Sunday, September 14, 2014

Are parental concerns with fingerprint biometrics 'techno panic'

Photo courtesy of Berkshireeagle.com
As North Adams School in Massachusetts plans to use fingerprint biometrics to improve lunch line efficiency, some parents are understandably concerned about how using a biometric system erodes their children's privacy.  Most of the articles on North Adams School adopting biometrics seek to reassure parents and readers that its not a database of fingerprints but just a number string.  The reality is that that number string is the biometric identifier derived from the fingerprint and that personal biometric, digital identifier is capable of being transferred across databases.

Here in the UK personal biometric identification used in schools has the potential to be accessed by the UK Police or other agencies, without the knowledge of the child or the parent.  I'm not sure if this is also the case in Massachusetts but it would be a question I would ask if I were a parent there.

In a FindBiometrics article "Massachusetts Lunch Lines Go Biometric Despite Parental Concerns" they state that:

"The parental outrage revolves around worries that the biometric templates used to authorize the buying of food will lead to the storage of a child’s physical characteristics. This is a common fear in large scale deployments of biometric technology, but in this case it doesn’t hold up. identiMetrics fingerprint scanners don’t store full fingerprints"

Erm... it does store a child's physical characteristics in a digital format, otherwise it wouldn't be a biometric system.

The article then goes on to quote the International Biometrics and Identification Association calling the recent ban of biometrics in schools in Florida as "techno panic". Well I guess they would.  The industry have business to loose if all states decided to ban the unproportionate use of biometric technology for a faster moving lunch line or improved credit control.

Also with four other schools in the area rolling out biometrics the iBerkshire.com reports that:

"Parents are informed of how the technology works and to give them the option not to participate — both of which North Adams as done, although some parents are saying they should have been asked permission first, not after the fact."

This inadequate version of somehow gaining assumed consent from parents, and those that do not consent by having to opt out, failed miserably here in the UK.  As a consequence legislation was brought in to gain clear, informed consent from both parents, also if the child does not consent this overrides the parent's consent.  This legislation, contained in the Protection of Freedoms Act 2012, was brought about after privacy groups and parents lobbied parliament from 2006-2010 with the law being applicable from September 2013.

And yes, biometric authentication can be used to track your child.  A child's digital transactions can build up a highly personal profile in school of what they eat, read, attendance, movement around a campus, revealing a very personal footprint of how a child's life is lead in the education system.  Any system is able to do this I suppose, like a swipe card or pin, but because a child's biometrics are easier to use, i.e. you can't loose a finger, this type of authenticating seems the simplest most efficient option for schools, employing the technology for a whole range of purposes.  Put plainly, it is profiling - but at what cost to the child's privacy?

Children today will, in all probability, need to authenticate themselves biometrically in future for travel (as we do now) banking, access to state benefits, pension, purchasing food and national ID.  This is happening in other countries.

A child's biometric identity needs absolutely not be compromised.  The only way to do this it to limit a child's exposure to the technology - not to participate in such biometric systems for mundane purposes in schools.