Skip NavigationDepartment of Transportation Logo  U.S. Department of Transportation Keyword Links | Contact Us | Español

Federal Motor Carrier Safety Administration
Home Rules & Regulations Registration & Licensing Forms Safety & Security Facts & Research Cross Border About FMCSA
  Home > Facts & Research > Executive Summary
Overview
Statistics & Facts
Safety Progress Report
Publications & Reports
Events Calendar
Webinars
Future Webinars
Past Webinars
Safety Technologies
Product Guides
Roadside Technology Corridor
CVISN
About ART
Analysis Division
Research Division
Technology Division
Contact ART
 
  

Executive Summary
  Print this page Print    

December, 1997

James L. Wayman
Biometric Identification Research Director
College of Engineering
San Jose State University
Prepared under FHWA CONTRACT DTFH61-95-C-00165

0. EXECUTIVE SUMMARY

0.1 Introduction

In October, 1995, the Federal Highway Administration (FHWA) contracted with San Jose State University to develop biometric identification standards for possible use with the Commercial Driver's Licensing Information System (CDLIS). This project was in response to the 1988 Congressional mandate of the Truck and Bus Safety and Regulatory Reform Act (TBSRRA) (Public Law 100-690, Section 9105) for the development of "minimum uniform standards for a biometric identification system to ensure identification of operators of commercial motor vehicles." It follows significant earlier FHWA studies of biometrics, including a 1990 project by the California Department of Motor Vehicles and the Orkand Corporation which investigated the use of fingerprinting and retinal scanning for identifying commercial drivers. The intent of the 1988 legislation was to promote enforcement of the "one-driver, one-license, one-record" provision of the 1986 Commercial Motor Vehicle Safety Act (CMVSA). It is our intent that the acceptance of this report will place the Secretary of Transportation in immediate compliance with the 1988 TBSRRA legislation mandating biometric standards development for the identification of commercial drivers. It is not the role of this study to advocate the creation of a biometric system implementing these standards for use in the identification of commercial drivers.

0.2 The Purpose of the System

Based on our analysis of the House Committee on Surface Transportation Hearings (September, 1987) which lead to the introduction and passage of P.L. 100-690, Section 9105, we believe that the primary intent of Congress was to provide a method of enforcement of the provision in the CMVSA prohibiting the holding of multiple commercial licenses by a single driver. We believe that a secondary intent may have been the detection of counterfeit licenses. In the 9 years since the passage of the TBSRRA, a new problem, that of the fraudulent issuance of a single license to multiple drivers, has surfaced. We believe that a biometric system for the identification of commercial drivers could be an effective means of addressing all of these problems.

We do not believe that Section 9105 limits the development of standards to a predetermined biometric technology, nor do we believe Section 9105 extends to any application beyond commercial drivers licensing. Consequently, this study considered all commercially available biometric technologies for application only to the identification of commercial motor vehicle operators.

0.3 Work Plan

The work plan consisted of the following:

    1. Review the legislative and research history of this project;
    2. Review all currently available biometric identification methods;
    3. Review and revise, as necessary, the 1988 Multi-State Steering Committee functional requirements;
    4. Establish a methodology for selecting a technology;
    5. Select candidate technologies;
    6. Determine, for candidate technologies, which standards exist and which need to be developed;
    7. Propose standards for the candidate technologies;
    8. Outline a biometric identification system for use with commercial drivers;
    9. Perform a rudimentary benefit-cost analysis on the proposed system.

0.4 Technology Selection

We determined that any candidate technology must meet three criteria:

1) be claimed by vendors to support all of the required applications.

2) have been used previously in a similar large-scale application for which an independent performance/cost audit is available indicating that the revised functional requirements can be met.

3) be available from multiple vendors supporting a single image collection, compression and storage standard.

We found that the only technology currently meeting all three of these requirements is electronic fingerprinting. We anticipate no change in this situation over the next decade. We believe electronic fingerprinting to be a fully mature technology, capable of meeting the revised AAMVA functional requirements. Further , we find no technical justification for combining fingerprinting with any other biometric technology

0.5 Standards Development

Standards are required if a biometric identification system is to operate between states or on a national level. Three standards developed by the Federal Bureau of Investigation (FBI), the American National Standards Institute (ANSI) and the National Institute of Standards and Technology (NIST) currently apply to the use of fingerprinting in large-scale identification applications: the ANSI/NIST Data Format for the Interchange of Fingerprint Information; the FBI's Integrated Automatic Fingerprint Identification System (IAFIS) Image Quality Specification for Scanners; and the FBI's Wavelet Scalar Quantization (WSQ) Gray-scale Fingerprint Image Compression Specification.

