Fingerprint Requirement For a Work-Study Job? 578
BonesSB writes "I'm a student at a university in Massachusetts, where I have a federal work-study position. Yesterday, I got an email from the office that is responsible for student run organizations (one of which I work for) saying that I need to go to their office and have my fingerprints taken for the purposes of clocking in and out of work. This raises huge privacy concerns for me, as it should for everybody else. I am in the process of contacting the local newspaper, getting the word out to students everywhere, and talking directly to the office regarding this. I got an email back with two very contradictory sentences: 'There will be no image of your fingerprints anywhere. No one will have access to your fingerprints. The machine is storing your prints as a means of identifying who you are when you touch it.' Does anybody else attend a school that requires something similar? This is an obvious slippery slope, and something I am not taking lightly. What else should I do?"
What else should I do? (Score:5, Insightful)
Start looking for another job..
What University (Score:1, Insightful)
If you want to get the word out, give out the name.
You're dumb (Score:4, Insightful)
Its a time clock. Many jobs have them along with your address, phone number, date of birth, and social security number. Welcome to the working world. I could just as easily steal your fingerprints from your car door handle or the can you threw in the trash. After this fiasco don't expect the job offers to roll in.
As long as you are assured that your privacy (Score:5, Insightful)
Welcome to the new world (Score:4, Insightful)
Not saying that they couldn't do that, but you do realize (being an aluminum foil shielded card carrying Slasdotter) that 'they' can get your fingerprints, DNA and bog knows what else without much of a problem these days.
Hell, at least it's pretty unlikely to show up on Facebook.
It's like storing a hash. (Score:5, Insightful)
Apparently what it is storing is a statistical summary of the biometric information (if that's not redundant). It doesn't store the fingerprints themselves anymore than an operating system will store your password. With the password, whatever you type in has to have a hash which matches the hash associated with your account. With the scanner, the summary generated each time you plop your hand on the scanner has to match (to a significant degree) the summary on file.
But, yes, if someone finds your fingerprints somewhere else, and they have access to this data, they can be reasonably certain it is you.
Re:Modern Fingerprint Scanners dont keep prints (Score:1, Insightful)
That's not really the point. Once that hash or checksum or whatever of your fingerprint is stored and linked to you, they can still track you by pulling fingerprints from the items you own or touch. All they have to do is get your fingerprint from something and run it against the database with these stored values.
Not working there is not a solution. (Score:4, Insightful)
Not many posts yet but I already see a LOT of posts pushing the idea of not working for this employer. This is not a solution. If we don't fight it and win, it will be adopted by more and more employers until it snowballs into something too big to fight. If we think this is a bad idea, it needs to be fought now while it's still in its infancy.
I recommend... (Score:4, Insightful)
I am in the process of contacting the local newspaper...
Are you for real? Other than than the fact that they likely won't give a rats ass about this, you are treading on very thin ice. I'm not sure what it is you're planning on doing after graduation, but being labeled a well-known whistle-blower isn't going to do you much justice when you're out looking for a job.
biometric time clocks (Score:5, Insightful)
I installed these at a client.
The issue was the employees would take an afternoon off to go to an appointment, and get buddy to clock them out at the end of the day - The emplyoee would then get paid for an afternoon they didnt work.
The time clocks have a fingerprint scanner. You place your thumb on the device as you punch out. Now buddy cant swipe out for you, and you cant defraud your employeer.
They also had biometric locks instead of prox cards on the doors. Much more convieient then having to remember a card the few days when i was on site.
Re:find another job. (Score:1, Insightful)
Listen, buddy, it's way past the point of 'find another job'.
This type of Orwellian crap comes directly from the same people who run the same banks that ran our economy into the ground, and who literally rob from the rest of us in order to support their stupid police-state bullshit.
Ten years ago, when the big banks started requiring fingerprints for everything, I might have said the same thing, "find another bank". In fact, that's what I did. Let me tell you what I got out of it: jack-fucking-shit.
Banks that aren't backed by the legal fraud of the Federal Reserve system don't get to print money out of thin air. They don't get to hand out million-dollar mortgages to illegal immigrants with no incomes. They don't get to fund companies and work-study jobs that have no chance of ever turning a profit.
They don't get to do any of those things because they have to operate within the laws and within economic reality and can't rob savers and taxpayers at every fucking opportunity.
So, don't tell the rest of us to 'find another job' as though we live in some type of free-market meritocracy that respects property rights or anything else for that matter.
