Forgot your password?
typodupeerror
Education Privacy United States Your Rights Online

Fingerprint Requirement For a Work-Study Job? 578

Posted by timothy
from the dept-of-double-speak-is-closed-please-come-in dept.
BonesSB writes "I'm a student at a university in Massachusetts, where I have a federal work-study position. Yesterday, I got an email from the office that is responsible for student run organizations (one of which I work for) saying that I need to go to their office and have my fingerprints taken for the purposes of clocking in and out of work. This raises huge privacy concerns for me, as it should for everybody else. I am in the process of contacting the local newspaper, getting the word out to students everywhere, and talking directly to the office regarding this. I got an email back with two very contradictory sentences: 'There will be no image of your fingerprints anywhere. No one will have access to your fingerprints. The machine is storing your prints as a means of identifying who you are when you touch it.' Does anybody else attend a school that requires something similar? This is an obvious slippery slope, and something I am not taking lightly. What else should I do?"
This discussion has been archived. No new comments can be posted.

Fingerprint Requirement For a Work-Study Job?

Comments Filter:
  • Contradictory (Score:2, Informative)

    by Arancaytar (966377)

    I can think of a better way to write that:

    Hey look, what's that behind you? It's much more interesting than any contradictions you might see in the following. There will be no image of your fingerprints anywhere. No one will have access to your fingerprints. The machine is storing your prints as a means of identifying who you are when you touch it. If you're still reading this, damn.

    • by Colin Smith (2679) on Saturday February 20, 2010 @08:17PM (#31214494)

      Not the image anyway. They store the relative positions of specific details of your print. 2 minutes on Google would have told you this.

      The question remains though whether you want them to hold a representation (of any kind) of any part of your body on file.
       

      • by pentalive (449155) on Saturday February 20, 2010 @09:26PM (#31214942) Journal
        They could do even better than that, they could take relative position information you described and then hash it. Hashes are one way, no one can recover the respresentation once it is hashed.

        To login BonesSB would present a finger, the same information points would be measured, then hashed then the two hashes compared.

        I am not saying that they did go to that extent, but they could have.

        • Re: (Score:3, Insightful)

          by netsharc (195805)

          Ehm, wouldn't that still enable identification via fingerprint? Get the prints off a drinking glass, measure the points, input the data, and see if the hash matches one stored in the database?

          • by Anonymous Coward on Sunday February 21, 2010 @12:03AM (#31215886)

            This leads to the principle flaw of biometrics: If someone manages to reproduce the key (synthetic fingerprint for example), there is no way to issue a different key to the owner of the original. Anywhere you authenticate with a fingerprint, the people who control the system can gather all information which is needed to create a fake fingerprint, plus there are countless other ways to get a person's fingerprint, and you still only have that one set of fingerprints that you can't change. What are you going to do then?

            • Re: (Score:3, Interesting)

              by timeOday (582209)
              Then taking pictures of people's faces to identify them will never catch on.
            • by Simmeh (1320813) on Sunday February 21, 2010 @11:00AM (#31218478)
              This is why fingerprints should be usernames, not passwords.
              • Re: (Score:3, Interesting)

                by stewbacca (1033764)

                This is why fingerprints should be usernames, not passwords.

                That's why they are on our (government) systems.

            • by profplump (309017) <zach-slashjunk@kotlarek.com> on Sunday February 21, 2010 @02:21PM (#31220260)

              This isn't a flaw of biometrics so much as it's a flaw of any dongle-based, single-layer security system.

              For example, you have the same problem with a door with the same key issued to 1000 people -- yes it technically can be changed, but it's quite expensive, so in practice it's never done. That leads to people who should no longer have access still having access, and the ability to easily copy the key and use the copy without detection.

              The solution is trivial. If you combined a password with a fingerprint there would be a secret bit of information that's easy to change AND a physical bit of security apparatus that's harder to reproduce/copy than a password. This same solution also solves the key problem above. And it's the same solution already used in all sorts of applications where security is actually important.

              It's not in use for this timeclock system because the problem they're trying to solve is not a high-security application. They're going from the honor system for clocking in to a single-layer physical-dongle security system, likely in an attempt to raise the barriers for clocking in a co-worker. If they were relying on this system to allow you to make changes to your direct deposit account it would be a problem, but for the stated application I don't see why it's a concern.

