Slashdot Mirror
Thumbprints Used To Check Books Out of School Library
krou writes "Junior students at Higher Lane Primary in Whitefield, Greater Manchester, are in a trial of a system that uses their thumbprints to check out and return books from a library. The thumbprints are 'digitally transformed into electronic codes, which can then be recognized by a computer program.' The system was developed by Microsoft, and is being trialled elsewhere in the country. NO2ID condemned the system, saying it was appalling, and that 'It conditions children to hand over sensitive personal information.' The headmaster has defended the scheme, saying, 'We have researched this scheme thoroughly. It is a biometric recognition system and no image of a fingerprint is ever stored. It is a voluntary system. The thumbprint creates a mathematical template. All parents have been written to and we have told them what the system is all about. From the responses we have had there has been overwhelming support. We hold a lot of information about children because we are a school. This is no different.'"
School bans gummi bears
Thumbprints shouldn't be treated as sensitive personal information, they are too hard to control.
Nerd rage is the funniest rage.
Big deal schools in the UK and NZ have been using this method for checking out books for ages. You try to get a six year old to remember a pin number or library card. Many also use public barcode lists of users instead due to the cost of fingerprint scanners and in some rare cases privacy concerns.
I'm fairly certain there's a hidden agenda here. They say it is a voluntary system, but what they mean is that privacy conscious students won't have access to the library. Libraries hold books. Books hold information. Information leads to knowledge. Knowledge is power.
They're taking the power away from the privacy conscious people. It's a conspiracy, I tells ya!
And no, I'm not paranoid. It's not paranoia if they really ARE out to get you.
*looks over his shoulder*
I'd rather you rationally disagree than irrationally agree.
My old primary school have been doing this for at least three years.
'If Christ had tweeted the sermon on the mount, it might have lasted until nightfall.' - John Perry Barlow
Why is it that anytime there is any attempt to use biometrics in a large-scale environment, slashdotters start wailing? (without even waiting to know the specifics)
So the laptops we got for our courses a couple years back had fingerprint readers on them, for you to set up fingerprint login. Toshiba product, I think a Satellite or something similar. Anyways, concerned with privacy, I took a gander on how the information is generated. They pick a series of points, and record tiny bits of information. Which way this line is going, how thick that line is, if it curves, all that little stuff. Next, they take those and encode them into some digital method or another, and at Toshiba, they encrypt it, just in case you wanted another layer of protection.
Now, because its only 6 or 7 or maybe a dozen datapoints, at various parts across your finger, it's impossible to reconstruct your finger print. It'd be like reconstructing a house with a single plank of wood.
So, anytime you use your finger - the data gets analyzed into the datapoints, encrypted, and tested against the database. The Database comes back with your records, and voila!
I wouldn't mind them storing that information, since they can't really use it for much.
"All pupils' details are erased when they leave school."
They promise...this time is true! For real!
I briefly worked at a company which used a hand scanner in lieu of a badge. It was unwisely put between your desk and the restroom. It's no secret not everyone washes their hands after relieving themselves, so I avoided eating lunch at my desk unless I had a bottle of hand sanitizer with me.
Now imagine 4 year olds, touching everything and sucking their thumb, and then checking out a book.
Technologically, scanners work well enough. Implementation, however, is done by the foolish.
People misuse technology not the other way around. As long as there are security measures in place and the data is not being used for anything they say it is not then there really should be no concern. You are just identifying these students and like they said schools keep a lot of personally identifying information on hand that could be abused. They also mentioned that the system is voluntary and as for the template thing, that is standard procedure when collecting fingerprints and almost all biometrics. Templates that can be matched against take a lot less storage space and are easier to match against.
every anarchist is a baffled dictator. Benito_Mussolini
Thousands of schools already use fingerprints for registration, as well as in plenty of their libraries. I guess most of them are 11+ or 13+, but is it really so different just because this is in primary schools?
As far as I'm concerned, that's enough to move this project from "appalling" to "kinda awesome". I'm not sure what (the otherwise excellent) NO2ID are on about here.
Fascism.
P.S.: I am dismayed, but not surprised, to learn that a company as UNEVIL as Google used MicroCRAP
software.
Yours In Smolensk,
Kilgore Trout.
We did this 6 years ago in my secondary school in Somerset!
