Slashdot Mirror
Library to Require Fingerprint to Use PCs
FearUncertaintyDoubt writes "Three libraries in Naperville, IL, soon will start requiring patrons who use the library's PCs to provide a fingerprint scan. The article says, ' Library officials say the added security is necessary to ensure people who are using the computers are who they say they are. Officials promise to protect the confidentiality of the fingerprint records.'"
"Right now we give you a library card with a bar code attached to it. This is just a bar code, but it's built in," said Mark West, the library's deputy director.
To be fair that does come after this paragraph:
Naperville library officials said the technology cannot be used to reconstruct a person's actual fingerprint. The scanners, made by Naperville-based U.S. Biometrics Corp., use an algorithm to convert 15 or more specific points into a unique numeric sequence.
But it's still shockingly cavalier to describe the technology as "just a bar code". I have difficulty understanding a) why this seems like a good idea to anyone, and b) why this gentleman seems incapable of understanding people's worries about a fucking library requiring fingerprints!
Carousel is a lie!
Officials promise to protect the confidentiality of the fingerprint records.
What does that mean exactly? Doesn't the "Patriot" Act allow for law enforcement officials to easily obtain library records during investigations? I know that the ALA has spoken against the "Patriot" Act in the past but will they actually stop the LEOs from taking this information?
The three-library system this week signed a $40,646 contract with a local company, U.S. Biometrics Corp., to install fingerprint scanners on 130 computers with Internet access or a time limit on usage.
Library officials say the added security is necessary to ensure people who are using the computers are who they say they are.
$313 a computer seems like an awful lot of money for this. I'm not sure what they are trying to accomplish other than wasting taxpayer dollars.
Once a patron's fingerprint has been recorded, accessing a computer will require only the touch of a finger.
"Right now we give you a library card with a bar code attached to it. This is just a bar code, but it's built in," West said.
So patrons used to scan their library card and they could use the computer? There is no difference now except a database of information tied to a fingerprint that can easily be looked into by employees, LEOs, and possible thieves.
West said the library is requiring a fingerprint to set up computer access, although patrons who object could ask a staff member to log them on to a computer.
Are they going to make this perfectly clear to all patrons with a large sign in blinking neon? I doubt it. Make sure to give the staff a hassle. We need to hassle businesses (public and private) more so that these privacy intrusions cease. We will continue heading down the slope due to "ease" if people continue to stand down.
Initially, I was against this development, but after reading TFA, I actually feel al lot better aboout it, for a few reasons:
From TFA:
The library taking a stand like this gives me slightly more confidence in trusting them with biometric data...at least they won't give it up without the proper authorization, but this doesn't address the issue of data theft. The following quote, however...
Also from TFA:
It's important to note that most biometric systems work in this fashion. If each organization who wished to use biometrics were required to use their own, distinctive algorithm, the danger of other organizations using that biometric data for its own purposes would be greatly reduced.
Actually, there's just one thing in TFA that troubles me:
Come now, Mark...which is it...confidentiality or privacy? They can't both be your middle name...
^_^
____
~ |rip/\/\aster /\/\onkey
This really begs the question: Why do they need to know who that the person in front of the computer is who they say they are? What purpose does this serve?
"We take people's fingerprints because we think they might be guilty of something, not because they want to use the library," said Ed Yohnka, spokesman for the American Civil Liberties Union of Illinois.
A very apt response from the ACLU. The problem is that we're now into the notion that "everyone is suspect" and due to that, we're going in this direction. It seems like
I could very well imagine this being linked into god-knows-what. Imagine, for instance, having $100 in parking tickets due, and the library terminal refusing you connection to their services before this due is paid.
Finally, anyone who is really interested in doing something criminal will just subvert the system. It's not like it's particularly difficult to spoof a fingerprint scanner. Remember the stories about doing it with Jello? Also, remember the fingerprint scanner that could be defeated by blowing on it?
Just like limitations on guns, just like airport security, just like locks on our doors and car alarms, and just like so many other things, this is used to punish the law abiding citizen, and does nothing to deter the hardened criminal or terrorist.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
So, if I go to this library with a fake ID and they take my fingerprints how are they going to make sure that I am who I claim I am, if they're not crossreferencing any other fingerprint databases?
The whole idea is just completely absurd.
In Soviet Russia, I ruled you
Sure, you can't get their *fingerprint* from the points, but you have a unique identifier. I.e., if someone is investigating messages sent from that computer and they round you up as a suspect, they can take your "15 point" fingerprint and ID you.
I believe Bird-Person can arrange that.
But it's still shockingly cavalier to describe the technology as "just a bar code".
As he states - it is a one-way algorithm. If I have your barcode off your library card, I cannot reconstruct your name, SSN, birthdate, and all that without going into the library's database. With the number-sequence that this system creates, I cannot reconstruct your fingerprint at all. I cannot reconstruct any of the data previously mentioned without going into the database. So, instead of creating a random number with the unix timestamp as a seed, they are creating a random number with your fingerprint as a seed. What is so shocking about that?
I have difficulty understanding why this seems like a good idea to anyone
Hmmm... I guess someone needs to go to your library, tell them that they are you - they can even print a fake barcode on any old library card since barcode techology is open and freely available to anyone and everyone. Then, they can surf for child porn on your account. When the feds come to your door, you can explain to them that it is a terrible idea for the library to go to every measure to ensure that patrons are who they say they are.
I have difficulty understanding why this gentleman seems incapable of understanding people's worries about a fucking library requiring fingerprints!
There is a difference between requiring fingerprints on record (actually having your fingerprint in a database somewhere) and using your fingerprint to create a random sequence of numbers. If you cannot see that, then you are forcing yourself to be blind to it.
The previous comment is purposely vague and generalized, but all of the facts are completely true.
In Soviet Russia, the Library checks out YOU!!!
In China, only old people go to the library to use computers.
1. Make fingerprint scanner
2. Con librarians into buying it
3. ???
4. PROFIT!
They can get my fingerprint when they pull my finger out of Cowboy Neal's butt.
Let's see.....Soviet Russia, Chinese old people, profit, Cowboy Neal reference. Now only if this would have been the first post....
What is so shocking about this is that I don't trust them. How can I be sure that they are telling me the truth and my entire fingerprint isn't stored in the system ?
How can I be sure that the system haven't been cracked and someone hasn't intercepted the picture of my fingerprint before the 15 points were extracted and the rest discarded ?
How can I be sure that they still only take 15 points or that another organization that jumped in the bandwaggon is also only using 15 points ? Read the fucking licensing agreemend before each time I put my thumb there ?
Slashdot anagrams to "Sad Sloth"
I think the article just explained this rather bizarre move.
Naperville library officials [...]
The scanners, made by Naperville-based U.S. Biometrics [...]
Both in Naperville. How coincidental. I wouldn't be terribly surprised if U.S. Biometrics wandered into the library offices and said "y'know, if you buy our fingerprint scanners we might be willing to donate a fat wad of cash to the library. We'll even discount 'em for you."
Why else would a library -- likely strapped for cash, as most are -- suddenly feel the need for (expensive) biometrics hardware out of the blue?
And do you know why? Because it's an numeric encoding of your fucking fingerprint.
"No, no sir. We don't require photo ID to take out a book. What we do is take a photograph and then convert that to a unique numeric code called a jpeg. So you see, your fears are completely ungrounded."
KFG