A sandwich away from a privacy violation

A sandwich away from a privacy violation

Summary: The privacy debate around biometrics is nothing new, but it is starting to show up more and more in schools and involve kids as young as five years old.

TOPICS: Privacy, Security

In Carroll County, Md., school students as young as five years old are using their palm prints to pay for lunch.

In the name of efficiency, a student’s print identifies them and records a charge for their meal. Some parents aren’t happy, and are joining a growing debate over the privacy implications and best practices for the use of biometrics.

The school flap is playing out in three other states that are using the palm-reading system first adopted last year by a Florida school district. In addition, one large California school district will start using fingerprint readers to track students getting on and off buses, and there is iris scanning technology being touted for the same use.

The issues point to the complexities of biometric identifiers that on their face (no pun intended) seem like a fool-proof system that can harden access controls while providing efficiencies and safety.

In their 2010 book, Biometric Recognition: Challenges and Opportunities, authors Joseph Pato and Lynette Millett conclude “biometric recognition is an inherently probabilistic endeavor that comes with uncertainty and risk of error even when the system is working as designed.”

Just last month, a flaw was discovered in fingerprint reader software used on laptops made by four of the five largest PC makers in the world. Researcher called it "nothing but a big, glowing security hole” that compromised the entire security model of Windows accounts.

It is those kinds of stories that lead parents and others to ask questions about the implications of biometric technology.

“These ideas may seem outlandish now, but the more biometrics is used, the more commonplace they may seem,” Anita Ramasastry, a law professor at the University of Washington, wrote today in her Constitutional Law blog. “Thus, the implications of biometrics should be considered now, when we can see proposed biometric systems with fresh eyes.”

The glaring mistake in the Carroll County case was that school officials failed to get opt-in agreements from parents before going live with the system.

User consent is the first law in the seven Laws of Identity, as written in 2007 by noted identity expert Kim Cameron. Carroll County parents now can opt-out of the service and have their student’s lunch accounts manually updated just by providing their names.

The Maryland school district’s PalmSecure system identifies unique palm and vein patterns and converts the image into an encrypted numeric algorithm that records a sale.

The images are never stored, but that isn’t helping satisfying parents who worry about their kids being socialized away from their rights to privacy.

Privacy groups contend kids who are tracked electronically over the course of their secondary education and on into college become less sensitive to potential privacy violations and electronic tracking becomes the norm.

One Carroll County parent told the Baltimore Sun, “I'm concerned about it. I know it's the way of the future, but it's fingerprinting, it's palm­printing."

In 2011, Facebook came under intense scrutiny for its new facial recognition software that automatically tagged users appearing in pictures posted to the site. The feature was eventually pulled as users clamored about the tracking implications and being denied an opt-out setting.

And while Carroll County is not storing data, the collection of personal biometric data and how it is protected is an issue highlighted by the flap around airport body-scanning equipment.

In 2010, the Transportation Security Administration admitted its scanners could store images after saying initially that capability did not exist. That same year, the U.S. Marshals Service admitted it had saved tens of thousands of body scanner images taken at a Florida courthouse.

Saved personal data brings with it the liability of storing it securely and having tight access controls. There is the added concern that stored data can be subpoenaed.

Ramasastry, the University of Washington law professor, says schools should more deliberately consider the privacy and security implications of biometric programs and develop a privacy plan at the time of implementation.

She notes that UK and Scottish Information Commissioners charged with guarding privacy have both published guidance about the use of biometrics inschools. 

How much biometric data is too much? How should its collection and storage be regulated? Are critics being overly cautious or paranoid?

Would you opt-in to have your kids participate in school biometric programs?

Topics: Privacy, Security


John Fontana is a journalist focusing on authentication, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he also blogs about industry issues and standards work, including the FIDO Alliance.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Opt Out

    The more you have recording of identity indicators, the easier it is for someone to misuse them criminally; and leave you to take the rap.
  • Always remember...

    ... just because you're paranoid, doesn't mean THEY aren't out to GET you.

    (I'm lookin' at YOU, Girl Scouts of America....)
  • Total non-issue for the good people

    Why would good people who have done no wrong and don't plan to be worried about any of this at all? I'm more worried about who is objecting because they obviously have some nefarious plan, rather than what their specific manufactured objections state.

    My credit cards come with identity theft protection. This system when implemented is to protect people like me, from the type of person who would object to its use. Whoever you are, know that you cannot be trusted.
    • Good people.........

      There is a huge number of "Good People" who take their right to privacy seriously. Your comment that they have "nefarious" motives is a HUGE insult to them!
    • You don't have anything to hide?

      *Everyone* has something to hide, and so they should.
      It's always funny when someone stridently dismisses privacy as an issue -- from behind a pseudonym like "qwetry".
    • You don't have anything to hide?

      *Everyone* has something to hide, and so they should.
      It's always funny when someone stridently dismisses privacy as an issue -- from behind a pseudonym like "qwetry".
  • the future and technology's place in it is inevitable

    While I can appreciate the statement about trying not to desensitize children to a loss of privacy, the argument sounds a lot like what parents used to say about not allowing their kids to listen to rock-n-roll in the early 1950s. - for what a bad influence it would be. At the rate that technology advances today, and the pace that youth embrace all it has to offer, the battle for privacy is worth fighting. However I think it is short-sighted to simply shield children from prevalent technologies. Instead, we should teach them how to use it to their advantage, and let technology work for them, not against them.

    As Mr. Smith said to Neo in The Matrix, "Do you hear that sound, Mr Anderson? That is the sound of inevitability."
  • Privacy is threatened by disproporionate responses

    The best way to approach this contentious issue is to ask what problem we're trying to solve? And does biometrics represent a proportionate response?
    Biometric authentication brings great and novel risks. If someone steals your biometric then unlike a card or PIN or password, there's no way to revoke and reissue your ID -- you're probably going to be persona non grata forever. And if and when biometrics become widespread and used (albeit naively) as a gold standard identity, their value to ID thieves will multiply.
    So, are schools able to protect these precious assets with due care? Recent history shows that well heeled banks, credit card processors, government agencies and security companies continue to suffer significant data breaches. It's frankly inconceivable that schools are up to the task of protecting biometrics databases, let alone dealing with the consequences of attack by organised crime. Schools may not even know what sort of risks they're running, in creating "honey pots" for biometric identity thieves.
    Biometrics really need to be used sparingly They have a place in data centre security, but for school canteens, they're disproportionate and a disaster waiting to happen.