Biometric systems - designed to automatically recognize individuals through characteristics such as fingerprints, voice or face recognition - are all flawed, says the National Research Council.
While they've been widely claimed to be more reliable than previous identification methods, not one is based on a trait that's stable and istinctive across all groups, it says.
"For nearly 50 years, the promise of biometrics has outpaced the application of the technology," said Joseph N Pato, chair of the committee that wrote the report and distinguished technologist at HP Laboratories.
"While some biometric systems can be effective for specific tasks, they are not nearly as infallible as their depiction in popular culture might suggest. Bolstering the science is essential to gain a complete understanding of the strengths and limitations of these systems."
Governments and other organizations are increasingly using biometric systems to regulate access to facilities, information, and other benefits. But questions persist about their effectiveness, says the NRC.
The systems provide 'probabilistic results', meaning that they can't be regarded as gospel. The report notes that when imposters are regarded as unlikely, even systems with very accurate sensors and matching capabilities can frequently get it wrong.
Earlier this year, for example, two pranksters managed to get through security at Amsterdam's Schipol airport with a passport in the name of Elvis Presley, using a doctored biometric chip.
For a start, biometric characteristics can vary over an individual's lifetime due to age, stress, disease, or other factors. Technical issues regarding calibration of sensors and degradation of datacan also contribute to unreliability.The report says that any biometric system being used for security purposes should undergo thorough threat assessments to determine its vulnerabilities to deliberate attacks.
Systems should be designed to anticipate and plan for errors, even if they're expected to be infrequent, says the NRC.