Biometrics is widely touted as the Holy Grail of security. But like the legendary cup, it promises much while remaining impossible to attain.

The idea of security based on the person is a popular, and its value cannot be discounted. However, its reliability, costs and usefulness to the private sector are a lot more questionable.

The idea of using aspects of someone's physiological make-up, from fingerprints to DNA, to assure identity is not new. In fact, it's so old that it can be traced back thousands of years to the time when the Egyptians built the pyramids.

From the early days of ink fingerprinting to today's high-tech iris scanners and DNA-based solutions, biometrics has always had a role to play in identifying the so-called 'bad guys'. Watch any number of modern-day thrillers or sci-fi movies and it won't be long before fingers and eyes are being chopped and popped for someone to bypass a biometric security system.

Historically, biometrics in the form of fingerprinting has been used by police forces to catalogue and identify criminals, while maintaining DNA databases have been the preserve of the medical and research communities.

More recently though, biometrics has been touted as the latest weapon in the so-called War Against Terror. Global terrorism has been good for the IT security sector overall, but it is proving to be the main reason for the boost in interest in biometrics. As a result, the public sector has gone potty over new biometrics initiatives to protect the nation's borders - not just from terrorists, but also unwanted asylum seekers.

From passports to ID cards, biometrics solutions are being scrutinised and tested across many government departments. No matter how excited the public sector gets though, what is the current state of biometrics in the private sector? And, more importantly, is there anything in this for the channel?

The market research figures put forward are hardly earth-shattering at the moment. Analyst IDC puts the market at $887m in 2005, with Frost & Sullivan claiming the market will rocket to just over $2bn by 2006. Not surprisingly, the International Biometrics Group is predicting growth of $4bn by the end of 2007.

The overall lack of agreement at how much cash biometrics might generate is not surprising, since the vast bulk of its current high profile is based on global fear of terrorism. This is hardly the most common, or reliable, foundation for a technology attempting to go mainstream. In reality, the future of biometrics is far less assured thanks to lack of demand and expense.

"The biometrics market is patchy, at best," says Clive Longbottom, service director at analyst Quocirca. "Companies have not yet got to terms with corporate security as it stands and for many, biometrics is seen as too advanced.

"Until businesses sort out the state of their existing data security set-up, biometrics will remain a solution for the few, not the many.

"That said, in the long run, biometrics is the only way forward. As long current 'challenge and response' security measures are used, people will write down whatever they need to remember somewhere. Even chip and PIN solutions are not the most secure."

Tony Larks, business development manager at security VAR Peapod, agrees that biometrics in the private sector has failed to take off.

"The reality is that organisations are struggling with two-factor security, never mind the third factor that biometrics represents," he says.

"We have specialised in security since 1991 and were actually a big proponent of biometrics back in the mid-1990s. We are no longer involved in the market because it failed to take any foothold back then and the market hasn't changed much since."

A more optimistic view of the sector comes from those promoting biometrics solutions. Until recently, Derek McDermott was managing director of UK biometrics software company ISL, which went into administration in October before being snapped up by BMS Biometrics for an undisclosed sum.

McDermott, who now runs his own security consultancy, Cornerstone IT Partnership, remains upbeat about biometrics, despite his former company having lost its venture capitalist backing.

"At the moment, there's lot of interest being generated thanks to announcements by the UK government for border controls and the knowledge that we can no longer go to the US without fingerprints and photographs," he says.

"The fact that the government is endorsing it has proved a boost and there is a greater acceptability from corporates, which are now putting pilots into place. As long as biometrics can prove a solid business case, its fortunes will improve."

Philippe Robin, R&D director with security and biometrics company Thales, admits terrorism has been good for business.

"Clearly, terrorism has boosted the demand for biometrics, with countries delaying previous projects to evaluate solutions. Just look at passports where certain countries have had to postpone introducing new passports in order to include some biometric technology in them," he says.

In the UK the government has gone a step further, linking the need for biometric passports with the need for national ID cards.

In the recent Queen's speech, the government's biometrics intentions were hammered home: passports and ID cards containing biometrics information, ranging from a fingerprint to a facial or iris scan, will start being rolled out in 2005 and 2007 respectively. It's expected to add up to about £3.1bn - and that's before considering problems.

The passport side of things has caused a few ripples, since the US is demanding that its 'allies' conform to the new biometrics approach to access control. But the ID card side of things has been lashed from all quarters.

Experts and analysts have been queueing up to warn, rubbish and point out the many problems of taking on something so huge, with such a tight timescale and using technologies that have not yet had any very large-scale roll-outs.

As of yet, no roll-out comes within a million miles of what will be needed to host the biometric data of 48 million passport holders and 60 million ID card carriers.

"The National ID Card project has all the hallmarks of technology looking for a purpose," says Graham Titterington, principal analyst and IT security expert at Ovum.

"There is a danger of it becoming implementation-led, and technology projects that are run in this bottom-up direction invariably fail. The more extensive the information is, the more complex the requirements will be to manage it, control access to it and to keep it accurate. The current set of objectives is unrealistic."

Longbottom says: "The government is not known for running IT projects well so it will go wrong."

Despite the warnings and red flags being waved, the government is intent on spending a lot of cash to make biometrics part of the national security set-up. Does this translate into business opportunities for VARs? Yes and no, but mainly no. The bottom line is that unless you are already operating in the public sector, forget it.