The old, tired Big Brother-type fears reared their ugly head again last month — this time in Florida . And it could create a ripple effect that will be felt by any security dealers and integrators who specify, install or even recommend biometrics to school end-users.
In early April, under the guise of an “education data privacy measure,” the Florida legislature collectively voted 151-2 to ban the use of biometrics by students in Florida Public Schools. Its passage meant that Pinellas County Schools would have to do away with their palm scanners and related technology, which cost about $155,000. The school system has used the scanners for four years to automatically debit lunch accounts and speed food lines, giving kids more time to eat. Schools have 30 minutes to feed more than 1,000 students; as we know, a scan takes 1-2 seconds.
According to a report in the Tampa Tribune, State Sen. Dorothy Hukill, R-Port Orange, has pushed the ban this year, worried that children's identifying information could be stolen out of computers and used for identity theft. According to the Secure Identity & Biometrics Association (SIBA) — and as many of you are probably thinking right now — she is pretty uninformed.
“The Florida Senate's near unanimous vote to ban biometrics in all schools lacks common sense and denies schools the opportunity to improve safety, standards and fiscal accountability,” SIBA said in a statement. “The vote is based on misunderstood science and penalizes the entire state because two districts out of 67 counties failed to follow simple and obvious program protocols. As a result, sensible biometric program implementation that includes these protocols in places like Miami-Dade are threatened because legislators believe that using biometrics to keep kids safe on buses and well fed in the lunchroom could lead to identity theft.”
SIBA points out that biometric technologies do not store identities; they store templates, or a series of numbers, to correspond to the mathematical features of the physical attribute — whether it is an iris, palm or fingerprint. The state can require that no actual biometric images are stored as well, which is the case with most programs that exist today. Vendors usually do not store images in order to protect privacy and adhere to international standards, ensuring that a system breach would only provide a jumble of useless numbers.
Reverse engineering back into an image is difficult. Even if an image were obtained, identifying a particular child from just an iris or fingerprint, for example, is impossible. "It is a myth that identity theft and biometrics go hand-in-hand — biometrics helps prevent identity theft,” Janice Kephart, founder and CEO of SIBA said in the statement. “I should know — I drafted the digital federal criminal identity theft law signed by President Clinton in 1998 and used by federal prosecutors to go after identity thieves."
While the security dealer/integrator community is generally focused on access control when it comes to biometrics, this Florida decision can set a dangerous precedent — one that other school boards, districts and state legislatures may adopt themselves. What do you think is going to happen when a Florida integrator suggests to a school customer that they deploy iris scanners as a means of access control? After this, my bet is they will be laughed out of the room.
The dealers, integrators and manufacturers of the security industry should be on the front lines when it comes to technology acceptance; and our industry associations should have been in front of the Florida legislature. Your expertise should be leading your customers — whether schools, governments or even residential end-users — to be first in line to embrace technologies like biometrics instead of pushing them away due to unfounded fears of identity theft, Big Brother, the NSA or whatever.