              Now, you could be concerned about them having your fingerprints on file -- I understand the desire to keep people from collecting information about you. But honestly, unless you wear gloves all day long, they could already have your fingerprints if they wanted them; fingerprints are not secret information in the first place.

        • by digitalunity (19107) <digitalunity.yahoo@com> on Saturday February 20, 2010 @10:15PM (#31215304) Homepage

          Wouldn't work, for technical reasons.

          Both major algorithms need to be able to compare the data from an authoritative database against the test sample.

          The reason for this is no two scanners, in fact even the same scanner will not produce identical results for the same fingerprints. There will always be "fuzziness" to the data that the algorithm must interpret.

        • by Herby Sagues (925683) on Sunday February 21, 2010 @01:03AM (#31216216)
          Hashing would work if the scanners were taking absolute, binary measurements without error. But they are not, not a single biometrics unit has or can have that sort of precision. If you capture your fingerprint parameters with the same device, with the same process, two or three times in a row, you'll see significant changes in the parameters from one time to the next. While the detection algorithms are designed to cope with such scanning errors, hashing would make relative comparisons fail 100% of the time. And there lies the problem with biometrics: once you use them once (or even before you do), your "parameters" are no longer a secret under your control. If you give your fingerpring parameters to your bank, your school and your employer, each of them can in theory authenticate as you to the others. That's why I always say: biometrics are technically useless as an authentication mechanism. They can be used for identification (replacing your username) but not for validation (your password) because they are NOT a secret, they CAN'T be revoked, you don't have the option to use different ones for different organizations and they are easy to fake. Of these issues, only the last one can be improved with better technology, the rest are intrinsic to the concept.
      • by goaliemn (19761) on Saturday February 20, 2010 @10:06PM (#31215248) Homepage

        I've installed systems that work like this. They store afew statistical points of your fingerprint. If someone actually got those points that they stored, they still couldn't make a complete fingerprint.

        This type of system is usually implemented due to former employees punching in for each other. This is a way that makes that more difficult.

        • Re: (Score:3, Interesting)

          by Zerth (26112)

          This type of system is usually implemented due to former employees punching in for each other. This is a way that makes that more difficult.

          Only if you work for a security conscious facility who is willing to deal with the hassles of running such a system. Both places I've been at that used it for just timeclock purposes either turned the discrimination down so far that at least one other person could fake for them, or gave up on the high false negative rate and switched to "type in something you wouldn't

      • Re: (Score:3, Insightful)

        by benchbri (764527)

        I agree. I just pulled out my Pennsylvania drivers license, and it has on there my eye color, height, and *sex*.

        That's a privacy concern.

        OH MY GOD THERE'S A PICTURE OF ME ON HERE TOO

    • Re:Contradictory (Score:4, Informative)

      by digitalunity (19107) <digitalunity.yahoo@com> on Saturday February 20, 2010 @10:03PM (#31215232) Homepage

      I am on federal work study right now and I have not had to submit my fingerprints for anything. You have a few options.

      Accept that this is the way they track work study hours.

      If you can afford it and the privacy concerns are too compelling, decline the work and let them know why in a formal letter. It may go directly to the waste bin but at least you made your reasons known.

      Lastly, you can try to change the policy. Contact your student senate for some backing as they're the most likely to listen, although not the most likely to have power to change it. A couple of suggestions: Switch from bio-informatics scanning methods to plain old bar code badges, RFID chips or paper timecards.

      My school does work study timecards on paper. It's probably the most likely to be abused, but it is convenient for everyone. I'd be more than happy to use an RFID token or bar code badge for clocking in and out. Wouldn't work very well for my specific job, considering I work from home, but in theory I would accept either.

      Your ability to change the policy by force is pretty limited. Employment rights(especially regarding privacy) vary by state when it comes to work study. You could try to contact your local department of labor but it's unlikely they will give you anything other than a headache.

  • Non-issue? (Score:5, Interesting)

    by Fastolfe (1470) on Saturday February 20, 2010 @07:37PM (#31214144)

    I've used biometric scanners like this in the past. Whatever it stores to recognize your fingerprint never leaves the machine. I don't know if that's what's going on here, but it seems perfectly reasonable.

    • by HiggsBison (678319) on Saturday February 20, 2010 @07:46PM (#31214228)

      Apparently what it is storing is a statistical summary of the biometric information (if that's not redundant). It doesn't store the fingerprints themselves anymore than an operating system will store your password. With the password, whatever you type in has to have a hash which matches the hash associated with your account. With the scanner, the summary generated each time you plop your hand on the scanner has to match (to a significant degree) the summary on file.