Because, as far as I'm concerned, those who can't manage to stand up for others when their rights are being trampled can just find another fucking country at this point.
Re:biometric time clocks (Score:2, Insightful)
For the love of god people, If your employees are doing this, don't install biometric scanners - just fire them.
Re:Oh no! (Score:3, Insightful)
If they want to check his presence, logging him in and out, there are other methods to do that. They don't need his fingerprints. It worked perfectly well with badges and/or company ID cards.
How exactly does an ID card verify his presence, rather than simply that someone possessing the card happened to run it through the machine?
And, yes, his fingerprints are all over the doorprint. Together with a gazillion of other fingerprints. And withoug registration that makes him one of the anonymous crowd.
As long as no one goes to the extraordinary effort of pre-emptively wiping the handle clean.
It's easy to ridicule people as paranoid. Instead, however, you should be thinking "why the heck are they requiring my fingerprints".
What I am comparing this to is, for example, using a social security number for identification, which seems to generate a large current of opposition here on slashdot precisely because it such a non-physical, easily reproducible security feature. I want anonymity as much as the next guy, but the one place I don't want it is in verifying my identity. (I would think most people could see the inherent contradiction in wanting both at the same time.) Ideally only one person will be able to gain access to things under my identity, that being me.
Fyi, pretty much any job working for the government or with children is much more invasive--you will actually have your prints submitted to a database for a background check, rather than simply having checksummed on the given machine. The latter doesn't seem that controversial to me.
Re:Modern Fingerprint Scanners dont keep prints (Score:5, Insightful)
like your finger? Look, if "they" want your fingerprint, they're going to come get it from you. If you're a suspect you will be fingerprinted. This time clock is not connected to a federal black-helicopter database, no matter how exciting that might be.
making a stink about something trivial like this makes legitimate privacy concerns look bad
Re:What else should I do? (Score:5, Insightful)
Those others and their indifference is part of the problem. If this university is doing this, you can bet that others have considered it. If this is successful and does not receive much opposition, others will follow suit. The result is that the people who do care about privacy are going to have fewer ways to protect it. So no one is forcing you to support this right now but when every such institution adopts these requirements, that will change. Of course by that time there'll be little or no hope of doing anything about it because it will be entrenched.
It's similar in some ways to the relative uniformity of cellphone service plans in the USA despite the multiple competing companies that offer it. A few such companies established pricing and service plans and were successful, so others adopted similar business practices. The result is that there's little actual innovation in the industry. None of the cellphone companies has any incentive to rethink their pricing, so I as a customer cannot vote with my wallet if I want, for example, text messaging prices that realistically reflect the actual cost of delivering SMS.
I'm sure there is a whole litany of reasons why an institution wants biometric identification. I'm sure that some of those justifications are reasonable enough. I just don't care, to be honest with you. I don't want to live in a surveillance society. If that means a few more unauthorized users gain access, or if that means a few more criminals avoid detection, I'm fine with that and more than willing to take my chances. Only cowardice would make me feel differently. It is obvious to me that a surveillance society is like a totalitarian state; it is created by means of baby steps. Each baby step down that path looks harmless enough at the time and plenty of useful idiots will sing the mantra of "I've got nothing to hide, so I'll surrender my privacy to anyone who asks." Stop this early when it seems minor and benevolent and you avoid the tremendous problems that become inevitable otherwise.
I'm sorry but I believe in fixing problems at their source. This is simple forgetfulness that a little self-discipline can easily solve. The privacy of every member of society that is never coming back once lost is far more important than the very minor inconvenience to you of learning to bring your ID card to work. To say otherwise is supreme selfishness and amounts to forcing your beliefs about privacy on everyone else. Those who like privacy appreciate that about as much as you'd appreciate being forced to practice a religion you don't believe in. I don't think you really are this selfish; I just think you're not considering the full implications of your position.
Privacy is a good default; anyone who doesn't want it can always become an exhibitionist with their personal information if that's what they want to do. I won't try to find ways to stop them since it's their choice and, unlike this slippery slope, doesn't affect me in any way either real or potential. Anyone who thinks that this won't grow and expand if it isn't stopped, who believes that the companies producing biometric machines won't seek new markets and new customers, who really thinks that no one would ever want to retain and datamine such detailed information about your habits and whereabouts, is frankly rather naive.
Re:As long as you are assured that your privacy (Score:3, Insightful)
sufficiently motivated.
to press their finger against a piece of sellotape.
And with an inkjet printer and blank check paper, you can commit bank fraud. How is the fact that you CAN cheat relevant?
