Monday, October 29, 2007

Outraged parents start their own blog

A while ago I posted Leeds pupils bullied to give up their prints - here is the email in full on the Leave Them Kids Alone site. It makes for uncomfortable reading.

So now the parents whose children go to Morley High School in Leeds have started their own blog,

Here they voice their concerns on how the new biometric fingerprint system has been implemented allegedly leaving pupils who refuse to be fingerprinted without hot meals and children who don't use the canteen being photographed fingerprinted - read the blog for more.

Friday, October 26, 2007

Technology for technologys sake

Okay, biometrics for vending machines, meals, entry and exit at school, libraries (and in the states school transport) now a school in Ilkley, Leeds, has a fingerprint cash paying in machine, for childrens school trips, that has set the school back £2500.

"The organisation of trips at Ilkley Grammar involves a turnover of £250,000 a year, mostly collected in £10 or £15 instalments. It means close to 20,000 transactions a year."

A quarter of a million pounds of parents money on school trips each year for around 1500 students (works out around £170 per pupil per year) suggests that Ilkely is a fairly affluent area and that the need for parents to pay in such small amounts could be managed better by the school.

"Head teacher Gillian James said in an explanatory letter to parents that the system would store a number based on a fingerprint reading. No fingerprint images would be stored". - Not exactly true, what is stored is an fingerprint algorithmic image that our UK police can access and use without parents and pupils knowledge (Deputy Information Commissioner Q50 & Q51).

I wish teachers would stop spouting the vendors and the governments "It's not a fingerprint...." speil and educate themselves.

Apparently - "The Information Commissioner and the Department of Education and Skills had said they had no concerns.", however these people do:

Kim Cameron, Microsoft's Identity Architect
Andrew Clymer, senior identity management security expert (more than 8 years at Cisco Systems, working with Visa, Fidelity, Merrill Lynch, etc - providing them with a secure network environment)
Paul Squires, Identity Solutions Architect at Enline plc
Bruce Schneier, a respected US writer and lecturer on issues surrounding security and privacy, who has testified before Congress and authored eight books and dozens of articles and academic papers.
Ralf Bendrath, privacy, security and internet researcher
Dr Sandra Leaton Gray, Director of Studies, Sociology of Education, Homerton College, Cambridge
Professor Emerita Leone Burton, University of Birmingham, visiting research fellow, Cambridge University
Patricia Deubel, PhD, adjunct faculty member in the graduate School of Education at Capella University
Dr James Atherton,
Jon Crowcroft, Marconi Professor of Communications Systems, University of Cambridge
Terrance Boult, University of Colorado
Eugene Schultz, Ph.D., CISM, CISSP, CTO of High Tower Software
David French , 30 plus years in IT, Wellington NZ
Brian Drury, IT security consultant, UK
Brian Honan, independent security consultant based in Dublin, Ireland
Dom Devitto, information Security consultant, UK
Rufus Evison MA (Cantab), senior IT consultant and company director, UK
An unnamed Police Fingerprint Officer (15+ years' experience)
Stephen Groesz, a partner with the law firm Bindmans
The Austrian Supreme Court
The States of Michigan, Illinios and Iowa (so far, others are likely to follow)
Tony Delaney, The Assistant Irish Data Protection Commissioner
Roderick Woo, Justice of the Peace at the Hong Kong Office of the Privacy Commissioner
George Radwanski, Privacy Commissioner of Canada
Ann Cavoukian, The Privacy Commissioner of Ontario
Damian Green MP, Conservative Home Affairs spokesman
The Rt Hon David Davis MP, Conservative Shadow Home Secretary
Nick Gibb MP, Conservative Shadow Minister For Schools
Baroness Carnegy, Conservative
Sarah Teather MP, LibDem Shadow Education Secretary
Greg Mulholland MP, Lib Dem Schools spokesperson
Baroness Walmsley, LibDem
Baroness Howe, Crossbencher
83 other MPs from all parties who have signed Early Day Motion 686 (frontbenchers do not usually sign EDMs)
More than 1500 parents who voted last summer in an online poll against kiddyprinting without parental consent. 93% opposed fingerprinting without consent.

