Tuesday, December 31, 2013

Looking back 2013




Bio - body  metric - measure



"Once a child has touched a scanner they will be at the mercy of the matching algorithm for the rest of their lives."
Brian Drury, IT Security consultant

(Photo link)


The introduction of biometrics in society has rolled out more in 2013 than any other with smart phones using facial recognition and fingerprint biometrics for authentication, shops tracking consumers with facial recognition, police using CCTV and facial recognition, a US company using facial expressions of pupils to determine their reaction to lessons, the list could go on...

Notably in the UK now for every child's biometric, a school has to store a corresponding parental signature of consent.  This is required in law which became enforceable on 1st September 2013 - the first country globally to have parental consent in legislation for educational establishments to store and process a child's biometrics.

UK Police can potentially access school databases (see Q50 & 51) but a recent Freedom of Information request, sent in May 2013 to every police force in the UK, could not ascertain whether or not police have ever actually accessed a school biometric database - more in the New Year on those Freedom of Information request results.

I guess we'll never know if government authorities do access our children's biometrics.  Given the recent Snowdon revelations, why would we believe they would not access harvested biometric data from millions of children?

Maybe keeping our, and our children's, biometrics private, off institutional and corporate databases as much as we can, is prudent.  These are interesting times we are living in, where the free flow of data is great.  Information at the quickest touch of a button via the Internet.  Information is a tool.  Governments and institutions may be benign now (though some might debate that point) but this may not be so in the future and the highly personal level of information we willingly give now may come back to bite us in the future.
History, unfortunately, has a habit of repeating itself.

Monday, December 02, 2013

What is hidden in our biometrics?

Dermatoglyphics Multiple Intelligence Test, DMIT - a way to tell a person's intelligence by their fingerprints.  Hogwash or truth?  Can fingerprints really reveal our intellectual strengths and weakness?

Parents in India seem to think so with the article 'How brainy is baby? Parents find out' appearing in The Times of India.  According to the article this emerging trend is appearing in Asia, US and Australia with over 2,000 tests a month being done.  Children as young as 9 months old can take the test with the vast majority of clients being under 9 years old.  This is what the article goes on to say:


"A DMIT report tells parents whether their child learns better by 'seeing, hearing or doing' (visual, auditory or kinesthetic learner), whether he has high or low inborn learning capacity (short-term memory ), how long it takes for his mind to process information and so on. This, coupled with the finding about his dominant type of intelligence (there are eight listed ones, including linguistic, logical-mathematical, spatial, kinesthetic, musical, naturalist, inter-personal and intrapersonal ) can help parents give their child a good "head start", say companies." 

One company cites the need for DMIT in that "12,000+ students commit sucides in India every year due to exam related stress.  Parental and peer pressure and prime causes for such high number of suicides" and that "DMIT can provide crucial inputs for students counseling and guidance" also stating "In recent years U.S., Japan and Taiwan have applied Dermatoglyphics to diagnose Down’s Syndrome, congenital disorders, genetic abnormalities, educational fields, human resources management, employee recruitment etc."

It is fair to say then, that our biometrics have the potential to give data about us that we cannot possibly imagine.  When children are encouraged willynilly to give up their biometrics for everyday mundane activity in schools, this DMIT analysis does show there is further potential to glean information from our biometrics - maybe today's children offering up their biometric data in schools should be mindful of this.  Yet more information about us, profiling, categorising with potential to judge.  

Are we being informed of what it is that is being collated about us?  Fingerprints for school meals?  Most probably benign... let's hope so.

Wednesday, October 30, 2013

Florida introduces three bills for biometrics in schools

After the appalling iris scanning of 750 Florida school children in May 2013, without their parents knowledge, to get on a school bus Senator Dorothy Hukill introduced two bills to the Florida Senate, SB232 and SB188 dealing with biometrics in schools.

SB232 would simply prohibit schools from taking and processing students biometrics whilst SB188 would allow schools or school districts to set policies on how biometric technology could be used.
“And the parents have to opt in, give permission for the information to be taken from their child,” Hukill said of SB188.
“Who would even think a school would take this kind of information from children?Hukill said. “We've had children get on buses and go through lunch lines for years without taking their biometric information. Why do we need to do this? And if we are going to do this then why not have a policy in effect?
Good questions indeed Senator Hukill!  

On 21st October 2013 Senator Jake Raburn introduced House Bill HB195 - 'Provides that students & parents have certain rights relating to submission of biometric information; requires school district that collects student biometric information to implement policies governing collection & use of information; requires security of information & notification if security is breached; provides penalties - which is a near replica of SB188.

