Checking a person against a biometric is a way of establishing their identity. So checking them against two biometrics ought to establish their identity with greater confidence.
Wrong. As it turns out, in some cases, using a second biometric can significantly increase the error rate:
Suppose weak Biometric 1 operates with both of its error rates [ie false negative and false positive] equal to 1 in 100, and suppose stronger Biometric 2 operates with both of its error rates equal to 1 in 1,000. Thus if 100,000 verification tests are conducted with impostors and another 100,000 verification tests are conducted with authentics, Biometric 1 would make a total of 2,000 errors, whereas Biometric 2 would make a total of only 200 errors. But what happens if the two biometrics are combined to make an "enhanced" test?
If the "OR" Rule is followed in the same batch of tests, the combined biometric would make 1,099 False Accepts and 1 False Reject, for a total of 1,100 errors. If instead the "AND" Rule is followed, the combined biometric would make 1,099 False Rejects and 1 False Accept, thus again producing a total of 1,100 errors. Either method of combining the two biometric tests produces 5.5 times more errors than if the stronger of the two tests had been used alone.
And while we are at it, Jerry Fishenden, who is the National Technology Officer for Microsoft in the UK (a firm not known for its radical libertarianism) has written an article, originally in The Scotsman, signalling considerably less than unbridled enthusiasm for the ID card scheme:
There is no need to contemplate designing a system embodying so much potential risk â€“ when the same results can be achieved without any risk at all. After all, if someone were proposing to build the most ambitious bridge the world had ever seen and engineers could see that it would fail and ways in which it could be improved, we would expect their views to be taken into account.