If I were a kid at that school, I'd start signing out a lot of books under a teacher's fingerprint. I'm sure a lot of them have seen the mythbusters episode where they do that sort of thing. It's not difficult.
I know a couple of schools that use the system, and unfortunately a large number of thumbs are "unscannable". This means they are singled out to carry cards or something else, which (like almost anything else that makes kids stand out from the crowd) embarrass them.
what the hell is wrong with a library CARD. hasnt this been working for years. if you cant keep up with a library card you might have problems later on in life. further than that why not just use the NAME of the student who has the book. IDIOTS!
The problem with bad ideas like this is that there is no way for those kids (or their parents) who think such Orwellian shenanigans set a bad precedent to opt out. Some idiot administrator has made the final call, and now, if you want to use the library, you have to conform. This is what schools teach. In addition to mediocre math, science, art, music, and physical education; schools primarily exist to teach the value of conformity. You must agree to abide by arbitrary and often quite stupid administrative decisions, and furthermore, you must learn to accept that this is the way of the world. No-one ever distinguished themselves by being like everyone else. Is that a lesson you'll learn in public school? Not a chance.
Has already announced that schools will no longer be allowed to fingerprint pupils for any purpose without their parents' consent.
The flaw that most articles on biometric identification, be they fingerprints, retinal scans or other, is that you only have a limited number of immutable keys to choose from. While it may not be an issue in a school setting, if anyone is able to reconstruct the fingerprint or retina picture from the stored data, or at least a fake fingerprint/picture that is functionally equivalent to the real one, it's game over. You only have two eyeballs, and ten fingerprints.
I'd rather a system that allows me to change the key once in a while.
How can we be sure there isn't some perv getting off to our children's mathematical templates?
UTF-8: There and Back Again
The issue at hand is more than a mere privacy concern. It is a subtle yet existing political move, that tries to mould a generation into thinking that giving up privacy over convenience is a "good thing".
One thing that would prevent the dissemination of fingerprints to authorities would be to hash the output of the mathematical fingerprint transform. Like passwords on a Linux box, a hash will (almost always) allow an instance of a fingerprint to be matched to a person without giving the exact fingerprint itself. In addition, don't store any other data about the person. To resolve late fines/missing books, require all graduating students to go to the library one last time and get a sort of "This person returned all their stuff" slip signed by a librarian (which, of course, would require said person to return all their books and pay their fines).
(Am I missing anything?)
(((dB)))
I work for a software company that produces something similar for school cafeteria use. The points of reference on the print are so minimal that we've had to work very hard just to get a decent read. The chances of someone using the code outputted by our algorithm are nil. It is completely unusable data except by our program. The bottom line is that that unless the program is retaining an image of a child's fingerprint, there is no privacy concern here. Anyone who says otherwise is wallowing in their own FUD.
Personally, I'm less worried about the 'privacy' of my thumbprint, and more worried that, generally, it's too *easy* to get my thumbprint.
While this probably isn't much of a worry with a school library checkout system, I'm worried that with something like a thumbprint, which never changes, eventually it gets too easy for someone to get access to your thumbprint and 'forge' authentication/authorization.
It's the same problem I have with the use of Social Security No.s - you start out life, and your SS # is basically secret - your parents know it, and it's in the SS Admin.'s computers. Right there, though, because it is in government computers, potentially thousands of people have access to it. Now, your parents sign you up for school, and they enter your SS # info into the local school district database. Then you get a savings account at the bank, and they ask for your SS #. You apply for jobs, and they ask for your social security number. You sign up for a credit card, or a checking account, an IRA, or an application for an apartment, and they ask for your Social Security number. You apply to college, and each college wants your SS#.
By the time your 25 or 30, your Social Security number is in dozens of different databases and millions of employees have access to those databases, and your SS # is basically worthless as a 'secret' which identifies you - it's no longer secret.
You could have the same problem with biometric identification (although at first glance, that might seem impossible), because, fundamentally, biometric information such as a fingerprint, retina scan, or DNA sequence, is reproducible data - ultimately, no system can guarantee that the actual finger or eye or DNA was scanned - all that the 'server' can verify is that the correct 'data' corresponding to previously recorded data, was transmitted over the network to the server. So, compromise a terminal (or setup a computer which masquerades as a valid 'terminal'), then send the correct 'data' from that terminal, and the server will assume that the user's thumb or retina was scanned.
