Friday, October 02, 2020

Increase with online learning may need student's biometric data

With the increase of online learning the importance of verifying which student is sat in front of the screen, completing work, becomes a salient issue.  

Scotland have issued iPads to over 100,000 students and there is no authentic way of assuring who is doing the work on the iPad.  Whilst I am no fan of the use of biometrics with children this issue needs to be thought upon carefully as biometric tech could be considered to solve this conundrum.   

It will also be interesting to see attainment results with the use of iPads.  No doubt they will go up and this will be attributed to the success of 'educational iPad use' rather than kids finding ways to complete homework they find hard by getting others to do it.

Responses from councils in Scotland when asked under Freedom of Information about the how the authenticity of work, submitted via iPads, was checked were:

Teachers know the level to which their pupils are working and will discuss with their students if they have any doubt.

Teachers use their professional judgement to scrutinise all work undertaken by students, whether submitted electronically or on paper.

Pupils are encouraged to work collaboratively, learning from each other whilst understanding the consequences of plagiarism or submitting work which does not demonstrate their learning.  This is all part of pupils understanding their responsibility as a digital citizen.  We would also add that this is no different from other homework assignments.

The obvious glaring fact is that homework submitted on paper is far easier to spot authenticity rather than that of homework submitted electronically.  I, and everyone of my generation, knows how hard it was to offer in homework done by someone else in the good old days of pen and paper homework submission.

But electronic learning has been around for a fair few years and with the current global health situation the advent of online learning, electronic work submission and the increase of screen use for education is truly upon us and the digital age of education seems to be working.  

However, along with that, as one of the responses states above, pupils need to understand their responsibility as a "digital citizen" - fair enough.  But does the Ed Tech industry and the Department of Education understand their responsibility as digital caretakers of the next generations digitised data, collected through the ever increasing online learning epidemic?  I think a long hard stare at this is necessary.  

Over on Defenddigitalme's website there are numerous instances of digital deep dives into not just children's educational prowess but how and what they are using their computer for.  Flagged words, conversations had, search terms scrutinised, incorrect data logged against students, flawed analysis of work done - the latter being blindingly obvious with the inaccurate 'exam' results for student in July last year, affecting the university places and the potential career paths of thousands of students.

So whilst electronic learning will not take a step backwards, indeed it looks like increasing, there are many reasons why we must tread carefully into this new educational online world.  Responsibility must be had by both parents, being vigilant of what data educational apps siphon, and the learning community/industry driving this screen-learning environment forward.

Many studies, too numerous to list here but easily found online, are showing that too much screen time for young brains is not good. One Harvard paper states:

"Much of what happens on screen provides “impoverished” stimulation of the developing brain compared to reality"

And this from the USA National Institutes for Health:

"Early data from a landmark National Institutes of Health (NIH) study that began in 2018 indicates that children who spent more than two hours a day on screen-time activities scored lower on language and thinking tests, and some children with more than seven hours a day of screen time experienced thinning of the brain’s cortex, the area of the brain related to critical thinking and reasoning."

It is no wonder then that tech giant's children have very limited screen time and are sent to schools that do not use screens to educate with.

However, for the vast majority of children, screens will be used and with that will come the data mining that goes along with it.  And, I suspect, it will only be a matter of time before biometrics are used to verify who is at the device.

A desensitisation of the use of biometric data has happened over the past 2 decades with police forces (in the UK and abroad) widely using facial recognition, unwittingly on the population, without any parliamentary oversight, arguably tip toeing the line between whether the use is lawful or not.

However, in 2015 biometric facial scanning was introduced every 60 seconds to iPad learning in San Diego schools but a backlash on the grounds of privacy intrusion from parents scuppered the scheme.  Whether that backlash would happen again in this day and age remains to be seen.

Monday, July 06, 2020

Biometric fingerprint readers ditched for hygiene reasons... to be replaced by contactless biometric systems?

On Twitter schools have been spotted ditching biometric fingerprint readers for contactless cards due to hygiene reasons, which completely makes sense as this was one of the issues raised initially over 15 years ago when fingerprint scanners started appearing in schools.  

