July 11, 2006 | Glyn Wintle

700,000 children fingerprinted by schools

Children are being threatened with exclusion from school unless they submit to being fingerprinted, reports Leave Them Kids Alone. This Daily Mirror story illustrates the size of the problem:

FURY erupted yesterday after it emerged an estimated 700,000 children are being fingerprinted at school.

Systems in 3,500 primary school libraries allow pupils to take out books by scanning their thumb prints instead of using a card.

But campaigners warn the technology is a massive invasion of privacy and a step towards a "database state".

With an average primary school size of 200 pupils, pressure group No2ID says at least 700,000 pupils are regularly having their fingerprints scanned.

Fingerprint scandal of 700,000 kids - The Daily Mirror

For more on children's rights, visit the ARCH website.

Comments (18)

  1. Colin Saxton:
    Nov 16, 2008 at 12:04 AM

    Callam McMillan, I am also a developer of 30 years now and I have seen it all and know *exactly* what is happening here. Its called cushioning the blow.

    1. Its very easy to change the software to read this information differently. It doesn't have to store it as a hash...it can be what the software chooses.
    2. I could write software in a day to strip, click and save every fingerprint on these things.
    3. I could install some software in under 2 hours that would copy this database over the net to a central database.
    4. The government knows full well what they are doing here...they are just relying on the public (as always) to sit back and take it look good little citizens!!
    5. Its definitely for installing a central database in the future. Don't tell us its for making it easier to check out books for kids! I have already heard someone say on another site that using this system for checking out kids library bucks is like using a gold plated hammer to crack a nut!

    Yes I do have wide experience on all kinds of devices biometric, mobiles, the kitchen sink...you name it I have done it and I KNOW FOR A FACT that this is fore the nation database not for library books!!!

  2. Mike Little:
    Jul 12, 2006 at 11:02 PM

    Before the panic sets in on this one, I'd like to clarify some facts.

    As the Daily Mirror points out, amongst it's emotionally charged reporting, only one thumb is being scanned. As someone who has seen this library software, the PCs it runs on, and the scanning equipment, I can assure everyone, this is nothing like being "fingerprinted" by the police or any other agency which would want to store biometric data.

    I don't believe that the fingerprint scanners used in the school library equipment are of a high enough quality to be used for serious security (see below).

    Even if they were, and that's a very big if, it should be the least of any one's worries. There is next to no security on any of the systems at a lot of schools. Certainly, in my experience, the PC's in the ITC rooms have little or no security: typically teachers all have the same easily guessable password. Those PCs typically contain unregulated personal information and photographs the kids are working on. In my area, PCs are regularly stolen wholesale from schools.

    Even if decent security measures were in place the teachers are often too ITC illiterate to implement them.

    The PCs with the school records on are usually slightly more secure, though I have seen the school receptionists with passwords written on yellow Post-It notes. That's the password to the software that has the official pupil information like name address, next of kin etc.

    Getting back to the article, No2ID's figure of 700,000 pupils is pure speculation. I have no idea where those numbers come from, the 35,000 of schools seems to come from the Daily Mirror. The average 200 pupils could be from anywhere. A quick google finds me the the following DFES (Department for Education and Skills ) document: "Schools and Pupils in England: January 2005 (Final)". Figures in that document show that in January 2005, there were 25,335 schools including nursery, primary, secondary, special, and independent schools. Interestingly the TES Schools Directory seems to think there are 33,000 schools in the same categories.

    The same document notes that there are a somewhat over 8 million pupils in those schools. That comes out at an average of 326 pupils per school. So where does the 700,000 figure come from? It's not 35,000 times 200, which is 7 million. It's not the true figure of 8 million, it's pure speculation!

    In trying to find real numbers I came across this article from the Guardian in January 2005. This article kindly points out that one company, Micro Librarian Systems, have 90% of market share, so we can take their case as typical. They article goes on to say that:

    Some 1,000 secondary schools use the firm's Eclipse library software; of the 6,000 total schools, a third are using the fingerprinting module.

