Biometrics in K-12: Issues and Standardization
- By Patricia Deubel
See for Yourself
You can find any number of news reports, websites and blogs posting concerns about biometrics in schools. If you are also concerned, investigate these resources:
The Boston Globe (2007, April 4) reported on the uproar of parents and ACLU officials concerned about privacy and identity theft as a result of Taunton schools' (MA) plan to use fingerprint scanning in its lunch program. They are calling for legislation in Massachusetts to regulate the use of fingerprint scanners, which State Senator Marc R. Pacheco is apparently considering.
Leave Them Kids Alone.com (UK) is against fingerprinting of children in schools. See the powerful video clip Think your children are safe at school?, which shows the concern about using fingerprints to check identity of school children.
Pippa King's Blogspot on Biometrics in Schools has such comments as "People have to be start raving mad to use conventional biometrics to improve the efficiency of a children's lunch line" (2007, April 6).
I began this three-part investigation on using biometrics in K-12 after reading The Truth about Biometric Devices in Schools (Johns, 2007). In part 1, I defined biometrics and indicated that they are creeping into nearly every market in our society, particularly since the tragedy of September 11. There are applications used in education to authenticate transactions; control entry into various facilities; monitor time and attendance; secure access to laptops, PCs, and networks; and more. I introduced you to the most commonly used biometrics in schools, which are fingerprints and handprints, provided resources for you to make your own investigation into the nature of those technologies and products available, and left you with concerns to think about.
Now I'll delve more into those issues that have been raised by parents, students, and civil liberties groups. All of this is intended to help you better decide to ban its use or buy into biometrics. Stay with me, for in part 3 we'll look at vendor claims and a sound business plan of action that leads to a security solution you really need.
You will hear some immediate positive views on using biometrics in schools. "If my child is made more secure as a result, if it makes life easier, increases efficiency and accuracy, let's go for it." In the public sector, biometrics can prevent identity theft and fraud and help law enforcement agencies find missing children. But when faced with certain issues, people start to think a little more about implications on their rights. Most K-12 schools probably don't need the level of security provided by biometrics. Is their use overkill? At least one parent in Irvine Unified School District (CA) would agree, as the high school scrapped plans to implement fingerprint technology in its lunch program when angry parents voiced privacy concerns (Mehta, 2006).
Concerns about biometrics have actually led some states to enact legislation setting conditions for the collection and use of biometrics in schools, including written consent and providing alternatives to biometrics for when consent is not granted (e.g., Illinois' SB1702; Iowa's Senate File 2086). The legislation is important and needed and might already have set the precedent for other states to follow.
Then you'll have another list to worry about: "Permission to Scan." I know it's not funny, but I just sighed and shook my head thinking of "monitoring the monitoring system." Let's look at specifics.
William Abernathy and Lee Tien (n.d.) point out some of those issues, principally surrounding surveillance, potential for abuse, standardization, and tracking. Biometric systems require surveillance, the initial capture to enroll an individual in a database, repeat capture of data, and voluntary capture. Databases require updating to remove those no longer eligible. (I can imagine the problem of keeping databases current in schools faced with staff cutbacks.) By voluntarily giving a fingerprint, we are trusting that the data are used only for the purpose of their collection and certainly not used for other purposes without consent. We are trusting that they will not become a standardized identifier, such as the Social Security number has been. We know the problems surrounding identify theft that have been created as of that result.
The most significant negative of "biometric ID systems is their potential to locate and track people physically.... Perfect surveillance, even without any deliberate abuse, would have an extraordinary chilling effect on artistic and scientific inventiveness and on political expression. This concern underlies constitutional protection for anonymity, both as an aspect of First Amendment freedoms of speech and association, and as an aspect of Fourth Amendment privacy" (Abernathy & Lee, n.d., sec: Tracking). Facial recognition technology can be used to identify people in a demonstration crowd, for example, without their knowing it.
When it comes to ensuring privacy, the Supreme Court made a cautionary statement following its decision in the 1977 case, Whalen v. Roe (429 U.S. 589), indicating its awareness of the implied threat of accumulating extensive personal data in computerized data banks (Freeman, 2003). Steven McDonald, general counsel at the Rhode Island School of Design (Kiernan, 2005) indicated, "Records of a student's biometric measurements, as well as records of where and when that student used a biometric device, probably would be protected from public disclosure under the Family Educational Rights and Privacy Act." However, those records "might be vulnerable to subpoena by law-enforcement officials" (sec: Privacy).
Freeman (2003) indicated courts have not devised a strict test about when and if biometric evidence would be admissible in trials. The 1993 case of Merrill v. Dow Pharmaceuticals (509 U.S. 579) did produce five conditions that should be met before evidence would be admissible as scientific, which might set guidelines for using biometric data as evidence. These include "Whether the theory or technique has been or can be tested; The theory or technique has been subjected to peer review or publication; The existence and maintenance of standards controlling use of the technique; General acceptance of the technique in the scientific community; A known potential rate of error" (p. 7). That "rate of error" does strike me as a significant factor.