It will be interesting to see the bills journey through the senate.  Here is a brief explanation of the difference between Senate Bills and House Bills.

Thursday, October 03, 2013

Biometrics not so flavoursome for school catering

Over on What Do They Know, a UK website for Freedom of Information requests (FOIR), there have been some requests made to schools about biometric systems used.

Some interesting figures are emerging.  For example, Falmouth School in Cornwall has a biometric system for school meals, the take up after asking for parental consent is 34%.  Only 355 children are using the biometrics system out of a school role of 1044.

The school recently put a plea out to parents to use the biometric system: "Please could I ask as many students as possible to register to pay using the biometric system." 

Falmouth School's appeal to parents for consent to
 their children's biometrics used for cashless catering
Another school, Honiton Community College, has a biometric system where only 628 pupils and parents have consented to their biometrics being used - a 68% take up rate, with 203 not consenting, 22% .  As there are 926 students on their schools role, quite what the remaining the remaining 95 children are doing for lunch is not detailed in the Freedom of Information request reply from the college - maybe they are opting for packed lunch?

So why are schools buying identification systems for food that are only 34% - 68% effective, then having by law, in the recent Protection of Freedoms Act 2012, to provide an alternative means of identifying oneself in order to access food - surely this is a waste of taxpayers hard earnt money?

Why don't kids use use money?  Children use money out of school... oh yes, according to schools, it encourages bullying apparently.  Does it really?

Are the Headteachers and Principles so incompetent that they cannot sort out bullying issues? - if there is really an issue here at all.  If a leader of a school has to resort to buying an inefficient technology in order to eliminate bullying in a lunch line should that Principle or Headteacher be in the job, as presumably they cannot sort out bullying elsewhere too?  Also is it not the duty of a healthy society to encourage children to know how to handle money, keep it safe, not steal other's money and behave responsibly around cash?

The argument for having biometric technology in schools is weakening.  Complaints need to to be made to schools Governors, who have a responsibility to spend the public's money wisely.  On the governments Audit Commission's website (Protecting the Public's Purse)  there is an booklet entitled - Fraud risks in schools advice for school governors where it states:
"School governors share a responsibility for protecting taxpayers’ money:  As a school governor you have a special additional role. As governors you are individually and collectively responsible for proper control of your school’s finances. The buck does not stop with the financial administrator."
Maybe, in these times of austerity, we need to start holding these governors to account, spending our money on biometric systems that are clearly not fit for purpose in a school environment.

Thursday, September 19, 2013

Really? 'Biometrics Help Teachers Track Students Every Move'

Biometrics Help Teachers Track Students' Every Move
Just look how invasive biometrics can be in the classroom with this article from Yahoo attractively entitled 'Biometrics Help Teachers Track Students' Every Move'.

[Title of article changed in the 24 hours of writing this article to 'Will Big Brother Be Watching Your Kids?' - lots more accurate, thank you.  Original title still in the URL.]

Is where we are heading in society, not just with education, but with all aspects of our life, advertising, interviews, shopping, etc?

If teachers need this level of aid to teach or improve their teaching they simply should get out of the profession.  This level of personal data should not be analysed with children nor anyone.  At what point as a society do we say that enough is enough and that there needs to be some privacy? ...but this is not the case.  Britain houses something like a quarter of the world's CCTV cameras, here we are surveilled by consent apparently.  Our crime rates are completely comparable to other western countries as is our conviction rate so why the intrusion by CCTV?  And not take some down?  Once surveillance systems are in place they tend not to be disabled, if anything they become more invasive as technology improves.

With facial recognition being used covertly, with the US state of Ohio justifying  "the installation without any prior warning or legal oversight of a facial recognition system using public data bases and CCTV, arguing that “every other state is doing so”, do we need to worry about the capabilities of the surveillance cameras on the street or in the school classrooms?  We are in a sad position to have to trust that more data is not being taken and gathered on us or our children than we believe.

The capability of technology is great, not always so great is the intent.

We are being normalised to accept this surveillance and it is happening first in our schools.  Get them while they're young...

Sunday, September 08, 2013

What happens if UK schools do not comply with written parental consent for children's biometrics?


This new school term in the UK presents parents with a new transparency regarding the data a school holds and processes on their children.  A transparency that parents in the UK have not had before.  Since 2001 schools have been taking, storing and processing children's biometric data and have been able to do with without consent or consultation with the parent/s. This nearly happened to my children in 2005 when they were six and seven years old, hence this blog.