    Perhaps most importantly it states:

    The child presses a thumb on the scanner, which takes a reading. This reading is converted into a unique number, which is then encrypted and stored. Even if the encrypted number is decoded, the resulting number is meaningless, says O'Brien - it's not possible to convert it back into a thumbprint. It would, therefore, be useless to the police, criminals or anyone else.

    There are many circumstances in which children's rights may be in jeopardy, but this isn't one of them.

  3. David Clouter:
    Oct 20, 2006 at 10:55 AM

    For the record, the DfES has categorically NOT stated there is no problem with this. Quite the reverse, in fact They have issued a long series of evasive and misleading answers, which change over time. The latest ridiculous nonsense they have come up is that 5-year-olds might be able to give informed consent if a Head Teacher judges they are mature enough to do so. This is so absurd it is laughable. If you write to the Education Minister Alan Johnson you won't even get a personal reply on the issue. Nobody wants to take responsibility for what is happening in our schools.

    Although they provide money for schools to buy the systems (via e-learning credits) the DfES pass the responsility to Head Teachers to judge the legality or otherwise of what they are doing. The Department know only too well they are on very shaky ground legally, otherwise they would have issued clear guidance to all schools as with, for example, publishing photos of children, etc.

    There are also HUGE security issues associated with performing biometric scans in schools and storing data derived from them. See LTKA's comprehensive article http://www.LeaveThemKidsAlone.com/security.htm for more information about this.

  4. cath:
    Oct 10, 2006 at 04:20 PM

    My child's school brought in the system for library access with thumbscans last term. I did not get the note, my son lost it, so I did not give permision, but he is still getting books, apparently they use a bar code to register books he takes out. I have not been compelled, by the formidable head teacher, to conform just yet.
    I agree with Suw, we should be more discerning about what personal information we hand over and for what reason. We put great trust in technology. We know how it should be used and how it is can make things more efficient, better etc, but there is always a weak link - people. And it's human nature that some people will look for a way to corrupt good ideas or systems.
    So, we should be cautious and we should question. It makes sense, and it is our duty.

  5. Just Another Person:
    Oct 16, 2006 at 12:15 AM

    Lets face it,

    This argument is pointless... The DFES has already stated, and in no uncertain terms that there is no problem with schools implementing this system. Therefore while it remains economical to do so, schools will continue to implement this system and quite rightly so.

  6. Chris Waigl:
    Sep 22, 2006 at 07:30 PM

    Volume doesn't always make a point valid or right. I'll only comment on one paragraph out of this flood

    From the point of the student, such new technology is immensely useful, ask yourself how many time have you dashed out of the house only to have forgotten something important, like your wallet, which lets say has your library card in it. Result is that you can’t get the book you need to finish your homework and end up in detention. With biometrics, your ID is always carried with you. Finally the response from many students when they see the touch system is “cool.” These are 11 year olds, who far from being brainwashed into giving their ID away; see it as technology from SCI-FI on the TV.

    First of all, I've been a teacher of young teens, and the number of times a pupil winds up in detention because they have genuinely left behind a library card and couldn't get this all-important book is vanishingly small. I've never seen any such case. Hyperbole seems like a weak description for “immensely useful”.

    Second, a technology being more acceptable to children because it is associated with coolness is not so terribly far from brainwashing. Maybe unplanned or unintentional, but certainly no reasoned, well-considered approval. Thinking with one's stomach, figuratively speaking, instead of with one's brain.

  7. Pip:
    Oct 05, 2006 at 09:57 AM

    I must agree with all of those who have concerns over this new technology appearing in schools. If it is really such a great way of borrowing books then why has it not been used in any of my local public libraries, yet my local schools find it necessary?

    I suspect that it is because public libraries are for all age groups, and most adults would not agree to giving up their biometric data in order to borrow books. It seems obvious to me that the 'Junior Librarian' system is targetting one of societies most vulnerable groups, possibly with the intention of bringing a new generation of adults who will happily give up information that is personal to them.

    My 5 year old son has just brought home a letter stating that this system is now in place in his school. I had already taught him the basics of protecting himself from potential (physical and emotional) abuse, by explaining certain key aspects of his rights. I consider the taking of his biometric information without my express consent, and before he is old enough to give his own informed consent, as being no different from any other form of abuse.

