Biometric Technologies in Schools
Guidance for Education Authorities
Section 1. Introduction
Sample responses:
- "The guidance neatly directs authorities to consider whether biometrics is the right solution to the problem trying to be solved." (Aberdeenshire Council)
- "It would be useful if the introduction clearly specified the potential uses of biometric technologies in schools." (Dundee City Council)
- "Section 1.2 States clearly that the use of biometric systems in schools is a decision for education authorities to make. It informs authorities of good practice to be followed in implementing such systems. It asks if there is an identified need for such technologies and lists as key issues, the question of consent by users and their parents including the right to opt out without penalties" (Wester Cleddens Primary School, School Board)
16. The Introduction of the draft guidance explains who it is primarily aimed
at, where the decisions to implement a biometric system rest and what other guidance is available. It also mentions some of the issues which are to be discussed within the document such as the question of consent and the right
to opt out.
17. Eight responses made specific comments on the issues outlined in the introduction of the draft guidance. One respondent was concerned that the use of the term "good practice" in paragraph 1.1 indicated an assumption that these technologies would be used in schools. As already noted, it is the case that biometric technologies are being used in Scottish schools and that is why we have produced the guidance. Conversely, another respondent commented that the recognition that "some Scottish schools - like schools around the world - will be considering using biometric systems" as "welcome".
18. There was a suggestion in one response that a list of potential uses of biometric technologies within schools should be included in the introduction of the guidance. Examples of the use of biometric technologies in schools are given in section 4.1 on page 4 of the draft guidance. It is not an exhaustive list and further uses may emerge in time.
19. Another response indicated that it was helpful that the guidance emphasised early on that any decision on the implementation of biometric systems in schools was a decision for the education authority. Other responses, however, raised concerns about the fact that this decision is one for education authorities to make. One respondent suggested that "it would be preferable if the good practice contained within [the draft guidance] were to be placed on a statutory footing rather than being left at the discretion of education authorities." Another considered that "there is compelling need to consider the matter within the Scottish Parliament, particularly to consider wider issues of civil liberties and to consider giving national effect to the "opt out" principal".
20. These concerns, while certainly pertinent to any debate surrounding the use of biometric systems, focus on legislation rather than how existing legislation and good practice is expressed in guidance.
Section 2. What is Biometric technology?
Sample responses:
- "While paragraph 2.1 identifies some measures that can be used, it must also be recognised, that other measures, such as DNA or body odour recognition may also be used." ( EIS)
- "The guidance is clear and concise in its description of the technology and the type of systems that exist. During the description of the technology, the guidance does well to take the opportunity to raise the question of proportionality once again and directs authorities to ask themselves the question on whether this is the right use of technology to solve an education establishment problem." (Aberdeenshire Council)
21. This section of the draft guidance covers what is meant by biometric technology; the administration of these technologies; approaches to recording biometric information and the reverse engineering of images from stored, encrypted, numeric data.
22. A number of the comments on this section of the guidance were concerned with the last of these issues, pointing out that there is "debate by experts as to whether, in fact, this [the reverse engineering of images] might be possible in the future, and perhaps this view needs to be included in the document with a reassurance that a watching brief on emerging developments regarding fingerprint and palm recognition would be maintained, and by whom."
23. Other respondents expressed similar concerns about the wording of paragraph 2.3 of the draft guidance. One respondent pointed out that "Allegedly foolproof encryption strategies may prove to be anything but, and we would welcome clarification in the guidelines as to whether the numberstrings and/or algorithms into which a biometric is converted could ever itself be used to identify an individual independently of the system-in-use within a given school."
24. This respondent also suggested questions that should be considered before electing to use biometric technologies within a school such as: "What would happen if the technology broke down?", "Will data be backed up in another place - which, if so, suggests that data is electronically transferrable - or will pupils simply be required/asked to re-register if the first finger or palmprint they gave becomes unusable?" "Will the numberstrings into which the biometric identifiers are converted ever be stored on - easily mislaid - CDs or flashdrives?" Also, "Will any local authority ever have remote access to the computers on which encrypted biometric data is stored?"
25. Another response asserted that "contrary to vendors' claims, it is possible to reconstruct images from stored templates" and that there is "widespread published literature on methods for reconstructing images from templates." Furthermore, it claimed that "it is not actually necessary to reconstruct original images for the privacy of subjects to be invaded." and that "Someone attempting to match a print to a child could identify the child by running the print through the enrolment algorithm to generate a template. Comparing the generated template with those stored in the database would yield a match with the person to whom the print belonged."
26. The possibility of the type of situation described above occurring, while impossible to eliminate entirely, can be diminished. The draft guidance states in paragraph 8.1 that one of the considerations to be made before electing to install a biometric system is whether a Privacy Impact Assessment ( PIA) has been conducted. In conducting a PIA, aspects of any project under consideration would include design issues and the identification of ways in which negative impacts on privacy can be avoided.
27. The Information Commissioner's Office ( ICO) state intheir response to the consultation that "In considering the introduction of biometric systems, the ICO would encourage the use of the check-list provided within the consultation paper to assist in justifying the decision. Moreover, the ICO is particularly pleased to see the emphasis placed on carrying out a Privacy Impact Assessment ( PIA) prior to the introduction of a biometric system. PIAs are an excellent tool in identifying potential privacy costs and benefits and formulating strategies to address problems at the outset of policy development as it is much more costly to try to address negative privacy impact after implementation. The ICO would be happy to work with any education authority considering introducing biometric technologies in its schools."
28. On the issue of the reconstructing of images from encrypted numeric data, the ICO state that "The obvious benefit of a derived numeric is its resistance to reverse engineering for nefarious use" and that "this system is less intrusive and is more secure". They make the recommendation that " converting data into a numerical value is the only system used."
29. A response which was received from a software company claims that if the unencryption of an algorithm were possible, "the unencrypted algorithm can match one of many thousands of other algorithms. An algorithm is not unique, and is only of use when compared against the same finger being used in another application." In the same response the point is made that "Should anyone wish to capture biometric data from an individual they need only to procure a glass that the individual has held, and they have a permanent record of someone's biometric."
30. This, of course, is a statement of the approach of this one particular company and does not negate the importance of attention to the seventh data protection principal as also indicated in paragraph 73.
31. There is clearly a concern about the statement in paragraph 2.3 of the draft guidance that biometric information "cannot be reconstructed from the data". We will reconsider the wording of 2.3 when redrafting the guidance.