Biometrics in schools

Last updated

Some schools use biometric data such as fingerprints and facial recognition to identify students. This may be for daily transactions in the library or canteen or for monitoring absenteeism and behavior control. In 2002, Privacy International raised concerns that tens of thousands of UK school children were being fingerprinted by schools, often without the knowledge or consent of their parents. The supplier, Micro Librarian Systems, which uses technology similar to that used in prisons and the military, estimated that 350 schools throughout Britain were using such systems. In 2007, it was estimated that 3,500 schools are using such systems. Some schools in Belgium and the US have followed suit. Concerns have been raised by a number of groups, who suggest the harms far outweigh any putative benefits.

Contents

Definition

Biometrics are unique physical or behavioral characteristics which can be used to automatically identify individuals. Biometric technologies capture, process and measure these characteristics electronically and compare them against existing records to create a highly accurate identity management capability. [1]

Types of biometrics used in schools

Fingerprint recognition technology in the biometric market has held the largest market size worldwide and has been widely adopted by many industries including schools. Fingerprint recognition is the most pervasive, old, simple, and cheap form of biometric technology. [2] Although palm vein recognition, iris recognition and face recognition have been implemented in schools, finger scanning is by far the most commonly used technology in the U.S. education market. [3]

In the UK, primarily the type of biometric employed is a fingerprint scan or thumbprint scan, but vein and iris scanning systems are also in use. [4] [5]

United Kingdom

Biometrics have been used in the UK since the early first decade of the 21st century. Biometric technology is used to address truancy, to replace library cards, or to charge for meals. School biometrics, typically electronic fingerprinting systems, have raised privacy concerns because of the creation of databases that would progressively include the entire population. The UK introduced legal duties on schools if they wish to use biometric information about pupils, in the Protection of Freedoms Act 2012. [6]

Schools use pupils' biometric data for cashless catering, libraries, payment systems, registration and locker systems. In the UK biometric technology in schools was initially used for library book issue, approved for use by the UK's Information Commissioner's Office [7] in 2001 and the Department for Education [8] in 2002. Within a few years biometrics were being used for cashless catering systems, enabling relatives to deposit money into pupils' catering accounts, to be debited by a child's biometric fingerprint scan at the point of sale. In the USA biometrics systems are used for catering primarily, as mentioned above, with library and registration biometrics in use as well. Fingerprint locking systems are also used in the United Kingdom (fingerprint lock in the Holland Park School in London, [9] ) databases, etc., in Belgium (Marie-José school in Liège [10] [11] ), in France, in Italy, etc.

When children use systems in which their biometric fingerprints are processed in school no image of the fingerprint is stored, although the fingerprint data stored can be potentially used in the same way as an image of a fingerprint. A series of digits (some 30) is created so the computer can recognise a child when he/she places their fingerprint on a scanner. The data stored can be interoperable [12] with Automated Fingerprint Identification Systems (AFIS) used by police and other agencies to store fingerprint data.

It is claimed to be impossible to reconstruct a finger print from biometric readers, although research in 2007 was undertaken and the paper 'From Template to Image: Reconstructing Fingerprints from Minutiae Points' [13] was published by the Institute of Electrical and Electronics Engineers. [14]

In 2002 the NGO Privacy International raised an alert that tens of thousands of UK school children were being fingerprinted by schools, often without the knowledge or consent of their parents. [15] In 2002, the supplier Micro Librarian Systems, which use a technology similar to that used in US prisons and the German military, estimated that 350 schools throughout Britain were using such systems, to replace library cards. [15] In 2007, it was estimated that 3,500 schools (ten times more) are using such systems. [16] By 2009 the number of children fingerprinted was estimated to be two million. [17]

In the Protection of Freedoms Act; Part 1 "Regulation of Biometric Data", Chapter 2 schools and colleges are required to obtain the consent of one parent of a child under 18 for acquiring and processing the child's biometric information, and the Act gives the child rights to stop the processing of their biometric information regardless of any parental consent. It also states if any parent of the child objects to the processing of biometric information it must also be discontinued.

In addition to this schools are subject to the Data Protection Act and the Human Rights Act.

Privacy International warned that the practice of finger printing for the purpose of library cards was in clear violation of the Human Rights Act and the Data Protection Act: The law states that privacy invasion must be proportionate to the threat. A few lost library cards do not warrant mass finger printing. It is also likely that the practice breaches Article 16 of the UN Convention on the Rights of the Child, that 'no child shall be subjected to arbitrary or unlawful interference with his or her privacy...'" [18]

Others claim that under the Data Protection Act (DPA), schools in the UK do not have to ask parental consent for such practices. Parents opposed to such practices may only bring individual complaints against schools. [19] Regardless of this the child's rights under the Protection of Freedoms Act remain unaffected.