After campaigning, lobbying parliament and working with other committed parents and privacy organisations The Protection of Freedoms Act 2012 was passed in May 2012 and as of September 1st 2013 schools by law need to gain written parental permission before taking a child's biometric data.

This is what the Department of Education stated in reply to a recent Freedom of Information Act request when asked:

Q -  What action will be taken by which body if any school is in breach of its statutory duty to comply with the Act?
A - As you are aware, the new provisions in the Act will come into force from 1 September 2013.  The provisions will apply to any school, sixth form college or further education institution using biometric systems where education is provided to children under 18. 
These new duties require schools and colleges to notify all parents that they intend to take and process their child’s biometric information and, as long as no one objects in writing, the written consent of only one parent will be required.  
It is important that consent is actively sought and received and that it is informed consent: requiring schools and colleges to gain written consent makes sure that parents are aware both that their child’s school uses an automated biometric system and that it is up to them whether or not their child’s biometric data is taken.   
In addition, as you have highlighted, a pupil can object or refuse to participate in the processing of his or her biometric information. The child’s right to refuse applies both to the giving and the on-going storage and processing of biometric data. If at any time the child objects to the processing of biometric data the school or college must stop doing so.   
Where pupils do not use automated biometric recognition systems, either because their arents have refused consent or they themselves have refused to participate, schools are required to provide reasonable alternative arrangements for them.
The Department of Education's second reply to the initial question goes on to state that (as the above first response did not answer the querient's request): 
There are two bodies that have the remit and powers to investigate a complaint concerning a breach of a school’s duties under the Protection of Freedoms Act 2013, when this Act comes into force for schools in September 2013, and the existing Data Protection Act 1998.
I should first say that if, in the first instance, you believe that a school has failed to comply with the requirements of the Act, you should first complain to the school using the formal complaints process. Each school in England is required by law to have a complaints procedure and to publicise that procedure. If, having exhausted the full complaints process (including appealing), you are not happy with the outcome of your complaint, then two further options are available to you. 
If the school has failed to comply with its duties under the Protection of Freedoms Act (e.g. failing to notify each parent of a child of the school’s intention to use the child’s biometric data), and the school concerned is a maintained school, the Secretary of State may consider and investigate the complaint directly with the school’s governing body.  If it was decided that the school had not complied with their statutory duties under the Act, the Secretary of State could issue a direction to the school.   
On the other hand, if the school fails to comply with the Data Protection Act (e.g. processing or handling the data inappropriately), the  Information Commissioner’s Office (ICO) may investigate the complaint.

So if you are not happy in the way consent has been sought, from you or your child, or you may be a parent who has not been informed by the school of its intent to process your child's biometric data, these are the procedures you can go through to hold the school to account.

Schools have been informed by the Department of Education how to comply with the law but I have already had a number of communications with parents who have forwarded me 'consent' communication/forms received from their children's school which do not comply with Department of Education guidelines.  

Some schools are not offering an alternative for children not using biometric systems, some schools hinting that if the consent form is not signed they will assume consent, schools making false assurances stating that no one else has access to that biometric data - which is incorrect because police can access school fingerprint biometric databases by making an access request (see Q50 and51) and not necessarily tell the parent or child.  Some schools claim that the data stored is not a fingerprint, which is true in the sense it is not a replica of their child's print, and not part of the Department of Education Guidelines - but the digital biometric data stored form a child acts like a fingerprint, it can identify like a fingerprint and can convict like a fingerprint.

One parent telephoned to say that her child, upon an induction day to high school, had been told by school staff that if Mummy did not sign the consent form the child would not be allowed in the canteen over dinner time to sit with their friends.  The child was understandably distressed by this and the parent obviously concerned. 


I hope these are isolated instances of bad practice but if you are not happy with how your school has acted in this, you have the above information to help decide the next course of action you wish to take or email me.

Friday, July 12, 2013

UK schools act as agents for private corporation's gathering of children s biometric data

St Ambrose Barlow RC High School 
UK, Manchester - St Ambrose Barlow Roman Catholic High School after being contacted by a concerned parent who had asked about their student biometric system for cashless catering, via a Freedom of Information Request, stated that they do not own the biometric system nor does the school takes responsibility for the biometric database. The system is owned by a Facility Management provider.  

However it seems the school's capacity in acting as an 'agent' for the private Facility Management provider was not made clear to parents when asking for written consent to process their child's biometrics.

"...this school holds no biometric data of the pupils; the system was bought by and is managed by the BSF [Building Schools for the Future] PPP  [Public Private Partnership] Facility Management Company.

