LeaveThemKidsAlone.com ©
LTKA © against schools fingerprinting our children

search this site (Updated Weekly)

Read what the BBC
said about this issue

Please tell a friend

Home
ltka home page frequently asked questions U.S. kiddyprinting: ban the scan the berlin wall foundation site map
U.S.A.
U.S. kiddyprinting: ban the scan U.S. latest U.S. schools & districts that use or ban biometrics U.S. legal issues U.S. privacy organisations U.S. school biometric vendors
Latest
latest kiddyprinting news latest press reports UK government latest U.S. latest international latest data protection latest information for journalists
Facts
kiddyprinting: the whole truth risks vs benefits of kiddyprinting kiddyprinting: supporters vs opponents vital questions to ask your school 10 things you should know leading experts' warnings is kiddyprinting legal? * * guidance for schools * * biometrics in schools: executive summary biometric manufacturers listed
Schools
UK schools using biometrics schools abandoning biometrics schools rejecting biometrics * * guidance for schools * * what manufacturers tell schools how schools decide on kiddyprinting what schools tell parents how schools 'handle' parents vital information for teachers vital information for school governors vital information for school bursars
Video
video 1: think your kids are safe at school? video 2: you think biometrics are secure? podcast
Blogs
kiddyprinting: all blogs blogs: best quotes 1st recommended blog 2nd recommended blog 3rd recommended blog 4th recommended blog 5th recommended blog
Forums
kiddyprinting: all forums 1st recommended forum 2nd recommended forum 3rd recommended forum 4th recommended forum 5th recommended forum
Press
kiddyprinting: all news reports latest news 'must see' articles backgound stories full news coverage (date order) related articles other important news information for journalists
Legal
kiddyprinting: legal issues * * guidance for schools * * the legal conundrum U.S. legal issues
Parliament
debates in parliament parliamentary motions on biometrics mps' views on kiddyprinting changing DfES 'spin' * * guidance for schools * * is kiddyprinting legal?
Nothing To Fear?
nothing to hide, plenty to fear recent attacks on uk civil liberties current U.S. privacy issues how to fingerprint everyone & get away with it the five zones of surveillance a warning from history the berlin wall foundation
Overview
civil liberties and the database state TheBigOptOut.org the children's index spy blog
ID Cards
id cards latest youth against id RenewForFreedom.org id interrogation centres defy id
Contact Us
contact us feedback fun stuff

>> Vital questions you need to ask your children's school about fingerprinting <<

"Oh what a tangled web we weave, when first we practice to deceive." Sir Walter Scott (1771-1832)

"Why do you have to go and make things so complicated?" Avril Lavigne

WARNING: Some computer security experts feel that in the future it will be possible for
the information stored on school biometric systems to be used to steal your child's identity

The truth about biometric systems used in schools (using verifiable references)

"People have to be stark, raving mad to use conventional biometrics to improve the efficiency of a children's lunch line." Kim Cameron, Microsoft's Identity Architect, 05 April 2007 (read more from Kim Cameron)

"If a child has never touched a fingerprint scanner, there is zero probability of being incorrectly investigated for a crime. Once a child has touched a scanner they will be at the mercy of the matching algorithm for the rest of their lives." Brian Drury, IT security consultant, 12 March 2007 (read more from Brian Drury)

On this page we will show how:

School fingerprint scanners, used on children from the age of three, work in exactly the same way as those used by the police to track and identify criminals.

The information that is stored on school biometric systems could be used to build a complete profile of a person, without their knowledge or consent, by linking together separate databases that contain information about them.

Although schools don't store our children's actual fingerprints, their biometric identities are seriously at risk.

Fingerprint images can be reconstructed from school biometric systems, contrary to vendors' claims.

Government security experts have successfully hacked the fingerprint scanners used in schools.

There is an international standard, partially sponsored by the U.S. National Security Agency, which allows for school fingerprint templates to be read by other government systems.

The encryption used to protect our children's biometric data cannot be guaranteed for their entire lifetime, making serious identity theft very likely.

Schools cannot possibly provide the level of security necessary to protect children's data.

A school might not even be aware that children's data had been compromised until it was far too late.

"I have not been able to find a single piece of published research which suggests that the use of biometrics in schools promotes healthy eating or improves reading skills amongst children. I am concerned that these reasons are being given as a justification for fingerprinting children. There is absolutely no evidence for such claims." Dr Sandra Leaton Gray, Director of Studies, Sociology of Education, Homerton College, Cambridge, 19th February 2007

Schools that introduce fingerprinting usually try to reassure parents by saying "the system does not store a fingerprint, just a number. It is not possible to reconstruct an image of a fingerprint from what is stored".