      But, yes, if someone finds your fingerprints somewhere else, and they have access to this data, they can be reasonably certain it is you.

    • by gerf (532474) <edtgerf@gmail.com> on Saturday February 20, 2010 @07:50PM (#31214274) Journal

      Apparently if you visit Brazil, Europeans and Brazilians go through one line. Americans, we can all step over here to get fingerprinted, retina scanned, etc.

      Why? We do it to them, so they do it back. F.

    • Re:Non-issue? (Score:5, Informative)

      by Macfox (50100) on Saturday February 20, 2010 @10:19PM (#31215350) Homepage

      Ask if the unit is FIPS 201 certified. If it is then you can be certain that no reproducible image leaves the unit. There's no more identifying data than a password or PIN that leaves the unit.

      There are cheaper units on the market that centrally process the finger print image to speed up matching, which is open to abuse.

      Disclaimer: I previously worked for a fingerprint / time-clock manufacture that produced FIPS compliant devices.

  • by NfoCipher (161094) on Saturday February 20, 2010 @07:37PM (#31214150) Homepage

    Start looking for another job..

    • by johnlcallaway (165670) on Saturday February 20, 2010 @07:42PM (#31214202)
      I agree .. if you don't like it .. don't do it. No one is forcing you to. Others may not have the same concerns and would be more than happy to do that job, so I'm sure it won't bother them too much.

      I used to work at a job that required using an id card to clock in and out. If you left it at home it was a huge hassle to get a temporary id card. Forget it too many times and they started to take disciplinary action. I'd rather use my fingerprint to 'clock in' than try and remember to bring my id card every day when the only function of that card was to clock in and out.
      • Forget it too many times and they started to take disciplinary action.

        ...put it in your wallet, or on a keyring (if you can hole punch it)?

      • by causality (777677) on Saturday February 20, 2010 @08:37PM (#31214662)

        I agree .. if you don't like it .. don't do it. No one is forcing you to. Others may not have the same concerns and would be more than happy to do that job, so I'm sure it won't bother them too much.

        Those others and their indifference is part of the problem. If this university is doing this, you can bet that others have considered it. If this is successful and does not receive much opposition, others will follow suit. The result is that the people who do care about privacy are going to have fewer ways to protect it. So no one is forcing you to support this right now but when every such institution adopts these requirements, that will change. Of course by that time there'll be little or no hope of doing anything about it because it will be entrenched.

        It's similar in some ways to the relative uniformity of cellphone service plans in the USA despite the multiple competing companies that offer it. A few such companies established pricing and service plans and were successful, so others adopted similar business practices. The result is that there's little actual innovation in the industry. None of the cellphone companies has any incentive to rethink their pricing, so I as a customer cannot vote with my wallet if I want, for example, text messaging prices that realistically reflect the actual cost of delivering SMS.

        I'm sure there is a whole litany of reasons why an institution wants biometric identification. I'm sure that some of those justifications are reasonable enough. I just don't care, to be honest with you. I don't want to live in a surveillance society. If that means a few more unauthorized users gain access, or if that means a few more criminals avoid detection, I'm fine with that and more than willing to take my chances. Only cowardice would make me feel differently. It is obvious to me that a surveillance society is like a totalitarian state; it is created by means of baby steps. Each baby step down that path looks harmless enough at the time and plenty of useful idiots will sing the mantra of "I've got nothing to hide, so I'll surrender my privacy to anyone who asks." Stop this early when it seems minor and benevolent and you avoid the tremendous problems that become inevitable otherwise.

        I used to work at a job that required using an id card to clock in and out. If you left it at home it was a huge hassle to get a temporary id card. Forget it too many times and they started to take disciplinary action. I'd rather use my fingerprint to 'clock in' than try and remember to bring my id card every day when the only function of that card was to clock in and out.

        I'm sorry but I believe in fixing problems at their source. This is simple forgetfulness that a little self-discipline can easily solve. The privacy of every member of society that is never coming back once lost is far more important than the very minor inconvenience to you of learning to bring your ID card to work. To say otherwise is supreme selfishness and amounts to forcing your beliefs about privacy on everyone else. Those who like privacy appreciate that about as much as you'd appreciate being forced to practice a religion you don't believe in. I don't think you really are this selfish; I just think you're not considering the full implications of your position.

