How is the FBI supposed to track down bad guys -- including terrorists -- if it
can't rely on cross-agency handling of fingerprints? With new open
source software developed on Linux and written primarily by a programmer working
for the National Institute of Standards and
Technology (NIST), fingerprint quality and the ability to
match prints taken by a disparate variety of print scanners is improving
Despite advancements in actual fingerprint-lifting techniques --
often dramatized on popular television shows -- and better quality print scanning
that has evolved way beyond the old ink pad, law enforcement officials often struggle to
match different quality prints that are logged with different scanners. For
example, if investigators in Philadelphia had a good quality fingerprint
taken with one scanner, it would be difficult for investigators in Seattle
to confirm a match if their own copy of the print was of poorer quality
using a different scanner.
But the new NIST
software, delivered with source code to U.S. law enforcement groups and
to be mandated for all FBI "civil checks" and federal employee processing
fingerprints by March 2005, now helps officials matrix the variations and
more accurately come up with matches. The software, compiled on a CD-ROM, is
free -- subject to the U.S. government's export control -- and has gone out
to more than 50 agencies. About 20 requests come in daily, according to
Charlie Wilson, manager of the image group at NIST's Information Technology Lab.
"We've been worrying about this problem for a number of years, and came up
with a way that works," Wilson said. "Now all the agencies will have the
same image quality (for fingerprints)."
Variation ups and downs
NIST has been trying to create a fingerprint identification system with
universal quality standards so that matching prints, already a complex art
to begin with, could be simpler and faster. While variation among
fingerprints makes them an ideal identifier for people and perpetrators, the
variation among fingerprint taking has devalued the biometric method. Wilson
explained that investigators must deal with three or four major companies that
make the scanning systems. In addition, the different systems take the
fingerprints via different methods -- such as single finger, four-finger
"slaps," or other method. Yet another layer of variation is added when
considering the condition of the printee's skin, how well the scanning
equipment is maintained, and other factors.
"Most people taking fingerprints don't have a real good idea of what a
fingerprint looks like to get a good match," Wilson said. "It's the same old
case of garbage in, garbage out."
Wilson said there are commercial products that do the same thing as the
new NIST software -- a suite of fingerprint analysis tools for quality,
matching, patterns, minutiae detection, and encoding -- but they all use
different scales. The NIST software represents the first time officials can
directly compare fingerprint image quality from scanners of different
"Nobody else has ever done this," Wilson said. "What you're really
talking about is that fewer prints will be rejected. This should be able to get
everybody taking better quality fingerprints."
He said the software -- approximately 20,000 to 50,000 lines of code in
5,000-line modules -- assigns all scanned fingerprints a uniform quality
level from 1 to 5: 1 being high quality, and 5 being unusable, or as Wilson
put it, "try again."
The software, in its second version, ships with source
code and will likely be used by more agencies than the first version, which
had about 600 users, according to Wilson.
"This time, it's looking like we're going to ship a lot more," he said.
"It's got a pretty complete set of fingerprint tools on there. There are
many of the things you need to build an automated fingerprint identification
system [AFIS] with just the source code. It's real important that we
included all of the source code and a full explanation of how it works."
Wilson said when testing about 20 different commercial print matchers --
as mandated by the Patriot Act -- and accounting for different sets of
different quality fingerprints that number nearly 70 million, NIST
developers were forced to test essentially 20 data sets over 14 different
"The NIST software predicts all of [the possibilities]," Wilson said. "It
matrixes the whole thing."
Developed on Linux
The software, which can run on Linux and Windows NT and XP systems, was
the result of more than a decade of trying to improve how fingerprints are
recorded and matched, but the new software suite itself was developed using
Red Hat Linux 7.3 running on NIST's clusters, according to Wilson. While
some of the software had already been developed, he said it took "a good
person" two years to write the Fingerprint Image Software -Version 2.
Elham Tabassi, that "good person," said the biggest challenge in creating
the software was in formulating the code problem correctly. Tabassi, who
wrote the software in C, said she recycled a fingerprint minutia software
set and began by playing with regression and Neural classifiers. Tabassi
conducted some scripting and experiments and then spent about eight months
designing the system and getting the components right. Tabassi said she
spent another two to three months putting the package together with a Perl
script wrapper. Making it all C and wrapping the package in that language
took another nine months, Tabassi said. The NIST coder commended her
teammates and boss for creating a work environment that helped her produce
Export control without copyright
While the Linux-developed, free and open source software might lose its
luster to open source proponents concerned about its export control, the
fact that the new NIST software was created by the government offers
consolation: It cannot be copyrighted.
"It's government-developed software, so there's no copyright. It is governed by export control rules," Wilson said.
Wilson explained that the software does come with source code and is
distributed to organizations for free, but its restriction under export
control means that it is not freely available to the public, as well as some
nations including Russia and India.
"It's free, but it's export controlled, which means if you get it outside
the U.S. or you post it on the Internet, the export control people will come
get you," Wilson said.
He also said NIST and the government are aware of parts and pieces of the
software used in commercial products, particularly the image quality
"It will be useful to integrators who need one piece," Wilson said.
"There are companies that have this or that, but need something else."
Predicting a large number of requests for the software once it is announced on
biometric industry mailing lists, Wilson also indicated although the
software is somewhat new, it has been through a rigorous development
"This is not compile-and-ship," he said. "Some of this is pretty