Over the past week the use of biometrics in schools (in particular) has received a lot of media attention – one of the key uses being to “pay” for school meals. Such a system has some big advantages – the reduction in bullying and the loss of stigma for those children who receive subsidised meals are two key benefits (the social inclusion element was a matter actually mentioned at this event).
The usual arguments for both sides were bandied around the media. My own initial thought on the matter was that it probably isn’t such a bad thing – after all, the full fingerprint isn’t stored in the system and as long as data isn’t shared with other systems (the criminal justice IDENT1 programme, for instance) and is deleted at the appropriate time, then the privacy of the child can be maintained and the benefits realised (not that I have any faith at all in our Government to not actively encourage should data leakage).
It seems I wasn’t alone in this belief – Kim Cameron has written a series of posts on the topic (starting here in which some of the myths about convention biometrics are dealt with. This post in particular is instructive and shows how current biometric systems work – producing a template of the biometric with a known algorithm – against which a result is matched. For some reason I’d assumed that these systems worked more in the way of what I now know to be Biometric Encryption (link to PDF by Ann Cavoukian and Alex Stoianov), but this is obviously not the case!
Kim follows this up with a further explanation from Cavoukian and Stoianov which describes how easily standard biometric templates can be matched across discrete databases – even when there is no explicit link between them!
“The linking of the databases can be done offline using template-to-template matching, in a very efficient one-to-many mode.”
Kim concludes with the statement
I had not understood that you can so easily correlate conventional biometric templates across databases. I had thought the �fuzziness� of the problem would make it harder than it apparently is. This raises even more red flags about the use of conventional biometrics.
This is where my provisos on when this is acceptable come in – identity data and biometrics in particular need to handled with sensitivity (even more so when it concerns children), but even with the right political and economic safeguards the technology has to be correct. As things stand we have a scenario where inadequate technology is being used for unsuitable purposes under the umbrella of a “higher goal” that is ill advised at best.