I'm really can't offer any advice on a better alternative, but mark my words - if biometric identification becomes widespread, the identity thieves will not have too much difficulty adapting - as the biometric id becomes widespread, it will get harder and harder to keep the identification 'data' secret, and fraudsters will steal that data like any other bit of data, and misuse it.
The *real* security threat is that people will start to get a stronger and stronger belief in the 'infallibility' of such biometric identification, and so people will lose the ability to repudiate false authorizations. Juries and judges, if they have too strong of an assurance on the evidence provided by biometric identification, may produce verdicts/rulings which unjustly penalize innocent people.
I'd quit using the library. I have an iPad (though it was a waste of money) so i can rip books off the internet and use it to read books. They aren't getting my thumbprint. I don't care if they yell at me. I am not giving them my fingerprint. If they try, I WILL bring suit to them. It is against my fifth amendments rights (5 is the one preventing self incrimination, right?). Total BS. And it is comming out of microsoft? Oh great. Microsoft might get my thumbprint. That would be a lawsuit in the comming. Don't deny it. It is something I want to see.
It is sickening how technologists assume the best in people while taking precautions for the worst all the time. We are approching a time where everything anyone has ever learned or been exposed to is known. Grooming and vetting, unexcidental experiences etc. can all be arranged if needed..We may be past the point of no return, and may only become witness to the consolidation of basicly autonomous techonolgy determining our lives..
Hello!! If you have problem with how to lose wight, I have advice for you... On this page there are many tips about how to lose wight... It's easy and safe way to lose wight and to be fit.
lose wight
The school system I work for has been using a fingerprint system in one of its cafeterias for the past couple of years. It avoids the problems with kids remembering their PINs, or using someone else's.
Right. They are easy to get hold of, so they should not be relied on for important things.
And it situations like a criminal trial, they should not be given excessive weight, and a defense attorney should have ample opportunity to talk about why they might not matter in a given situation (that sounds awfully similar to what we do...).
Nerd rage is the funniest rage.
we can match the fingerprints up to the user account that was logged in when the pictures were taken!
load "$",8,1
Owww! Charlie bit my finger off!
And he’s using it to check books out of the school library!
Any sufficiently advanced intelligence is indistinguishable from stupidity.
I would always just walk out with the book I wanted. I knew I would bring it back, so I didn't want to go through the hassle of checking it out. So when I brought it back I would put it back on the shelf where I got it from and not in the 'drop box'
I worked at a computer lab that used fingerprint scanners for checking in and out. Once I sliced my thumb open and almost didn't get paid for a week of work, and once it healed I had to create a new scan because the scar went through the swirl. Just pointing out the obvious problem, seeing as kids will be kids and easily get cuts and bruises.
When a system like this is put in to place the real question should be "will it save time and/or money?" and off hand I don't see how this would save time or money over using a library card. This smells more like someone wasting taxpayer money, with the money going to our rich friends at Microsoft.
Most comments here so far are about potential privacy issues, but a system like this has even more potential problems that must be considered. Can everybody have their finger prints read? Can they require that everybody have thumbs? (I remember back in school there was a student that was missing a thumb!) If everyone has to touch a scanner couldn't it be a source of spreading disease? How easily could a finger print be faked? Would such abuse be more likely to go unnoticed than stealing someone else's card? Then of course there are maintenance costs and such to be considered. Lots more questions which must be analyzed and weighed, but off hand I don't see how this kind of system would provide an overall benefit (besides making someone in upper management look good).
Welcome to 5-10 years ago. There are already hundreds of schools with this system. Look up "Junior Librarian", for instance, who have a fingerprint reader add-on, and that's for primary schools.
Never deployed one, always refused, but am constantly being asked about them.
Biometrics wont stop identity theft.
It just means that when you're compromized you need new eyeballs and a finger-transplant :-p
There is no way it is a hash of a fingerprint. What it is is a list of features (minutiae in some systems) of the fingerprint. These features cannot be used to reconstruct the fingerprint. They are, however, usable in other fingerprint systems, and also useful to replay into the same fingerprint system, so they should be treated as confidential/private.
Disclaimer - almost everything I know about security I learned on /. Okay, that out of the way, the most interesting thing I've heard is that security should be comprised of three things - something you are (biometric, unchanging, ideally a function of a live process, like the capillary pattern under your fingerprint), something you have (given by a known authority), and something you know (which can easily be changed). It's not infallible, but it eliminates nearly all of the attack vectors except very, very exceptional cases.
