Slashdot Mirror

← Back to Stories (view on slashdot.org)

Would You Submit Biometric Data to Join a Gym?

Posted by Cliff on from the your-body-is-no-longer-your-own dept.

An anonymous reader asks: "I went to my gym (Rocky River, OH branch) yesterday and there was a huge line of people at the counter. When I went to the scanner to swipe my membership card, I noticed they were training people in the use of their new security system that requires the input of your thumb print. There currently a story on boingboing that mentions a tanning salon in Arkansas that is enacting a similar policy. I'm going to call the gym later today and see what type of security they have on their network. I guess we can look forward to a future where these sorts of personal services clubs require the submission of biometric data. I was wondering how the members here at Slashdot feel about the security risks involved in submitting biometric data to small private companies?"

13 of 190 comments (clear)

  1. How secure is their security? by AndroidCat · · Score: 3, Insightful

    Once they've got your biometric data, how secure are they going to keep it? Unlike a password, it's not possible to change your biometric data if someone steals the gym's files and uses it to spoof other systems.

    --
    One line blog. I hear that they're called Twitters now.
  2. It's...um...bad by tha_mink · · Score: 4, Insightful

    I am fearful regarding theft of my fingerprint or any other biometric information since I KNOW that eventually, someone will steal it from anyone who collects it from me. But then, someone could easily get my fingerprint by following me around for a little while and picking up my trash. Same with DNA for that matter.

    --
    You'll have that sometimes...
    1. Re:It's...um...bad by sartin · · Score: 3, Insightful

      But then, someone could easily get my fingerprint by following me around for a little while and picking up my trash.

      Yes, but following you around is labor intensive and targets you specifically. For less effort (at most small business networks I've seen), a hacker could recovers hundreds or thousands of fingerprints (or other biometric data). This change in scale changes the nature of the problem and removes control from you. Without the biometric data stored in the business computer, the paranoid can wear gloves or dab their fingertips with various substances to disrupt attempts to get fingerprints. That control is gone when the data gets stored on computers owned by various businesses.

    2. Re:It's...um...bad by Total_Wimp · · Score: 3, Interesting

      That control is gone when the data gets stored on computers owned by various businesses.

      Well, not really. It's more like a hash. Unless the people that designed the security sytem didn't have a clue, they wouldn't store reversable fingerprint information at all.

      I remember having this discussion with my old boss when he wanted to go biometric a few years ago. He even got ahold of a some fingerprint readers for testing. We found that the industry, and this manufacturer, were very clear on the matter. No one wanted to actually store your fingerprints.

      So, feeling confident, he installs the software, plays with it for a little bit and invites me over to try to "hack" his account with my thumb. I put my thumb on the plate and sure enough the device tells me I'm unauthorized... while displaying a giant picture of my thumb accross most of the display.

      My conclusion: I believe the companies really aren't storing reversible fingerprint information. I also believe they're doing a lousy job of making people feel confident about this fact.

      I think there are enough other downsides that this technology should be condered DOA for most purposes, but this particular issue is probably just a PR problem.

      TW

  3. thumbs are useful by chewy · · Score: 3, Insightful

    Though I feel you are correct for being sceptical about the security of biometrics, I think that the convenience of using a thumbprint machine for entry into a gym is worth the sacrifice.

    Better than having swipe-cards that fail after a single wash. (Thumbs are wash-proof!)

    But using thumbs as positive I.D. for your bank account is a bad idea.

    See?

  4. My University did this. by dayid · · Score: 3, Interesting

    I work for (and attend) a State University. Our gym (in 2002) enacted similar policies and equipment. It was *optional* however, and was enacted for people who didn't want to have to carry around a membership-card or student/employee-ID just to be able to get into the gym (since most gym shorts don't have a pockets, and many people on campus just walk to/from the gym rather than driving or bringing a full bag and using a locker). It was an option for about one year, until they realized that the extreme costs of using the hardware and managing it (and its slight errors) far outweighed pleasing a minority of people who attended. It's good to see the technology developing, but I still prefer losing my identity to a bunch of little numbers on a card.

  5. I'd like to tell you ... by cybermage · · Score: 3, Funny

    but you'll have to press your thumb in the box below to read my response.

    I..........I
    I..........I
    I..........I
    I..... .....I
    I..........I

    Your unquestioning compliance in this matter would be greatly appreciated.*

    Thank You,

    The Management

    * By supplying your thumb print, you agree to abide by our Terms of Service. You may request a copy of the Terms of Service directly from our Corporate Headquarters.

    --
    Some people have a way with words, and some people, um, thingy.
  6. This country was founded by criminal lovers by Safety+Cap · · Score: 3, Insightful

    you'd only really need to be worried if you planned to commit a crime; for non-criminals there's really nothing to worry about.

    Damn those long-haired freak Founders and their crazy ideas. If only someone would've told them that innocent men have nothing to hide, they could've avoided making many unnecessary additions to the US Constitution.

    --
    Yeah, right.
  7. Re:Copyright (C) Yourself. Right now. by GigsVT · · Score: 3, Insightful

    You can't copyright facts. There's no creative process involved with recording the length of various things on your body.

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
  8. Not big brother by brian6string · · Score: 3, Insightful

    Alright, everyone take a deep breath here. The idea of a fingerprint to sign in at the gym is there as a customer convenience You don't have to carry a membership card into the place, and then find somewhere to stash it while you're exercising. This is actually a good thing.

    And, as someone pointed out already, there is no security concern to be worried about. Even if someone copied their thumbprint database, I mean, what could you do with that? Nada...

  9. Re:No. Thank. You. by Total_Wimp · · Score: 4, Interesting

    I wouldnt be a member of that gym for much longer

    I went to check out a nice large brand-new gym near my house. They handed me a form to fill out including a questionnaire and a space for my name phone number and address. I answered a few of their questions and just put my first name on the form.

    They mentioned that they'd like me to fill in my phone number and address and I said, "no thank you, I'd like to check out the equipment first before signing up." They told me they couldn't show me the gym without that information. Still thinking we just had a misunderstanding I pointed out that I wasn't there to use the gym, I just wanted to see what they had to offer before signing up. They then proceeded to point out to me that they were prepared to give me a tour, but would not do so without my phone number and address.

    I said, "goodbye" and walked out the door. Even my bank doesn't require biometrics and didn't ask for an address before they told me about their features. These fitness center folks are too big for their own britches. Pushups and situps are free and running shoes don't cost that much compared to a gym membership. I'd like to use the gym, but I don't have to and I certainly wont consider it untless they figure out how to be less intrusive.

    TW

  10. ask for their data retention and privacy policies by weld · · Score: 3, Interesting


    If anyone is collecting sensitive information from you: SSN, biometric data, etc. you need to get a data retention and privacy policy in writing.

    Will they transfer this data if the company is sold or goes out of business? Remember eToys had a privacy policy that went out the window during bankrupcy. Will they destroy the data when you cancel your membership. What security mechanisms and audit procedures do they have in place?

    When you bring it up it may be the first time they have thought of it so be prepared to wait.

    -weld

  11. Re:theft of my fingerprint? by stanmann · · Score: 3, Informative

    You realize of course that the woman who CLAIMED to find that finger is now facing fraud charges right?
    here
    or here
    or here even
    another one

    In other words.. she's a known con artist, and now she's paying the price for being clumsy.

    --
    Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed