fingerprinting children in the U.S. LeaveThemKidsAlone.com ©
LTKA © against schools fingerprinting our children
search this site (Updated Weekly)   Google
Read what the BBC
said about this issue 
 
Please tell a friend
>> Vital questions you need to ask your children's school about fingerprinting <<
"The important thing is not to stop questioning."  
Albert Einstein (1879 - 1955)
"Why do we never get an answer, when we're knocking at the door?"  The Moody Blues
 
WARNING: Some computer security experts feel that in the future it will be possible for
the information stored on school biometric systems to be used to steal your child's identity
 
 
Based on previous experience, in order to ensure that parents receive full and satisfactory answers to all the questions below, WE STRONGLY RECOMMEND that these are submitted to the school in writing, one at a time (using a series of separate letters and on each occasion waiting for a satisfactory answer from the school before submitting a follow-up letter).
Otherwise schools will definitely pick and choose which questions to answer and you will not get a full response.  
 This page will be regularly updated. Please let us know of any replies you receive from schools. 		( If your child's school hasn't yet introduced fingerprinting, or announced an intention to do so, we strongly recommend you write to the head teacher anyway, just to ask if any such plans are in the pipeline, stating that you would not be in favour. Unless as many parents as possible act now, it is likely that as many as 80% of schools will fingerprint pupils within five years, based on current trends But if head teachers are made aware that the issue is controversial, it might make them think carefully when they are contacted by salesmen from the biometric manufacturers. )
Vital questions to ask your school before
you allow your child to be fingerprinted
 
  1. Why did the school not give parents adequate notice of its intention to fingerprint children? Why was there no proper consultation, and why were parents not asked to give their explicit written opt-in consent before any children could be fingerprinted? What advice did the school receive from the manufacturer and others before deciding on this policy?
    2.  
     
  2. Aside from manufacturers' anecdotal claims in advertising material, can the school give me details of any independent research proving benefits to my child of using this system?
    3.  
     
  3. Has any independent research been carried out regarding the effect on children of repeatedly using biometrics on a daily basis in a familiar setting? What steps is the school undertaking to teach my child about the dangers of misusing their biometric data?
    4.  
     
     
  4. The manufacturer claims that this system does not store my child's fingerprint, but surely if the biometric template it stores isn't the direct equivalent of a fingerprint, rather like the difference between a drawing and a photo, then the system simply wouldn't work?
    5.  
     
     
  5. Given that there are international standards to ensure that biometric templates from different manufacturers are compatible (so what's stored on one system can be read by any other, including government systems) how does the school respond to the statement made by Microsoft's Identity Architect Kim Cameron that "It is absolutely premature to begin using 'conventional biometrics' in schools"?
    6.  
     
     
  6. Given that neither the DfES, the Information Commissioner, nor BECTA have to date issued guidelines concerning the human rights implications of the use of biometrics in schools, who, prior to the introduction of the system, told the school that it was legal to implement the system without seeking explicit parental consent?
    7.  
     
     
  7. Will my child be photographed as well as fingerprinted? Will all and any such photographic data be destroyed along with fingerprint templates when my child leaves school, or if I change my mind at any time?
    8.  
     
     
  8. Who, under existing legislation, including the Children Act and the government's stated commitment to widespread data sharing, may access my child's biometric template and associated data as stored on the system? The police? Social services? Civil servants? Technicians from the manufacturer carrying out routine maintenance? The large private multinational PFI companies that now run some LEAs e.g. Amey, Nord Anglia? The private companies running City Academies that may have access to children's data?
    9.  
     
     
  9. Would the school permit 'fishing expeditions' in the stored biometric data (e.g. if the local police were trying to find a match for a crime mark they suspected may have been left by a child from the school)? What would the school do if such a search revealed TWO probable matches?
    10.  
     
     
  10. Bearing in mind that my child's biometric template remains valuable for their entire lifetime, since it can't ever be changed, where is the biometric data stored, where are backups stored, and what security procedures are in place to prevent unauthorised copying of, or any type of access to this data? How will the school know if the data has been copied? What procedures would be followed if the main computer or backup system storing the data were stolen?
    11.  
     
     
  11. Is the computer holding the data connected to the school network and/or the internet? What active measures are taken to ensure the biometric data cannot be accessed by third parties via any such connection(s)?
    12.  
     
     
  12. Can the school guarantee that the data, including any backup copies, will be promptly removed as soon as my child leaves school, or if I change my mind at any point, by an approved professional data cleansing company as required by the Data Protection Act? Will the data-cleansing company certify in writing that the biometric information has been satisfactorily removed? (This requirement was confirmed by the Information Commissioner on 9 Feb 2007.)
    13.  
     
     
  13. Given that the encryption used by the system cannot possibly be guaranteed for the entire lifetime of my child, and that fingerprint templates from different manufacturers are compatible and interchangeable in accordance with INCITS 398 or NISTIR 6529, will the school accept full liability if my child's biometric template stored on the system is compromised at some future point?
    14.  
     
     
  14. As new pupils join the school, will you regularly seek explicit informed written parental consent before fingerprinting them (as recommended by the Information Commissioner, Richard Thomas on 30 January 2007)?
    15.  
     
     
  15. Where fingerprinting is used for school registration, what backup strategy will the school implement to ensure that if any part of the system fails before registration is complete, a full and accurate record of those children at school will be available in the event of an emergency evacuation at the start of the day, e.g. in the event of a fire?
 
 Although no such advice exists in the UK, the Irish Data Protection Commissioner has issued comprehensive guidelines on the use of biometrics in schools. It includes the following advice:  
 
 "Before a school or college installs a biometric system, the Data Protection Commissioner recommends that a documented privacy impact assessment is carried out. A school or college which properly conducts such an assessment is less likely to introduce a system that contravenes the provisions of the Data Protection Acts 1988 & 2003. This is an important procedure to adopt as a contravention may result in action being taking against a school or college by the Commissioner, or may expose a school or college to a claim for damages from a student. Data protection responsibility and liability rests with the school or college, not with the person who has supplied the system (except where that person also acts as a data processor on behalf of the school or college)."  
 
 "Some of the points that might be included in a Privacy Impact Assessment are:"  
 
 
  1. Do I have an attendance management and/or access control system in place?

  2. Why do I feel I need to replace it?

  3. What problems are there with the system?

  4. Are these problems a result of poor administration of the system or an inherent design problem?

  5. Have I examined a number of types of system that are available?

  6. Will the non-biometric systems perform the required tasks adequately?

  7. Do I need a biometric system?

  8. If so, which kind do I need?

  9. Do I need a system that identifies students as opposed to a verification system?

  10. Do I need a central database?

  11. If so, what is wrong with a system that does not use a central database?

  12. What is the biometric system required to achieve for me?

  13. Is it for attendance management purposes and/or for access control purposes?

  14. How accurate shall the data be?

  15. What procedures are used to ensure accuracy of data?

  16. Will the data require updating?

  17. How will the information on it be secured?

  18. Who shall have access to the data or to logs?

  19. Why, when and how shall such access be permitted?

  20. What constitutes an abuse of the system by a student?

  21. What procedures shall I put in place to deal with abuse?

  22. What legal basis do I have for requiring students to participate?

  23. How will I obtain the consent of the existing students (or their parents/guardians if applicable)?

  24. How will I obtain the consent of new students (or their parents/guardians) who will enrol at a future date?

  25. How will I ensure that students will be given a clear and unambiguous right to opt out of a biometric system without penalty?

  26. What procedures will I put in place to provide for the withdrawal by students of consent previously given?

  27. What system will I put in place for students who opt out of using the biometric system?

  28. How will I ensure that students who are unable to provide biometric data, because of a disability for example, are not discriminated against by my school or college by being required to operate a different system, or otherwise?

  29. Does the system used employ additional identifiers (e.g. PIN number, smart card) along with the biometric?

  30. If so, would these additional identifiers be sufficient on their own, rather than requiring operation in conjunction with a biometric?

  31. What is my retention policy on biometric data?

  32. Can I justify the retention period in my retention policy?

  33. How shall I inform students about the system?

  34. What information about the system need I provide to students?

  35. Would I be happy if I was a student asked to use such a system?

  36. Am I happy to operate a biometric system in an educational establishment where the use of such a system can make students less aware of the data protection risks that may impact upon them in later life?

  37. Does my school or college have a comprehensive data protection policy as required by the Department of Education and Science since 2003?

  38. Have I updated this policy to take account of the introduction of a biometric system for use by students?

 
 
  
 
"Education, Education, Education" Tony Blair (1996)    "Consent, Consent, Consent" Concerned parents (2007)  
 
 We are campaigning for the widespread use of biometrics in UK schools to be debated in Parliament, strictly regulated and
closely monitored, with statutory requirements for explicit informed parental consent where children's biometrics are taken  
 
 strictly © LeaveThemKidsAlone.com 2006-2007  Contact Us  Disclaimer  Privacy Policy    menu © 2006-2007 javascript-array.com