We neither own the system nor have access to it. 

We are under no obligation to provide information relating to conversations, nor on the biometric system itself, which has been neither gifted to us nor is our property or personal responsibility. We have acted as an agent for the FM provider in obtaining parental/guardian permission"

So consequently no information about the biometric system is given to the enquirer of the original Freedom of Information request that spawned the above response.  St Ambrose Barlow Roman Catholic High School distance themselves from the children's biometrics fingerprint system (apart from their role gathering parent's consent on behalf of a Facility Management company).

If true, as I suspect it is, this is a new, very concerning step into how consent is gained from parents and students to participate in biometric systems, who has access to to our children's extremely personal data and the honesty shown by schools and corporations in this matter.   

Privacy campaigners often get thrown the old 'If you have nothing to hide you have nothing to fear' adage ...lets see how the boot fits on the the other foot here with this latest Freedom of Information request:  Biometric system in St Ambrose Barlow RC High School

Wednesday, July 03, 2013

Infrared palm scanning Irish students for registration

A school in Ireland, Coláiste an Chraoibhin in Fermoy, is considering infrared palm scanning for their pupils in order to register them at school.  How widespread is this infrared palm scanning in Irish schools or schools in the UK?

Back in 2006, Amey & Fujitsu introduced infrared palm scanning to a Scottish primary school, Todholm Primary school.  However, infrared palm scanning technology never spread here in the UK and emerged in schools in the USA around 2011.  After extensive Googling (yes I know I shouldn't use it) I can see no companies here in the UK or Ireland selling infrared palm scanning technology for registration or otherwise.

However the various reporting in the press of Coláiste an Chraoibhin School considering infrared palm scans is ambiguous.  One report states that:
"Almost 100 schools around the country, including 12 in Cork, are already using swipe card technology to record pupil attendance.  However only six schools nationwide are using biometric scanning technology."
So only 6 schools use biometric scanning technolog... or do they? - this from the Head Teacher, Mr Healy:
"To be honest, I don't know what all the fuss is about. This is a system that is already widely used across the country. In fact one supplier I spoke to said he is working with more than 100 schools"

So who is supplying biometric palm scanners to 6 or is it 100 schools in Ireland?  Clearly (or unclearly in this case) a company or companies that decide to have little or no web presence about the fact they offer infrared palm scanning solutions for schools - strange? 

Will schools in the UK be offered infrared palm scanning technology too? And will infrared palm scanning be an easier sell  to schools and parents, now that parents and child consent is required in the UK, as a 'softer' biometric technology rather than harvesting a child's biometric fingerprint?

Gathering biometrics from the population whether it be fingerprint or palm vein scanning is still reaping incredibly personal data about a person.   With less data invasive methods around, using biometric technology in schools is completely unnecessary.  If the argument being used (which this is in this case) is that swipe cards have a cost to replace, then use a pin system or password system instead.  It could be argued that a swipe card's ability to be lost actually teaches a child to look after the card/identity and that there are consequences if carelessly loosing it.  

Mr Healy states that "there will be no data protection issues involved" and "says he's been told they [infrared palm scans] don't contravene data protection laws".  Mr Healy may well be right and that data gathering such personal information does indeed have the potential to be fine - but it also has the potential not to be fine if it falls in the wrong hands or abused.  

After recent news about Prism, our society does not have a great track record of honesty regarding data collection, keeping data safe and secure or using it for good.   Personally, I would refuse to use.

Saturday, June 15, 2013

Who exactly supplies schools with biometric databases?

Think again when you are told that school biometric systems cannot exchange information or be compatible with other databases or that no one else has access to your child's biometric data. 

Northrop Grunman, a leading global security company that runs the UK Police fingerprint and DNA database and "works with governments, the Armed Forces, civil agencies and private sector companies around the world" also supplies biometric systems for children in schools. 
"AD&S provides biometric machines for companies ranging from defense contractors like Northrop Grumman Corp. to a small Atlanta airliner to more than 40 schools districts."  Mississippi Business Journal 14 June 2013
It is of no matter that this story comes from the US. Our UK government has no idea of the biometric technology used in UK schools, how secure it is or who supplies it. No checks are carried out at all, we know this through Freedom of Information requests.

So when you are asked for written consent for a school to store and process your child's fingerprint identifier (this becomes law in September 2013 in the UK) just bear in mind what you are giving up and to whom you may giving it to.  

Oh yes, we do have a Data Protection Act but we also have a situation where potentially police may have access to your child's biometric data too in UK schools - without parents knowledge.  There are protocols to follow I'm sure but here in the UK we do not have a great track record on storing data we do not need and then being fair in destroying it.  We only have to look at the UK Police National DNA database IDENT1 for that. 