Concerns have been raised about the civil liberties implications of fingerprinting children in schools. [20] In 2007 Early Day Motion 686, which called on the UK Government to conduct a full and open consultation with stakeholders about the use of biometrics in schools, secured the support of 85 Members of Parliament. [21]

In response to a complaint which they are continuing to pursue, in 2010 the European Commission expressed 'significant concerns' over the proportionality and necessity of the practice and the lack of judicial redress, indicating that the practice may break the European Union data protection directive. [22]

Belgium

The alleged use of taking children's fingerprints is to struggle against school truancy and/or to replace library cards or money for meals by fingerprint locks. In Belgium, this practice gave rise to a question in Parliament on February 6, 2007 by Michel de La Motte (Humanist Democratic Centre) to the Education Minister Marie Arena, who replied that they were legal insofar as the school did not use them for external purposes nor to survey the private life of children. [23] Such practices have also been used in France (Angers, Carqueiranne college in the Var — the latter won the Big Brother Award of 2005 for its hand geometry system, etc.) although the CNIL, official organism in charge of protection of privacy, has declared them "disproportionate.". [24] The CNIL, however, declared in 2002 hand geometry systems to be acceptable.

Early applications

The first reported use of biometric systems in U.S. schools was at Minnesota's Eagan High School in March 1997. [25] Eagan High School, a testing ground for education technology since it opened, allowed willing students to use fingerprint readers to speed up the borrowing of library books.

Penn Cambria School District in Cresson, PA was another earlier user of biometric technology. [26] In 2000, Food Service Solutions, a local software development company, designed and implemented a system where students bought lunch with just a fingerprint. The American Civil Liberties Union stated that this "could hasten the end of privacy rights". [27]

Biometric systems were first used in schools in the UK in 2001. [28] Use of this technology in schools has become wider spread, although there are currently no official figures for how many schools employ the technology. [29]

Applications

Biometric technologies in schools are used to borrow library books, for cashless canteen systems, vending machines, class attendance and payments into schools. Biometric technologies for home/school bus journeys are also under development. [30]

Ages

Biometric systems can be used by children as young as three years old. [31]

Current usage

The two countries at the forefront employing biometric technology in schools are the UK and the United States. Biometric systems are also used in some schools in Belgium [32] and Sweden [33] but were withdrawn from China and Hong Kong schools due to privacy concerns. [34] It was reported in August 2007 that Dubai are soon due to issue guidance to schools. [35]

Security concerns

Concerns about the security implications of using conventional biometric templates in schools have been raised by a number of leading IT security experts, including Kim Cameron, architect of identity and access in the connected systems division at Microsoft, who cites research by Cavoukian and Stoianov to back up his assertion that "it is absolutely premature to begin using 'conventional biometrics' in schools". [36] [37] Invenda vending machines serviced by Adaria Vending Services and selling Mars Inc. products at the University of Waterloo caused uproar in February 2024 when students discovered the machines used facial recognition systems without knowledge or consent of the purchasers. [38] Invenda and Adaria claimed that the software complied with GDPR, but the students remained unconvinced. [38]

Advantages

Biometric vendors claim benefits to schools such as improved reading skills, decreased wait times in lunch lines and increased revenues. [39] They do not cite independent research to support this. Educationalist Dr. Sandra Leaton Gray of Homerton College, Cambridge stated in early 2007 that: [40]

I have not been able to find a single piece of published research which suggests that the use of biometrics in schools promotes healthy eating or improves reading skills amongst children... There is absolutely no evidence for such claims.

See also

Related Research Articles

<span class="mw-page-title-main">Fingerprint</span> Biometric identifier

A fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surfaces such as glass or metal. Deliberate impressions of entire fingerprints can be obtained by ink or other substances transferred from the peaks of friction ridges on the skin to a smooth surface such as paper. Fingerprint records normally contain impressions from the pad on the last joint of fingers and thumbs, though fingerprint cards also typically record portions of lower joint areas of the fingers.

Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data privacy or data protection.

Biometrics are body measurements and calculations related to human characteristics and features. Biometric authentication is used in computer science as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance.