Though some biometric suppliers have been keen to stress that sterilising fingers before using biometric scanners is good to keep children 'safe'.

So as good as it is to see fingerprint scanners be replaced by less personally intrusive methods it does open the way for a contactless biometric system, i.e. facial recognition, to replace the touch fingerprint pad.

Which seems to be, somewhat, what has happened here at a UTC school in Leeds, UK, where Years 10 (14/15 year old) and Year 12 (17/18 years old) students have started school after having been shut since mid March 2020.  

A combined facial recognition and thermal imaging system has been installed to check student's temperature to identify each student whose temperature is taken.  However it has to be said they have ditched their fingerprint scanners for contactless cards, which was used for building entry, class registration and lunch payment.  The newly installed facial recognition has not directly replaced, on first glances, the fingerprint system but it is still registering the students with their biometric data.

We have also installed a high spec thermal camera in the reception area. This camera uses facial recognition technology to enable unobtrusive thermal imaging and temperature measurements of students and staff. An alert is issued to the Principal if someone’s temperature is above a certain level.

Every school in England and Wales that wishes to process an under 18 year old's biometric data, including facial recognition, needs explicit written parental consent to do so and it is uncertain whether this particular UTC has done that.  When questioned specifically on whether they had gained parental consent, as per the Protection of Freedoms Act 2012, the UTC replied:

Albeit it this is a reply on Twitter (which now looks to be unavailable) but it is not glaringly obvious that the school is operating this biometric system in line with UK legislation specifically aimed at schools processing children's biometric data - The Protection of Freedoms Act 2012.  

The use of facial recognition in UK schools is also questionable under GDPR, the EU General Data Protection Regulations 2018.  Schools in France have been advised not to use facial recognition and a school in Sweden was fined for using the technology.  GDPR does not change at country borders or whether we are Brexiting so the use of facial recognition technology is certainly questionable in this UK school.

There are good reasons legislations are specifically put in place to protect children biometric data being unnecessarily processed and they should be adhered to.  

Monday, March 09, 2020

Fine for processing students’ fingerprints imposed on a school

A statement, issuing a fine, to a school from Poland’s Personal Data Protection Office (UODO), the equivalent to our Information Commissioner's Office (ICO), found the school to be in breach of the General Data Protection Regulations (GDPR) for using children's fingerprint data to allow access to their canteen.  The ruling stated that:

"The school processed special categories of data (biometric data) of 680 children without a legal basis, whereas in fact it could use other forms of students identification."

" is important to stress that the processing of biometric data is not essential for achieving the goal of identifying a child’s entitlement to receive lunch. The school may carry out the identification by other means that do not interfere so much in the child’s privacy. Moreover, the school makes it possible to use the services of the school canteen not only by means of fingerprints verification, but also electronic cards, or by giving the name and contract number. Thus, in the school, there are alternative forms of identification of the child’s entitlement to receive lunch."
Here in the UK biometric fingerprint readers have been used in schools since 1999.  Up to 2012 schools were using children's fingerprints quite often without informing parents or asking their permission, as a consequence after some pressure upon the UK Government to address this, legislation was passed in 2012 requiring schools to obtain parental permission to process their child's biometric data and offer an alternative means to the biometric system. 

However, a survey done by children's data privicacy group defenddigitalme found that even after the 2012 legislation parents were still unaware of options not to use the fingerprint system.

Children's biometric data needs to be secure for the child's lifetime - decades.  It does seem excessive to use biometric data for daily mundane tasks in school, when another form of ID is perfectly acceptable - we have expressed that view since 2005.

This point was also expressed in the UODO report according to Venturebeat:

'The final decision cited numerous facets of GDPR, including recital 38, which refers to specific provisions made for data protection of children, "it should be emphasised that children require special protection of personal data, as they may be less aware of the risks, consequences, safeguards, and rights they have in connection with the processing of personal data" the report found.'

If the Polish Data Protection Office have ruled this use of children's fingerprint biometrics as a violation of GDPR then presumably the same would apply to any school using such systems in the UK.

This is absolutely a GDPR issue we will be following up here in the UK.

The English text of the UODO decision is here and the Polish version here.