Tuesday, 9 June 2009

Finger print for 'Catering improvement'

•       As part of an ongoing Catering improvement programme for the 2009 academic year we are planning a few changes. This communication is designed to explain these changes.

•       We currently use swipe cards as the middle and high school lunch payment method, and although this system does have is benefits; it also has its limitations.  Students often forget and/or lose these cards. This can sometimes result in long queues and bottlenecks.

•       To improve efficiency and speed at the tills we are planning to introduce a biometric thumb print recognition for all students in Grade 5 and above.

➢       This means that we will register the students by taking a simple scan of their thumbprint; this will allow them to pass through the pay points quickly, securely and without having to remember cash or a swipe card.
➢       This lunch payment technology is already used successfully in schools across the UK.
➢       We will retain our existing food court tills, the students will simply need to have their thumbs quickly ‘scanned’ to providepayment.

How is this being introduced?

•       We have just completed a successful three - week trail of the system with our dormitory students. The next step will be to register the remaining students. This will be performed by Catering staff at a designated registration help desk in the cafetorium during the week commencing April 27th 2009.

•       Lower School students will not be included in this scheme at this juncture.

•       All NEW 2009/10  Middle & High School students will be registered on the system during the Orientation day in August.

•       A very small percentage of students will have thumbs that are not possible to scan or they may prefer not to have their thumb’s digital signature recorded. These students can be issued swipe cards which also work on the tills as an alternative to the biometric system.

•       ALL EXISTING card users are requested to PLEASE RETAIN YOUR LUNCH CARDS as a back up or alternative.

•       Please read on to view some of the most frequently asked questions regarding thumb print recognition.

Should you have any further questions or require more information please contact .....Head of Catering using the following email address:

Frequently Asked Questions.

Are you actually taking a finger print of our child?

We will take a digital signature of your child’s thumb, which our software breaks down into data points, similar to reference points on a map. The software then turns these into an alpha-numerical string, which is then stored on a dedicated SQL server. We are NOT taking a picture image as would be used for example in a police station.

So, what prevents this data from being read by someone else to identify our children?

The data is encrypted using 128-bit encryption and represented as an alpha-numerical string and most importantly the data cannot be reverse engineered, or put another way the string of data can never be used as anything other than a string of data.

Is this the same as the police get when they take a fingerprint?

The police keep a picture of a finger print. It is not possible to take our digital capture and turn it into such a picture. It cannot be matched with a fingerprint or used by the police.

Is the database of thumb scans secure?

The digital captures are stored on a dedicated server. No access would be permitted other than as required by the requirements of the Data Protection Act.

How does the software work?

During the thumb print initiation process a digital signature is captured. The data is stored on the site server. The digital image is matched against a thumb on the digital personal scanner with software matching against the users unique issued ID. This process takes less than 0.6 of a second.

 Can a swipe card be used as well?

As the software is matching against a card number if the user also has a card, which can used in lieu of a thumbprint.


  1. Companies processing personal data must comply with the eight data protection principles.
    1. Data must be fairly and lawfully processed
    2. Data must be processed for limited purposes
    3. Data must be adequate, relevant and not excessive
    4. Data must be accurate
    5. Data must not kept longer than necessary
    6. Data must be processed in accordance with individuals' rights
    7. Data must be kept secure
    8. Data may be not transferred to non-EEA or EU countries without adequate protection

  2. Here are some interesting view exchanges we had on Twitter on the subject of fingerprints. Tkx all Twitters for your participation.

