My research into the state of child fingerprinting has led me to this extreme video – you will want to download it. Then let's look further at the technical issues behind fingerprinting.
Here is a diagram showing how “templates” are created from biometric information in conventional fingerprint systems. It shows the level of informed discourse that is emerging on activist sites such as LeaveThemKidsAlone.com – dedicated to explaining and opposing child fingerprinting in Britain.
Except in the most invasive systems, the fingerprint is not stored – rather, a “function” of the fingerprint is used. The function is normally “one-way”, meaning you can create the template from the fingerprint by using the correct algorithm, but cannot reconstitute the fingerprint from the template.
The template is associated with some real-world individual (Criminal? Student?) During matching, the fingerprint reader again applies the one-way function to the fingerprint image, and produces a blob of data that matches the template – within some tolerance. Because of the tolerance issue, in most systems the template doesn't behave like a “key” that can simply be looked up in a table. Instead, the matching software is run against a series of templates and calculations are performed in search of a match.
If the raw image of the fingerprint were stored rather than a template, and someone were to gain access to the database, the raw image could be harnessed to create a “gummy bear” finger that could potentially leave fake prints at the scene of a crime – or be applied to fingerprint sensors.
Further, authorities with access to the data could also apply new algorithms to the image, and thus locate matches against emerging template systems not in use at the time the database was created. For both these reasons, it is considered safer to store a template than the actual biometric data.
But by applying the algorithm, matching of a print to a person remains possible as long as the data is present and the algorithm is known. With the negligible cost of storage, this could clearly extend throughout the whole lifetime of a child. LeaveThemKidsAlone quotes Brian Drury, an IT security consultant who makes a nice point about the potential tyranny of the algorithm:
If a child has never touched a fingerprint scanner, there is zero probability of being incorrectly investigated for a crime. Once a child has touched a scanner they will be at the mercy of the matching algorithm for the rest of their lives.” (12th March 2007 – read more from Brian Drury)
So it is disturbing to read statements like the following by Mitch Johns, President and Founder of Food Service Solutions – whose company sells the system featured in the full Fox news video referenced above:
When school lunch biometric systems like FSSâ€™s are numerically-based and discard the actual fingerprint image, they cannot be used for any purpose other than recognizing a student within a registered group of students. Since thereâ€™s no stored fingerprint image, the data is useless to law enforcement, which requires actual fingerprint images.
Mitch, this just isn't true. I hope your statement is the product of not having thought through the potential uses that could be made of templates. I can understand the mistake – as technologists, evil usages often don't occur to us. But I hope you'll start explaining what the risks really are. Or, better still, consider replacing this product with other based on more mature technology and exposing children and schools to less long term danger and liability.