        Privacy is a good default; anyone who doesn't want it can always become an exhibitionist with their personal information if that's what they want to do. I won't try to find ways to stop them since it's their choice and, unlike this slippery slope, doesn't affect me in any way either real or potential. Anyone who thinks that this won't grow and expand if it isn't stopped, who believes that the companies producing biometric machines won't seek new markets and new customers, who really thinks that no one would ever want to retain and datamine such detailed information about your habits and whereabouts, is frankly rather naive.

  • You're dumb (Score:4, Insightful)

    by ArchieBunker (132337) on Saturday February 20, 2010 @07:37PM (#31214158) Homepage

    Its a time clock. Many jobs have them along with your address, phone number, date of birth, and social security number. Welcome to the working world. I could just as easily steal your fingerprints from your car door handle or the can you threw in the trash. After this fiasco don't expect the job offers to roll in.

    • Re:You're dumb (Score:5, Informative)

      by Midnight Thunder (17205) on Saturday February 20, 2010 @07:47PM (#31214236) Homepage Journal

      Solutions like this are often used to prevent someone clocking-in for you. I used this type of solution at a sports club which used to go to, where you would enter your member number followed by you finger print. Chances are this is another closed system, so it the finger prints probably won't get much further than the database.

  • by ragethehotey (1304253) on Saturday February 20, 2010 @07:38PM (#31214160)
    As long as you are assured that your privacy is protected...this is a huge non-issue. Fingerprint scanners are the best (In terms of ease of implementation) way to prevent people from clocking in and out for each other, even though they are obviously easily defeated by anyone sufficiently motivated.
    • by Colin Smith (2679)

      sufficiently motivated.

      to press their finger against a piece of sellotape.

       

      • Re: (Score:3, Insightful)

        by ragethehotey (1304253)

        sufficiently motivated.

        to press their finger against a piece of sellotape.

        And with an inkjet printer and blank check paper, you can commit bank fraud. How is the fact that you CAN cheat relevant?

        At literally every hourly job I have ever held in my life, people "clocking in" to cover for friends has been a huge problem.
        Its outright theft from the employer, yet people that would never steal physical property, will cheat a time clock without thinking twice.

  • No contradiction. (Score:5, Interesting)

    by Anonymous Coward on Saturday February 20, 2010 @07:39PM (#31214172)

    I checked into these before. The scanner records a description of your fingerprint, not the image. The description is used to match. It's a form of message digestion.

    Most scanners of this type do not even record enough detail to qualify as evidence. Those that do must have their data shared with law enforcement, making them a hard sell as a biometric time card.

    • Re:No contradiction. (Score:4, Interesting)

      by ThinkingInBinary (899485) <thinkinginbinaryNO@SPAMgmail.com> on Saturday February 20, 2010 @08:18PM (#31214504) Homepage

      Most scanners of this type do not even record enough detail to qualify as evidence. Those that do must have their data shared with law enforcement,

      Do they have to just volunteer all the data automatically, or only if law enforcement asks? (If the former, [citation needed].)

    • Re: (Score:2, Informative)

      by Protocol16 (1706040)
      Yup, exactly correct. Scanners will store a "hashed" version of your fingerprint based off of an algorithm. It just stores the "fingerprint" as a random string of data. The more secure versions store the hash on a Smart Card, which you have to authenticate against. The DoD uses this type of system on their ID cards for Contractors, Civilians and Military personnel. If you're worried about how bad this situation is, you need to watch a specific myth busters episode: http://www.youtube.com/watch?v=LA4Xx5No [youtube.com]
  • by ColdWetDog (752185) on Saturday February 20, 2010 @07:39PM (#31214178) Homepage
    Same as the old one... My wife's workplace has this system. Works terribly but somehow it got past some CxO. Not sure if the privacy issue is a big deal however. You train the system in the system (if it's the same one). The print doesn't go out to the big Gov.

    Not saying that they couldn't do that, but you do realize (being an aluminum foil shielded card carrying Slasdotter) that 'they' can get your fingerprints, DNA and bog knows what else without much of a problem these days.

    Hell, at least it's pretty unlikely to show up on Facebook.
  • Disney World (Score:3, Interesting)

    by crow (16139) on Saturday February 20, 2010 @07:40PM (#31214182) Homepage Journal

    At Disney World, they require finger prints when you enter the park if you want to be able to re-enter or switch to another park (if you have a ticket that allows that). At least the government doesn't directly get them, but who knows what they're doing with them or how long they keep them. (This was several years ago; I don't know if it's changed.)