    I will be writing to the school to request that my son's data is not taken and is not used in this system. I hope that this will be enough to prevent this from happening.

    He is not a criminal, he is a young child and should not be subjected to this abuse.

  8. Callam McMillan:
    Sep 22, 2006 at 01:53 PM

    Firstly, while all these points are very valid, the overall issue of children’s privacy is being skirted. I also have the fortunate position to be able to comment on this issue from a number of positions. I was a student at a Kent Grammar School, and when I had finished sixth form, was employed as a member of staff. I am also a software designer and developer and was a former officer of a prominent youth council where I was responsible for handling online information and member’s personal details.

    From the point of the student, such new technology is immensely useful, ask yourself how many time have you dashed out of the house only to have forgotten something important, like your wallet, which lets say has your library card in it. Result is that you can’t get the book you need to finish your homework and end up in detention. With biometrics, your ID is always carried with you. Finally the response from many students when they see the touch system is “cool.” These are 11 year olds, who far from being brainwashed into giving their ID away; see it as technology from SCI-FI on the TV.

    From the point of view of the staff, when the module was installed (by myself and the librarian coincidently) a newsletter was sent to all parents and students informing them of the new system and inviting them to contact the school with any concerns that they may have. Also, in the open evening booklet from the library, the fact that a barcode scanner is installed is clearly stated; after all of this, the number of complaints… ZERO. Furthermore, our library has ten to twelve thousand resources with a value of well over £100 000. To say that the librarian should do the lending based on recognizing pupils by their faces is plainly ridiculous, especially when the school has nearly 1000 people who are eligible to borrow books. Finally, to counter security concerns, the workstation containing the biometric information is kept behind the library desk, required multiple passwords to gain access to the data and is highly secured. Our school network is run by a pair of highly qualified administrators who have ensured that the workstation is totally inaccessible to students and teachers.

    From the developer’s point of view, the secure storage of biometric ID is very easy – because no biometric ID is being stored. To clarify how these scanners work, the user puts their thumb on the plate; a number of key points are identified (a fraction of the overall number) and transmitted back to the computer, which then generates a unique code from it. Even if the algorithm was reversed, the points on the thumb would be worthless, since the number of fingerprints that could have the few points scanned is infinite. In good software, the coded ID would then be encrypted using a one way process such as the SHA algorithm, reversal of which is virtually impossible. Some people have stated that it would be possible to remove the information before it is encoded. While this is technically possible, it would not be feasible owing to the network firewall and high speed processing. Finally if a group or individual had access to such technology, they would surely put it to better use than stealing a few points off a persons fingerprint which are of no use to anybody. Furthermore as people grow and work their fingerprints change enough to render the biometric useless after a couple of years unless it is regularly updated.

    Finally from the experience of working on the youth council, where I looked after personal data; to scrap biometric identification would require the issuing of library cards. To store these being used by people claiming to be someone else, they would need a picture and a name. Then to identify them quickly, the card would need to have either a magnetic swipe, barcode, smart chip of RF tag. All of which could be used to hack into the system and gain personal information. Whereas with a biometric ID, the offender would need to have the source of the biometric ID available to hack in. The second issue is cost, the cost of issuing a 1000 library cards and another 180ish per year would cost many hundreds to thousands of pounds, which would otherwise be spent on resources or other things to further children’s education. My final argument would be for those that say the police could use the information. Any judge that would admit biometric information as evidence when it has not been collected by a law enforcement official, and is of limited quality would have obviously taken leave of their senses.

    Personally, I would find that the proverbial bug spray would be better for a bee in the bonnet than having this website which is a waste of the pixels it occupies.

  9. Concerend Pupil:
    Sep 15, 2006 at 01:44 PM

    I think you are blowing this situation completely out of proportion! Why would a criminal mastermind want to steal hundreds of childrens fingerprints, not that fingerprints are stored on this system any way!! Why don't you focus your attention on things that really matter, like the lack of funding in our education system. Rather than wasting time on an issue that isn't really a problem to any one. It is wrong of you to agitate parents by feeding them inncorrect information about a harmless computer system that aids schools immensely.