"The DNA of thousands of innocent children is being taken by police and stored on the national database, campaigners say on Monday, citing new figures.  Police have taken the DNA of 120,000 children in the last two years" The Guardian 20th May 2013

Tuesday, May 21, 2013

Parents concerns scrap fingerprinting in Pennsylvania

Schools in York City School District have scrapped fingerprint biometrics for lunch payments after a complaint by a parent at Jackson Elementary over concerns of how "their children's finger prints were being used and they were not properly notified".  By speaking out, effect can be made.

The school district says no fingerprints are kept - let's be accurate, the digital identifier of the fingerprint is kept and, although the school district say children's information is not shared, there is a potential for sharing with other agencies.  Here in the UK this could potentially happen (see questions 50 and 51).  Agencies keep digital identifiers of a fingerprint, much as the school does.  Fingerprint biometric databases can inter-operate.

"a district leader told CBS21 off the record that parents would not be concerned if they were fully informed."  Actually if parents *were* fully informed, a few more parents would most probably be very concerned.  




Wednesday, April 17, 2013

Blacon High School - prompt? transparent?

After an unanswered Freedom of Information request from the 13th February earlier this year Blacon High School advised today that an internal review of their failure to comply with the Freedom of Information Act 2000 is due back 25th April.  They are taking the maximum time to respond allowed under the law.

Advice from the Information Commissioners's Office (ICO) with regards to responding to a Freedom of Information request -"Your main obligation under the Act is to respond to requests promptly, with a time limit acting as the longest time you can take."

13 February until 25 April... prompt?  Blacon High School didn't even respond to the initial Freedom of Information request and do not have a Freedom of Information Publication scheme on their website.

Advice from the ICO, "The publication scheme covers information you have already decided you can give out. People should be able to access this information directly on the web, or receive it promptly and automatically whenever they ask."  - One has been asked for.

Also from ICO "The Act is designed to increase transparency. Members of the public should be able to routinely access information that is in the public interest and is safe to disclose."


Mmm... transparent and being "able to routinely access information"  has certainly not been the experience with this Freedom of Information request. 

Friday, April 05, 2013

'No choice' biometrics? Only up to 31st August 2013

Haberdashers' Aske's Boys School
As reported in the Mail, it seems the modus operandi remains the same in private schools as it does in state schools. Give parents less than a week to 'opt out' of their child's biometric fingerprint data being taken, in this case 4 days, then fingerprint the kids.  

Parents do not always get emails, letters or even think to look at the schools website or even expect the school to assume consent in order for a parent to withdraw consent and in this case one pupil said that his parent had "zero idea" and that the school had given the pupils "no choice" to have 'their fingerprints taken'.

Schools do not assume consent for school trips or photographs being taken of children. Why then assume parents have already consented for the school to take, store and process a child's biometric data?  Surely schools should know that, in less than 6 months, this contentious issue of consent is becoming enforceable law in September 2013.


That's not cricket Haberdashers' Aske's Boys School is it now?


Very sensible advice from a parent whose son attends the school:  "The Times has reported that Paul Jessop, who has a son at the school, said:

'The use of biometrics can be very convenient but it relies on the security of the systems used. 
Without real assurances about this security, I could not recommend that any parent allow their child’s fingerprints to be used for something as trivial as paying for lunch.'

Wise words indeed and a statement that has been reiterated by Microsoft's Kim Cameron below.  Other parents may want to seriously consider Paul Jessop's above words of advice as the following experts and academics have all expressed concerns about children's biometrics being used in schools.  
_______________________________________

Kim Cameron (Microsoft's Chief Architect of Accesshas been blogging some more on this issue about the minutes of a school board meeting in Florida... here.
Kim Cameron has this to say:


"It drives me nuts that people can just open their mouths and say anything they want about biometrics... without any regard for the facts. There should really be fines for this type of thing - rather like we have for people who pretend they're a brain surgeon and then cut peoples' heads open."

http://pippaking.blogspot.co.uk/2007/05/kim-cameron-microsoft-has-been-blogging.html
_______________________________________


This post here from him (Kim Cameron) states: 


"The more I learn from Alex Stoianov about the advantages of Biometric Encryption, the more I understand how dangerous the use of conventional biometric templates really is. I had not understood that the templates were a reliable unique identifier reusable across databases and even across template schemes without a fresh biometric sample. 


People have to be stark, raving mad to use conventional biometrics to improve the efficiency of a children’s lunch line."


