. While the new security program might allay some fears about student safety, parents were outraged that they didn’t learn about the initiative until after data collection had already begun. Schools must educate parents and students on the security and convenience benefits of the technology, as well as how their biometric data will be used and protected, for the newly-accessible technology to have a proper place in school safety.

Did You Know?
When people hear “iris scans,” they may think of a system that scans an eye with infrared light. This, however, is different than iris recognition, which is a technique that takes a picture of the iris via video, solely used for identification purposes. According to Iris ID, retinal recognition is “the best of breed authentication process available today.” Unlike retinal scanning, recognition uses a method that does not require any contact and is much faster—it can be performed from distances as far as three to ten inches. It’s stable, because the pattern formed in an iris remains unchanged once a person is ten months old. The network of blood vessels in an eye is so unique that not even twins share the same configuration. Iris scans are also not limited to people with sight, as they are dependent on the existence of an iris, not on the ability to see. The method can work either by itself or in conjunction with existing security systems, but it’s reliable in the fact that an iris’s distinctive pattern is not susceptible to theft—using one’s iris for identification is much safer than, say, a password, ID or key. The systems that store the data, however, are not impenetrable to hackers, introducing one side of the argument against using the system in defense of privacy.