When the U.S. military attacked Iraq in March 2003, it brought to bear the most advanced technology then available for identifying potential terrorists by their physical features. The equipment measured all sorts of physical features—from fingerprints to images of the iris—but it was not particularly easy to use. The apparatus weighed a hefty 50 pounds and consisted of a hardened laptop hooked up to a camera, an iris scanner and a fingerprint device. 

Eight years later, the toolkit used to identify Osama bin Laden in his Pakistani hideout was probably a lot like one of the handheld devices that are now routinely used by thousands of U.S. soldiers throughout the world to compare people's faces against the images of many known or suspected terrorists. Dubbed the HIIDE, for Handheld Interagency Identity Detection Equipment, the instrument looks like an overgrown camera and weighs between 2 and 3 pounds. In addition, soldiers took tissue samples for use in DNA analysis that later confirmed the master terrorist's identity with nearly 100 percent accuracy.
The use of biometrics—standardized measurement of various physical and behavioral features—has come a long way in the intervening years. There have been two driving forces behind the breakthroughs: The first was the realization that seven of the 19 September 11 hijackers were known to authorities and had used false identity papers to gain entry to the U.S. "If we had had biometrics on them and we had known they were using someone else's identity, we could have stopped them," Lt. Colonel Kathy Debolt (retired) told an identity research conference in 2008. Debolt led the development of the identity assessment tool that the military started using in Iraq. In the aftermath of Sept. 11, the U.S. Defense Department and the National Institute of Standards and Technology poured millions of dollars into various biometrics research programs.

The second impetus to change was the incredible boost in computer processing power of the 1990s: increased speed allowed the devices to access the databases that lie at the heart of biometric identification systems and compare thousands of features in fractions of a second, providing useful answers just after an individual has been detained or while a person is still in custody. 

Even some of the centuries-old standards have benefited from the enhanced computer processing power. Fingerprinting was first proposed as a crime-fighting measure in the late 1800s and Paul Revere used dental records to identify the body of a Revolutionary War hero killed at the Battle of Bunker Hill. By the late 1990s, the FBI had computerized the process of matching fingerprints, allowing results in a matter of hours. The law enforcement agency is now in the process of adopting a new system that can return results in minutes, according to Peter Higgins, who helped the FBI automate its fingerprinting process 15 years ago and is now a consultant in the biometrics industry. 

The newer methods of identification rely heavily on both probability theory and precise measurement. It is not enough just to measure accurately the distance between someone's eyes, for example; the biometric calculation also must take into account how common the result is in a given population. By combining the results of multiple measurements (iris scans, length of nose, distance from top to bottom of lip), users can come up with highly credible matches. Iris scans have been widely used in Afghanistan to streamline the entry of construction workers and other laborers into military bases. Iris scans can also return usable images from corpses for up to 12 hours after death, Higgins says, depending on the condition of the body. But Osama bin Laden is unlikely to have sat still for an iris scan while he was alive in order to provide a comparison image.

As for civilian use, iris scans are reliable enough that they have been used in some European airports for a couple of years now to automate passport control for frequent fliers who are willing to register a grayscale image of the front of their eyes with authorities.* Several British airports are now going one step further and testing facial recognition software that allows travelers to skip the immigration lines and process themselves into the country.

As facial recognition software gets better and better, concerns over privacy for ordinary citizens have mounted. The best results occur when the software can compare high-definition images taken in standardized settings—not a frequent locale for a shadowy terrorist.

But millions of people already have such images of themselves on file in their driver's licenses. In 2009, the FBI used facial recognition software to nab a suspect in a double -homicide who they believed had fled from California to North Carolina. The authorities compared a 1991 booking photo of the suspect against the 30 million photos that the North Carolina Department of Motor Vehicles had on file. Twenty-eight photos came up as possible matches. An FBI analyst then whittled the number down to just one man, who was later arrested and positively identified as the fugitive.

Editor's Note (5/3/11): This sentence was changed after publication to reflect the correct portion of the eye registered in images. Also, "retina" was changed to "iris" throughout for accuracy.