If we can make each of the "fixed" parts (biometric and token) useless without the other two, the fact that either is public knowledge is not a security breach and all of a sudden it doesn't matter that everyone can get your thumbprint (or your SSN, or whatever the ID du jour is).
Is it just my observation, or are there way too many stupid people in the world?
I hope NO2ID also advocates that children (and presumably adults as well) should wear latex gloves at all times in order to protect their 'sensitive personal information.'
No yesterday, no tomorrow, and no today.
Since when is a thumbprint "sensitive personal information"? Must be a slow news day.
When I was in High school, I developed (not hardware, but the idea and project) for my A-Level coursework an automated library system.
Granted, it didn't use fingerprints, it did use RFID tags in the books and on the library card.
A person would walk in, grab a book, walk out. As they did so, their RFID library card would be logged, as would the books they are carrying, thus a registration of user->book was made.
Any problems may have been just an alarm (user doesn't have their library card on them), or, in a more cynical school, the door to the library would lock and not let you out.
When all is said and done, nothing changes...
Don't Bundy that book!
Is that supposed to be reassuring? It's a bit like saying, 'Don't worry, I'm not taking a photo of your credit card, I'm just creating a mathematical representation of the number.' Does he think the reason parents might object to this system is they are worried that photos of their children's fingers might fall into the hands of child pornographers with a finger-tip fetish?
By the way, does this mean that Thumbless Joe (the boy our woodshop teacher all warned us about during the table-saw safety lecture) can't borrow books from the library?
Support Right To Repair Legislation.
George Foreman
This is the same problem passwords have. And the (first) part of the solution seems to be don't store the password, store the result of a one way function on the password (think hashes or md5's). Ideally these one way functions, even if they use the same algorithm could use different seed values on different databases. Now the trick here of course is that the one way function really really really needs to be only one way, and the places where the data is grabbed (biometric devices themselves) need to be difficult to compromise.
The problem with passwords is largely that there are these large databases of passwords that people compare to. If the database of pwds didn't exist, if it was just a db of hashes on pwd's if it's compromised odds are whomever copied it couldn't just go and try those username/pwd pairs a dozen other places.
No matter what though, there's nothing you can do that on the one hand specifically identifies you and at the same time not be duplicable somewhere else for enough effort.
To give a simple example of a one way function (that isn't unique) is say count the consonants in a word. So if the password is word, then the 1-way function is 3. There's no unique way to go from 3 back to word, so the pwd itself is secured, but then your function so weak that it would accept a lot of other stuff as well, obviously there are a lot of PhD's in math earned concocting more useful 1-way functions than that.
Wansu, th' chinese sailor
The point here isnt really this system, the point is that telling 6 year olds that it's ok in life to have to use your unchangeable personally identifiable biometric data to get anything is totally wrong.
Police state? No thankyou!
My school has had this for ages (at least while I have been there (5 years) and probably longer) and it's no big deal.
It's not like anyone cares (and it wouldn't really matter if anyone did) what my fingerprint is.
I care not for your karma and your mod points.
Like hell it isnt.
---- Booth was a patriot ----
In related news, the one armed man was found hacking off other people's arms to present right-handed thumbprints, and the war amputees were found applying wax to other patrons thumbs to get ADA-compliant access to the library, before the severe - or severed - lack of arms shut down the entire system.
-- Tigger warning: This post may contain tiggers! --
... ultimately, no system can guarantee that the actual finger or eye or DNA was scanned - all that the 'server' can verify is that the correct 'data' corresponding to previously recorded data, was transmitted over the network to the server. So, compromise a terminal (or setup a computer which masquerades as a valid 'terminal'), then send the correct 'data' from that terminal, and the server will assume that the user's thumb or retina was scanned.
A properly-designed system would have the data sent by the terminal encrypted, so to compromise the system the hacker needs not only the geometric information on your finger or retina, but also the terminal manufacturer's private encryption key.
Honestly, I don't get the almost pathological paranoia people have surrounding the concept of privacy, without regard to the reality of it. Your fingerprints are not private, you leave thousands of them unsecured around you every day without a second thought...exactly why they should NOT be used as a security key, but that's a different discussion. People should be worried about the improper use and implementation of "security" methodologies, not acting like tinfoil hat wearing nutjobs because someone wants to store the fingerprints they leave on every doorknob in the city.