Craig Kaucher of National Defense University (Biometrics 101, n.d.) discussed cultural and social issues surrounding the use of biometrics. Some might be physiologically unable to use one or more techniques, such as if limbs are missing. Some individuals have health concerns about long-term physical effects from repeated use of the technology, such as retinal scanning. Depending on your community, there might be religious and cultural concerns that must be considered when implementing any system, such as accommodations for those that prohibit or look unfavorably on photographing individuals. The capture process might be slowed down by the inability of some to understand and follow directions, or if psychological conditions prevent correct operation.
You might hear parents voice a concern about the germs on devices requiring physical contact that might pose a health risk, such as an infectious disease. Think of elementary schools, in particular, that encourage children to have clean hands before eating, and then expose those very same children to germs from multiple users on fingerprint readers or hand readers immediately thereafter. But then, one might make the same argument about germs on door handles. Those biometric readers can be cleaned frequently.
More on Standardization
According to Abernathy and Tien (n.d.), the government in connection with law enforcement uses Automated Fingerprint ID Systems (AFIS) heavily, "but there is at present little standardization within the AFIS industry. If law enforcement and private industry were to unify their fingerprint databases under one common standard, such as under a national ID system, this would potentially put one's entire life history in interoperating databases that are only a fingerprint away" (sec: Linking). Given sufficient time, resources, and research, it is conceivable. A great deal of cooperation in the scientific and business community and attitude adjustment regarding "Big Brother" among citizens of the world would be needed to make it happen.
There are efforts underway nationally and internationally to do just that. SDKK Secure Design (n.d.) reported that the U.S. and many other countries are working to implement the biometric passport, which embeds the owner's biometric data such as fingerprint and face recognition information. The United Kingdom is looking into a national ID card system containing biometric data, but there is controversy in the UK, too.
Vendors have propriety formats for enrolling individuals and capturing, processing, and matching data. However, the biometric industry is advancing standards and interoperability of biometric-based applications and systems developed by different vendors. According to the National Science and Technology Council Subcommittee on Biometrics (2006), "Interoperability is a crucial aspect of product implementation, meaning that images obtained from one device must be capable of being interpreted by a computer using another device. Major standards efforts focus on the standardization of content, meaning, and representation of the fingerprint data interchange formats" (sec: Standards Overview, p. 5).
Organizations such as the National Institute for Standards in Technology (NIST) have played a role in developing the Common Biometric Exchange Formats Framework (CBEFF), which already is part of government requirements and is being adopted within the industry. CBEFF includes specifications for exchanging many types of biometric data files, including fingerprints, faces, palm prints, retinas, and iris and voice patterns (NIST and Biometrics Fact Sheet, n.d.). Details of this framework are in Podio, Dunn, Reinert, et al. (2004). The BioAPI Consortium has a list of biometric products that claim compliance with its standards developed to date.
I agree with the need for interoperability of devices, but I wonder about standardization within the industry and how far it can go to create a single common standard for coding a biometric. The impossible becomes possible when you think of Jules Verne and submarines and skepticism of ever reaching the moon. I will not soon forget that phrase "like a social security card," which Sagem Morpho Inc. associated with the template created in its fingerprint scanning process.
After getting an understanding of the technology, its potential and the issues surrounding its use, will you allow your district to be swayed by vendor claims? The important question is: "Do you require a reliable biometric solution, or is it just something that would be nice to have?" Don't put the cart before the horse. You're not ready yet to decide. You need a business plan of action, but that's for next time.
Abernathy, W., & Tien, L. (n.d.). Biometrics: Who's watching you? Retrieved April 3, 2007 from Electronic Frontier Foundation website
Biometrics 101 (n.d.) Retrieved March 30, 2007, from U.S. Army Biometrics Task Force website
Freeman, E. (2003). Biometrics, evidence, and personal privacy. Information Systems Security, 12(3), 4-8. Johns, M. (2007, March 27). The Truth about Biometric Devices in Schools. Retrieved March 28, 2007, from PRWeb Press Release Newswire
Kiernan, V. (2005, December 2). Show your hand, not your ID. The Chronicle of Higher Education, 52(15), A28-A30. Retrieved April 4, 2007
Mehta, S. (2006, December 6). High school in Irvine drops plan to scan fingerprints. Los Angeles Times. Retrieved April 3, 2007
National Science and Technology Council, Subcommittee on Biometrics (2006). Fingerprint Recognition. Retrieved April 2, 2007
NIST and Biometrics Fact Sheet (n.d.). Retrieved April 3, 2007, from National Institute of Standards and Technology website
Podio, F., Dunn, J., Reinert, L., Tilton, C., Struif, B., Herr, F., Russell, J., Collier, M. P., Jerde, M., O'Gorman, L., & Wirtz, B. (2004, April 5). Common Biometric Exchange Formats Framework. National Institute of Standards and Technology. Document NISTIR 6529-A. Retrieved March 28, 2007
SDKK Secure Design (n.d.). International Standards--Interoperability. Retrieved April 3, 2007
:: READ MORE OPINIONS and VIEWPOINTS ::
About the author: Patricia Deubel has a Ph.D. in computing technology in education, and is currently an adjunct faculty member in the graduate School of Education at Capella University and an education consultant. She is also the developer of Computing Technology for Math Excellence at http://www.ct4me.net.
Have any additional questions? Want to share your story? Want to pass along a news tip? Contact Dave Nagel, executive editor, at firstname.lastname@example.org.