When this comes from Kim Cameron, alarm bells should be ringing loud and clear for those schools using this technology and for apathetic government departments letting this go ahead completely unregulated.
http://pippaking.blogspot.co.uk/2007/04/people-have-to-be-stark-raving-mad-to.html
_______________________________________


Fred Bellamy, a Phoenix Attorney who specializes in Technology Law 
went on to say that "fingerprinting children is an invasion of privacy".

“Once the data are captured no matter what kind of promises the vendor may make there is a serious risk, and I think the parents have every reason to be concerned about how this data will ultimately be used.” 

http://pippaking.blogspot.co.uk/2008/01/in-and-out.html
_______________________________________


"Head teacher Gillian James said in an explanatory letter to parents that the system would store a number based on a fingerprint reading. No fingerprint images would be stored". - Not exactly true, what is stored is an fingerprint algorithmic 'image' that our UK police can access and use without parents and pupils knowledge (Deputy Information Commissioner Q50 & Q51). 

I wish teachers would stop spouting the vendors and the governments "It's not a fingerprint...." speil and educate themselves.
http://pippaking.blogspot.co.uk/2007/10/technology-for-technologys-sake.html
_______________________________________

Experts and academics that have voiced concerns about biometric technology in schools:

Kim Cameron, Microsoft's Identity Architect
Andrew Clymer, senior identity management security expert (more than 8 years at Cisco Systems, working with Visa, Fidelity, Merrill Lynch, etc - providing them with a secure network environment)
Paul Squires, Identity Solutions Architect at Enline plc
Bruce Schneier, a respected US writer and lecturer on issues surrounding security and privacy, who has testified before Congress and authored eight books and dozens of articles and academic papers.
Ralf Bendrath, privacy, security and internet researcher
Dr Sandra Leaton Gray, Director of Studies, Sociology of Education, Homerton College, Cambridge
Professor Emerita Leone Burton, University of Birmingham, visiting research fellow, Cambridge University
Patricia Deubel, PhD, adjunct faculty member in the graduate School of Education at Capella University
Dr James Atherton, learningandteaching.info
Jon Crowcroft, Marconi Professor of Communications Systems, University of Cambridge
Terrance Boult, University of Colorado
Eugene Schultz, Ph.D., CISM, CISSP, CTO of High Tower Software
David French , 30 plus years in IT, Wellington NZ
Brian Drury, IT security consultant, UK
Brian Honan, independent security consultant based in Dublin, Ireland
Dom Devitto, information Security consultant, UK
Rufus Evison MA (Cantab), senior IT consultant and company director, UK
An unnamed Police Fingerprint Officer (15+ years' experience)
Stephen Groesz, a partner with the law firm Bindmans
The Austrian Supreme Court
The States of Michigan, Illinios and Iowa (so far, others are likely to follow)
Tony Delaney, The Assistant Irish Data Protection Commissioner
Roderick Woo, Justice of the Peace at the Hong Kong Office of the Privacy Commissioner
George Radwanski, Privacy Commissioner of Canada
Ann Cavoukian, The Privacy Commissioner of Ontario
Fred Bellamy, a Phoenix Attorney who specializes in Technology Law
Damian Green MP, Conservative Home Affairs spokesman
The Rt Hon David Davis MP, Conservative Shadow Home Secretary
Nick Gibb MP, Conservative Shadow Minister For Schools
Baroness Carnegy, Conservative
Sarah Teather MP, LibDem Shadow Education Secretary
Greg Mulholland MP, Lib Dem Schools spokesperson
Baroness Walmsley, LibDem
Baroness Howe, Crossbencher
83 other MPs from all parties who have signed Early Day Motion 686 (frontbenchers do not usually sign EDMs)
More than 1500 parents who voted last summer [2006] in an online poll against kiddyprinting without parental consent. 93% opposed fingerprinting without consent. 


http://pippaking.blogspot.co.uk/2007/10/technology-for-technologys-sake.html

Wednesday, March 20, 2013

Accountability for school implementing biometrics

A school in Salford, Manchester, UK, has recently implemented a fingerprint biometric system. 

The method by which the school has communicated with parents and how the system has been implemented has concerned one parent enough, after gaining some information via a Freedom of Information request, to set up a Facebook page detailing how the system is being introduced in the school with children and about biometric systems in schools in general. 

The forthcoming legislation, coming into force this September 2013, it seems, is providing a good and long needed neccessary platform to enable parents and the public to ensure schools act responsibly when using such biometric systems that process children's biometric data.

