Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fingerprint Requirement For a Work-Study Job?

Posted by timothy on from the dept-of-double-speak-is-closed-please-come-in dept.

BonesSB writes "I'm a student at a university in Massachusetts, where I have a federal work-study position. Yesterday, I got an email from the office that is responsible for student run organizations (one of which I work for) saying that I need to go to their office and have my fingerprints taken for the purposes of clocking in and out of work. This raises huge privacy concerns for me, as it should for everybody else. I am in the process of contacting the local newspaper, getting the word out to students everywhere, and talking directly to the office regarding this. I got an email back with two very contradictory sentences: 'There will be no image of your fingerprints anywhere. No one will have access to your fingerprints. The machine is storing your prints as a means of identifying who you are when you touch it.' Does anybody else attend a school that requires something similar? This is an obvious slippery slope, and something I am not taking lightly. What else should I do?"

23 of 578 comments (clear)

  1. What else should I do? by NfoCipher · · Score: 5, Insightful

    Start looking for another job..

    --
    I'm sorry, I can't hear you over the sound of how awesome I am.
    1. Re:What else should I do? by causality · · Score: 4, Insightful

      I agree .. if you don't like it .. don't do it. No one is forcing you to. Others may not have the same concerns and would be more than happy to do that job, so I'm sure it won't bother them too much.

      Those others and their indifference is part of the problem. If this university is doing this, you can bet that others have considered it. If this is successful and does not receive much opposition, others will follow suit. The result is that the people who do care about privacy are going to have fewer ways to protect it. So no one is forcing you to support this right now but when every such institution adopts these requirements, that will change. Of course by that time there'll be little or no hope of doing anything about it because it will be entrenched.

      It's similar in some ways to the relative uniformity of cellphone service plans in the USA despite the multiple competing companies that offer it. A few such companies established pricing and service plans and were successful, so others adopted similar business practices. The result is that there's little actual innovation in the industry. None of the cellphone companies has any incentive to rethink their pricing, so I as a customer cannot vote with my wallet if I want, for example, text messaging prices that realistically reflect the actual cost of delivering SMS.

      I'm sure there is a whole litany of reasons why an institution wants biometric identification. I'm sure that some of those justifications are reasonable enough. I just don't care, to be honest with you. I don't want to live in a surveillance society. If that means a few more unauthorized users gain access, or if that means a few more criminals avoid detection, I'm fine with that and more than willing to take my chances. Only cowardice would make me feel differently. It is obvious to me that a surveillance society is like a totalitarian state; it is created by means of baby steps. Each baby step down that path looks harmless enough at the time and plenty of useful idiots will sing the mantra of "I've got nothing to hide, so I'll surrender my privacy to anyone who asks." Stop this early when it seems minor and benevolent and you avoid the tremendous problems that become inevitable otherwise.

      I used to work at a job that required using an id card to clock in and out. If you left it at home it was a huge hassle to get a temporary id card. Forget it too many times and they started to take disciplinary action. I'd rather use my fingerprint to 'clock in' than try and remember to bring my id card every day when the only function of that card was to clock in and out.

      I'm sorry but I believe in fixing problems at their source. This is simple forgetfulness that a little self-discipline can easily solve. The privacy of every member of society that is never coming back once lost is far more important than the very minor inconvenience to you of learning to bring your ID card to work. To say otherwise is supreme selfishness and amounts to forcing your beliefs about privacy on everyone else. Those who like privacy appreciate that about as much as you'd appreciate being forced to practice a religion you don't believe in. I don't think you really are this selfish; I just think you're not considering the full implications of your position.

      Privacy is a good default; anyone who doesn't want it can always become an exhibitionist with their personal information if that's what they want to do. I won't try to find ways to stop them since it's their choice and, unlike this slippery slope, doesn't affect me in any way either real or potential. Anyone who thinks that this won't grow and expand if it isn't stopped, who believes that the companies producing biometric machines won't seek new markets and new customers, who really thinks that no one would ever want to retain and datamine such detailed information about your habits and whereabouts, is frankly rather naive.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    2. Re:What else should I do? by darkmeridian · · Score: 3, Insightful

      To say otherwise is supreme selfishness and amounts to forcing your beliefs about privacy on everyone else.

      That seems like what you're doing. The problem is that others are willing to trade off some privacy to get some convenience. Look at Facebook.

      --
      A NYC lawyer blogs. http://www.chuangblog.com/
    3. Re:What else should I do? by TheRaven64 · · Score: 3, Insightful

      It it my inalienable right to only leave my fingerprint on everything that I touch, not in some database.

      --
      I am TheRaven on Soylent News
  2. You're dumb by ArchieBunker · · Score: 4, Insightful

    Its a time clock. Many jobs have them along with your address, phone number, date of birth, and social security number. Welcome to the working world. I could just as easily steal your fingerprints from your car door handle or the can you threw in the trash. After this fiasco don't expect the job offers to roll in.

