Thumbprints Used To Check Books Out of School Library 355
krou writes "Junior students at Higher Lane Primary in Whitefield, Greater Manchester, are in a trial of a system that uses their thumbprints to check out and return books from a library. The thumbprints are 'digitally transformed into electronic codes, which can then be recognized by a computer program.' The system was developed by Microsoft, and is being trialled elsewhere in the country. NO2ID condemned the system, saying it was appalling, and that 'It conditions children to hand over sensitive personal information.' The headmaster has defended the scheme, saying, 'We have researched this scheme thoroughly. It is a biometric recognition system and no image of a fingerprint is ever stored. It is a voluntary system. The thumbprint creates a mathematical template. All parents have been written to and we have told them what the system is all about. From the responses we have had there has been overwhelming support. We hold a lot of information about children because we are a school. This is no different.'"
Next up (Score:5, Informative)
School bans gummi bears [schneier.com]
Big Deal (Score:4, Informative)
It's worth mentioning ... (Score:5, Informative)
Riiights... (Score:5, Informative)
"All pupils' details are erased when they leave school."
They promise...this time is true! For real!
Re:Big Deal (Score:3, Informative)
My company produces similar... (Score:2, Informative)
Re:Fingerprint != Private (Score:4, Informative)
Re:Big Deal (Score:2, Informative)
Re:Big Deal (Score:3, Informative)
I was definitely trialled at my UK high school, 10? years ago.
Re:Not sensitive (Score:2, Informative)
The fact is you DONT leave them clean and legible everywhere. Cops are happy when they can retrieve a good fingerprint. Most of the time they are smudged or not left because of dust on the object. in a completely un-useable state.
Very rarely do Crime scene investigators get good fingerprints. Go ask a real one, and stop paying attention to utter fantasy like CSI. Most detectives cant stand that show and how utterly inaccurate and flat out wrong it is.
Re:Big Deal (Score:1, Informative)
Big deal schools in the UK and NZ have been using this method for checking out books for ages. You try to get a six year old to remember a pin number or library card. Many also use public barcode lists of users instead due to the cost of fingerprint scanners and in some rare cases privacy concerns.
My 6-year old daughter can recite her 6-digit lunch pin by memory, and she has ADHD. Go figure.
Re:Hidden agenda (Score:3, Informative)
I don't know about your fascist library, but mine only keeps records of what books you currently have checked out.
Once you return them in good condition, the entry showing you checked them out gets wiped from the system.
Re:Wait till swine flu appears again (Score:3, Informative)
Re:Hidden agenda (Score:3, Informative)
But only one can be replaced with a new unique identifier. The library can make up numbers for cards, they can't make up a fingerprint. A fingerprint is yours for the rest of your life.
I understand that the library is only storing a hash, but unless the library is using a truly unique fingerprint hashing technique, a breach of the computer they are storing those hashes on could mean that validation data about you that cannot be changed could be used for other purposes. Think of "fingerprint hash" as the equivalent to "SSN". It's not something you can change easily, and for that reason it's something that can be used to identify you with a decent level of confidence. That hash could be injected into any computer that uses the same (or a similar) hashing algorithm, and even if the library discovers the breach there's little they can do about it.
That's where biometrics get interesting. They uniquely (or at least "practically uniquely") identify you, but if someone breaches the system holding it, it's hard to prove it invalid.
If the library makes up their own numbers, they aren't holding any valuable data. If they store something that can be uniquely derived from your fingerprint, they should at least be held to PCI compliance, but preferably a lot higher - you can change a credit card number.