click 'back' on your browser to return to our site OR click here for the main menu  
 

The following appears to be part of the advice from a leading school biometric manufacturer to schools. By mistake, it was sent to parents at a school in Doncaster as part of a hastily-cobbled-together package AFTER their children had all been fingerprinted without their parents' knowledge. It seems to make the assumption that head teachers do not know much about computers, and is reproduced below, verbatim. (The name of the manufacturer in question has been obscured, for legal reasons.) LTKA's responses to each point are printed in red.

  • The actual thumb print image is NOT stored. The software calculates a huge number from the image and it is the number itself which is stored. This number is then encrypted for further security.

    • Everything that is stored on a computer is stored as a number. An image of the Mona Lisa, a movie on a DVD, a Word document. So when you make a high quality scan of the Mona Lisa, you merely store a number, which can later be printed as a high quality image of the Mona Lisa.

    What is stored in this case is a fingerprint template, similar to those used by the police, security services, and FBI when matching a fingerprint to a crime scene. If what it's storing isn't the direct equivalent of the fingerprint, then their system simply wouldn't work. A good analogy would be the difference between a drawing (fingerprint template) and a photograph (fingerprint).

    And as far as encryption is concerned, your child's biometric data needs to be kept safe for their entire lifetime. With today's rapid advances in computer technology, no manufacturer can credibly make such a claim. The state-of-the-art Enigma code used by the German navy during Wold War Two was cracked in 1941; today it can even be decrypted on a standard home PC. And even the 1976 state-of-the-art 64-bit Data Encryption Standard (DES), developed by the National Institute of Standards and Technology in the US, can now be cracked on today's supercomputers.

  • The number cannot be used to reconstruct the original image.

    • The official US National Science & Technology Council's Subcommittee on Biometrics contradicts this claim. "There have been studies where pseudo fingerprint images have been reconstructed from the fingerprint template."

    To return to the analogy of a drawing (fingerprint template) and a photograph (fingerprint), it is certainly possible to recognise an image from a drawing. You don't necessarily need the original photo.

  • Any stored record can be removed easily by clicking [Delete] at the registration process (see later... instructions).

    • Many people believe that emptying the recycle bin will delete a file forever. This is not true, when you delete a file and empty it from the recycle bin, the file is in fact still on your drive. There are many examples of inexpensive software that can be used to recover these files with a single mouse click. On 9th February 2007, the Information Commissioner's Office issued the recommendation that "schools must also dispose of the data using professional data cleansing companies once the child has left or if it no longer of use." We feel it would be reasonable to expect schools to do this promptly, particularly if a parent changes their mind and asks for their child's data to be removed halfway through term.

  • Pupils not allowed to use the technology can be given a barcode which will work at the same time.

    • Most schools 'forget' to inform parents of this fact unless there are specific complaints.

  • When a borrower is deleted from the system into the recycle bin (for example as a leaver) the biometric data is automatically deleted.

    • This is simply not true. See the answer above. The file remains on the hard drive until it is overwritten by another file. This could take years. Even then, there is a chance it may be recovered with specialised software.

  • Any responsibility for dealing with third party queries lies with the end-user and not [name of manufacturer].

    • A good way of avoiding trouble while earning millions of pounds as our children are fingerprinted. The same manufacturer used to claim it had never received a complaint from a parent. Now we know why.

  • We have demonstrated the technology to officials from the DfES, who had no issues with it other than the recommendation that informing parents / carers would be good practice.

    • This does not mean the software is uncontroversial, merely that the DfES are failing in their duty to safeguard the interests of our children. The ever-changing 'spin' they have come up with, which you can read here makes it hard to take seriously any pronouncements they give on the subject.

  • The office of the Data Protection Commissioner has also scrutinized the technology and stated

      "...I would encourage you to employ the system using fingerprint images. It seems to me that the use of biometric identifiers allows users to verify their identity without the risk of intrusions into privacy... I would certainly like to be able to point to it as an example of good practice."

    • This is an old letter from 2002 and has been superceded by recent events. Further, in the UK there is no such person as the 'Data Protection Commissioner'.

  • Copies of the letters from the DfES and the Information Commissioner are available from [name of manufacturer] upon request.

    • You can read a letter from the DfES here which includes the sentence "I should stress, of course, nothing in this letter constitutes a commercial endorsement of this particular software or of your company in general". Nonetheless, it would appear that the existence of such a letter is used by at least one manufacturer to promote their school biometric system. You can read a letter from the Information Commissioner here.

 

click 'back' on your browser to return to our site OR click here for the main menu