Email Address Password
Remember Me

Or Create a (Free) Account.
2004JanFebMarAprMayJunJul Aug Sep Oct Nov Dec
2005 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2006 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Oct Oct
2007JanFebMarAprMayJunJulAugSepOctNovDec2007
2008JanFebMarAprMayJunJulAugSepOctNovDec2008
2009JanFebMarAprMayJunJulAugSepOctNovDec2009
2010JanFebMarAprMayJunJulAugSepOctNovDec2010
2011JanFebMarAprMayJunJulAugSepOctNovDec2011
2012JanFebMarAprMayJunJulAugSepOctNovDec2012
2013JanFebMarAprMayJunJulAugSepOctNovDec2013
2014JanFebMarAprMayJunJulAugSepOctNovDec2014

Fri 1st Sep 19:39 2006: Leave Them Kids Alone

Leave Them Kids Alone is a project campaigning against the increasing practice of taking school childrens' fingerprints. They have a list of schools, which includes my old secondary school, which are taking schoolchildrens' fingerprints, sometimes without parental consent.

Stockport executive member for children and young people, Councillor John Pantall, said to the Manchester Metro News: "The system can recognise the pupils' biometric details but doesn't store them in a way that can be accessed. We've had letters and information about micro librarians from the Department for Education and Schools, and on the issue of parental consent. But it is up to the schools - they take individual decisions. We've spoken out about drug testing and metal detectors in schools, but in this case I'm satisfied that a system that protects pupils' details and helps schools is in place."

DfES said that "[schools] should also inform parent[s] and get consent unless the childis of sufficient maturity hat s/he can give consent him/herself." (my emphasis). These are children, they may well be mature, but they can not be required to give their fingerprints in order to receive an education. DfES are completely out of order.

At the same time, Cambridge Uni security experts have news of even further storage of our kids' details on large, shared databases., and include the comment that "‘You can have scale, or functionality, or security.If you’re smart you can build a system with any two of these. But you can’t have all three.’"


Comments for 'Leave Them Kids Alone'

Fri 1 Sep 2006 @ 20:07 GMT : Steve Parker
Update
ARCH (Action on Rights for CHildren) have a set of 14 blog articles about the subject.
Fri 1 Sep 2006 @ 22:43 GMT : Steve Parker
More
KableNet have an article about a London school; Also in Portsmouth.

The first of these includes two great quotes:

"In order for the system to operate students have one finger scanned. No record of the scan is kept. Rather it is turned by process of algorithm into an individual number that is recorded and recognised when a student places their finger on the reader."

If no record is kept, how is the student verified? Or is it just that the scanning process itself isn't kept. We don't know when we scanned you, just that this is your fingerprint?

and:

"All data is retained in the school as part of our current database and will not be shared with any third party,"

So you're not exactly using top-level security, it's a small, localised system being trusted with this information. Security needs to be the top priority when somebody's identity is concerned.

The second article has another:

"information from a fingerprint scan cannot be turned back to create a fingerprint image as seen on police records."

So what? If you have stored enough information to (uniquely? maybe not essential on this scale) identify a fingerprint, then - by definition - it is enough information to (you claim) identify that fingerprint. This ties in with the first quote, above.
Fri 1 Sep 2006 @ 23:32 GMT : Steve Parker
Why?
In case you're wondering why I'm so concerned, it's really quite simple. You only get one set of biometric information, and you're stuck with it for life.

I have various legal responsibilities to my children, one of which is to provide them with a state-approved education. My eldest is about to start on her scholastic career. Until she is 18, I am responsible for her, and responsible to her.

If I could give your fingerprints to someone without you even being aware of the consequences, I'm sure you'd object. If I give my parental consent for my daughter's fingerprints to be taken, her adult self may well object. I will have failed in my parental duty. If I don't even get the opportunity to object, and the child's fingerprints (or any such unique biometric data) is taken, that person is potentiallly tagged for life.

What is the worst-case scenario? I don't know, but here are a few:

1) The UK Gov manage this data perfectly well; my daughter turns criminal in later life, and is caught by recognition of her biometric data, which I, whilst responsible for her, allowed to be taken by the government. I am legally responsible to her to maintain her identity; she could sue her own parents for incriminating her!
Okay, that's not going to happen. More likely is that:

2) The UK Gov don't manage the data perfectly well:
2a) She is falsely identified as a criminal due to a false-positive result
2b) Someone else is falsely identified as responsible for her crime due to a false-positive result
2c) Her biometric data is accessed by somebody unathorised to view that information. Actually, this is the worst, and the most likely. See the Cambridge link:


Your kids’ schoolteachers will be able to see not just their school records but also their medical records, social work records, police records and probation records; see here for the background.


That's it, for your whole life, all you data, potentially wide open. The security must be sorted out as priority #1. A person's identity is not replacable if something happens.

If someone gets my password, I can change it. If they get my fingerprints, iris scan, etc, I can't do anything other than cut off my fingers and poke my eyes out.
Sat 2 Sep 2006 @ 15:21 GMT : Andy B
saw this...
I saw this mentioned in the local paper... I haven't read the full article, but the idea of children being fingerprinted is outrageous.

I'm also amazed at the quote from Councillor Pantall..
"The system can recognise the pupils' biometric details but doesn't store them in a way that can be accessed."
I beg to differ... if they are being stored at all, then they can be accessed!!!

You could post a comment if you were logged in.

You are logged in as 0

create an account

Steve's urandom blog
Share on Twitter Share on Facebook Share on LinkedIn Share on Identi.ca Share on StumbleUpon
My Shell Scripting Book:
    Shell Scripting, Expert Recipes for Linux, Bash and more
is available online and from all good booksellers:


DefectiveByDesign.org