The Threat of Biometrics

by _cHiCkEn_

My school recently underwent a renovation.

Schools in Pennsylvania are spearheading a push for biometrics as identifiers for everything from entry systems to school lunches.  Probably has something to do with the fact that our last governor (Tom Ridge) resigned to take the president's position of the head of Homeland Security.

The first - and the biggest - pain to myself and the other students of our hick town is the biometrics for school lunches.  It's built using a combination of software made by Food Service Solutions (www.foodserve.com) and a biometrics suite called MorphoTouch made by Sagem Morpho, Inc. (www.morpho.com).

To get the system initialized, we were all assembled at lunchtime and scanned in using both forefingers.  Along with this, they associated our student ID.  Conceivably, the MorphoTouch website says that any data can be stored in these files (obviously this is true, because Sagem Morpho has contracts with several military and governmental organizations).

The MorphoTouch uses a set of 27 non-alterable points on the finger as the basis of its biometrics.  These points are calculated and fed into a one-way algorithm.  The results of this algorithm are compared to the results stored in each student's file in the Food Service Solutions' database.

Supposedly, this number cannot be fed back into the algorithm to get the fingerprint, but one wonders with Sagem's close relationship with law enforcement.  Needless to say, the original quality of the fingerprint scanned is said to be non-permissible in a court of law, yet it could still help authorities to some extent.

This whole system is said to keep the classic story of the bully stealing someone's lunch money from happening, yet it's a moot point.  That hasn't happened in ages at my school and, if they really wanted to, they could just steal the lunch itself.  Parents are allowed to deposit money in the student's account and are assured that the money cannot be spent for anything else.  They are automatically notified by a printout or even an e-mail when the student runs into the negatives.

Now, onto the second pain (which has yet to be completed).

My school's had a long-running problem of unauthorized access after hours.  It is said that back in the day when the school had given keys to the teachers that about 60 percent of the town had a copy.  Then they went to a randomly generated keypad system, which, after some time everyone knew the PIN to also.

Now they've taken extreme measures on this issue.  They've installed a remote smart card reader manufactured by HID Corporation (www.hidcorp.com).  This card can be read up to eight inches from the keycard reader by the doors.  The card reader also has a keypad which can use either a PIN for access or the smart card.  But this reader may also be configured to require both the smart card and the PIN.

I've heard rumors of including the already established MorphoTouch system as a facilities access control as well as the HID system - this stands to reason since all the teachers were required to give up their fingerprints too.

Some students have resisted these advances.  Parents have been forced to write notes to the school for their children to be allowed to still eat lunch without giving up their fingerprints.  They've been forced to remember their student ID number instead - which is almost as bad since their money is still stored in the same Food Service Solutions' database as everyone else's.  The cafeteria manager has been especially hostile to such students, even going so far as to phone students' homes and get into heated conversations with their parents.

Here in South Central Pennsylvania, we're on the bleeding edge of technology, biometrics, civil liberties, and the wish to murder tree huggers.