Current news from parents concerning biometric systems in schools are listed the social media links on this topic, on this page's right hand menu bar.

Wednesday, March 13, 2013

Maryland introduce a bill Prohibiting Collection of Biometric Information from Students

USA - Maryland Schools stopped the implementation of biometric palm scanners for cashless catering in December 2012 after privacy concerns were aired by parents. 

After a Board of Education meeting, Carroll County Public Schools Superintendent Steve Guthrie told WBAL  “I made the decision to suspend it after concerns were being expressed by the community.  There was division on those who were for the palm scanner and those who were against it. It is not my intent to alienate any segment of our community. It is my job to unify the community, not to create divisions.”   A respectful and fairly unique stance taken by the school district with regards to the implementation of biometric systems.  They are looking into an alternative system.

On February 7th 2013 a Bill, SB855, was introduced by Senator Getty to the US Maryland Government which reads:

Public Schools – Collection of Biometric Information from Students – Prohibited 

FOR the purpose of prohibiting a county board or a person subject to the direction and control of the county board from collecting biometric information from students enrolled in a public school; defining a certain term; and generally relating to the collection of biometric information from students enrolled in public schools.

The scanners in Maryland were supplied by PalmSecure, a Fujitsu property.  The above Bill is probably not the desired effect Fujitsu envisioned when they first trialed the infra-red vein scanning technology on primary school children in Scotland in 2006.  The desired effect was articulated by Mike Nelson's the General Manager of Fujitsu Europe in 2006, who said at the time:

"Biometric solutions will increasingly allow us to move towards a cashless society and this project is one of the first real examples in the UK of an innovative and truly practical biometric solution in operation. I fully expect this to be the first of many similar implementations across Europe"

(The original link to the news article quoting Mike Nelson on Fujitsu's site has been removed (it was 7 years ago) but his comments are also reported here.)

Thankfully Fujitsu's vision of a cashless society, aided by infra-red palm scans, has not yet materialised and the existence of this Bill proves society's reluctance to use such technologies.

Is there a coincidence that these technologies are being aimed at the next generation in schools to get them young?  ...to prepare for technology companies, and possibly a government's, dream of a cashless society? 

Children embrace technology without the mature questioning that an adult mind brings, in this case the parents have intervened and a Senator introduced a Bill on the use of biometric technology in schools with children.  Whether the Bill becomes enacted or not, a public debate will be had on the topic, which has to be a positive and healthly process for our society.

Monday, March 04, 2013

Devices now read fingerpints up to 6 metres away

Back in 2011 it was reported in Odd Gadgets that devices could read fingerprints from 6 feet (2 metres) away.  No more placing a finger on a scanner, reducing the risk of sharing harmful bugs and bacteria no doubt.

In 2012 the biometric technology by the same company can "effectively scan fingerprints through photographic capture from as far as six meters.

Though the AIRprint is technically capable of a six-meter scan, according to Ange the standard distance this device works is between two and six feet. As previously reported in BiometricUpdate.com, the AIRprint uses only one finger, but enhancements are being made to meet the standard for commercial use, which is the use of four fingers."

Thursday, February 28, 2013

A parent's communication with school implementing biometrics

This month a concerned parent wrote to her child's school after finding out the school was planning to implement a biometric system.  She has kindly allowed the communications to be published so other parents wanting to use any of the information, the Freedom of Information request or the letter, sent to the school can see some questions to ask and points to consider.

Freedom of Information request sent to a school implementing a biometric system and a Letter raising concerns and links to aspects for the school to consider.

The law changes here in the UK.  Come September 2013 schools must have the written signature of one parent and the consent of the child in order to process a students biometric data. 

In light of this the UK Department of Education published these guidelines and template letters for schools to use in light of the pending leglislation:
Protection of Biometric Information of Children in Schools.
Government response to the consultation on draft advice on protection of information of children in schools

Friday, January 18, 2013

Biometrics at Blacon

Blacon High School, West Cheshire, UK, implemented a fingerprint biometric catering system in June last year, 2012.

A letter was sent out Tuesday 12th June telling parents that the system would be going 'live' the following Thursday of the next week, 21st June.  With Blacon High School taking the children's biometrics on Monday 18th June.

That gave parents just 3 - 4 working days to read the letter (we parents do not always read letters the day we get them), do some research into biometrics in schools (which throws up a myriad of issues) and contact the school if they did "not want your child to be included in the system".