    sectorprivate@clarinette02 DNA can be used to show your risk for disease
    sectorprivate@clarinette02 Retinal scans can show blood vessel constriction causd by illnss. I was givn a clean bill of health by my optometrist lst appt
    Yzabel2046@clarinette02 no, they never change. The English army has discovered they were different for every man
    frumioj@clarinette02, ;) but if for high-value transaction then there will be value in copying kids fingerprints... leading to nasty things.
    sectorprivate@clarinette02 Fingerprint as a biometric: Unlike retinal scans or DNA, medical info cannot be derived.
    PrivacyProf@clarinette02 Indeed; most privacy breaches were not anticipated/foreseen at time PII was originally collected much earlier; do PIA 2 help
    ProfJonathan@clarinette02 Again, what could said person do with it? Are students' fingerprints useful anywhere else? That said, security is vital.
    ProfJonathan@clarinette02 @PrivacyProf Leak not a concern, unless data used elsewhere. i.e. If fps generally are used as identifiers (like SS#s here).
    PrivacyProf@clarinette02 Thought EU privacy laws required opt-in to take fingerprints? Doesn't apply to children? Or schools are exempt?ProfJonathan@clarinette02 @PrivacyProf Anytime such a db held by a vendor, use/misuse/loss an issue. Can parents organization hire an auditor to verify?
    PhillybergRT @clarinette02: Please read and share your views and concerns :
    PrivacyProfSchools fingerprinting children RT @clarinette02: Please read and share your views and concerns :
    filemot@clarinette02 lots of patents on fingerprint and other biometric ID tech - some even I have drafted. Great while school keeps server secure.

    ProfJonathan@clarinette02 Seems like good precautions. I can't advise on Data Protection Act. Also, what else can FPs be used for, if database leaked?
    sectorprivate@clarinette02 Get them even earlier wt these PlayMobil Airport Security ScanIt Xray machine
    frumioj@clarinette02, for low-value thing like this, not much danger. But if thumb scan used later in life for something else higher-value...
    ProfJonathan@PrivacyProf @clarinette02 I'd be concerned about where that database was going and by whom it was used. School controlled or vendor?
    PrivacyProf@clarinette02 Who will have access? How will they B used? How long will they be kept? Where will they B stored? Modifiable in storage? Etc.
    Oedipus_Lex@clarinette02 Clean jelly baby, place on thumb scanner. You now have a copy of the last thumb print that was used on it. Simples!
    PrivacyProfGood Q RT @clarinette02: What do you think are the danger - privacy wise - of kids thumb scanning for payment at school cantines?
    about 1 hour ago from TweetDeck
    sectorprivate@clarinette02 It would reinforce the message to kids that this is an acceptable practise. Acclimate them early to surveillance society.
    Oedipus_Lex@clarinette02 You can get round thumb scanners with a jelly baby.
    sectorprivate@clarinette02 Every school would have a biometric database or access to the DB. Exponentially increases risk of data exposure.
    sectorprivate@clarinette02 Subsequent use of fingerprint database by law enforcement authorities, government agencies.
    science_ip@clarinette02 It was a good diversion and a chuckle this morning. I agree with out showing their methodology it is just an amusement

  3. Sectorprivate said : on Retinal scan see

  4. The info in fingerprint data base has no actual value, BUT these kids might become someone in near future, or future payment by fingerprint
    @PrivacyProf very hard to predict the future implications when technology evolute so rapidly.
    @sectorprivate you mean retinal info and DNA reveal medical info?
    Can't personnaly see what can be done with these fingerprints. Still, in longer term maybe? Fingerprints never change do they?
    @ProfJonathan what if an employee stored the info for himself or ....? System get hacked? You know USB get lost....
    @PrivacyProf in this case, we had an opt out option, I reacted too late+ kids don't want 2B different and enjoy not having 2remember card
    @ProfJonathan yes leak always an issue. Isn't that with everything? Digital make every issues 'faster viral', 'easier process', bigger scale
    @ProfJonathan I am concerned about how safe they keep the database especially after contract is ended, bankruptcy or rubbery.
    @frumioj hmmmm don't tell me the cantine is low value, it cost me a fortune LOL@sectorprivate hmmm Hadn't thought of that. Baby Big Brother training. Yes

  5. What's wrong with teaching the middle school and high school students to be responsible and remember their swipe cards/lunch money?

  6. I hated swipe cards at school. doesn't mean I want to them to scan my thumb. The thing that worries me is once you are on a list / in a database you never get out - ma not really impact you as a kid - its the whether it can be used against you later in life issue.

    Not really to do with this but fingerprinting in general - what if you can't give finger prints. My mum is in that category - we visited America all the time (pretty much every yr) when I was younger the last time just before 9/11, since then we hadn't been, my parents went back last yr only to be faced with having to give fingerprints - complete nightmare trying to get in the country because my mum's hand.