Wednesday, April 17, 2013

Blacon High School - prompt? transparent?

After an unanswered Freedom of Information request from the 13th February earlier this year Blacon High School advised today that an internal review of their failure to comply with the Freedom of Information Act 2000 is due back 25th April.  They are taking the maximum time to respond allowed under the law.

Advice from the Information Commissioners's Office (ICO) with regards to responding to a Freedom of Information request -"Your main obligation under the Act is to respond to requests promptly, with a time limit acting as the longest time you can take."

13 February until 25 April... prompt?  Blacon High School didn't even respond to the initial Freedom of Information request and do not have a Freedom of Information Publication scheme on their website.

Advice from the ICO, "The publication scheme covers information you have already decided you can give out. People should be able to access this information directly on the web, or receive it promptly and automatically whenever they ask."  - One has been asked for.

Also from ICO "The Act is designed to increase transparency. Members of the public should be able to routinely access information that is in the public interest and is safe to disclose."

Mmm... transparent and being "able to routinely access information"  has certainly not been the experience with this Freedom of Information request. 

Friday, April 05, 2013

'No choice' biometrics? Only up to 31st August 2013

Haberdashers' Aske's Boys School
As reported in the Mail, it seems the modus operandi remains the same in private schools as it does in state schools. Give parents less than a week to 'opt out' of their child's biometric fingerprint data being taken, in this case 4 days, then fingerprint the kids.  

Parents do not always get emails, letters or even think to look at the schools website or even expect the school to assume consent in order for a parent to withdraw consent and in this case one pupil said that his parent had "zero idea" and that the school had given the pupils "no choice" to have 'their fingerprints taken'.

Schools do not assume consent for school trips or photographs being taken of children. Why then assume parents have already consented for the school to take, store and process a child's biometric data?  Surely schools should know that, in less than 6 months, this contentious issue of consent is becoming enforceable law in September 2013.

That's not cricket Haberdashers' Aske's Boys School is it now?

Very sensible advice from a parent whose son attends the school:  "The Times has reported that Paul Jessop, who has a son at the school, said:

'The use of biometrics can be very convenient but it relies on the security of the systems used. 
Without real assurances about this security, I could not recommend that any parent allow their child’s fingerprints to be used for something as trivial as paying for lunch.'

Wise words indeed and a statement that has been reiterated by Microsoft's Kim Cameron below.  Other parents may want to seriously consider Paul Jessop's above words of advice as the following experts and academics have all expressed concerns about children's biometrics being used in schools.  

Kim Cameron (Microsoft's Chief Architect of Accesshas been blogging some more on this issue about the minutes of a school board meeting in Florida... here.
Kim Cameron has this to say:

"It drives me nuts that people can just open their mouths and say anything they want about biometrics... without any regard for the facts. There should really be fines for this type of thing - rather like we have for people who pretend they're a brain surgeon and then cut peoples' heads open."

This post here from him (Kim Cameron) states: 

"The more I learn from Alex Stoianov about the advantages of Biometric Encryption, the more I understand how dangerous the use of conventional biometric templates really is. I had not understood that the templates were a reliable unique identifier reusable across databases and even across template schemes without a fresh biometric sample. 

People have to be stark, raving mad to use conventional biometrics to improve the efficiency of a children’s lunch line."

When this comes from Kim Cameron, alarm bells should be ringing loud and clear for those schools using this technology and for apathetic government departments letting this go ahead completely unregulated.

Fred Bellamy, a Phoenix Attorney who specializes in Technology Law 
went on to say that "fingerprinting children is an invasion of privacy".

“Once the data are captured no matter what kind of promises the vendor may make there is a serious risk, and I think the parents have every reason to be concerned about how this data will ultimately be used.”

"Head teacher Gillian James said in an explanatory letter to parents that the system would store a number based on a fingerprint reading. No fingerprint images would be stored". - Not exactly true, what is stored is an fingerprint algorithmic 'image' that our UK police can access and use without parents and pupils knowledge (Deputy Information Commissioner Q50 & Q51). 

I wish teachers would stop spouting the vendors and the governments "It's not a fingerprint...." speil and educate themselves.

Experts and academics that have voiced concerns about biometric technology in schools:

Kim Cameron, Microsoft's Identity Architect
Andrew Clymer, senior identity management security expert (more than 8 years at Cisco Systems, working with Visa, Fidelity, Merrill Lynch, etc - providing them with a secure network environment)
Paul Squires, Identity Solutions Architect at Enline plc
Bruce Schneier, a respected US writer and lecturer on issues surrounding security and privacy, who has testified before Congress and authored eight books and dozens of articles and academic papers.
Ralf Bendrath, privacy, security and internet researcher
Dr Sandra Leaton Gray, Director of Studies, Sociology of Education, Homerton College, Cambridge
Professor Emerita Leone Burton, University of Birmingham, visiting research fellow, Cambridge University
Patricia Deubel, PhD, adjunct faculty member in the graduate School of Education at Capella University
Dr James Atherton,
Jon Crowcroft, Marconi Professor of Communications Systems, University of Cambridge
Terrance Boult, University of Colorado
Eugene Schultz, Ph.D., CISM, CISSP, CTO of High Tower Software
David French , 30 plus years in IT, Wellington NZ
Brian Drury, IT security consultant, UK
Brian Honan, independent security consultant based in Dublin, Ireland
Dom Devitto, information Security consultant, UK
Rufus Evison MA (Cantab), senior IT consultant and company director, UK
An unnamed Police Fingerprint Officer (15+ years' experience)
Stephen Groesz, a partner with the law firm Bindmans
The Austrian Supreme Court
The States of Michigan, Illinios and Iowa (so far, others are likely to follow)
Tony Delaney, The Assistant Irish Data Protection Commissioner
Roderick Woo, Justice of the Peace at the Hong Kong Office of the Privacy Commissioner
George Radwanski, Privacy Commissioner of Canada
Ann Cavoukian, The Privacy Commissioner of Ontario
Fred Bellamy, a Phoenix Attorney who specializes in Technology Law
Damian Green MP, Conservative Home Affairs spokesman
The Rt Hon David Davis MP, Conservative Shadow Home Secretary
Nick Gibb MP, Conservative Shadow Minister For Schools
Baroness Carnegy, Conservative
Sarah Teather MP, LibDem Shadow Education Secretary
Greg Mulholland MP, Lib Dem Schools spokesperson
Baroness Walmsley, LibDem
Baroness Howe, Crossbencher
83 other MPs from all parties who have signed Early Day Motion 686 (frontbenchers do not usually sign EDMs)
More than 1500 parents who voted last summer [2006] in an online poll against kiddyprinting without parental consent. 93% opposed fingerprinting without consent.