Same goes for Social Security number paranoia. News flash people, your SSN is NOT private, it is not a secret, it is an identification number...nothing more. No different from the street address on your house, just more permanent. The problem comes from institutions USING it like it was secret, instead of a password or PIN. The solution is not to try to belatedly make SSN something it isn't and won't ever be, the solution is to refuse to accept companies using public information (your SSN number) as if it were secret.
'Hashing' the thumbprint doesn't really solve the problem, because it's *very* easy to get a thumbprint for someone - just grab a soda bottle or cup that they threw in a trash can, and lift the print off of it. If you have it, then you can hash it.
Also, another 'problem' with hashing (as applied to passwords *or* biometric data) is that, the hash becomes the password, effectively. If the only thing which ever gets transmitted over the network is the hash of your password, then I don't need to know the original password - I just need to know the correct hash value to transmit. You could maybe resolve that problem by having a dynamic salt - something added to the password/data which will change the resulting hash in a consistent way - e.g. the authentication server sends the salt value to the client, then they both compute a hash from the secret + salt (which will be different than hashing just the secret by itself), and the server compares what it computed to what the client computed. If you do the salting trick, then the only way to compute the correct hash is to have the original value that the hash is generated from, plus the salt. Old hashes will no longer be valid for subsequent logins.
The main problem, then in order for a salting scheme to work, you have to store the original password/data on the server so that you can recompute the new hash every time a login attempt is made.
Because it is the first stage of enabling turning people into sheep even more than they are now. In a decent society children should be taught to ask 'why?' to authority, not just expect to follow orders like sheep. People are supposed to be citizens, not serfs in a feudal system.
This is about conditioning people to trust the state just 'because' instead of being able, as in any democracy, to question things. Dictatorships and tyrannies implement systems like this, and whilst we're already in a financial tyranny (money as debt. look it up), I'd rather not see our society turn into a 'social' one as well.
I decline to play your game of a 'list' of things because it is purely a straw man.
Note, though, it is imprinted right on a Social Security Card that "This card is not to be used for identification purposes."
I've heard this arguement alot. "If someone steals my password, I can come up with another. If someone steals my fingerprint, I've only got 9 left"
The problem is that people don't change their passwords, they use the same password for everything, and passwords are VERY easy to get. Yes, true, ID theft will not be stopped, but it will be slowed to a crawl by a reasonably designed system. You can also do interesting twists, like scan your finger in reverse, swipe at an angle, Move halfway down, then reverse. It's as flexible as a signature and just as hard to duplicate (Maybe alot of you think you can copy someones signature well, but I doubt that too many could do it well enough to fool a system programmed to look for the telltale signs.)
And besides, as I said above (also as A.C. why am I too lazy to log in??) Your fingerprint isn't being stored, just a hash of it. This hash gets compared and scored against the live sample. Hacking the back end won't net them millions of fingerprints. They would need to do replacement techniques to steal your fingerprint. These are easy to find, and since they require either a return to the scene and a line of communication, they're alot riskier for the hacker.
Also, your last point, while it's a good idea to never underestimate the stupidity of people, storing just the hash means that false positives are alot more common, demonstratibly so. You have to have another piece of information to limit the scope. I doubt you'll be leaving your username wherever it is you left your fingerprint, so all they can prove is a slightly increased probability that it was you.
You are, of course, assuming that the school system even bothers to pay a full-time librarian instead of, say, having a secreta^Wadministrative assistant click a button that prints out the overdue books for each teacher's class...
Won't someone think of children?
Why in the world should a person's fingerprints not be available everywhere to everyone? Is it so the cops will not be able to hunt you down after you commit a crime?
Why this repeated meme? "You leave them everywhere! They're not private!". If you leave them everywhere, then they can't be used as passwords because anyone could pick it up. Passwords are supposed to be SECRET.
Therefore your fingerprint CANNOT be used in lieu of a password.
Yet still they try.
Why?
...Ihavenothumbs?
Wasn't there a movie where it was postulated that the government would check to see what books you checked out and your reading habits as an indicator of possible potential wrongdoing? I can't remember the movie name... Conspiracy Theory? Perhaps it was Seven? That horrible one with Will Smith (ya ya I know that doesn't narrow it down much... lol)?
Although it is not possible to reconstruct a fingerprint from the hash, it may be possible to verify a fingerprint against the fingerprint database.