  10. Rob Myers:
    Sep 15, 2006 at 02:20 PM

    The lack of funding in our education system is hardly helped by wasting money on storing easily stolen hashes of children's thumbprints. Hashes are unique identifiers and can be easily matched to children anyway, that is the entire point of them. If schools are so bad at recognising their own pupils or so ineffectually governed that they need a degree of control that convicted criminals are not subjected to, they need more

    You do not seem to understand the technology, the economics, or the governance implications of this development, so your assertion that ORG are feeding parents "incorrect" information is not only untrue, it is hard to see how you are qualified to make it.

  11. Rob Myers:
    Sep 15, 2006 at 02:21 PM

    they need more ... aid than this step towards the database state can give them. ;-)

  12. suw:
    Sep 15, 2006 at 03:20 PM

    No one has so far mentioned the rather more disturbing aspect of this, which is the training of children to think that giving over their biometric data for trivial purposes such as borrowing books.

    Biometric data is unique and important, and as a society we should only use it for very important purposes. Taking any biometric data from children and using it for trivial purposes is a dreadful precidence to set. It may result in 'mission creep', where they start off with one thumbprint but eventually that's not good enough to they use two... and then they find that taking all 10 fingers might be useful and before you know it, you're getting your iris scanned in order to collect your lunch. This 'slippery slope' argument is often dismissed by people saying 'Oh, but that would never happen', but there are all too many examples of exactly that happening. All it takes is time.

    Training children to think of their biometric identity as trivial is also dangerous. I would be very worried about children coming to view biometric data as not worth protecting, and as we've seen before, identity data is extremely valuable to both criminals and the authorities. We should be teaching our children how important their identity is, how it can be appropriated, and what sort of information they need to keep secret and secure. Asking them to use a thumbprint when a library card would do is hardly a good start.

    Finally, I do find it disgusting that parents have not been asked for consent, nor has there been public debate about the installation of these systems. When schools are so strapped for cash, is this really a good way to spend limited resources?

  13. Phil Booth:
    Sep 16, 2006 at 02:58 AM

    I agree with Suw that the increasing use of biometrics in schools, not just in libraries but for meal payment* and physical access, is worrying because it trivialises biometric data - and some might say 'conditions' kids not to think twice about giving it to the authorities.

    What sort of a message does it send when a school doesn't seek prior consent from parents before finger (or thumb) printing kids as young as 5? Or when it threatens to expel sixth formers for refusing to fingerprint themselves in and out of lessons?

    And in a context where the state is collecting more and more data on pupils without the knowledge or consent of parents (how many pieces of data are gathered in the now termly 'school census'? How many will go onto the new Children's Index?) and using it to profile families for 'special attention', is it really wise to contribute or link yet more personal information?

    When I went to school, confidentiality about my progress (or lack of it) was maintained between my teacher, the head and my parents. There was a culture of trust. Kids going to school now are individually numbered (by a Unique Pupil Number) and, throughout their school career, all manner of personally-identifiable information is passed back to the LEA, DfES and who knows who else. Some of this data, e.g. ethnicity, if the UPN ever makes it onto the National Identity Register would be a convenient way to index stuff that even this government wouldn't dare put on an adult Register.

    I make no apologies for trying to wake the public up to what is going on. And I'll use whatever examples there are to hand - the more emotive, the better. NO2ID got its facts right (in fact we were being deliberately conservative) and I applaud the work that David's doing at Leave Them Kids Alone on consent. When the government and business are spending hundreds of millions to billions pushing biometrics, ID cards and surveillance technologies on the population I think people have every right in the world to say, "Hang on a minute - did you ask me?"


    *I'm afraid Suw's 'slippery slope' scenario has already started. Iris scanning for school dinners was launched to some fanfare [see http://news.bbc.co.uk/1/hi/england/wear/3115428.stm ] at Venerable Bede school in Sunderland in Sept 2003. What went unreported until 2005 [see http://www.findarticles.com/p/articles/mi_qn4153/is_20050523/ai_n14639023 ] was that it was removed for not working properly in 2004. I understand that several schools have removed fingerprinting systems for the same reason.

