Of all the dramatic images to emerge in the hours and days following the September 11 attacks, one of the most haunting was a frame from a surveillance-camera video capturing the face of suspected hijacker Mohamed Atta as he passed through an airport metal detector in Portland, ME. Even more chilling to many security experts is the fact that, had the right technology been in place, an image like that might have helped avert the attacks. According to experts, face recognition technology that’s already commercially available could have instantly checked the image against photos of suspected terrorists on file with the FBI and other authorities. If a match had been made, the system could have sounded the alarm before the suspect boarded his flight.

In the wake of the attacks, a number of companies, security professionals and government officials have proposed using biometrics-identification based on a person’s unique physical characteristics-to enhance airport security. “We’ve developed some fantastic technologies, but we just haven’t deployed them,” says Georgia State University aviation safety researcher Rick Charles. Readily available biometric techniques include digital fingerprinting, iris scanning, voice recognition and face recognition.

Of these technologies, face recognition is perhaps the best suited to surveillance of busy public places like airports. For one thing, it doesn’t require those being watched to cooperate by looking into an iris scanner or putting a hand on a fingerprint reader; face recognition devices can work with the video feeds from the cameras that are already ubiquitous in public spaces. It’s also much easier for authorities to obtain a suspect’s photo-from a passport or driver’s license, for example-than it is to obtain other biometric identifiers.

Indeed, many government agencies, from the FBI and the CIA to the Immigration and Naturalization Service and the Drug Enforcement Agency, keep large databases of photos. When the FBI places a suspected terrorist on a watch list, the agency circulates that person’s photo to local police, immigration officers or customs agents. “But if you’re a cop, you’ve got to be pretty good at quickly scanning faces in a crowd [for terrorists],” says Richard Norton, executive director of the International Biometric Industry Association. With face recognition technology, security officials could link their surveillance cameras to any number of databases via the Internet and let a computer do all the work, alerting officials when it finds a positive match.

Setting up a face-recognition-based security system would be relatively simple. The two major players in the area of face recognition, Littleton, MA’s Viisage Technology and Visionics in Jersey City, NJ, say they have systems that could easily do the job. Visionics’ device plugs into a video camera and grabs images of faces while the camera is recording. Software extracts the unique characteristics of each face and creates a template, a compressed digital file that can then be sent over the Internet to several databases at once. Further Visionics software installed alongside each database sifts through a million photos per second and signals when it finds a match.

In essence, all the elements needed to create a wide-scale security system based on face recognition are already available. But to implement such a system could be a bureaucratic nightmare, requiring the cooperation of multiple federal and local authorities. Each agency would have to allow access to its photo databases from different security checkpoints throughout the country. “That’s going to require some federal decisions on how that information is shared,” says Norton. “That process is under way. These issues are being discussed at the relevant agencies.”

Federal officials could not be reached for comment on the status of these discussions. But face recognition was one of a number of new security measures that the U.S. Department of Transportation explored after the attacks. In late September, Visionics CEO Joseph Atick demonstrated his company’s technology to an emergency committee set up by the department. In its final report, the committee recommended that airports implement biometric technologies, though it did not specify which ones. But according to committee member Charles Barclay, president of the American Association of Airport Executives, “Face recognition definitely has a future in airport security and air transportation.” In fact, officials in the Department of Transportation and the Federal Aviation Administration have floated the idea of using Washington’s Reagan National Airport as a test site for the first installations, says Barclay.

Airport security, however, could be just one part of a wider antiterrorism system using face recognition. The technology could potentially be employed at government buildings, embassies, border crossings and large public events.

In his briefing to the special transportation committee, Atick went so far as to outline what he refers to as a four-layer “national shield.” The first layer would use face recognition as part of the visa application process, checking each applicant’s photo against databases of known and suspected terrorists. “This is to keep terrorists at home,” Atick says. “Don’t bring them into the United States by offering them visas.” The Immigration and Naturalization Service and the State Department could also prevent some forms of identify fraud by making sure an individual doesn’t apply for a visa multiple times under different names. Three other layers of security would be created by installing face recognition technology at airport ticket counters, metal detectors and boarding gates, all linked to the same databases. This setup would ensure, according to Atick, that no suspected terrorist obtains a boarding pass, and that legitimately obtained boarding passes don’t fall into terrorists’ hands.

Even before the September 11 attacks, the U.S. Defense Advanced Research Projects Agency (DARPA) had begun its own research efforts in face recognition and other biometric technologies. Indeed, face recognition is a key part of DARPA’s four-year, $50 million “Human ID at a Distance” project, launched in February 2000 to develop a sophisticated surveillance system for U.S. embassies and facilities at home and abroad (see “Big Brother Logs On,” TR September 2001). The system would combine cameras, radar and various types of sensors to identify people up to 150 meters away not only by their faces, but also by the way they walk, for example, or measurements like girth and leg length. The project not only illustrates the government’s intense interest in using biometrics to enhance national security, but could also serve as a window into the highly sophisticated systems that might be used in the future.

As promising as face recognition and other biometric technologies look, though, one overriding caveat remains. Simply put, to use biometrics to catch bad guys, you have to start with some idea of who the bad guys are. Surveillance cameras could check each face in an airport against the FBI’s database, for example, but if the agency hadn’t turned up the fact that the man at the coffee stand in the blue coat had trained at an al-Qaeda camp, and his photograph wasn’t in its database, the check would have done no good. It’s still unclear, in fact, whether the FBI had Atta’s picture on file before the September 11 attacks. In other words, biometric data would have to be supported by good intelligence to be a powerful weapon in the battle against terrorism.