    • by Culture20 (968837)

      At Disney World, they require finger prints when you enter the park if you want to be able to re-enter or switch to another park (if you have a ticket that allows that). At least the government doesn't directly get them, but who knows what they're doing with them

      Every night after the park closes, they dust every door handle to see who went where, and if anyone attempted to open "Employee Only" doors. Or maybe the park high mucky-mucks are fingerprint fetishists? Or maybe, just maybe, there's nothing sinister about it.

    • Re: (Score:3, Insightful)

      by MadCow42 (243108)

      Yes, and I was equally concerned with them using these at Disney World! Thankfully they don't collect fingerprints from kids - maybe they're also concerned with the potential legal issues?

      Hint - at least at Disney World you can decline. You simply have to show picture ID. Don't be a sheep - at least ask what your options are, how your privacy will be protected, and what THEIR liability is if there is a breach in that privacy.

      MadCow.

  • by stokessd (89903) on Saturday February 20, 2010 @07:42PM (#31214196) Homepage

    And friends, somewhere in Washington enshrined in some little folder, is a
    study in black and white of my fingerprints. And the only reason I'm
    singing you this song now is cause you may know somebody in a similar
    situation, or you may be in a similar situation, and if your in a
    situation like that there's only one thing you can do and that's walk into
    the shrink wherever you are ,just walk in say "Shrink, You can get
    anything you want, at Alice's restaurant.".

    • by stox (131684)

      And I went up there, I said, "Shrink, I want to kill. I mean, I wanna, I
      wanna kill. Kill. I wanna, I wanna see, I wanna see blood and gore and
      guts and veins in my teeth. Eat dead burnt bodies. I mean kill, Kill,
      KILL, KILL." And I started jumpin up and down yelling, "KILL, KILL," and
      he started jumpin up and down with me and we was both jumping up and down
      yelling, "KILL, KILL." And the sargent came over, pinned a medal on me,
      sent me down the hall, said, "You're our boy."

    • Re: (Score:3, Interesting)

      And now for the rest of the story:

      http://www.youtube.com/watch?v=5_7C0QGkiVo [youtube.com]

  • Acid (Score:4, Funny)

    by EightBits (61345) on Saturday February 20, 2010 @07:42PM (#31214200)

    Use acid on your finger tips to remove the prints and use that for ID. The only problem is that you are now linked to hundreds of crimes where no traces of fingerprints were found. But at least they wont be able to identify YOU when they find your actual fingerprints somewhere.

  • by Tepshen (851674) on Saturday February 20, 2010 @07:42PM (#31214204)
    The way that most modern fingerprint scanners work is by using matching algorithms. They scan your fingerprint and translate that into a numeric value and then store that. Not a copy of your fingerprint itself. This numeric value cannot be used to recreate your fingerprint but it can however be used to match the output that only your fingerprint will produce when scanned. To be perfectly candid its far easier to steal your fingerprints by stealing something you own than it is to take them from a fingerprint security/tracking system.
  • by longacre (1090157) on Saturday February 20, 2010 @07:42PM (#31214206) Homepage
    ...when your boss starts asking to personally take samples of your reproductive DNA. Until then, there's nothing to be upset about.
  • When I was in High School (loooong before most of you were born) I got a part-time job as "page" at the city library (I put books back on the shelf). In order to get it I had to get a physical, be fingerprinted, and sign a loyalty oath. At least you didn't have to turn and cough.

  • Oh no! (Score:2, Informative)

    by ChinggisK (1133009)
    I bet there was a handle on the door to their office too, wasn't there? Now your fingerprints are all over the door handle too! It's a conspiracy!

    Seriously though, of course privacy is a huge issue these days, but worrying about your school stealing your fingerprints? You're a little extra special paranoid.
    • You still touch door handles with your hand? I see you don't have your towel with you.

      I bet you also still push the elevator buttons with your finger instead of your knuckles...