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
  3. As long as you are assured that your privacy by ragethehotey · · Score: 4, Insightful

    As long as you are assured that your privacy is protected...this is a huge non-issue. Fingerprint scanners are the best (In terms of ease of implementation) way to prevent people from clocking in and out for each other, even though they are obviously easily defeated by anyone sufficiently motivated.

  4. Welcome to the new world by ColdWetDog · · Score: 3, Insightful

    Same as the old one... My wife's workplace has this system. Works terribly but somehow it got past some CxO. Not sure if the privacy issue is a big deal however. You train the system in the system (if it's the same one). The print doesn't go out to the big Gov.

    Not saying that they couldn't do that, but you do realize (being an aluminum foil shielded card carrying Slasdotter) that 'they' can get your fingerprints, DNA and bog knows what else without much of a problem these days.

    Hell, at least it's pretty unlikely to show up on Facebook.

    --
    Faster! Faster! Faster would be better!
  5. It's like storing a hash. by HiggsBison · · Score: 5, Insightful

    Apparently what it is storing is a statistical summary of the biometric information (if that's not redundant). It doesn't store the fingerprints themselves anymore than an operating system will store your password. With the password, whatever you type in has to have a hash which matches the hash associated with your account. With the scanner, the summary generated each time you plop your hand on the scanner has to match (to a significant degree) the summary on file.

    But, yes, if someone finds your fingerprints somewhere else, and they have access to this data, they can be reasonably certain it is you.

    --
    My other car is a 1984 Nark Avenger.
  6. Not working there is not a solution. by EightBits · · Score: 3, Insightful

    Not many posts yet but I already see a LOT of posts pushing the idea of not working for this employer. This is not a solution. If we don't fight it and win, it will be adopted by more and more employers until it snowballs into something too big to fight. If we think this is a bad idea, it needs to be fought now while it's still in its infancy.

  7. I recommend... by pak9rabid · · Score: 4, Insightful
    ...that you stop being such a whiney bitch. So they want your fingerprints to ID you...so what? What is it that you're worried about that they're going to do with them, other than use them internally for authentication purposes?

    I am in the process of contacting the local newspaper...

    Are you for real? Other than than the fact that they likely won't give a rats ass about this, you are treading on very thin ice. I'm not sure what it is you're planning on doing after graduation, but being labeled a well-known whistle-blower isn't going to do you much justice when you're out looking for a job.

  8. biometric time clocks by linuxbert · · Score: 4, Insightful

    I installed these at a client.
    The issue was the employees would take an afternoon off to go to an appointment, and get buddy to clock them out at the end of the day - The emplyoee would then get paid for an afternoon they didnt work.

    The time clocks have a fingerprint scanner. You place your thumb on the device as you punch out. Now buddy cant swipe out for you, and you cant defraud your employeer.

    They also had biometric locks instead of prox cards on the doors. Much more convieient then having to remember a card the few days when i was on site.

  9. Re:Modern Fingerprint Scanners dont keep prints by tsm_sf · · Score: 4, Insightful

    All they have to do is get your fingerprint from something

    like your finger? Look, if "they" want your fingerprint, they're going to come get it from you. If you're a suspect you will be fingerprinted. This time clock is not connected to a federal black-helicopter database, no matter how exciting that might be.

    making a stink about something trivial like this makes legitimate privacy concerns look bad

    --
    Literalism isn't a form of humor, it's you being irritating.
  10. Re:Non-issue? by martin-boundary · · Score: 5, Insightful

    Not sure what `safe` has to do with anything, unless you think you're likely to catch swine flu from touching a fingerprint reader or something.

    Safety means you won't get your finger chopped off by someone who wants to impersonate you to enter the building.

    Safety (for people) is higher when there's no biometric system in place, becaus the bad guys don't have an incentive to chop their fingers off or gouge out their eyes.

  11. No substitute for good management by goodmanj · · Score: 4, Insightful

    The purpose of this device is to keep people from cheating on their hours. You can get all Big Brothery all you like, but there is one and only one technology that can reliably ensure that people come to work and do the jobs they're paid to do.

    It's called "management". The way it works is, you know your employees' names, you stop by their workstations, both to help them with problems they're having and to check to see that they're doing their jobs. You build up a culture of trust, so that when they need to leave work they *tell* you, and you arrange for them to make up the time.

    Or you can treat them like condemned criminals, and let them be monitored by machines while you sit in your throne of an office eating donuts and browsing bmw.com. It's really up to you.

  12. Re:They could go even further... by digitalunity · · Score: 4, Insightful

    Wouldn't work, for technical reasons.

    Both major algorithms need to be able to compare the data from an authoritative database against the test sample.

    The reason for this is no two scanners, in fact even the same scanner will not produce identical results for the same fingerprints. There will always be "fuzziness" to the data that the algorithm must interpret.

