April 23, 2014 -
Biometric technology is making its presence known in a number of different sectors, and schools have proven to be a particularly controversial avenue of this recent expansion.
Parents concerned for the privacy of their children, uncertain or unclear procurements, legislative pressures and issues surrounding decision-making are just a few of the issues dominating this discussion as of late.
Though applications vary, biometric systems have been used in schools to record attendance, enable library book borrowing, pay for lunch and to shorten cafeteria lines, as well as for access control and planning initiatives.
Most recently, Bill 188, which looks to ban the collection of biometric information from students in Florida, has recently passed the full Senate.
“The risk of students’ personal information being lost or stolen through the collection and use of biometric data by schools, outweighs any benefit there might be in the schools using it,” Senator Dorothy Hukill, who spearheaded this bill said in a release. “We are protecting our students’ futures by ensuring the protection of their biometric information today.”
And Florida isn’t alone.
A separate Senate bill (Senate Bill 855) was tabled in Maryland last year that also looked to ban the collection of biometric information from students. This included not only biometric registration but also participation in other biometric programs including options for purchasing lunch in school cafeterias.
At the time, the Maryland Association of Boards of Education issued a statement in opposition of Bill 855, weighing heavily on the issues of governance and decision-making authority. According to the statement, the group said the bill would “unreasonably limit local board of education and school administration discretion to utilize technology which relies on biometric information for purposes of granting user access to programs and services.” The statement continues, to say that “Senate Bill 855 is inconsistent with the flexibility in establishing local school system policies and procedures that MABE believes is essential to the current and continued success of our statewide system of public education.”
Earlier, Carroll County Public Schools in Maryland stopped the implementation of palm scanners within the school system, citing parental privacy concerns.
In this particular case, parental consent was also an issue.
According to Steve Wilson, VP & Principal Analyst at Constellation Research and founder of the Lockstep Group, biometrics presents parents with complex and unfamiliar decisions to make around consent.
“I do not believe parents should be put on the spot to make complicated privacy-security tradeoff decisions for their kids. Even security experts struggle with this stuff; parents do not have the information and skills needed to evaluate biometrics. They are vulnerable to vendor hype,” Wilson, who is an outspoken advocate for digital identity and privacy issues online said.
Reported previously in BiometricUpdate.com, early in 2013, the Polk County School District in Florida halted its implementation of an iris-scanning pilot project, which looked to capture the irises of children getting on and off of school buses, though it’s been reported that the exercise began before parents were given a chance to opt-in or out, which is what ultimately ended the program.
“Frankly, I do not believe that typical schools have the information security capability to make fully informed design decisions in biometrics, let alone operate them,” Wilson said. “From what I have seen, the specifications presented are often incomplete.”
On the other end of the spectrum, shortly after news that Florida Bill 188 had passed the full Senate, Janice Kephart, through the Secure Identity & Biometrics Association (SIBA) released a statement arguing that the vote was based on “misunderstood science” and that there’s misinformation on what biometric systems do or don’t do.
“It is a myth that identity theft and biometrics go hand-in-hand,” Kephart said. “Biometrics helps prevent identity theft.”
The industry response to these privacy concerns is often that these systems don’t retain personally-identifying information, the information that is retained is heavily encrypted, enrollment templates differ from identification data, this data can’t be easily intercepted and that reverse engineering is impossible.
On top of privacy concerns, there is also the concern for the stigmatisation of students.
On one hand, advocates for the use of biometric technology suggest that cafeteria payment systems are a way to ensure children in schools are fed at lunch, and that students who can’t afford to bring money for lunch every day can work their way through the cafeteria line, without having to sign special forms for subsidies. Passwords and PIN numbers can be lost or forgotten, but students don’t forget to bring their hands or faces to school, advocates say.
According to Wilson, a separate concern for stigmatisation is for the children whose parents don’t opt-in to using a biometric system or that otherwise can’t be enrolled.
“It is important that students who cannot be enrolled or who decline to use the system are not stigmatised,” Wilson said. “These systems are installed on the promise of great time and motion efficiency dividends, and it does not take much of a ‘disturbance’ to degrade the throughput.”
BiometricUpdate.com has looked at the controversy surrounding biometric programs in schools through the lens of school cafeterias. Read the full feature here.
In 2012, the Biometrics Institute called for caution in widening access to the National Pupil Database, as proposed at the time by the UK government. In a submission to the government, the Institute called for a major privacy assessment to be conducted before the database was opened for greater access.
“Privacy breaches can have dangerous and disturbing consequences,” Terry Aulich, Chair of the Biometrics Institute Privacy Committee said in the Biometrics Institute’s published statement last year. “All parents and pupils need water-tight guarantees to prevent any personal data, whether it is linked or consolidated, getting into the wrong hands or being misused by external groups such as the media and marketers, and criminals. Children cannot exercise informed consent about how their data is used and their parents are often unaware of the risks.”