These standards were created for "forensic" (criminal investigation) Automatic Fingerprint Identification Systems (AFIS) and, although forming an extremely useful point of departure, cannot be adopted for our use with commercial drivers without extensive review. The primary purpose of forensic systems is to allow the matching of partial "latent" prints, as left at a crime scene, with previously sampled prints from a criminal population, usually rolled onto inked "ten-print" cards. The emphasis is toward identifying every possible candidate print, even if intervention by human experts is required.

In "civilian" (non-forensic) applications, the emphasis is on identifying matches without human intervention and only when the evidence is conclusive, even at the cost of occasionally missing a possible candidate. Only full prints acquired from one or two fingers placed directly on an electronic imaging scanner, not latents, are used, and human intervention occurs only when the computer match on all prints is so conclusive as to constitute evidence of willful fraud.

There are at least four standards required for the application of fingerprinting to commercial drivers:

  1. Finger selection
  2. Image quality
  3. Compression method and ratio
  4. Data format

If one application of the biometric system is to be "roadside" identification of the commercial driver, the fingerprint must either be placed on the driver's licensing document or be available using "real-time" electronic transfer from a centralized database. We believe that the placement of the biometric on the licensing document is not secure against professional counterfeiting, even if encryption is used. Consequently, "roadside" applications will require "roadside" data transmission capability. Interstate applications of "roadside" identification will require the development of a fifth standard, one for "feature extraction."

This report only proposes to the Federal Highway Administration reasonable standards such that the Secretary of Transportation will be in compliance with Section 9105 of the TBSRRA. We suggest that the adoption of such standards be done by the American Association of Motor Vehicle Administrators (AAMVA) through their "best practices" procedures, with any modifications as required.

0.5.1 Finger Selection

In May of 1997, seven states collected fingerprints for actual or possible use in their driver's licensing programs. California, Alabama and Hawaii collected right thumbprints. Florida collected left thumbprints. Texas collected both thumbs. Colorado used the right forefinger. Georgia collected both forefingers. As of this writing (October, 1997), both Florida and Alabama have suspended their fingerprint collection efforts.

While it is clear from our study that large-scale identification systems require two fingers, there is no clear choice of which fingers should be used. Thumbs are larger and contain more information. Forefingers are easier to present (ergonomically) and are slightly more varied across the population. We have no scientifically-based information regarding error rate differences among fingers.

Some people, those in social service work for instance, have suggested that the act of fingerprinting a thumb carries a connotation of criminality. For this reason, social service systems universally use forefingers. For technical reasons related to expected false match error rate as discussed in this report, the CDLIS application will require two prints to avoid "candidate lists" (false matches) when matching fingerprints across the current database of 8.5 million licensed commercial drivers. Such candidate lists require human intervention in the decision process and can severely impact the throughput rate of an identification system. Our recommendation is that AAMVA should determine, based on current state use, whether the standard should be for both thumbs or both forefingers.

0.5.2 Image Quality

The Criminal Justice Information Services "Interim IAFIS Fingerprint Image Quality Specifications for Scanners," CJIS-RS-0010v4, Appendix G, (included in this report as Appendix G) specifies requirements for signal-to-noise ratio, gray scale resolution and histogram, modulation transfer function and geometric distortion for fingerprint images scanned into an AFIS. Notably missing from Appendix G are standards for image resolution and size. The resolution standard of 500 pixels per inch is actually included in the ANSI/NIST "Data Format for the Interchange of Fingerprint Information" standard, included in this report as Appendix I. There is no size standard.

These standards were adopted by the FBI after qualitative testing and careful consultation with forensic fingerprint examiners. The goal was to establish the loosest standards compatible with the accurate identification of latent prints by human experts. Several fingerprint companies manufacture scanners to these specifications. The FBI has, in the past, certified scanner performance to Appendix G requirements. Such certified scanners cost around $1000 per unit. The civilian AFIS community has argued that the standards are much stricter than required for non-forensic use, and that cheaper, non-Appendix G compliant scanners can be successfully used for civilian identification. As part of this study, we are proposing a reduced standard, included as Appendix H. Unfortunately, no research data exists on the relationship between image quality and AFIS performance, so we are "guess-timating" when proposing requirements for image quality. We are suggesting that AAMVA develop, based upon this reduced standard, "best practices" for scanner image quality for use in commercial driver identification.