    --
    You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.
  13. Re:They could go even further... by Anonymous Coward · · Score: 5, Insightful

    This leads to the principle flaw of biometrics: If someone manages to reproduce the key (synthetic fingerprint for example), there is no way to issue a different key to the owner of the original. Anywhere you authenticate with a fingerprint, the people who control the system can gather all information which is needed to create a fake fingerprint, plus there are countless other ways to get a person's fingerprint, and you still only have that one set of fingerprints that you can't change. What are you going to do then?

  14. Re:They don't store your actual fingerprint by Anrego · · Score: 4, Insightful

    I totally agree with commodore64_love

    I don't want the government tapping into my phone, spying on my Internet traffic, or searching through my house without just cause.. but we're talking finger prints here.

    And while I do agree.. saying the only alternative is welfare was a little extreme.. you are definitely limiting yourself by refusing to allow any intrusions into your precious privacy.

    I suppose some people will accept a lot of money to surrender their freedoms.

    This is completely true.. and I think in a lot of cases.. people are better off for it. Everything is a balancing act.. certain jobs (especially government) require a fair degree of background checking.. this is of course an invasion into your privacy.. but you are compensated for it (both financially and in terms of getting to work on some really cool stuff).

    It's not about completely selling out your privacy.. but it's not about living the life of a paranoid delusional who thinks the world is out to get them either. It's about finding a balance you're comfortable with.

    As someone who has "given up" a lot of privacy in exchange for a very enjoyable career.. I've felt no ill effects from it. What exactly do the tin foil types of the world think the government / Illuminati / whatever .. are doing with this information.. and specifically.. how do they think it's going to realistically effect their lives in an actual concrete way (vice some paranoid "when the commies come back" throb).

  15. Re:They could go even further... by Herby+Sagues · · Score: 3, Insightful

    Hashing would work if the scanners were taking absolute, binary measurements without error. But they are not, not a single biometrics unit has or can have that sort of precision. If you capture your fingerprint parameters with the same device, with the same process, two or three times in a row, you'll see significant changes in the parameters from one time to the next. While the detection algorithms are designed to cope with such scanning errors, hashing would make relative comparisons fail 100% of the time. And there lies the problem with biometrics: once you use them once (or even before you do), your "parameters" are no longer a secret under your control. If you give your fingerpring parameters to your bank, your school and your employer, each of them can in theory authenticate as you to the others. That's why I always say: biometrics are technically useless as an authentication mechanism. They can be used for identification (replacing your username) but not for validation (your password) because they are NOT a secret, they CAN'T be revoked, you don't have the option to use different ones for different organizations and they are easy to fake. Of these issues, only the last one can be improved with better technology, the rest are intrinsic to the concept.

  16. Re:They don't store your actual fingerprint by benchbri · · Score: 3, Insightful

    I agree. I just pulled out my Pennsylvania drivers license, and it has on there my eye color, height, and *sex*.

    That's a privacy concern.

    OH MY GOD THERE'S A PICTURE OF ME ON HERE TOO

  17. Re:It's all stupid, and for stupid reasons by dunkelfalke · · Score: 3, Insightful

    Nope, because the non-voters agree with everything that comes up by default.

    --
    "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
  18. Re:They don't store your actual fingerprint by RivieraKid · · Score: 3, Insightful

    So first you bash people's legitimate desire for privacy, than you claim to have a legitimate reason for anonymity? You *do* realise, don't you, that anonymity is just another aspect of privacy?

    So, either you're for privacy, or you're not, but stop pretending you have a legitimate reason for abolishing it while taking full advantage of it.

    Required reading for those 'I've got nothing to hide' people.

    Also, perhaps you can explain how somebody chooses not to be born in a particular country?

    Not posting anonymously because I'm not scared of what people have to say.

    --
    "Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves
  19. Re:They could go even further... by Simmeh · · Score: 4, Insightful

    This is why fingerprints should be usernames, not passwords.

  20. Re:They could go even further... by profplump · · Score: 4, Insightful

    This isn't a flaw of biometrics so much as it's a flaw of any dongle-based, single-layer security system.

    For example, you have the same problem with a door with the same key issued to 1000 people -- yes it technically can be changed, but it's quite expensive, so in practice it's never done. That leads to people who should no longer have access still having access, and the ability to easily copy the key and use the copy without detection.

    The solution is trivial. If you combined a password with a fingerprint there would be a secret bit of information that's easy to change AND a physical bit of security apparatus that's harder to reproduce/copy than a password. This same solution also solves the key problem above. And it's the same solution already used in all sorts of applications where security is actually important.

    It's not in use for this timeclock system because the problem they're trying to solve is not a high-security application. They're going from the honor system for clocking in to a single-layer physical-dongle security system, likely in an attempt to raise the barriers for clocking in a co-worker. If they were relying on this system to allow you to make changes to your direct deposit account it would be a problem, but for the stated application I don't see why it's a concern.

    Now, you could be concerned about them having your fingerprints on file -- I understand the desire to keep people from collecting information about you. But honestly, unless you wear gloves all day long, they could already have your fingerprints if they wanted them; fingerprints are not secret information in the first place.