Nurseries to fingerprint parents

Indy500 · 30 Oct 2008 at 18:26

http://www.telegraph.co.uk/news/uknews/3275246/Parents-to-be-fingerprinted-by-nursery-schools.html

Up to 50 nurseries and playgroups have already signed up for the new security measures, thought to be the first time parents have been targetted in this way.

Civil libertarians have branded the decision a "huge overeaction".

The new entry system requires people who collect their children to place their finger on a scanner, to make sure that only nominated individuals can get through secure entrances.

Kidsunlimited, the nursery chain, will be rolling out the new technology to its 50 playgroups.

Honeycomb Solutions, the security firm behind the technology, say it is an effective way to monitor who is on their premises.

The scanners work by converting parents' finger prints into a code number. This number enables the system to recognise the finger, without storing any biometric data.

The company claims that the database cannot be accessed by any human, similar to the way banks protect credit card pin numbers.

Interesting semantics there in two of the paragraphs. Of course the system is storing biometric data, it may be in binary 0s and 1s but it has to be reversed back to the fingerprint schematic in order to recognise one. As for it being unaccessible...chip and PIN was compromised so I wouldn't be suprised if these databases were hacked.

There doesn't seem to be any indication about how well the staff are screened and who watches the watchmen...

Further down in the article:

The Government insists that using biometric data is an efficient way of tracking children during the school day. It is estimated that at least 200 schools used fingerprint scans, before any official guidance was published. But this is thought to be the first time that parents have been targeted.

Tracking them with biometric systems? If this doesn't support the notion that children are treated as prisoners in schools then I don't know what does.

It seems the schools concerned have lost sight of their original purpose, namely providing an education.

Whats your take on the subject?

Muffin` · 30 Oct 2008 at 18:31

Surley CCTV would suffice?

I cannot think of an intance where it wouldn't.

Wow, just saw this:

The Government has issued guidance telling head teachers they have the right to collect pupils' biometric data for security reasons.

semi-pro waster · 30 Oct 2008 at 18:37

I'd try and think up a reasoned response but really all I can come up with is "what does this solve that ordinary vigilance wouldn't"? As has been said if you are transforming the fingerprint into a code number then you are storing biometric data and again no database or computer system is secure indefinitely.

Indy500 · 30 Oct 2008 at 18:43

Well, if the figures for one system are correct, Honeycomb Solutions stand to make sales of £500,000 from this phase...

Lagmeister · 30 Oct 2008 at 18:44

sr4470 said:
Interesting semantics there in two of the paragraphs. Of course the system is storing biometric data, it may be in binary 0s and 1s but it has to be reversed back to the fingerprint schematic in order to recognise one.

Not exactly, they take the fingerprint and create a unique code of the captured data, that is stored. When someone presents their fingerprint again, the same function is performed and then that code is checked against the database. No fingerprint needs to be stored and its practically impossible to go from the code back to the fingerprint if done right.

This means that someone still has to have your finger, but they cant get the image of the stored fingerprint to find the associated person, so short of waiting round outside the nursery and hacking someones finger off when they come out your not going to get past the system, as even if you hack the system all you are going to have is a list of fairly random looking codes that wont be of any use to you.

Indy500 · 30 Oct 2008 at 18:49

Lagmeister said:
Not exactly, they take the fingerprint and create a unique code of the captured data, that is stored. When someone presents their fingerprint again, the same function is performed and then that code is checked against the database. No fingerprint needs to be stored and its practically impossible to go from the code back to the fingerprint if done right.

Sounds like a roundabout way of saying encryption key. What level are we talking?

Lagmeister said:
This means that someone still has to have your finger, but they cant get the image of the stored fingerprint to find the associated person, so short of waiting round outside the nursery and hacking someones finger off when they come out your not going to get past the system, as even if you hack the system all you are going to have is a list of fairly random looking codes that wont be of any use to you.

But the system can't work with just the codes alone. Unless you're going to tell me all of the data is encrypted?

It still seems over the top and more suited to prison security than a nursery though. Don't tell me, you work in this industry?

m4cc45 · 30 Oct 2008 at 18:54

The Government has issued guidance telling head teachers they have the right to collect pupils' biometric data for security reasons.

Just don't let them on trains with the data!

M.

lord filbuster · 30 Oct 2008 at 19:07

Lagmeister said:
Not exactly, they take the fingerprint and create a unique code of the captured data, that is stored. When someone presents their fingerprint again, the same function is performed and then that code is checked against the database. No fingerprint needs to be stored and its practically impossible to go from the code back to the fingerprint if done right.

This means that someone still has to have your finger, but they cant get the image of the stored fingerprint to find the associated person, so short of waiting round outside the nursery and hacking someones finger off when they come out your not going to get past the system, as even if you hack the system all you are going to have is a list of fairly random looking codes that wont be of any use to you.