0.5.3 Compression Method and Ratio

In 1992, owing to the pressing problem of large-scale IAFIS data transfer and the noted degradation in expert and computer matching performance when using JPEG-compressed fingerprint images, FBI adopted the Wavelet Scalar Quantization (WSQ) method of compression as the standard, included in this report as Appendix J. WSQ allows for a variable compression ratio for transmission and storage. After qualitative tests with human "latent" examiners, the compression ratio of 15:1 was adopted as the standard. The civilian community believes that higher ratios can be used without catastrophic AFIS performance degradation, but there has been no scientific research in this area. We are proposing that AAMVA adopt WSQ at 20:1 compression as the standard compression method, pending additional scientific studies regarding compression ratio and performance.

0.5.4 Data Format Standard

We propose that the ANSI/NIST "Data Format for the Interchange of Fingerprint Information," included in this report as Appendix I, be adopted, without changes, for use in the commercial drivers licensing project.

0.5.5 Minutiae Extraction

Even fully-compressed fingerprint images are too large to be stored on a licensing document. Almost all commercially available fingerprint systems extract "minutiae" from the fingerprints. Minutiae are, roughly speaking, the location of the ridge endings and ridge "bifurcations" (splits) in the fingerprint. Beyond this, however, there is no agreement among AFIS contractors as to what other information should be contained in the minutiae record. Most contractors differentiate between ridges and bifurcations, and add the angle of the ridge at the minutiae point. The amount of additional information that can be added is virtually endless, and minutiae records can be from 26 to 1000 bytes long. The fingerprint image cannot be reconstructed from the minutiae record. Matching is done by comparing the minutiae points to those extracted from previously stored prints. There is no scientific research available regarding AFIS performance and minutiae record size or content.

There are no government standards for defining minutiae records or their extraction or storage. This means that minutiae records stored on a licensing document will not be usable across system contractors. Unless every state contracts with the same contractor, inter-state "roadside" driver identification is not feasible with records stored on the document. Early in 1997, NIST held informal meetings with the AFIS industry on this issue, but no immediate progress was been made. Owing to vendor pride and "proprietary" approaches, minutiae standardization is proving to be a very difficult and daunting problem. We recommend that AAMVA attend any minutiae standards meetings held by NIST. We do not recommend that FHWA or AAMVA directly attempt to establish such standards.

0.6 Three System Designs

There are three ways of approaching the creation of a nationwide biometric system for identifying commercial drivers. The general nature of this system is independent of the choice of fingerprinting as the candidate biometric technology, but is highly dependent upon funding, politics and the Federal prerogatives/states' rights debate.

0.6.1 The Centralized System

The most straightforward and cheapest approach to the identification of commercial drivers would be a national system, much like CDLIS, which electronically holds the minutiae records of all licensed commercial drivers. The minutiae would be "pointers" by which the database could be accessed. Recalling that fingerprint images cannot be reconstructed from the minutiae records, the original images would remain stored in the states which collected them and accessed only if a prosecution for drivers licensing fraud was indicated. However, because each state might be using different fingerprinting contractors with incompatible minutiae record formats, the fingerprint images, collected during the licensing procedure using scanners of standardized image quality, would need to be transmitted in compressed form to the central site for minutiae extraction. The states would archive the images, while the central site would extract the minutiae, then discard its copy of the original images. States objecting to the transmission of compressed images could send the minutiae only, but would be required to use the contractor-specific minutiae extraction software mandated by the national system manager.

A commercial driver applying for a new license or a renewal would have copies of his/her images sent to the central site, converted to minutiae and scanned against the existing database. The transmitted copies of the images would then be destroyed. In the case of a new license, if no match was found, the license could be issued and the minutiae stored in the database. In the case of the issuance of a duplicate or a renewal, a match should only be found against the registered license holder. Any other matches would indicate multiple license fraud. This approach to scanning the entire database for both new licenses and renewals provides a "double check" against multiple issuances. To be effective, all states would be required to participate. A non-match during the renewal or duplicate issuance process might indicate single license/multiple driver fraud.

