"The most puzzling development in politics during the last decade is the apparent determination of Western European leaders to re-create the Soviet Union in Western Europe" Mikhail Gorbachev
"What's that coming over the hill, is it a monster?" The Automatic, 2006
Fingerprint / Thumbprint / Whatever? DANGER!
One of the key defences put forward by schools and those who sell and manufacture this technology is that no biometric data is actually stored on the system. The finger (or thumb) is scanned, the scan is converted into a number (called a hash) and this number is what is stored. So there's really nothing to worry about, right?
WRONG!
How could the system be misused?
Data protection experts have provided us with some very worrying detailed scenarios highlighting major vulnerabilities in school fingerprinting systems. To avoid the danger of identity theft on an unprecedented scale, we have been advised not to publish these here, but in the public interest we would be happy to supply an outline to responsible bona fide journalists and concerned politicians.
And there are countless other ways in which this system can be misused or abused. Without wishing to be irresponsible - or alarmist - here are just a few (found after only a couple of minutes' searching on Google):
"The scanner DOES capture a fingerprint image - the backend software then extracts minutiae and stores an easily searchable template. Some studies have shown that you can create a fingerprint from a template file." Professional in the biometrics industry
"The fact that a full fingerprint scan is produced, if only for a few seconds, each time a child uses the system is a very serious vulnerability, particularly since the scanners are kept and used in insecure areas. This weakness could easily be exploited by hackers, or anyone with the minimum of computer knowledge, to steal children's actual fingerprint scans, which could then be passed on or sold to third parties for later use in identity theft." Data security expert, via email.
"In my daughter's school the library is in an open-plan space, just off the main corridor. It is only rarely staffed." Parent, St Matthew's Primary School, Cambridge
"To use [a thumbprint] by itself in an authentification environment is just asking for trouble. What do you do when somebody's biometric information is compromised? Do you have them go out and get a new thumb? Getting a replacement thumb is expensive and painful." Lauren Weinstein, the Privacy Forum.
"The problem with using biometrics in authentification systems is that once a person's data has been acquired, it can never be revoked." Data security consultant.
"One identifier [like a thumbprint] would make it easier to link databases, like credit card information, etc., together. There's always this concern that when you start matching up these databases, you can find out a lot about the individual." Richard Smith, Computer security consultant
"You may ask, why stop with library systems, when schools have so many concerns with registration, attendance, and security? I assure you, we are way ahead of you. Watch this space..." Lynn Stevens, Customer Services Manager of Micro Librarian Systems, September 2000
Former Information Commissioner Robert Mechan has admitted it is "theoretically possible to use the information obtained from this system to match fingerprints taken from [the scene of] a crime."
Micro Librarian Systems have also acknowledged that it would not be impossible for a third party to access and use the data derived from biometric scans that is stored on the system. Technology director Stephen Phillips told the BBC "it would take a lot of effort to use it".
"I see a lot of companies really going all out to push this technology. They're trying to create a market, which is understandable. But if you just trust what a manufacturer tells you, you could open yourself up to all sorts of security weaknesses." Joseph Grand, electronic security technology expert.
Fingerprint scanners are even vulnerable to hacking with confectionary. A Japanese researcher from Yokohama University fooled scanners from 11 manufacturers on average 80% of the time. BBC News
Another survey by German computer trade magazine c't produced similarly worrying results. They were able to fool fingerprint readers by a variety of methods including breathing on them, reusing a fingerprint lifted with sticky tape and pressing a plastic bag full of water on the sensor - none of them particulary high-tech methods. Futurelab, October 2005
"There were no lines of defence. There was a permanent tenancy of foreign hackers. You could run a command when you were on the machine that showed connections from all over the world, check the IP address to see if it was another military base or whatever... The General Accounting Office in America has again published another damning report saying that federal security is very, very poor. " Gary McKinnon tells the BBC how he hacked into Nasa and the US military computer networks.
Many schools even try to cloud the issue by referring to "using your thumb", "fingertip registration", "fingerswipe system" or "hand punch recognition" in a seemingly bizarre attempt to hide the fact that they are simply fingerprinting children without express consent. The police however call the use of this technology by its correct name, "fingerprint scanning".
And just because no fingerprint is stored, this doesn't mean that no fingerprint is taken. In the 1970s the police used to visit schools to give talks to children. Often this would include fingerprint demonstrations where the children would have their prints taken, and these would be destroyed at the end of the session. Yet it was still called fingerprinting.
"Education, Education, Education" Tony Blair "Consent, Consent, Consent" Parents
We are campaigning to have the widespread use of biometrics in schools debated in Parliament, and henceforth strictly regulated and closely monitored, with a statutory requirement for explicit parental consent wherever biometrics are used.