<span class="mw-page-title-main">Iris recognition</span> Method of biometric identification

Iris recognition is an automated method of biometric identification that uses mathematical pattern-recognition techniques on video images of one or both of the irises of an individual's eyes, whose complex patterns are unique, stable, and can be seen from some distance. The discriminating powers of all biometric technologies depend on the amount of entropy they are able to encode and use in matching. Iris recognition is exceptional in this regard, enabling the avoidance of "collisions" even in cross-comparisons across massive populations. Its major limitation is that image acquisition from distances greater than a meter or two, or without cooperation, can be very difficult. However, the technology is in development and iris recognition can be accomplished from even up to 10 meters away or in a live camera feed.

<span class="mw-page-title-main">Facial recognition system</span> Technology capable of matching a face from an image against a database of faces

A facial recognition system is a technology potentially capable of matching a human face from a digital image or a video frame against a database of faces. Such a system is typically employed to authenticate users through ID verification services, and works by pinpointing and measuring facial features from a given image.

ContactPoint was a government database in England that provided a way for those working with children and young people to find out who else is working with the same child or young person, making it easier to deliver more coordinated support. It was created in response to the abuse and death of eight-year-old Victoria Climbié in 2000 in England. Various agencies involved in her care had failed to prevent her death, in particular by individually never realising other agencies had been in contact with Victoria.

Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.

A government database collects information for various reasons, including climate monitoring, securities law compliance, geological surveys, patent applications and grants, surveillance, national security, border control, law enforcement, public health, voter registration, vehicle registration, social security, and statistics.

<span class="mw-page-title-main">Vein matching</span> Technique of biometric identification

Vein matching, also called vascular technology, is a technique of biometric identification through the analysis of the patterns of blood vessels visible from the surface of the skin. Though used by the Federal Bureau of Investigation and the Central Intelligence Agency, this method of identification is still in development and has not yet been universally adopted by crime labs as it is not considered as reliable as more established techniques, such as fingerprinting. However, it can be used in conjunction with existing forensic data in support of a conclusion.

Cyber crime, or computer crime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, identity theft, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.

IDEX Biometrics ASA is a Norwegian biometrics company, specialising in fingerprint imaging and fingerprint recognition technology. The company was founded in 1996 and is headquartered in Oslo, but its main operation is in the US, with offices in New York and Massachusetts. The company also has offices in the UK and China.

Biometrics refers to the automated recognition of individuals based on their biological and behavioral characteristics, not to be confused with statistical biometrics; which is used to analyse data in the biological sciences. Biometrics for the purposes of identification may involve DNA matching, facial recognition, fingerprints, retina and iris scanning, voice analysis, handwriting, gait, and even body odor.

<span class="mw-page-title-main">Mass surveillance in the United Kingdom</span>

The use of electronic surveillance by the United Kingdom grew from the development of signal intelligence and pioneering code breaking during World War II. In the post-war period, the Government Communications Headquarters (GCHQ) was formed and participated in programmes such as the Five Eyes collaboration of English-speaking nations. This focused on intercepting electronic communications, with substantial increases in surveillance capabilities over time. A series of media reports in 2013 revealed bulk collection and surveillance capabilities, including collection and sharing collaborations between GCHQ and the United States' National Security Agency. These were commonly described by the media and civil liberties groups as mass surveillance. Similar capabilities exist in other countries, including western European countries.

Sharenting is a portmanteau of "sharing" and "parenting" describing the practice of parents publicizing a large amount of potentially sensitive content about their children on internet platforms. While the term was coined as recently as 2010, sharenting has become an international phenomenon with widespread presence in the United States, Spain, France, and the United Kingdom. As such, sharenting has also ignited disagreement as a controversial application of social media. Detractors find that it violates child privacy and hurts a parent-child relationship. Proponents frame the practice as a natural expression of parental pride in their children and argue that critics take sharenting-related posts out of context.

DeepFace is a deep learning facial recognition system created by a research group at Facebook. It identifies human faces in digital images. The program employs a nine-layer neural network with over 120 million connection weights and was trained on four million images uploaded by Facebook users. The Facebook Research team has stated that the DeepFace method reaches an accuracy of 97.35% ± 0.25% on Labeled Faces in the Wild (LFW) data set where human beings have 97.53%. This means that DeepFace is sometimes more successful than human beings. As a result of growing societal concerns Meta announced that it plans to shut down Facebook facial recognition system, deleting the face scan data of more than one billion users. This change will represent one of the largest shifts in facial recognition usage in the technology's history. Facebook planned to delete by December 2021 more than one billion facial recognition templates, which are digital scans of facial features. However, it did not plan to eliminate DeepFace which is the software that powers the facial recognition system. The company has also not ruled out incorporating facial recognition technology into future products, according to Meta spokesperson.

