Why we must keep biometrics out of schools

Florida is banning the use of biometrics in schools; and the Secure Identity & Biometrics Association (SIBA) is up in arms about it

“The risk of students’ personal information being lost or stolen through the collection and use of biometric data by schools, outweighs any benefit there might be in the schools using it,” Senator Dorothy Hukill, who spearheaded this bill said in a release. “We are protecting our students’ futures by ensuring the protection of their biometric information today.”
Bill 188 passes Florida Senate, looks to ban biometric collection in schools

“It is a myth that identity theft and biometrics go hand-in-hand. Biometrics helps prevent identity theft. I should know. I drafted the digital federal criminal identity theft law signed by President Clinton in 1998 and used by federal prosecutors to go after identity thieves. SIBA is a huge supporter of protecting identity, and biometrics are key to that.”
Janice Kephart, founder and CEO of the SIBA

Needless to say, they’re both right and they’re both wrong. Biometrics is nothing more than a highly personal and unique token that cannot, unlike a password, be lost by the owner. But it can still be compromised. However, if you lose a password, you can easily change it. It’s less easy and more expensive, but not impossible, to change your biometric template. Essentially it’s the same problem with the same solution.

But Kephart, who clearly has her own axe to grind, loses her own argument.

Neither are biometrics unfamiliar territory, even for kids. People like iPhone 5’s fingerprint passcode because neither parents nor kids can easily break into each other’s phones and snoop.

But we’re talking about identity theft, not parental or colleague snooping. Parents might find it hard to break into the iPhone, but identity thieves do not. The fingerprint access was cracked, several times in several ways, within days of its introduction. And once into the iPhone, an identity thief will likely find all the information necessary for full identity theft. And with the user relying on easily circumvented biometrics, he or she will probably take little further action to protect stored personal information. In such a case it would be easy to argue that biometrics facilitates identity theft rather than prevents it.

Kephart’s ‘not unfamiliar territory’ argument also demonstrates why she is wrong and the Florida government correct. We do not need biometrics to provide secure identity. However, once it is widespread within a system, its value is less as an access or identity device, but more as a tracking device. Consider movement around a campus. If students need an eye or palm or fingerprint scan to enter the library, board a bus, or buy a snack in the cafeteria, then the system knows who is where all of the time.

Then imagine this writ large across the nation. The authorities will know where everyone is, all of the time. The problem with introducing biometrics into schools is that we are breeding a generation that will be comfortable with and fully accepting of total government surveillance. And that is something we need to prevent now rather than redress when it’s too late.