Even the suggestion that this is possible, is already unwanted.
Smart-ass teacher: "Don't try anything nasty, because we will search for fingerprints and look who did it!"
These are the kind of worries kids can do without.
It's just not a good idea.
My karma ran over your dogma
OK, did I miss the bit where this was 'new' news? We've been using Junior Librarian software for over 10 years and it has always supported fingerprint book loans and returns! It does exactly the same thing, putting the fingerprint into a file format on the computer which cannot be re-hashed back to the original fingerprint.
While this probably isn't much of a worry with a school library checkout system, I'm worried that with something like a thumbprint, which never changes, eventually it gets too easy for someone to get access to your thumbprint and 'forge' authentication/authorization.
A valid concern if the school was recording your fingerprint. But they are not recording it - just a dozen or so points of interest from the print. These points of interest could be used to reverse engineer a fingerprint - but it would only work at that library.
Really? The card my SSN was printed on specifically says it is not to be used for identification.
Well, let's qualify why the SSN is used... As you said, it's not like your SSN is secret in any way. For instance, I can pull the number 345-63-7540 out of the air (It's not mine BTW). It fits the numerical format, but doesn't correspond to my name in any database and is therefore useless as an identifier. That is the point of your SSN, it's for verification ONLY. It's not a secret code, or a password or anything like that. As a another poster said further down, "By the time your 25 or 30, your Social Security number is in dozens of different databases" It's the association between your specific name and your SSN that's important. And again as the same poster also, said, there's millions of people that have access to those DB's where the coresponding lists of names/SSNs are held as well. Hence, no real expectation of privacy.
What's the problem, it's not like SSN stands for super secret number. It wouldn't even matter if so many organizations that weren't the government would stop demanding your SSN for private business transactions (i.e. my doctor shouldn't know my SSN), but it's become a form of national ID.
My old primary school had this 9 years ago. It's old news..
Really? The card my SSN was printed on specifically says it is not to be used for identification.
that's very true. the CARD is not to be used for ID purposes, the number however has no purpose whatsoever outside of the context of the word "identification". It's a freakin' ID number.
Indeed, my fingerprint endsup all over the checkout counter at the grocery store a block from my home. However, you cannot get it from there. You would have to identify it out of many other people's fingerprints. The only way you'd be able to identify mine would be to already know what it looks like.
This isn't a huge deal. Many schools have been doing this for years to speed up cafeteria lines and for library checkout. Again, it doesn't capture the students full print. Just random points on it.
John
http://www.avidbiometrics.com
. Your fingerprints are not private, you leave thousands of them unsecured around you every day without a second thought...exactly why they should NOT be used as a security key, but that's a different discussion.
The solution is not to try to belatedly make SSN something it isn't and won't ever be, the solution is to refuse to accept companies using public information (your SSN number) as if it were secret.
Looks like you've answered your own question.
Fingerprints and SSNs are public information which governments and other orgs treat as private - THAT's the reason for the privacy outcry.
Until we can separate our usernames from our passwords, we need to prevent the use of biometrics (and SSNs).
So the system doesn't actually store an image of the fingerprint, just some encoding of specific features that will reliably be reproduced if the fingerprint is presented again? That doesn't add to security, it's just an alternate form of a hashed password. Like a hashed password, if you know the hashing algorithm and have a copy of the hash, you can find a string (that may or may not be the original password) that will grant access every time.
Unlike a password, fingerprints are very difficult to change if compromised.
Thought about it -- NOT.
As privacy folk are learning to use isolated individual browsers and accounts to interact with the interconnected tangle that is the Internet folk will quickly see that biometrics cannot be employed in a context sensitive way.
Much the same is true with RFID devices. A reader at the door of a merchant will read ALL the RFID devices. Not just current devices from the merchant.
The set of RFID tags and subsets of these tags uniquely identifies a visitor. As more and more vendors share data for marketing reasons the individual threads of information get woven into a net.
Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
I just got back from Disney World. Every park has a fingerprint reader at the entrance because they have liberal in-and-out policies and they don't want many people walking in on the same ticket, or room key.
Frankly, considering the amount of cards and keys that I have to carry around, can we just make everything work on thumbprints?
No, I will not work for your startup
I'm in the UK, and they were doing this at secondary schools years ago here. There is no privacy policy and no opt-out. It was a case of 'thumbprint of bust'.