  • Temp companies are doing this as well. Which to me is a good reason to establish property rights for privacy. In that case, you would be the sole non-transferable owner of your fingerprint scan among other data and have sole discretion over what is done with it. They would upon your consent store one single copy of the scan on the device which if copied or otherwise removed for other uses without your consent would now have legal consequences. The beauty of the concept is that you could also establish s

    • by AuMatar (183847)

      They'd just make you sign a contract giving them an unlimited license to store, transfer, or sell. Property rights won't do jack shit. If you want to stop it, you make it a criminal offense to transfer that data for any reason and don't allow them to hide behind the corporate veil. Anything trying to use property rights and contracts will fail as miserably as it does everywhere else.

  • I have been at places where it required a badge, hand geometry and finger print
    to gain access.

    • The question is actually why we put up with that shit? I mean, it hasn't been an ultimate requirement 20 years ago (mostly because, well, it was impossible without access to NASA-esque hardware), but suddenly we all need to be fingerprinted, X-Rayed, retina scanned and DNA-probed just to get to our workplace? I mean, I could see if this workplace was some sort of superspecialawesomeultrasecret shady black ops government sponsored (but definitly denied) lab developing the next generation I-win button for int

  • Was it before you committed to the job ? If it was after - then it is a change to your contract, why do you need to accept it ? Unless it is a change in the law in which case you need to bend over and let yourself be shafted.
  • by EightBits (61345) on Saturday February 20, 2010 @07:53PM (#31214292)

    Not many posts yet but I already see a LOT of posts pushing the idea of not working for this employer. This is not a solution. If we don't fight it and win, it will be adopted by more and more employers until it snowballs into something too big to fight. If we think this is a bad idea, it needs to be fought now while it's still in its infancy.

    • I had to submit fingerprints in order to get a job working for the U.S. federal government. I don't even have security clearance (although I did have to go through a background check as I hold a "position of public trust"). If the federal government is allowed to take fingerprints as a condition for employment, I don't see how other organizations could be limited in this regard.

    • Not many posts yet but I already see a LOT of posts pushing the idea of not working for this employer. This is not a solution. If we don't fight it and win, it will be adopted by more and more employers until it snowballs into something too big to fight. If we think this is a bad idea, it needs to be fought now while it's still in its infancy.

      I hope you understand that 'not giving them' a fingerprint for privacy concerns is a relatively moot point.

      If someone that employs you or works with you (or even not working with you, but knows of you) wants your fingerprint they can simply grab up any of the many things you touch on a daily basis.

      Most people don't wear gloves when they leave the house.

      Your fingerprints are all over the place. If I wanted them, I could get them.

      • Or they will just fire you and replace you with someone who wouldn't mind doing it.

        In this economy there are millions including myself who would be happy to do it. Its the free market and unfortunately thanks to free trade billions are available for dirt cheap.

    • Meanwhile how much do they pay? What are the benefits? etc?

  • Reynolds Wrap fashioned into a stylish chapeau. Works every time, guaranteed (unless you hear that from a government employee, then all bets are off).
  • I recommend... (Score:4, Insightful)

    by pak9rabid (1011935) on Saturday February 20, 2010 @07:54PM (#31214312)
    ...that you stop being such a whiney bitch. So they want your fingerprints to ID you...so what? What is it that you're worried about that they're going to do with them, other than use them internally for authentication purposes?

    I am in the process of contacting the local newspaper...

    Are you for real? Other than than the fact that they likely won't give a rats ass about this, you are treading on very thin ice. I'm not sure what it is you're planning on doing after graduation, but being labeled a well-known whistle-blower isn't going to do you much justice when you're out looking for a job.

    • I dunno about him, but I'd be worried about the question why a no-security area needs so much information about me. It makes very little sense to take prints in a non-secure working area.

    • Re: (Score:3, Insightful)

      by potat0man (724766)
      being labeled a well-known whistle-blower isn't going to do you much justice when you're out looking for a job.

      We need a +1 coward moderation.

      There are plenty of arguments about why this guy shouldn't be concerned about using his finger print to clock in and out, but being worried about being labeled as a honest man who fights for his principles isn't one of them.
  • by tomhudson (43916) <.barbara.hudson. ... bara-hudson.com.> on Saturday February 20, 2010 @07:55PM (#31214314) Journal

    We had one, after the first couple of weeks people started punching it instead of "punching in". They're supposed to also have a keypad so you can manually enter an access code, since the reader is known to be undependable.

    If you want to mess it up, each time you stick your finger on it while it's "registering you" (it needs more than 1 scan), put your finger in a different position, different angle, or even use a different finger (people generally don't notice). After 5 failed attempts, they'll give up. Or, if they "insist" o "helping you" place your finger, tell them that as far as you're concerned, their broken machine is their problem, and that touching you is common assault and you'll file charges.

