Fingerprint recognition in schools

Ian Batten ukcrypto at chiark.greenend.org.uk
Sun, 5 Oct 2008 09:18:15 +0100 

I met a woman yesterday whose daughter has just started at the school  
my daughter is at.  I'd let the introduction of fingerprint-triggered  
lunch payment slide by --- I'm focussed on the implications for my  
children of Contactpoint, Connexions and Connecting for Health, and  
regard school-level initiatives as far less worrying --- but she's  
more concerned about it than I am.

Her argument was a social one: that acclimatising or acculturating  
children to using fingerprints for identification is a bad thing, as  
it then makes later, more invasive programmes easier to roll out.  Her  
family history meant she was more sensitive to this risk than perhaps  
I am.   It's an argument we've discussed before on this list, and I  
think it's fairly compelling.  However, it's a difficult argument to  
make on a small-scale: the scheme is entirely school led.

Interestingly,  the new scheme comes with advantages for parents that  
the older --- smartcard --- scheme doesn't have.  There's no reason it  
is related to the change from cards to prints, but parents whose  
children are already in the school are heartily sick of the fact that  
payment has to be made by cheque, and the new system's tie in to  
online payment is incredibly attractive.  I don't think this is a  
conspiratorial ``let's roll out an attractive benefit to sugar coat an  
unattractive mechanism'', but certainly peoples' reaction to the use  
of fingerprints may be softened by the ease of the new payment  
structure.

Note that the school we're discussing doesn't have the issues ---  
crime, chaotic households, high levels of free school meals, etc ---  
that make these schemes very attractive in some contexts.  And there  
is a clearly documented opt-out scheme where the child can use a card  
rather than a fingerprint anyway, so a parent saying ``I don't want my  
child to do this'' can be easily accommodated.  And a child who is  
opted out like that still gets the other benefits, notably the on-line  
payment.

My main counter-argument was that although the slippery-slope argument  
has a lot of merit, this is a practical scheme with practical  
benefits.  There's been, for example, a low but steady level of child  
X forgetting their card and `borrowing' money from child Y, which  
although it's entirely innocent now has the potential for problems,  
and I can imagine it having a lot of problems in some schools.     And  
I suspect that a consultation exercise --- my interlocutor's main  
concern --- would throw a lot of heat and rather less light on the  
topic, especially in the month that HPV vaccination is being done.

The main risk I can see if that actual fingerprints can be  
reconstructed from systems that are probably not wildly physically or  
logically secure: the security of the fingerprint rests in the quality  
of the hashing algorithm used to store the reference copy.  I can  
remember seeing a paper which claimed that you can reconstruct the  
fingerprint from the information stored in these sorts of systems, but  
I can't run it down.

What's the thinking on (a) the slippery slope argument and (b) the  
problem of reconstruction of prints from hashes?

ian