India Stack refers to the project of creating a unified software platform to bring India's population into the digital age. Its website describes its mission as follows: "India Stack is a set of open APIs that allows governments, businesses, startups and developers to utilize a unique digital Infrastructure to solve India’s hard problems towards presence-less, paperless, and cashless service delivery" Of the four "distinct technology layers" mentioned on the same page, the first, the "Presenceless Layer" is the most controversial as it involves storing biometric data such as fingerprints for every citizen. Since such markers are widely being adopted to enable cashless payment, the issue arises of fraudulent use of biometrics. The other layers are the Paperless Layer, which enables personal records to be associated with one's online identity; the Cashless Layer, a single interface to all national banks and online wallets; and the Consent Layer, which aims to maintain security and control of personal data.

<span class="mw-page-title-main">Face ID</span> Facial recognition system by Apple

Face ID is a biometric authentication facial recognition system designed and developed by Apple Inc. for the iPhone and iPad Pro. The system can be used for unlocking a device, making payments, accessing sensitive data, providing detailed facial expression tracking for Animoji, as well as six degrees of freedom (6DOF) head-tracking, eye-tracking, and other features. Initially released in November 2017 with the iPhone X, it has since been updated and introduced to all iPhones outside of SE models and all iPad Pro models from 2018 onwards. Users on iOS 18 and newer can choose to lock specific apps, requiring Face ID to access them.

The Biometric Information Privacy Act is a law set forth on October 3, 2008 in the U.S. state of Illinois, in an effort to regulate the collection, use, and handling of biometric identifiers and information by private entities. Notably, the Act does not apply to government entities. While Texas and Washington are the only other states that implemented similar biometric protections, BIPA is the most stringent. The Act prescribes $1,000 per violation, and $5,000 per violation if the violation is intentional or reckless. Because of this damages provision, the BIPA has spawned several class action lawsuits.

Airport privacy involves the right of personal privacy for passengers when it comes to screening procedures, surveillance, and personal data being stored at airports. This practice intertwines airport security measures and privacy specifically the advancement of security measures following the 9/11 attacks in the United States and other global terrorist attacks. Several terrorist attacks, such as 9/11, have led airports all over the world to look to the advancement of new technology such as body and baggage screening, detection dogs, facial recognition, and the use of biometrics in electronic passports. Amidst the introduction of new technology and security measures in airports and the growing rates of travelers there has been a rise of risk and concern in privacy.

Soft privacy technologies fall under the category of PETs, Privacy-enhancing technologies, as methods of protecting data. Soft privacy is a counterpart to another subcategory of PETs, called hard privacy. Soft privacy technology has the goal of keeping information safe, allowing services to process data while having full control of how data is being used. To accomplish this, soft privacy emphasizes the use of third-party programs to protect privacy, emphasizing auditing, certification, consent, access control, encryption, and differential privacy. Since evolving technologies like the internet, machine learning, and big data are being applied to many long-standing fields, we now need to process billions of datapoints every day in areas such as health care, autonomous cars, smart cards, social media, and more. Many of these fields rely on soft privacy technologies when they handle data.