Mmmm... a hurried state of affairs here it seems.  Blacon High School's speedy communication in relation to biometric registration is very similar to how other schools have operated.
In most instances of parents contacting this blog and the Leave Them Kids Alone site, this type of hurried biometric implementation has also been experienced.  One could argue that this method allows less time for parental objection, so that a higher, more covert, proportion of pupil biometric take up is ensured.

Certainly in my experience more than 3 working days notice is commonly given for normal school activities, dates to be put in diaries, to allow consent for school trips, food tasting, swimming, collection of monies, vaccinations, sports days, etc.

Not so in this instance.

Understandably some parents and the wider community were shocked at the notion of schools taking, storing and processing their children's biometrics - and at Blacon High School's speedy implementation of the fingerprint biometric system.

This resulted in articles and letters in the local papers with parents contacting political parties for support and accountability.  Parents have taken legal advice, set up a Facebook Group "Refuse to use" and are contacting the wider community to spead awareness and gather support against the biometric system.

Apart from all the privacy and civil liberties issues surrounding children submitting their biometrics for school functions, as this blog has detailed before, the question has to be asked:

Why would a school with 449 pupils (see 6th March  2012 Ofsted Inspection) buy a biometric system in 2012 when come September 2013 all UK schools have to by law, as detailed in the Protection of Freedoms Act 2012, collect one parental signature per child to enable the school to take and process a child's biometrics?

Why is there no mention of the new biometric system on Blacon High School's website or their Data Protection Register entry?  See the Information Commissioner's Office quote about the register "The main purpose of the public register is transparency and openness".

Not only does Blacon High School have to collect one parent's signature in order to collect a child's biometric data but the school has to be seen to make an effort to contact both parents.  In Blacon High School's case 998 parents for the new cashless catering system and the school need to also have in place a duplicate, alternative system for those parents and children who do not consent.

How efficient is that a spend of our UK tax payers monies?  Two systems.  A bad school management decision? Who is accountable?

On a lighter note...

What is betting that Blacon High School give parents more than 3 - 4 working days to give their written consent in order for the school to run their newly purchased biometric system?   If one child's biometric data resides on Blacon High School's biometric system without a signed parental consent form come September 1st 2013, the school will be breaking the law,

I suspect there may be a few eyes watching how Blacon High School complies with the forthcoming enforceable legislation over the coming months.  I think more to come on this.

Monday, January 07, 2013

"...the definition of privacy means something different today than it did five years ago”


I didn’t know quite where to come from on this one from the School Transportation News, the fact that on company "offers a touchless fingerprint scanning system, which claims to read fingerprints from up to 6 meters away" or the quote that comes from Jay Ange, the Director of Sales, at IDair, Alabama, the company selling the touchless fingerprint scanners.

Still, privacy issues remain as the general public may not know exactly how biometric fingerprint technology works, but the definition of privacy means something different today than it did five years ago, Ange said.”

“the definition of privacy means something different today than it did five years ago”.  I would agree 100% with that statement.  We all need to be super vigilant about the information trail each of us leaves every day, how and where we travel, buy goods, use energy (with the advent of smart meters), images caught on CCTV and be especially aware if technology exists that scans your fingerprint from 6 meters away...

Thursday, January 03, 2013

Parent pressure in Maryland USA scrap school palm scanners

Parent pressure in Carroll, Maryland, has persuaded the school district to scrap controversial palm scanners in 10 schools after parents "said the system violated their children's privacy".

John Whitehead, president of the Rutherford Institute and a constitutional lawyer asked School Superintendent Stephen Guthrie to review using an opt-in process, as Whitehead said "with private information and kids, I much prefer an opt-in" and here in the UK our parliamentarians agree in this.  

This opt-out form of gaining consent was used in the UK and has been much criticized. Opt-in consent enacted into law May 2012 becomes enforceable September 2013.

Stephen Guthrie made this rather surprising statement "We felt the scans fell under normal school process."   Really?  Is it 'normal' for schools to take a child's biometric marker in exchange for food?  Adults do not do that in society so why on earth would it be a "normal school process" to introduce a system, alien to the society outside a school, that normalises such a disproportionate use of biometrics - with children? 

As with all biometric systems sold to teachers, a solution is pitched to speed up lunch lines, streamline operations and cut costs.  Teachers being told it's normal technology to use in schools.  Normal for whom? 

Surely if these teachers in schools actually sat back and really thought about it... really? ...fingerprinting kids for lunch?  Infra-red palm scanning for food?  Is it really worth trading a child's personal biometrics to shave a few dollars off a budget?  

Children have rights, and society's morals, ethics and civil liberties outside school must permeate to within a school too.  Thankfully these parents enabled this to happen.