You mean like a hash of the data? Surely if the person doesnt place their finger on the reader in exactly the same place, or if they have a cut or a bit of dirt on their finger it will change the resulting code by quite a lot (like md5 hashes do). If it doesnt change by a lot then the fingerprint data could be recovered from the code. What is wrong with just asking for i.d.?

Fothsn · 30 Oct 2008 at 19:11

I deliver to two day schools and the lack of security is shocking, there are big nurseries as well, you can basically walk in unnoticed :eek:

Eriedor · 30 Oct 2008 at 19:12

sr4470 said:
Interesting semantics there in two of the paragraphs. Of course the system is storing biometric data, it may be in binary 0s and 1s but it has to be reversed back to the fingerprint schematic in order to recognise one. As for it being unaccessible...chip and PIN was compromised so I wouldn't be suprised if these databases were hacked.

No, the system will basicly be hashing the biometric data, it's the same principle of storing passwords. A website admin will never be able to tell you your password as it isn't stored, all is stored is it's hash which is virtually impossible to reverse.

Eriedor · 30 Oct 2008 at 19:13

lord filbuster said:
You mean like a hash of the data? Surely if the person doesnt place their finger on the reader in exactly the same place, or if they have a cut or a bit of dirt on their finger it will change the resulting code by quite a lot (like md5 hashes do). If it doesnt change by a lot then the fingerprint data could be recovered from the code. What is wrong with just asking for i.d.?

The system wouldn't be using a full fidelity image of the finger, it will just extract principle data from the scan and hash that.

Indy500 · 30 Oct 2008 at 19:14

Eriedor said:
No, the system will basicly be hashing the biometric data, it's the same principle of storing passwords. A website admin will never be able to tell you your password as it isn't stored, all is stored is it's hash which is virtually impossible to reverse.

Ok, fair enough. But the staff they use to take care of this system could simply be doing the vigilance part as semi-pro waster said.

Fothsn, wherebouts is that? From my experience, fences, gates and CCTV are the minimum around here.

Dave · 30 Oct 2008 at 19:18

I remember getting my fingerprints taken at a police station when I was about 6 on a school visit and thinking none of it, Mum and Dad went mad when I got home and told them!

Indy500 · 30 Oct 2008 at 19:21

Dave said:
I remember getting my fingerprints taken at a police station when I was about 6 on a school visit and thinking none of it, Mum and Dad went mad when I got home and told them!

Yes, because fingerprints in their day were only taken from criminals

SexyGreyFox · 30 Oct 2008 at 19:32

Recently 3 of my students have had to go for fingerprinting for their CRBs because their parents couldn't provide 5 pieces of evidence.
We were told that they fingerprint, check against records and then they're deleted - I bet they are.

Energize · 30 Oct 2008 at 19:45

Eriedor said:
all is stored is it's hash which is virtually impossible to reverse.

I wouldn't count on that, the LM hash that windows uses can be broken in seconds using rainbow tables (admins regularly use these tables to check for insecure passwords on their networks), as can MD5 hashes. Just because something is hashed does not make it secure.

Rich_L · 30 Oct 2008 at 19:50

Er, so what? If you don't want to give your fingerprints, go to a different nursery - simple as that I'd have thought?

semi-pro waster · 30 Oct 2008 at 19:53

Rich_L said:
Er, so what? If you don't want to give your fingerprints, go to a different nursery - simple as that I'd have thought?

Well that surely depends on what is available in your area and how many nurseries implement the system doesn't it? If my nearest non bio-metric data taking nursery now happens to be over 100 miles away I've got a theoretical choice to exercise my rights as a consumer in a vaguely free-market economy, not a practical choice.

Rich_L · 30 Oct 2008 at 19:58

semi-pro waster said:
Well that surely depends on what is available in your area and how many nurseries implement the system doesn't it? If my nearest non bio-metric data taking nursery now happens to be over 100 miles away I've got a theoretical choice to exercise my rights as a consumer in a vaguely free-market economy, not a practical choice.

That's not the capitalist mantra! So start up a nursery and make oodles of cash from all the parents concerned about having to give their personal info, I think is the correct answer

semi-pro waster · 30 Oct 2008 at 20:09

Rich_L said:
That's not the capitalist mantra! So start up a nursery and make oodles of cash from all the parents concerned about having to give their personal info, I think is the correct answer

Who told you I was a capitalist comrade? I shall have the insolent dog flogged.

I could do that but it seems an awful lot of additional effort to have to do so many extra things because I can't trust the government or agencies of them to operate without overstepping their necessary functions. There are usually a few nurseries in a local area run by a council, sometimes especially for parents of less than lavish means, will they still have that choice?

I still don't see what benefit this provides over and above employing vigilance when looking after children (which should be standard frankly), certainly not enough to justify the extra cost, risk to the data security and invasion of privacy. However rather than me simply listing some of the more obvious flaws I see, how about some reasons from anyone why it would be a good idea or achieve a stated aim of greater security for children?