Could such a large centralized system be built and would it work? Scientific information on large-scale system performance has recently come available from an international AFIS contractor benchmark test conducted by the Philippine government. An important feature of large-scale AFIS systems is that of print classification to decrease the required scope of the search. Stored prints are classified as to "arch," "whorl," etc. (or into some other groups). When a sample print is received for comparison, it is likewise classified, then compared only to those prints with the same classification. Two-print systems can, on average, match prints by comparison with only about 10% of the stored prints in the total database. The measure of this efficiency increase is known as the "penetration rate." Assuming 8.5 million commercial drivers (some of whom may be inactive and not seeking renewal), with approximately 3 million renewal, state transfer and new licenses annually, 240 20-hour work days annually at the central site, two-finger matching and a 25% penetration rate, about 400,000 comparisons per second would be required. Although no system of this size currently exists, it is within the capability of current contractor designs.

Compressed images are about 15 Kbytes in size. This data can be transmitted over standard modems in two or three seconds and could be sent to the central site over AAMVANet or internet lines. The data arrival rate at the central site (over an 11-hour national work day) would be about one 15 Kbyte image (plus data format header and overhead) every 3 seconds, requiring trivial input bandwidth.

Current system performance appears to be highly contractor dependent, false match errors occurring perhaps once in every 10 million comparisons. Assuming independence of errors, two finger false matches would occur about once every 10 14 matches. Using the same numbers as in the paragraph above, this would equate to a false match every few decades.

False non-matches occur at a rate of 2% to 10% per single finger comparison. Again assuming independence of errors, two finger false non-matches would be less than 1%. This number has to be interpreted carefully. It means that less than 1% of all persons attempting fraud through random means will be successful, while 99% will be caught.

0.6.2 The Distributed System with Centralized Communication

A second approach would be to have each state maintain and control its own commercial driver AFIS system. Each state could have a different contractor and different minutiae extraction protocols, but each would collect data at the nationally-mandated image quality standard. Duplicate or replacement licenses would be issued only upon the verification against the state's own database of the applicant's fingerprint. Single license/multiple driver or driver substitution fraud could be detected with no interstate transfer of data.

When a driver applies for a new license, the compressed fingerprint image would be sent by AAMVANet, NLETS or internet to a centralized communication site for distribution to the independent systems in all the other jurisdictions. Any jurisdiction finding a match would report the find directly to the originating state.

The centralized communication site would have to transmit each image 50 times, leading to a centralized output of several hundred Kbytes per second, a trivial load for a large server. Input data rate at the state and central sites would be at the average rate of one image every 3 seconds. California, the largest state with about 600,000 commercial driver's licenses (CDLs), would be conducting about 50,000 comparisons per second (considering a 25% penetration rate), requiring a mid-sized system.

The political advantage of this system is that states would only release images for immediate search, not for storage in any form outside the state. Each state would maintain complete control of all its images and derived minutiae. The disadvantage would be the total cost of the system, with loss of the economies of scale of the centralized system. The effectiveness of this system would be identical to the centralized system, provided that all states participated.

0.6.3 The Distributed System with Direct Communication

The third approach is identical to the second, except that compressed fingerprint images would be sent directly by the collecting state only to selected, participating states for search. Receiving states could charge a fee for searching of an image against their database. This would require no generalized transmission of fingerprint images, giving each state tight control over which images would be sent to which states for search. Further, states could participate or not in this system as local politics required. This system would be effective against renewal and single-license/multiple-driver fraud. Effectiveness against multiple license fraud would be limited, however, if not all states participated.

0.7 Legal Considerations

We have determined that there are several Constitutional principles potentially linked to a government requirement for the submission of a biometric measure as a prerequisite for the issuance of a driver's license. These are: due process, search and seizure, and self-incrimination, as well as the implicit right to privacy. Our survey of legal challenges to government-required submission of a biometric identifier revealed several pertinent court rulings, nearly all of which upheld the practice when justifiable on grounds of public safety.

The most directly applicable case was Christopher Ann Perkey v. Department of Motor Vehicles, decided by the California Supreme Court. California instituted a requirement that each applicant for a driver's license submit a fingerprint to the Department of Motor Vehicles. Ms. Perkey refused to be fingerprinted and was denied a license solely on the basis of this refusal. She took legal action, claiming that the fingerprint requirement violated substantive due process because there was no relationship linking it with the state's stated interest in promoting highway safety.