References

  1. "Identity is at the heart of the digital age". Ibia.org. Retrieved 15 April 2017.
  2. "Fingerprint biometrics: A global strategic business report". Strategyr.com. Retrieved 15 April 2017.
  3. Perala, A. "Biometrics in US education sector to see significant growth". Findbiometrics.com. Retrieved 15 April 2017.
  4. Biometrics in Schools, Colleges and other Educational Institutions Archived 2007-09-29 at the Wayback Machine , Data Protection Commissioner, 2007
  5. Vein scanning in a primary school for food, in Scotland, Scotsman.com, October 2006
  6. "Protection of biometric information of children in schools". Department for Education. 13 December 2012. Retrieved 11 May 2015.
  7. http://biometricsinschools.files.wordpress.com/2013/08/ico-letter-2001.jpg [ permanent dead link ]
  8. http://biometricsinschools.files.wordpress.com/2013/08/dfes-letter-2002.jpg [ permanent dead link ]
  9. Hermann, Vincent (29 August 2006). "Empreintes digitales pour les enfants d'une école de Londres". Nextinpact.com. Retrieved 9 March 2022.
  10. "fingerprints to secure the school?". Archived from the original on 1 July 2007. Retrieved 9 March 2022.
  11. the fingerprint reader in schools creates controversy Archived 2012-07-21 at archive.today , 7 on 7, February 5, 2007 (in French)
  12. "FBI — IAFIS/NGI Biometric Interoperability". Archived from the original on 2016-03-26. Retrieved 2016-07-28.
  13. Arun Ross; Jidnya Shah; Anil K. Jain (April 2007). "From Template to Image: Reconstructing Fingerprints from Minutiae Points" (PDF). IEEE Transactions on Pattern Analysis and Machine Intelligence. 29 (4): 544–560. doi:10.1109/TPAMI.2007.1018. PMID   17299213. S2CID   777891 . Retrieved 9 March 2022.
  14. "IEEE - The world's largest technical professional organization dedicated to advancing technology for the benefit of humanity". Ieee.org. Retrieved 9 March 2022.
  15. 1 2 Fingerprinting of UK school kids causes outcry, The Register , July 22, 2002
  16. Child fingerprint plan considered, BBC , March 4, 2007
  17. Singh, Y. "Why are we fingerprinting children?", The Guardian , March 7, 2009
  18. "PI condemns mass fingerprinting of UK primary school children | Privacy International". Archived from the original on 2012-09-02. Retrieved 2012-10-03.
  19. Schools can fingerprint children without parental consent, The Register , September 7, 2006
  20. Porter, H. "Blindly fingerprinting children", The Guardian , November 18, 2009
  21. "EDM 686 – Biometric Data Collection In Schools". UK Parliament. 2007-01-19. Archived from the original on 2007-08-29. Retrieved 2009-11-28.
  22. Europe tells Britain to justify itself over fingerprinting children in schools, The Daily Telegraph , published 2010-12-14, accessed 2011-01-13
  23. Prises d'empreintes digitales dans un établissement scolaire Archived 2007-02-24 at the Wayback Machine , Question d'actualité à la Ministre-Présidente en charge de l'Enseignement obligatoire et de Promotion sociale (in French)
  24. Quand la biométrie s'installe dans les cantines au nez et à la barbe de la Cnil, Zdnet , September 9, 2003 (in French)
  25. "This Minnesota high school gives fingerprint scanning a whorl". eSchool News. 2000-09-01. Archived from the original on May 6, 2006. Retrieved 2006-11-20.
  26. "Fingerprints Pay For School Lunch". Cbsnews.com. Retrieved 9 March 2022.
  27. "Fingerprints Pay For School Lunch". Cbsnews.com. January 24, 2001.
  28. "Biometrics And RFID Tracking In UK Education". The UK Column. 11 April 2013. Retrieved 11 May 2015.
  29. Knight, J. Parliamentary Written Answer 110750, Hansard, January 29, 2007.
  30. Grossman, W. "Is school fingerprinting out of bounds?", The Guardian , March 30, 2006.
  31. Devlin, K. "Nursery children to be fingerprinted", The Daily Telegraph , September 23, 2006.
  32. Fingerprint recognition in high schools used for registration. Archived May 16, 2007, at the Wayback Machine
  33. Kvarnby School in Stockholm used to log into school computers. Archived November 25, 2006, at the Wayback Machine
  34. China: Ballard, M. "Halt to school fingerprinting", The Register, November 9, 2006.
  35. Fingerprinting of pupils fails to score Archived September 29, 2007, at the Wayback Machine
  36. "Will biometrics grow up? – Kim Cameron's Identity Weblog". Identityblog.com. Retrieved 9 March 2022.
  37. Biometric Encryption: A Positive-Sum Technology that Achieves Strong Authentication, Security AND Privacy Archived 2007-06-14 at the Wayback Machine Cavoukian, A and Stoianov, A March 2007
  38. 1 2 Belanger, Ashley (2024-02-24). "A Vending Machine Error Revealed Secret Face Recognition Tech". Ars Technica . Retrieved 2024-03-04 via Wired.
  39. "Fingerprint Software Eliminates Privacy Concerns and Establishes Success (FindBiometrics)". Archived from the original on 14 March 2009. Retrieved 9 March 2022.
  40. "LTKA – Experts warn of serious child fingerprinting risks (against schools fingerprinting our children)". Archived from the original on 2007-06-20. Retrieved 2007-04-25.

General references

Legislation

The following laws, legal opinions, or guidance are in place to regulate children's use of biometric technology. To date the practise of using biometrics in schools is only legally regulated in the USA:

Non statutory advice

USA
Ireland
UK