  14. David Clouter:
    Aug 13, 2006 at 03:05 AM

    Mike, what I was saying is that although no fingerprint is stored, a full fingerprint is scanned each time a child uses the system. A hacker working for organised criminals could, in the space of a few days, steal hundreds of actual names and full fingerprints.

    What a determined hacker would do, is break into the system BEFORE the compression or hash algorithm is applied (eg with a hardware hack on the scanner itself). Remember, the system scans a full print each time it is used.

    This wouldn't be that difficult as the scanners are left lying around unsupervised. In my daughter's school, for example, in an open plan area just off the main corridor which I have NEVER seen staffed whenever I have passed by. If you knew what you were doing you could capture the whole school's prints in a matter of days. How much would that be worth to a criminal gang, to be used for future mass identity theft in (say) 10 years' time? Neither the school, the children nor their parents would ever be aware the data had been compromised.

    The fact that you say fingerprinting children without consent is not covered by existing legislation is surely reason enough to change things.

  15. carlos:
    Jul 13, 2006 at 11:42 PM

    "...it’s not possible to convert it back into a thumbprint. It would, therefore, be useless to the police, criminals or anyone else."

    This doesn't follow. Suppose a crime is committed in the school and the police find a clear thumbprint. The police run the print through the same algorithm used in the library to produce a number. The police compare this number to all the numbers stored in the library database and identify the perpetrator.

    Whether you think this is a good thing or not, it could be of use to the police.

  16. Mike Little:
    Jul 16, 2006 at 11:02 PM

    But the police have a far superior, tried and tested method of collecting and matching fingerprints.
    The Micro Librarian software almost certainly relies on the fact that in any one school there is not a large enough sample to get too many duplicates. I say too many because it doesn't matter if there are one or two:
    The software requires you to input an assigned membership number, or otherwise identify yourself, perhaps scanning a membership card, and then, if configured, scan your thumbprint. The number derived from the scan can be considered to be like a PIN. Just as with PINs it doesn't matter too much if several people have the same number.

  17. David Clouter:
    Jul 17, 2006 at 03:05 AM

    A school is NOT a secure place to use biometric information. Nor is it necessary to do so. We assume the teachers know who their pupils are.

    Obviously, in order to derive a number (hash) from a thumbprint, first you have to scan the full print EACH TIME a child uses it. This is a very serious vulnerability, particularly as Junior Librarian can be connected to a school network, or even the internet, and runs on an ordinary PC which is neither guarded or secured. A hacker could make a simple hardware substitution or modify the software to steal children's actual prints from this system. These could then be sold to a third party for later use in serious identity fraud. Nobody at the school would know until 15 years later, somebody's bank account was accessed...

    The Daily Mirror figure of 3500 schools (not 35,000 as Mike Little says) doing thumbprinting is the official figure obtained from the manufacturer. The 200 pupils per school is meant to be a conservative estimate, but if we use Mike's figure of 326 pupils per school it's 1.14 MILLION!! That's even worse!!!!!

    The issue here is that not a single one of those 3500 schools had the courtesy to ask parents for their express permission to do this. All 3500 Head Teachers came to the exactly same conclusion. 20 more Head Teachers a week are doing likewise. Schools send out opt-in consent slips for just about everything else, from going to the cinema to filming the school play, etc. So why not this? Ask yourself why.

  18. Mike Little:
    Jul 22, 2006 at 12:35 AM

    David, you are right about my mistake on the numbers, I got my zeros mixed!

    But you are still assuming that the one thumbprint will have any value outside a school library system.
    Why on earth would a bank use a number derived from a single finger scan. I don't even think any scan is stored, just the number. There is no need to store the scan when you are only comparing the numbers derived from the scan.
    This is my point! This is not fingerprinting in any traditional sense of the word. There is nothing particularly scary about this system. Lots of other things at schools are scary, yes. But not this.

    Both of your opt-in scenarios require permission for good reasons. Filming children, and taking them outside school could now possibly have sue-able consequences.
    Scanning a single thumb to derive a number does not.

This thread has been closed from taking new comments.