While the first statement is true, it is designed to be misleading. Manufacturers (literally earning millions from kiddyprinting) have spent five years coming up with this carefully worded 'spin'. This is passed on to vendors, who have only partial understanding of technical issues, and whose sales teams give hard sell presentations to teachers. This information is then passed on, in good faith, to parents.

"The fingerprint data is not just a “code”, (which I would interpret as a one, two or four byte number) but 300 bytes of data that forms a map of a child's fingerprint." Brian Drury, IT security consultant

Here are the facts.

This diagram clearly shows how school library fingerprint scanners, used on children from the age of three, work in exactly the same way as those used by the police to track and identify criminals.

Obviously, everything that is stored on a computer is stored as a number. In this case, what is stored is a fingerprint template. It's rather like the difference between a drawing and a photograph. In each case, there is clearly identifiable information.

In fact, if what it's storing isn't the direct equivalent of the fingerprint, then their system simply wouldn't work.

Worse still, Ann Cavoukian, Ph.D. (Information and Privacy Commissioner for Ontario) and Alex Stoianov, Ph.D. point out that in the not too distant future a person's unique biometric template could be used as an identifying key to link together all the different databases that contain entries for that person. It would enable someone to build up a complete picture of that individual without their knowledge or consent.

"When the use of biometrics grows, an ordinary person will be enrolled in various biometrically controlled databases, such as travel documents, driver licenses, health care, access control, banking, shopping, etc. Current biometric systems can use the same biometric template for all of them. The template becomes the ultimate unique identifier of the person. This is where biometric data mining comes into effect: the different databases, even if some of them are anonymous, may be linked together to create comprehensive personal profiles for all the users. To do this, no fresh biometric sample is even required. The linking of the databases can be done offline using template-to-template matching, in a very efficient one-to-many mode. The privacy implications explode at this point."

The following is an extract from a document produced by the US government's official National Science & Technology Council's (NSTC) Subcommittee on Biometrics, and it appears to contradict claims that fingerprint images cannot be reconstructed from fingerprint templates.

You can download the full document at http://www.smart.gov/iab/documents/FAQ16August2005.pdf (cut and paste this link into your browser or click this link to read a text version).

"There is an element of risk storing thumbprint [templates] on a school computer... From a parent's perspective I see no benefit. My child is registered in school, he/she has been registered in school for the last 2-4 years, has taken books from the library, has purchased school dinners and snacks perfectly satisfactory, so not getting anything extra for exposing his/her identity to some level of risk." Andrew Clymer, senior identity management security expert (more than 8 years with Cisco Systems, Visa, Fidelity, Merrill Lynch, etc) (read more from Andrew Clymer)

At the BlackHat security conference in Europe in 2006, a security expert Mikko Kiviharju, employed by the Finnish government, reported on how they had successfully hacked and recovered fingerprints from a Digital Persona finger print scanner. "The optical nature of the scanner seems to allow duplicated fingers with little effort." A similar model, from the same manufacturer, is used in one leading school library system at more than 3,500 primary schools. The library system distributor has not seen fit to make users aware of this, though Microsoft warns against using this product as a security device. "The Fingerprint Reader should not be used for protecting sensitive data such as financial information, or for accessing corporate networks."

This diagram from Cavoukian and Stoianov's recent paper on biometric encryption (discussed here by Microsoft's Identity Architect Kim Cameron) provides an overview of the possible attacks on conventional biometric systems, such as those used in schools.

Consult the original paper, which discusses each of the attacks in detail).

Clearly there are many potential vulnerabilities, which is why any school using biometrics would need to implement robust security measures, at considerable expense, in order to provide the necessary level of protection for this highly sensitive data.

Information theft is quite unlike traditional forms of theft as the owner can still be in possession of the information without any knowledge that any other illegal party has a copy. So a school would not necessarily even be aware that children's data had been compromised by a hacker until it was far too late.

But the most easily identifiable form of theft is when a computer containing biometric data is actually stolen from school premises. Yet in the following example, neither the school in question nor the manufacturer gave any thought to 260 children's missing biometric data when their PC was stolen. See: http://www.microlib.co.uk/caseStudiesPDF/AshGrangeJunior.pdf (cut and paste this link into your browser.)

"The service provided by [name of manufacturer] has been excellent... The only issues we've had have been caused by us changing our hardware and a burglary when our main computer was stolen. [name of manufacturer] helped us to resolve them all, thank you!" Ash Grange Primary School, Aldershot, Hampshire (no concerns raised about the lost biometric data!)

In two further unrelated incidents, data recovered from a Yorkshire primary school by the Computer Forensics team at the University of Glamorgan included names of pupils and details of their school reports. While a primary school in Cambridge dumped a PC containing sensitive pupils' data on an unprotected skip during renovations in 2006.