    • by Culture20 (968837)

      We had one, after the first couple of weeks people started punching it instead of "punching in". They're supposed to also have a keypad so you can manually enter an access code, since the reader is known to be undependable.

      Undependable because people keep punching it?

      • Re: (Score:3, Interesting)

        by tomhudson (43916)

        After the first two weeks, it kept saying (in a REALLY annoying voice) "Please try again ..." "Please try again ..." "Please try again ..." "Please try again ..."

        It was tempting to just hack into the PC it was running on and just update the stupid database manually, but that would have been too much work to maintain, running after everyone and asking them what hours they wanted to show on the timesheet.

        And if you did more than 12 hours, it got confused.

        And if you forgot to punch out the night before,

  • Nobody can prevent war, famine and suffering.
    Nobody can save the economy.
    Nobody can brush your teeth for you.

    Vote for Nobody! [anvari.org]

    Unfortunately, it's also true that "nobody has access to your fingerprints". :-O

  • by dpbsmith (263124) on Saturday February 20, 2010 @07:58PM (#31214346) Homepage

    ...that the next time a pompous administrator says in public "nobody has complained about that," you know that he is lying. Settle for not just knucking under without saying anything at all. Settle for knowing, if you do know, that your complaint has reached someone who sets policy and that you're not just making things hard on a bunch of other ordinary workers whose job is to keep things running.

    This is not nothing at all, but it's a small thing.

    You can't change the world through indignation. You really have only three choices. First, be docile and do nothing at all. That's often a good option by the way. Second, make sure your concerns have been heard, even if they are dismissed. Or, third, be prepared to devote at least a year or two of your life to the cause of fighting this thing.

    If you feel that spending a year or two toward the goal of getting the university to stop using fingerprinting gadgets for access to work-study jobs is worth it, and is what you want to do with that chunk of your life, you can probably achieve your goal. I dunno how. Work through the union if there is one? Start a union if there isn't one? Make appointments and personally talk to one administrator after another, calmly, until you figure out how to get the policy changed? Personally work out an actual proposal, including costs and benefits, for alternative security, so you're presenting them with something positive and their work all done for them, instead of just saying "don't do what you're doing?" Find a faculty committee that's interested in the question that you can swing to your side? I dunno.

    • I prefer nodding my head, going along, working my way through the system. Then when the day comes that I can and understand it enough to not get caught, I sabotage it. Of course posting here I'll never get to do that in a dramatic fashion but I can inspire anonymous cowards can't I?! ;)
  • GENTETIC Testing (Score:2, Interesting)

    by hackus (159037)

    Wait till they start genetically testing everyone with DNA requests for security purposes.

    Thats when the fun will begin.

    Expect to be denied loans based on life span and proclivities to all sorts of diseases they find you will contract.

    Effectively they can prevent your student loans/grants to save money as they certainly do not want to invest in anyone who won't be around long enough to pay back that 100K.

    All sorts of monkey business is planned. If you have a kid right now, the blood of every baby born in U

  • by linuxbert (78156) on Saturday February 20, 2010 @08:03PM (#31214388) Homepage Journal

    I installed these at a client.
    The issue was the employees would take an afternoon off to go to an appointment, and get buddy to clock them out at the end of the day - The emplyoee would then get paid for an afternoon they didnt work.

    The time clocks have a fingerprint scanner. You place your thumb on the device as you punch out. Now buddy cant swipe out for you, and you cant defraud your employeer.

    They also had biometric locks instead of prox cards on the doors. Much more convieient then having to remember a card the few days when i was on site.

  • Your prints are not stored, a geometric design made from identifiable parts of your fingerprint are stored.


    Your making a big deal about nothing. Besides as other people have pointed out I can grab your fingerprints from your car door, or from a soda can in your trash. FYI your bank has your fingerprint, and odds are that your parents had your fingerprints taken at some point in your life as you are in college.
  • by goodmanj (234846) on Saturday February 20, 2010 @09:42PM (#31215076)

    The purpose of this device is to keep people from cheating on their hours. You can get all Big Brothery all you like, but there is one and only one technology that can reliably ensure that people come to work and do the jobs they're paid to do.

