A sandwich away from a privacy violation
In Carroll County, Md., school students as young as five years old are using their palm prints to pay for lunch.
In the name of efficiency, a student’s print identifies them and records a charge for their meal. Some parents aren’t happy, and are joining a growing debate over the privacy implications and best practices for the use of biometrics.
The school flap is playing out in three other states that are using the palm-reading system first adopted last year by a Florida school district. In addition, one large California school district will start using fingerprint readers to track students getting on and off buses, and there is iris scanning technology being touted for the same use.
The issues point to the complexities of biometric identifiers that on their face (no pun intended) seem like a fool-proof system that can harden access controls while providing efficiencies and safety.
In their 2010 book, Biometric Recognition: Challenges and Opportunities, authors Joseph Pato and Lynette Millett conclude “biometric recognition is an inherently probabilistic endeavor that comes with uncertainty and risk of error even when the system is working as designed.”
Just last month, a flaw was discovered in fingerprint reader software used on laptops made by four of the five largest PC makers in the world. Researcher called it "nothing but a big, glowing security hole” that compromised the entire security model of Windows accounts.
It is those kinds of stories that lead parents and others to ask questions about the implications of biometric technology.
“These ideas may seem outlandish now, but the more biometrics is used, the more commonplace they may seem,” Anita Ramasastry, a law professor at the University of Washington, wrote today in her Constitutional Law blog. “Thus, the implications of biometrics should be considered now, when we can see proposed biometric systems with fresh eyes.”
The glaring mistake in the Carroll County case was that school officials failed to get opt-in agreements from parents before going live with the system.
User consent is the first law in the seven Laws of Identity, as written in 2007 by noted identity expert Kim Cameron. Carroll County parents now can opt-out of the service and have their student’s lunch accounts manually updated just by providing their names.
The Maryland school district’s PalmSecure system identifies unique palm and vein patterns and converts the image into an encrypted numeric algorithm that records a sale.
The images are never stored, but that isn’t helping satisfying parents who worry about their kids being socialized away from their rights to privacy.
Privacy groups contend kids who are tracked electronically over the course of their secondary education and on into college become less sensitive to potential privacy violations and electronic tracking becomes the norm.
One Carroll County parent told the Baltimore Sun, “I'm concerned about it. I know it's the way of the future, but it's fingerprinting, it's palmprinting."
In 2011, Facebook came under intense scrutiny for its new facial recognition software that automatically tagged users appearing in pictures posted to the site. The feature was eventually pulled as users clamored about the tracking implications and being denied an opt-out setting.
And while Carroll County is not storing data, the collection of personal biometric data and how it is protected is an issue highlighted by the flap around airport body-scanning equipment.
In 2010, the Transportation Security Administration admitted its scanners could store images after saying initially that capability did not exist. That same year, the U.S. Marshals Service admitted it had saved tens of thousands of body scanner images taken at a Florida courthouse.
Saved personal data brings with it the liability of storing it securely and having tight access controls. There is the added concern that stored data can be subpoenaed.
Ramasastry, the University of Washington law professor, says schools should more deliberately consider the privacy and security implications of biometric programs and develop a privacy plan at the time of implementation.
She notes that UK and Scottish Information Commissioners charged with guarding privacy have both published guidance about the use of biometrics inschools.
How much biometric data is too much? How should its collection and storage be regulated? Are critics being overly cautious or paranoid?
Would you opt-in to have your kids participate in school biometric programs?