At literally every hourly job I have ever held in my life, people "clocking in" to cover for friends has been a huge problem.
Its outright theft from the employer, yet people that would never steal physical property, will cheat a time clock without thinking twice.
Concerns = big waste of time (Score:2, Insightful)
Re:Modern Fingerprint Scanners dont keep prints (Score:3, Insightful)
big fucking deal.
Re:What else should I do? (Score:0, Insightful)
YEA RIGHT, drop your pants your anus is going to be scanned, if you don't like it find another job. no body is forcing you
Re:Non-issue? (Score:5, Insightful)
Safety means you won't get your finger chopped off by someone who wants to impersonate you to enter the building.
Safety (for people) is higher when there's no biometric system in place, becaus the bad guys don't have an incentive to chop their fingers off or gouge out their eyes.
Re:It's all stupid, and for stupid reasons (Score:3, Insightful)
Re:find another job. (Score:3, Insightful)
Let's get something clear here.
They are NOT finger printing him. They are having him clock on with a biometric finger print scan. There are certainly concerns with this sort of thing, but it's not the same.
Certainly there are issues with biometric scanning in regards to the quality of the scanners and what you do if your biometrics get compromised(which is possible), but biometric scanning is not the same as being fingerprinted. They'll only ever take one finger, and generally speaking the resulting hash probably won't even be useful outside the proprietary hardware it's running on.
As for looking for a new job, after making a huge fuss about this and accusing them of acting like a police state in the papers, they're more than likely to sack his ass anyway.
No substitute for good management (Score:5, Insightful)
The purpose of this device is to keep people from cheating on their hours. You can get all Big Brothery all you like, but there is one and only one technology that can reliably ensure that people come to work and do the jobs they're paid to do.
It's called "management". The way it works is, you know your employees' names, you stop by their workstations, both to help them with problems they're having and to check to see that they're doing their jobs. You build up a culture of trust, so that when they need to leave work they *tell* you, and you arrange for them to make up the time.
Or you can treat them like condemned criminals, and let them be monitored by machines while you sit in your throne of an office eating donuts and browsing bmw.com. It's really up to you.
Re:I recommend... (Score:3, Insightful)
We need a +1 coward moderation.
There are plenty of arguments about why this guy shouldn't be concerned about using his finger print to clock in and out, but being worried about being labeled as a honest man who fights for his principles isn't one of them.
Re:They could go even further... (Score:3, Insightful)
Ehm, wouldn't that still enable identification via fingerprint? Get the prints off a drinking glass, measure the points, input the data, and see if the hash matches one stored in the database?
Re:They could go even further... (Score:5, Insightful)
Wouldn't work, for technical reasons.
Both major algorithms need to be able to compare the data from an authoritative database against the test sample.
The reason for this is no two scanners, in fact even the same scanner will not produce identical results for the same fingerprints. There will always be "fuzziness" to the data that the algorithm must interpret.
Re:What else should I do? (Score:3, Insightful)
Your rights to what exactly?
Re:Non-issue? (Score:2, Insightful)
We use a lot of students where I work. I can speak from experience that students, especially part-timers who like to squeeze in hours whenever they can, are without their badges and ID cards a lot. Either lost or left in the dorm room when they left for the day. As someone who is responsible for getting a temporary day-badge for my co-op whenever he forgets his, my first reaction was something like "cool! How can I get me one of those?".
I suppose I don't know exactly how this system works, and thus what kind of privacy implications might exist. But I can imagine the privacy implications here are no different than all the other personal information employers routinely collect about their new hires.
Re:They don't store your actual fingerprint (Score:3, Insightful)
I have nothing to hide
I suppose some people will accept a lot of money to surrender their freedoms. It must be nice to live in a little world where the only thing that matters is the size of a paycheck.
Everything costs something, I guess.
My compliance opened-up new opportunities and is certainly better than living off Welfare or doing the Walmart shuffle.
Yes... those are the only two options available. Surrender your privacy or go on welfare. Service guarantees citizenship!
Re:find another job. (Score:3, Insightful)
"This type of Orwellian"
Oh, holy shit! I'm as much concerned about privacy as any other next guy and then probably more, but this is crystal clear:
1) Do you think there's a need for authorization (you can go in, you can't go in)?
2) If yes, then you need authentication. As in you *need* authentication or else no one will be sure the authorized guy is the one meant to be authorized.
3) If you need authentication, then biometrics is quite a good candidate (while not absolutly great: once it gets tampered there's no easy replacement)
Privacy is not about nobody tracking your steps; it's about nobody tracking your steps except for really valid reasons and only for as long as those valid reasons stand valid.