Thursday, October 11, 2007

Parents voice their concerns

The Daily Mail reports today on growing concerns amongst parents about the practise of "fingerprinting" children in schools for food, books and access.

One parent has already taken legal advice after his child's school took biometric fingerprint from his child without even informing him.

"...a Suffolk filmmaker called Jonathan Adams, are considering legal action to stop schools in their tracks. "Litigation may be the only way forward," he says. "We fear they are in breach of the Human Rights Act, the Data Protection Act and the European Commission laws that safeguard the child.

"We have sought initial advice from lawyers."

This from David Clouter of Leave Them Kids Alone, (which as a parent I completely agree with),
"Schools send out consent slips for just about anything, from allowing popcorn during cinema trips to whether we can take pictures of the school play at the end of term," Mr Clouter says, "but they didn't plan to ask the parents about taking their children's fingerprints."

Fiona Elliot a parent in Doncaster, who was quoted in the article, had this letter from her children's primary schools which stated: " We have no legal requirement to ask for permission [from parents before 'fingerprinting' children] as we will not be breaching any data protection regulations"

...and the next sentance is quite unbelievable, "and also letters of permission are not always returned" (!)

I agree with Fiona, "If some choose to write this off as alarmist, she doesn't care", neither do I.

Children's biometric data secure for their lifetime?

Over on Andy Clymer's blog he raises concerns of how children's biometric in schools may not be secure, even for their time at school.

"...a responsible biometric manufacture would secure biometric data as best they can today, but once the software has been deployed if that data is to be truly secure it needs have sufficient physical security measures in place provided by the owner to ensure that in the future the encryption based solution still has adequate merits, the moment you do not have complete ownership of the data all bets are off...and by their own admission the biometric provider in this case said their guarantees is for appx. 10 years, in the case of biometric data for kids that data is sensitive for 60-70 years."

Tuesday, October 09, 2007

Building Schools for the Future bidder builds biometric technology into schools

The Sunday Heralds reports that after the palm vein scanner was trailed in a Scottish primary school last October, Amey who introduced the vein scanner, developed by Yarg Biometrics and Fujutsu, have plans to introduce this in another 11 schools for lunch lines and possible entry into schools:

"The private firm Amey is now presenting biometric systems as part of its pitch for all new school building contracts. The company was keen to assure parents in Renfrewshire, where 11 more schools are set to adopt palm readers, that the technology was safe and data could not be stolen or misused."

Vein scanning is mildly more acceptable than fingerprint scanners, as a vein print cannot be casually left at a location as a fingerprint can and so implicate you at a certain location (other than at a vein scanner). But Amey's claim that the technology is safe and data cannot be misused or stolen is a very grand claim, as these children's biometric data needs to be secure for the rest of their life time - decades... or at the very least for the life time of a child's schooling from 4-18 years old, until 2021.

How can parents, governors and pupils be consulted on this if building these biometric systems into schools are done at local government contract level? And "opt out" alternatives should be provided.

The government (BECTA) guidelines state that, "...schools should normally involve pupils and parents in their decisions to use biometric technologies as is the case with other decisions made during the school life of children ." page 7 of the "BECTA guidance on biometric technologies in schools"

- this Building Schools for the Future(BSF)/Private Finance Initiative (PFI) scenario seems to blatantly override the recent government guidelines here, unless there is a consultation process underway with parents and pupils that hasn't been reported in this case.

If their is no "involvement" with parents and pupils, there is no consequence for the companies/schools installing it. Well, hey ho, that's non legal/statutory guidance for you.

Thursday, October 04, 2007

Biometric systems help visibly reduce wrinkle lines and bullying

At Viewlands Primary, Perth, Scotland, a fingerprint scanning system is trialled for school lunches:

...a spokesman for the council insisted fingerprinting youngsters is safe and has helped reduce bullying. - the council spokesperson shows no evidence to back this statement up. In fact there is no evidence whatsoever that proves that using biometric systems in schools reduces bullying.

The spokesman claimed 90 per cent of parents had given permission for their children to take part and it was impossible for the system to be accessed by "unauthorised" users.

"Impossible"?... a fantastical claim to be made in this day and age when peoples identities are being stolen from cash point machines, NHS records stolen - re-surfacing on e-bay and banks not disposing of customers details properly.