Fingerprint Requirement For a Work-Study Job? 578
BonesSB writes "I'm a student at a university in Massachusetts, where I have a federal work-study position. Yesterday, I got an email from the office that is responsible for student run organizations (one of which I work for) saying that I need to go to their office and have my fingerprints taken for the purposes of clocking in and out of work. This raises huge privacy concerns for me, as it should for everybody else. I am in the process of contacting the local newspaper, getting the word out to students everywhere, and talking directly to the office regarding this. I got an email back with two very contradictory sentences: 'There will be no image of your fingerprints anywhere. No one will have access to your fingerprints. The machine is storing your prints as a means of identifying who you are when you touch it.' Does anybody else attend a school that requires something similar? This is an obvious slippery slope, and something I am not taking lightly. What else should I do?"
Contradictory (Score:2, Informative)
I can think of a better way to write that:
Modern Fingerprint Scanners dont keep prints (Score:4, Informative)
Re:You're dumb (Score:5, Informative)
Solutions like this are often used to prevent someone clocking-in for you. I used this type of solution at a sports club which used to go to, where you would enter your member number followed by you finger print. Chances are this is another closed system, so it the finger prints probably won't get much further than the database.
Oh no! (Score:2, Informative)
Seriously though, of course privacy is a huge issue these days, but worrying about your school stealing your fingerprints? You're a little extra special paranoid.
It's all stupid, and for stupid reasons (Score:5, Informative)
Apparently if you visit Brazil, Europeans and Brazilians go through one line. Americans, we can all step over here to get fingerprinted, retina scanned, etc.
Why? We do it to them, so they do it back. F.
They don't store your actual fingerprint (Score:5, Informative)
Not the image anyway. They store the relative positions of specific details of your print. 2 minutes on Google would have told you this.
The question remains though whether you want them to hold a representation (of any kind) of any part of your body on file.
Re:No contradiction. (Score:2, Informative)
Re:Contradictory (Score:4, Informative)
I am on federal work study right now and I have not had to submit my fingerprints for anything. You have a few options.
Accept that this is the way they track work study hours.
If you can afford it and the privacy concerns are too compelling, decline the work and let them know why in a formal letter. It may go directly to the waste bin but at least you made your reasons known.
Lastly, you can try to change the policy. Contact your student senate for some backing as they're the most likely to listen, although not the most likely to have power to change it. A couple of suggestions: Switch from bio-informatics scanning methods to plain old bar code badges, RFID chips or paper timecards.
My school does work study timecards on paper. It's probably the most likely to be abused, but it is convenient for everyone. I'd be more than happy to use an RFID token or bar code badge for clocking in and out. Wouldn't work very well for my specific job, considering I work from home, but in theory I would accept either.
Your ability to change the policy by force is pretty limited. Employment rights(especially regarding privacy) vary by state when it comes to work study. You could try to contact your local department of labor but it's unlikely they will give you anything other than a headache.
Re:They don't store your actual fingerprint (Score:4, Informative)
I've installed systems that work like this. They store afew statistical points of your fingerprint. If someone actually got those points that they stored, they still couldn't make a complete fingerprint.
This type of system is usually implemented due to former employees punching in for each other. This is a way that makes that more difficult.
Re:Non-issue? (Score:5, Informative)
Ask if the unit is FIPS 201 certified. If it is then you can be certain that no reproducible image leaves the unit. There's no more identifying data than a password or PIN that leaves the unit.
There are cheaper units on the market that centrally process the finger print image to speed up matching, which is open to abuse.
Disclaimer: I previously worked for a fingerprint / time-clock manufacture that produced FIPS compliant devices.
Re:It's all stupid, and for stupid reasons (Score:5, Informative)
Get over it. (Score:3, Informative)
Sheesh... this is the same as having public and private encryption keys. The private one is for you, the public one is... you guessed it, public, and cannot be used to reproduce or fake the private one. They only store enough data to verify your fingerprint again. VERIFICATION and IDENTIFICATION are two very different things. No privacy issue.
Move along, nothing to see here...
Re:They could go even further... (Score:2, Informative)
Re:What else should I do? (Score:2, Informative)
Been there, done that (Score:2, Informative)
OK, I've actually never faked a fingerprint myself. But I've read about research on it in Bruce Schneier's blog:
http://www.schneier.com/crypto-gram-0205.html#5 [schneier.com]
Care to guess what the batting average of most fingerprint readers was against someone trying to fool them?
(Answer: the eleven commercial fingerprint ID systems, together, wouldn't defeat my son's blindfolded Little League team.)
Re:They could go even further... (Score:1, Informative)
This isn't a flaw of biometrics so much as it's a flaw of any dongle-based, single-layer security system. For example, you have the same problem with a door with the same key issued to 1000 people -- yes it technically can be changed, but it's quite expensive, so in practice it's never done. That leads to people who should no longer have access still having access, and the ability to easily copy the key and use the copy without detection.
Your analogy doesn't apply to biometric credentials, where the issue is not cost in re-issuing a credential... but the complete inability to do so at any cost. This problem is actually quite unique to biometric systems. Any non-biometric "dongle" can be expired and re-issued if it's found to be compromised, whereas you have a limited number of fingers and when they're all used up you cannot under any circumstances issue a new fingerprint.
The solution is trivial. If you combined a password with a fingerprint there would be a secret bit of information that's easy to change AND a physical bit of security apparatus that's harder to reproduce/copy than a password. This same solution also solves the key problem above. And it's the same solution already used in all sorts of applications where security is actually important.
Multi-factor authentication doesn't resolve the problem that biometric credentials can't be re-issued. Once your biometric credential is compromised you can't reissue a new one, and you no longer effectively have two-factors.
Now, you could be concerned about them having your fingerprints on file -- I understand the desire to keep people from collecting information about you. But honestly, unless you wear gloves all day long, they could already have your fingerprints if they wanted them; fingerprints are not secret information in the first place.
The problem isn't people having your prints, it's a combination of 1) If their use proliferates, you have to give them to every organization you interact with. 2) Those organizations do stupid things like use them as a sole authenticator. 3) Criminals steal the biometric signature and and use it to authenticate as you. It's the social security number debacle all over again, and I don't believe people who say this stuff will only ever get used in systems that require physical proximity. Applications will start shipping these biometric sigs or their hashes over the network, and there will be flaws where you can impersonate someone if you have the sig, and the sigs will get compromised and collected by criminals, and you won't be able to re-issue them cause they're stuck to your body. If you need a dongle, just a re-issuable one... otherwise use another authenticator like an ID card.