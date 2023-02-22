« previous next »
Easily fixed.
Really really hard to fix.
Massively disruptive and would allow theft and bullying to occur
Really really hard to fix.
Massively disruptive and would allow theft and bullying to occur

Seems like they could easily be linked to a photo (a photo on its own isn't biometrics) which make them useless to steal.
Seems like they could easily be linked to a photo (a photo on its own isn't biometrics) which make them useless to steal.
Them being lost alone would be a nightmare.  Kids lose stuff all the time. You probably get 5% without their card, its trouble every time it happens.  Schools have no admin staff, they need less admin!
Them being lost alone would be a nightmare.  Kids lose stuff all the time. You probably get 5% without their card, its trouble every time it happens.  Schools have no admin staff, they need less admin!

Fuck the kids, if they lose their card they can go without lunch for the day.  ;D
Fuck the kids, if they lose their card they can go without lunch for the day.  ;D

Let's just chip the kids. Can't lose it that way. ;)
I have never understood people who are concerned with biometric data being used. These are schools, not big brother. This data could easily be obtained with anyone with a camera (or in the case of fingerprints, literally any object you have touched). What do think people are doing with this or could do with this? These aren't unscrupulous companies selling data on to the highest bidder.

This is entirely pragmatic. Use the data while they are at school and delete it immediately after they leave. I am also confident that should any person object to this, alternative arrangements would be made and that it is a system built on consent (and far more consent than any company uses when harvesting your data!)

To my knowledge, there exists no data gateway between law enforcement (with respect to this data) or any other government body.
I have never understood people who are concerned with biometric data being used. These are schools, not big brother. This data could easily be obtained with anyone with a camera (or in the case of fingerprints, literally any object you have touched). What do think people are doing with this or could do with this? These aren't unscrupulous companies selling data on to the highest bidder.

This is entirely pragmatic. Use the data while they are at school and delete it immediately after they leave. I am also confident that should any person object to this, alternative arrangements would be made and that it is a system built on consent (and far more consent than any company uses when harvesting your data!)

To my knowledge, there exists no data gateway between law enforcement (with respect to this data) or any other government body.
You can indeed get fingerprints from high resolution photos or from surfaces, but those attacks don't scale. It's really hard to collect bulk information that way.

The concern is not what the school is planning to do with it, but what happens when the data (inevitably) gets breached. We've already seen one company that collects this data (not for schools) in a supposedly secure manner suddenly leave it all exposed unencrypted on the internet by accident.

And I would absolutely not rule out the possibility of this data being sold to the highest bidder like you say.  There are already questions around the data that the NHS app is sending to a company owned by a Tory donor. I assume that schools are not running these systems themselves, and I would never trust a third party not to abuse it.

Government or law enforcement will absolutely be able to access the data if they want to as well, the GDPR principles do not apply to law enforcement or security agencies.
You can indeed get fingerprints from high resolution photos or from surfaces, but those attacks don't scale. It's really hard to collect bulk information that way.

The concern is not what the school is planning to do with it, but what happens when the data (inevitably) gets breached. We've already seen one company that collects this data (not for schools) in a supposedly secure manner suddenly leave it all exposed unencrypted on the internet by accident.

And I would absolutely not rule out the possibility of this data being sold to the highest bidder like you say.  There are already questions around the data that the NHS app is sending to a company owned by a Tory donor. I assume that schools are not running these systems themselves, and I would never trust a third party not to abuse it.

Government or law enforcement will absolutely be able to access the data if they want to as well, the GDPR principles do not apply to law enforcement or security agencies.

From 2019-2022 I managed a sales team for a company who developed and sold their own biometric fingerprint readers.

The technology in so far as 'data' i.e the fingerprint itself is completely sound - the data is immediately (the fingerprint) encrypted into binary data 0's and 1's - and cannot be reversed engineered into an image of that finger again.

Now the software behind the hardware, contains profiles which you can elaborate information upon depending on the application of the fingerprint reader. So for example a school may have - persons name, age, school, form, and transactional account with which the student could make the purchases.

This software is the same as any other software in terms of vulnerabilities, and equally potentially and able to be protected to the same degree as any other software.
I assume that schools are not running these systems themselves, and I would never trust a third party not to abuse it.


Correct in our case, an external company came in with the scanners and provided the software that connected to the parentpay accounts (which ultimately all linked through the central database). I don't think the biometric data itself could identify the kids, it was tied to an unique ID to pull their account out of another system. So anyone making off just with the biometrics would find nothing but facial recognition data (not actual photos of faces) and an account ID.

Unfortunately I can't remember any more of the specifics, it was being set up in September that year and I handed my notice in a few weeks later so didn't really care!
Correct in our case, an external company came in with the scanners and provided the software that connected to the parentpay accounts (which ultimately all linked through the central database). I don't think the biometric data itself could identify the kids, it was tied to an unique ID to pull their account out of another system. So anyone making off just with the biometrics would find nothing but facial recognition data (not actual photos of faces) and an account ID.

Unfortunately I can't remember any more of the specifics, it was being set up in September that year and I handed my notice in a few weeks later so didn't really care!

Yup if somebody stole the readers - all they would have is a piece of hardware with no value as you would not be able to extrapolate any data from it. That is housed on the software.
Lost or stolen.
Our school used fingerprints for a bit, stopped it during covid (and they only worked some of the time anyway) and went to smartcards with a £5 charge for losing them; the cards work fine, absolutely no reports of theft, occasional (but pretty rare) cases of students losing them. Perhaps we're lucky (and we're a relatively small senior school)?
