Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fingerprint Requirement For a Work-Study Job?

Posted by timothy on from the dept-of-double-speak-is-closed-please-come-in dept.

BonesSB writes "I'm a student at a university in Massachusetts, where I have a federal work-study position. Yesterday, I got an email from the office that is responsible for student run organizations (one of which I work for) saying that I need to go to their office and have my fingerprints taken for the purposes of clocking in and out of work. This raises huge privacy concerns for me, as it should for everybody else. I am in the process of contacting the local newspaper, getting the word out to students everywhere, and talking directly to the office regarding this. I got an email back with two very contradictory sentences: 'There will be no image of your fingerprints anywhere. No one will have access to your fingerprints. The machine is storing your prints as a means of identifying who you are when you touch it.' Does anybody else attend a school that requires something similar? This is an obvious slippery slope, and something I am not taking lightly. What else should I do?"

6 of 578 comments (clear)

  1. Non-issue? by Fastolfe · · Score: 5, Interesting

    I've used biometric scanners like this in the past. Whatever it stores to recognize your fingerprint never leaves the machine. I don't know if that's what's going on here, but it seems perfectly reasonable.

  2. No contradiction. by Anonymous Coward · · Score: 5, Interesting

    I checked into these before. The scanner records a description of your fingerprint, not the image. The description is used to match. It's a form of message digestion.

    Most scanners of this type do not even record enough detail to qualify as evidence. Those that do must have their data shared with law enforcement, making them a hard sell as a biometric time card.

  3. Re:What else should I do? by johnlcallaway · · Score: 5, Interesting

    I agree .. if you don't like it .. don't do it. No one is forcing you to. Others may not have the same concerns and would be more than happy to do that job, so I'm sure it won't bother them too much.

    I used to work at a job that required using an id card to clock in and out. If you left it at home it was a huge hassle to get a temporary id card. Forget it too many times and they started to take disciplinary action. I'd rather use my fingerprint to 'clock in' than try and remember to bring my id card every day when the only function of that card was to clock in and out.

    --
    I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.
  4. Re:I recommend... by Blakey+Rat · · Score: 5, Interesting

    Humor me:

    How much information about you is encoded in your fingerprint, exactly?

    If someone gained access to your fingerprint could they, for example, empty your bank account? Take out a loan in your name? Give me an example here.

    --
    Comment of the year
  5. They could go even further... by pentalive · · Score: 4, Interesting
    They could do even better than that, they could take relative position information you described and then hash it. Hashes are one way, no one can recover the respresentation once it is hashed.

    To login BonesSB would present a finger, the same information points would be measured, then hashed then the two hashes compared.

    I am not saying that they did go to that extent, but they could have.

  6. It would be illegal in many EU coutries by L-One-L-One · · Score: 4, Interesting

    I know this will surprise many slashdot readers but using your fingerprint as described by the poster for the purpose of clocking you in and out of work would be illegal in many countries accross Europe (with the possible exception of the UK). In France, for example, you can actually get fined by the data protection authority for doing so.

    It's true that most of these devices don't store an image of your fingerprint but rather a "template" : a description of some special features of your fingerprint. But that doesn't change the problem.

    Indeed, many data proctection authorities accross the EU consider that biometrics pose sevreall security and data protection issues and must therefore be used with caution. Fingerprint biometrics are of special concern, in particular when the biometric data (templates) are stored in a central database. The big problem with fingerprints is that we leave them everywhere, on all objects we touch. Someone can pick up your fingerprint and test it against the templates inside the database. (Sounds crazy or technically impossible ? It's much easier than you think : i've tested it myself, that's part of my job). There are other issues whith fingerprint biometrics that I won't detail here.

    In the end data protection authorities in the EU consider that the use of a central fingerprint database is excessive if your only objective is only clocking people in and out. Instead, they encourage the use of a smartcard to store the biometric data : you show your finger to the biometric reader and it gets compared with the data stored in the smartcard. This solution offers the same benefits in terms of security but you keep control of your biometric data.