Re:It's all stupid, and for stupid reasons (Score:1, Insightful)
Placing "no foreigner" signs in a few places you would make you no better than the a%$holes that place them in japan. Placing "No Japanese" signs would be reciprocity.
Re:They could go even further... (Score:2, Insightful)
They could do even better than that, they could take relative position information you described and then hash it. Hashes are one way, no one can recover the respresentation once it is hashed.
even with a "secure" hash, if the recorded data has low entropy, you can still guess it in an offline dictionary attack. If you believe otherwise, please post your /etc/shadow for us, thanks!
But seriously, it's besides the point whether they store hashes or high-res pictures of your fingers. Whoever gets their hand on the database can still identify the prints you leave everywhere. High-res pictures just make it easier for them to impersonate you [blogspot.com] to other fingerprint scanners.
Re:They could go even further... (Score:5, Insightful)
This leads to the principle flaw of biometrics: If someone manages to reproduce the key (synthetic fingerprint for example), there is no way to issue a different key to the owner of the original. Anywhere you authenticate with a fingerprint, the people who control the system can gather all information which is needed to create a fake fingerprint, plus there are countless other ways to get a person's fingerprint, and you still only have that one set of fingerprints that you can't change. What are you going to do then?
Re:Non-issue? (Score:1, Insightful)
I remember getting fingerprinted when I was in grammar school back in the 70s and my wife does as well. I have yet to hear any stories at all about how that was detrimental to anyone's lives. I got fingerprinted again when I got my license, and again when I joined the military.
I believe BonesSB is suffering from a bad case of paranoia.
Re:They don't store your actual fingerprint (Score:5, Insightful)
I totally agree with commodore64_love
I don't want the government tapping into my phone, spying on my Internet traffic, or searching through my house without just cause.. but we're talking finger prints here.
And while I do agree.. saying the only alternative is welfare was a little extreme.. you are definitely limiting yourself by refusing to allow any intrusions into your precious privacy.
I suppose some people will accept a lot of money to surrender their freedoms.
This is completely true.. and I think in a lot of cases.. people are better off for it. Everything is a balancing act.. certain jobs (especially government) require a fair degree of background checking.. this is of course an invasion into your privacy.. but you are compensated for it (both financially and in terms of getting to work on some really cool stuff).
It's not about completely selling out your privacy.. but it's not about living the life of a paranoid delusional who thinks the world is out to get them either. It's about finding a balance you're comfortable with.
As someone who has "given up" a lot of privacy in exchange for a very enjoyable career.. I've felt no ill effects from it. What exactly do the tin foil types of the world think the government / Illuminati / whatever .. are doing with this information.. and specifically.. how do they think it's going to realistically effect their lives in an actual concrete way (vice some paranoid "when the commies come back" throb).
Re:They don't store your actual fingerprint (Score:3, Insightful)
And... just what "freedoms" are being surrendered? The contents of our lives are sequestered already in many dozens of places. Our complete physiology in doctor's files. Tell me the government is hands-off with those? Pictures on our driver's license - how is that different from a "picture" of your fingerprint? Nowadays even that is digital and contains a lot more information about you than your fingerprint. Surely you have a driver's license, doncha? So, what freedoms have you surrendered? You get to do what? Drive. Anywhere. Sounds pretty free to me. You guys are freaking out over nothing when other governments in history have done a lot worse with far less already. There is no such thing as true freedom in any society. No such thing as a utopia when people have to live with each other. Life is about compromise and meeting each other half way. And do you think people on welfare have more privacy than those who are not? What planet did you arrive here from? The only way is to completely drop out of society altogether and go squat in some forest or out in the jungle and live as a hermit. If that is what you want, well - that's freedom for you. Freedom for me is being able to live a lifestyle that allows me to explore my potential and raise my family. Guess what? Even people in China do that. There is always something to gripe about no matter what society you find yourself in. But while you are focusing on the worst, you are missing the best. Live your life to the most that it can be lived - it's far too short to spend it imagining all the bad things - like that nitwit who flew an aircraft into the IRS building, as if that would change a single thing and did nothing more than murder a 9-5'er, leave his wife and kid homeless (and no doubt in debt for a burned home they can't collect insurance from) and he's a hero to no one - only one big loser. That's the road you walk on when you spend all your time whining about how the government wants to take away all your freedoms and live your life as a victim. Guess what - the government is going to do stuff you disagree with no matter how much you cry about it. Deal with it and move on. There's life to be lived - live it. Vote where you can, try to make your part of the world a better place where you can, and live your life.