When using such a system, parents and staff have to be aware that the fingerprints may enter the public domain, and hence end up in criminal hands where they could pose a critical, and permanent risk of identity fraud. In ten years' time or less, it is likely that passports, bank accounts and other important areas of our life will be secured by fingerprint verification. Obviously, fingerprints cannot ever be changed like a PIN number so they need to be kept secure for a child's entire lifetime.

"The level of associated risk with having a finger print in the public domain still has to be assessed which may be a different question, but I for one do not wish to take this risk with my children's fingerprints." Malcolm Melville

Even more worrying, there are international standards which allow for fingerprint templates from different manufacturers to be compatible and interchangeable. One such standard is called M1 (aka M1/02-0142 or INCITS 398 or NISTIR 6529 - the latter partially sponsored by the U.S. National Security Agency). A fingerprint template from such a system could be read by any other, including systems used by government. A more recent standard, Open AuTHentication (OATH), allows information to be "freely yet securely shared between devices, people, and networks."

One leading biometric security software developer in the US recently told LTKA that they are even trying to improve compatibility between different biometric systems: "There are already companies out there that have compatibility between AFIS and Non AFIS systems. They just don't do it well. We are working on a way to do it better."

The USA PATRIOT Act (Public Law 107-56) provides that other federal organizations work with NIST to "develop and certify a technology standard that can be used to verify the identity of persons..."

"The Common Biometric Exchange Formats Framework (CBEFF) was devised by industry and US government representatives and describes a set of data elements necessary to support biometric technologies in a common way. These data elements can be placed in a single file used to exchange biometric information between different system components or between systems. The result promotes interoperability of biometric-based application programs and systems developed by different vendors by allowing biometric data interchange."

School biometric vendors make the claim that children's data is safe because it is encrypted. At some point in time, however, the information that is encrypted becomes unencrypted in order to perform the finger print match, it might therefore be possible for a hacker to extract the data at that point. Remember that your child's biometric data needs to be kept safe for their entire lifetime. With today's rapid advances in computer technology, no manufacturer can credibly make such a claim.
Moreover, you can never usefully re-encrypt the data to provide a higher level of security unless you are 100% sure you have the only copies of that data (eg consider data stolen for potential future use, backup media that is still kept, etc). So today's encryption has to be good for a child's lifetime, say at least another 70 years. This is something no biometric manufacturer could reasonably guarantee. The military grade state-of-the-art Enigma code used by the German navy during World War Two was cracked in 1941; today it can even be decrypted on a standard home PC. And even the 1976 state-of-the-art 64-bit Data Encryption Standard (DES), developed by the National Institute of Standards and Technology in the US, can now be cracked on today's supercomputers.
Today's military security is tomorrow's childsplay, particularly with the distinct possibility, as reported by the New Scientist, that immensely powerful Quantum computing will become a reality by the time today's children are in their thirties. In fact, a prototype has already been demonstrated. Such a computer would easily be able to decrypt systems used in schools by brute force. Banks could respond to this by changing PIN numbers or passwords and encryption standards, but if children's biometric data had already been leaked from insecure school computers / premises there would no possibility to protect the information.

Banks and passport offices take very great care to ensure that sensitive personal data is well protected, spending considerable sums to prevent theft or unauthorised access.

In the US, for example, there is a recognised standard - ANSI X9.84-2000 Biometrics Management and Security for the Financial Services Industry. This standard specifies the minimum security requirements for effective management of biometric data, and security for the collection, distribution, and processing of biometric data.

It specifies: (1) the security of the physical hardware used throughout the biometric life cycle; (2) the management of the biometric data across its life cycle; (3) the utilization of biometric technology for verification/identification of banking customers and employees; (4) the application of biometric technology for physical and logical access controls; (5) the encapsulation of biometric data; and (6) techniques for securely transmitting and storing biometric data. The biometric data object specified in X9.84 is compatible with CBEFF.

Schools taking children's fingerprints and storing biometric data derived from fingerprint scans do not comply with this, or other comparable standards.

If your child's biometric information is compromised because of a security lapse at their school, this could permanently compromise their future ability to prove who they are, and access services like banking, healthcare, and passport control if these require biometric ID as is currently proposed.

By using biometrics in an improper and insecure environment, schools have opened a Pandora's Box they cannot control, and this may affect our children for the rest of their lives.

"Education, Education, Education" Tony Blair (1996) "Consent, Consent, Consent" Concerned parents (2007)

We are campaigning for the widespread use of biometrics in UK schools to be debated in Parliament, strictly regulated and
closely monitored, with statutory requirements for explicit informed parental consent where children's biometrics are taken

strictly © LeaveThemKidsAlone.com 2006-2007 Contact Us Disclaimer Privacy Policy menu © 2006-2007 javascript-array.com