The California Department of Motor Vehicles asserted that fingerprint technology was the only reliable way to ensure the integrity of its drivers licensing records and that the interception of applications from those who pose a serious danger to public safety constituted a proper legislative objective. The California Supreme Court agreed that the fingerprint requirement bore a rational relationship to the legitimate goal of furthering highway safety by giving the state a reliable method of checking the identity of driver's license applicants and upheld the requirement for fingerprinting.

Although this finding only applies in California, government required physiological sampling has been upheld by several U.S. Supreme Court rulings against several challenges. In the case of Breithraupt v. Abram , decided in 1957, police took a small blood sample from an unconscious person involved in a fatal car accident. The Supreme Court ruled this extraction was constitutionally permissible, stressing that clinical blood extraction was not significantly intrusive and had become both commonplace and accepted by society. Nine years later, the Court reiterated this point in Schmerber v. California , by recognizing that both federal and state courts have held that the right against forced self incrimination does not extend to forced subjection to fingerprinting, photographing, or physical measurements, nor to forced writing, speaking, standing, walking or gesturing for identification purposes.

Our research indicates that a requirement for fingerprinting as a prerequisite for the issuance of a commercial driver's license would most likely be upheld in a court challenge.

The greatest legal challenge to such a system will be from the states themselves. Of the four states currently collecting fingerprints electronically, one (Georgia) would be unable to release those prints to other states under current state law. One (California) would be unwilling to release their prints to a federal system without mandating federal legislation. Most states not currently collecting fingerprints would require modifications to state law, or a federal mandate, to begin collection.

0.8 Benefit-Cost Analysis

Our study includes a procedure for a detailed benefit-cost analysis. Estimating the financial costs of any of the three designs given above is not difficult. Industry sources indicate that the centralized system could be built for under $15 million. Total cost of the distributed system would be greater, owing to the loss of economies of scale, but capital expenditures of each state would be at most a few million dollars.

The primary problem we face is in estimating the financial benefits of the system, particularly in the absence of any conclusive evidence that the current system for enforcing the "one-driver, one-license, one-record" is ineffective. In November, 1996, the New York State Department of Motor Vehicles completed the "Multiple CDL Study" for the Federal Highway Administration. According to this study, "the multiple CDL problem has decreased to the point that it appears to be virtually non-existent." Further, the study states, "Although potential duplicates (CDLs) surfaced in our records comparison results, the numbers were statistically insignificant."

We know of no documented, post-CMVSA case of a commercial driver actually having two commercial licenses. On the other hand, anecdotal evidence has recently emerged from the Alabama Department of Public Safety that a problem may exist with multiple drivers sharing a single license. This issue was not addressed by the "Multiple CDL Study" and, consequently, we have no estimates of the size of this related problem. The use of biometric identification with the CDL, specifically the on-line availablilty of the biometric record with the driver data in the CDLIS database, could eliminate the problem of multiple drivers on a single license.

Pending the completion of current, on-going studies, it is difficult to estimate traffic safety benefits to be accrued from the deployment of a biometric identification system for commercial drivers owing to the lack of hard data on the size of the commercial driver authentication problem. Nonetheless, we have included in our study a detailed analysis of what types of data would be necessary to support this project from a benefit-cost perspective.

0.9 Conclusions

This study recommends that fingerprinting be established as the biometric for identifying drivers pursuant to Section 9105 of the "Truck and Bus Safety and Regulatory Reform Act." This study further defines the minimum required scope of the system and recommends specific "minimum uniform standards" for the biometric identification of commercial drivers using fingerprinting. We have included results of a recent large-scale fingerprinting test showing the feasibility of two-finger systems at a scale comparable to the current CDLIS enrollment.

We suggest several standards (scanner image quality, compression, data transmission format) for adoption by AAMVA as "best practices" and outline several system approaches for using biometric fingerprint technology to enforce the "one-driver, one-license, one-record" mandate of the Commercial Motor Vehicle Safety Act. In the absence of hard information supporting the existence of a problem with multiple licenses or single licenses with multiple drivers, we have difficulty in computing the benefit-cost feasibility of such a system, but have included a computational methodology for use as such data becomes available.

We recommend that the FHWA cooperate with AAMVA to establish "Best Practices" for biometric identification using the fingerprint, including standards for finger selection, scanner image quality, compression technique and data transmission format, based on the specific recommendations of this report in these areas. We further recommend that AAMVA create model fingerprint collection and protection legislation to serve as a guide for states wishing to begin the fingerprint identification of commercial drivers.

Top

Zip files may be downloaded using WinZip WInZip Logo

Go To Top of Page