Re:They don't store your actual fingerprint (Score:1, Insightful)
I suppose some people will accept a lot of money to surrender their freedoms..
I fail to see what freedoms you are giving up by positive identification used legitimately for preventing fraud. If you are concerned about your information being in a database somewhere, you should not have been born in a civilized country where your information has been on file since birth. This is a means of identifying you, one of many that exist, and if you do not wish to be identified, it begs the question of what is it you wish to hide, or perhaps you are one of the perpetrators of the actions this system was designed to prevent? What is it you fear will happen by using a piece of unique information that is readily accessible to you for identification? It seems people are overly sensitive about "privacy concerns" these days, taking them to the extremes of germophobes who keep bottles of hand sanitizer and latex gloves on them at all times in the event they might use a doorknob someone else might have touched in the time it has been in existence.
Posting anonymously because human beings can be very spiteful when their favorite stances are disputed, something I consider a legitimate reason for anonymity. You may not agree with it, but at least I gave an actual reason.
Re:They could go even further... (Score:4, Insightful)
Re:Disney World (Score:3, Insightful)
Yes, and I was equally concerned with them using these at Disney World! Thankfully they don't collect fingerprints from kids - maybe they're also concerned with the potential legal issues?
Hint - at least at Disney World you can decline. You simply have to show picture ID. Don't be a sheep - at least ask what your options are, how your privacy will be protected, and what THEIR liability is if there is a breach in that privacy.
MadCow.
Re:They don't store your actual fingerprint (Score:3, Insightful)
I agree. I just pulled out my Pennsylvania drivers license, and it has on there my eye color, height, and *sex*.
That's a privacy concern.
OH MY GOD THERE'S A PICTURE OF ME ON HERE TOO
Re:What else should I do? (Score:4, Insightful)
That seems like what you're doing. The problem is that others are willing to trade off some privacy to get some convenience. Look at Facebook.
Re:They don't store your actual fingerprint (Score:3, Insightful)
I think we've let enough intrusions in our "precious privacy"
Too much.
Re:What else should I do? (Score:1, Insightful)
I agree .. if you don't like it .. don't do it. No one is forcing you to.
You know, that's the same thing bosses used to tell secretaries that didn't want to give them sexual favors back before that kind of thing was made illegal.
Re:It's all stupid, and for stupid reasons (Score:4, Insightful)
Nope, because the non-voters agree with everything that comes up by default.
Re:biometric time clocks (Score:2, Insightful)
Re:They don't store your actual fingerprint (Score:3, Insightful)
So first you bash people's legitimate desire for privacy, than you claim to have a legitimate reason for anonymity? You *do* realise, don't you, that anonymity is just another aspect of privacy?
So, either you're for privacy, or you're not, but stop pretending you have a legitimate reason for abolishing it while taking full advantage of it.
Required reading [ssrn.com] for those 'I've got nothing to hide' people.
Also, perhaps you can explain how somebody chooses not to be born in a particular country?
Not posting anonymously because I'm not scared of what people have to say.
Re:It's all stupid, and for stupid reasons (Score:3, Insightful)
Re:What else should I do? (Score:4, Insightful)
Re:They could go even further... (Score:4, Insightful)
Re:They could go even further... (Score:5, Insightful)
This isn't a flaw of biometrics so much as it's a flaw of any dongle-based, single-layer security system.
For example, you have the same problem with a door with the same key issued to 1000 people -- yes it technically can be changed, but it's quite expensive, so in practice it's never done. That leads to people who should no longer have access still having access, and the ability to easily copy the key and use the copy without detection.
The solution is trivial. If you combined a password with a fingerprint there would be a secret bit of information that's easy to change AND a physical bit of security apparatus that's harder to reproduce/copy than a password. This same solution also solves the key problem above. And it's the same solution already used in all sorts of applications where security is actually important.
It's not in use for this timeclock system because the problem they're trying to solve is not a high-security application. They're going from the honor system for clocking in to a single-layer physical-dongle security system, likely in an attempt to raise the barriers for clocking in a co-worker. If they were relying on this system to allow you to make changes to your direct deposit account it would be a problem, but for the stated application I don't see why it's a concern.
Now, you could be concerned about them having your fingerprints on file -- I understand the desire to keep people from collecting information about you. But honestly, unless you wear gloves all day long, they could already have your fingerprints if they wanted them; fingerprints are not secret information in the first place.