    It's called "management". The way it works is, you know your employees' names, you stop by their workstations, both to help them with problems they're having and to check to see that they're doing their jobs. You build up a culture of trust, so that when they need to leave work they *tell* you, and you arrange for them to make up the time.

    Or you can treat them like condemned criminals, and let them be monitored by machines while you sit in your throne of an office eating donuts and browsing bmw.com. It's really up to you.

  • by L-One-L-One (173461) on Saturday February 20, 2010 @10:26PM (#31215388)

    I know this will surprise many slashdot readers but using your fingerprint as described by the poster for the purpose of clocking you in and out of work would be illegal in many countries accross Europe (with the possible exception of the UK). In France, for example, you can actually get fined by the data protection authority for doing so.

    It's true that most of these devices don't store an image of your fingerprint but rather a "template" : a description of some special features of your fingerprint. But that doesn't change the problem.

    Indeed, many data proctection authorities accross the EU consider that biometrics pose sevreall security and data protection issues and must therefore be used with caution. Fingerprint biometrics are of special concern, in particular when the biometric data (templates) are stored in a central database. The big problem with fingerprints is that we leave them everywhere, on all objects we touch. Someone can pick up your fingerprint and test it against the templates inside the database. (Sounds crazy or technically impossible ? It's much easier than you think : i've tested it myself, that's part of my job). There are other issues whith fingerprint biometrics that I won't detail here.

    In the end data protection authorities in the EU consider that the use of a central fingerprint database is excessive if your only objective is only clocking people in and out. Instead, they encourage the use of a smartcard to store the biometric data : you show your finger to the biometric reader and it gets compared with the data stored in the smartcard. This solution offers the same benefits in terms of security but you keep control of your biometric data.

  • by Jane Q. Public (1010737) on Saturday February 20, 2010 @11:29PM (#31215690)
    Privacy doesn't seem to be the real issue here, unless they're selling your prints to the Feds. What I would like to know is: given the fact that these things don't work worth a damn, why would they be using a system like this in the first place?

    I mean, if I had to use a fingerprint scanner for identification, I'm the kind of person who would fool with it just for fun. The only way they have been able to make them "reliable" -- that is, reliably accept your fingerprint and not lock you out -- was to loosen up the match criteria enough that they are much too prone to false positives, which in turn makes them easy to fool.

    I would do things like clock in Susan for four hours when she is really on vacation in Hawaii, for example, just to see what happens. Or clock in Sam at 3 a.m. so that when he comes around at noon and scans, he's really clocking out. And so on. Consider it like friendly hacking... you are showing the owners that their system just doesn't work. It's a useful technique when they simply won't listen to reason.
  • Get over it. (Score:3, Informative)

    by Domini (103836) <lailoken@gmail.com> on Sunday February 21, 2010 @03:36AM (#31216870) Journal

    Sheesh... this is the same as having public and private encryption keys. The private one is for you, the public one is... you guessed it, public, and cannot be used to reproduce or fake the private one. They only store enough data to verify your fingerprint again. VERIFICATION and IDENTIFICATION are two very different things. No privacy issue.

    Move along, nothing to see here...

  • by GrantRobertson (973370) on Sunday February 21, 2010 @03:48AM (#31216904) Homepage Journal

    GEEZ! The Slashdoters sure can pitch a fit about nothing!

    These devices only store a few numbers that were derived from the patterns of your prints. They don't store anything near the actual image. When you re-scan your finger to clock in it creates a new set of numbers and looks for a set that is statistically close to something it has in it's database. Usually you have to enter a PIN as well because these things do such a crappy job that without knowing where to start, it would have a terrible time figuring out which of the stored sets of numbers match up to the one you just scanned in. I'm not saying that some systems can't do a great job. I'm just saying that the kinds of systems they sell for time-clocks are usually pretty lame. Especially after they get beat around for a while. So all these time-clock units really do is determine if the clock-in scan is statistically close enough to the original scan to be more likely to be you than some other employee. The actual data stored is less personally identifiable than your name. Are you gonna complain if they ask you to give your name when you clock in?

    I also seriously doubt that these things produce any form of standardized data that could be transferred to any other system. Heck, sometimes the scans won't match up just because you bought a slightly different model from the same manufacturer to replace a broken unit. Ever try to troubleshoot one of these systems? It is a nightmare.

    So, you have nothing to worry about. "They" are more likely to track you by mere facial recognition via security cameras than by your fingerprints.

Make headway at work. Continue to let things deteriorate at home.

Working...