B2fxxx

Tuesday, March 22, 2011

The Association of School and College Leaders (ASCL) is reportedly opposing the controls on school fingerprinting proposed in the UK coalition government's Protection of Freedoms Bill.

I always understood the reason that unions existed was to protect the rights of individuals. That ASCL should give what they perceive to be their own members' managerial convenience priority over the civil rights of kids should make them thoroughly ashamed of themselves. Oh dear - now head teachers are going to have to fill in a few forms before they abuse children's fundamental right to privacy - how terrible.

Although headteachers and governors at schools deploying these systems may be typically 'happy that this does not contravene the Data Protection Act', a number of leading barristers have stated that the use of such systems in schools may be illegal on several grounds. As far back as 2006 Stephen Groesz, a partner at Bindmans in London, was advising:

"Absent a specific power allowing schools to fingerprint, I'd say they have no power to do it. The notion you can do it because it's a neat way of keeping track of books doesn't cut it as a justification."
The recent decisions in the European Court of Human rights in cases like S. and Marper v UK (2008 - retention of dna and fingerprints) and Gillan and Quinton v UK (2010 - s44 police stop and search) mean schools have to be increasingly careful about the use of such systems anyway. Not that most schools would know that.

Again the question of whether kids should be fingerprinted to get access to books and school meals is not even a hard one! They completely decimate Kim Cameron's first four laws of identity.

1. User control and consent - many schools don't ask for consent, child or parental, and don't provide simple opt out options
2. Minimum disclosure for constrained use - the information collected, children's unique biometrics, is disproportionate for the stated use
3. Justifiable parties - the information is in control of or at least accessible by parties who have absolutely no right to it
4. Directed identity - a unique, irrevocable, omnidirectional identifier is being used when a simple unidirectional identifier (eg lunch ticket or library card) would more than adequately do the job.
It's irrelevant how much schools have invested in such systems or how convenient school administrators find them, or that the Information Commissioner's Office soft peddled their advice on the matter (in 2008) in relation to the Data Protection Act. They should all be scrapped and if the need for schools to wade through a few more forms before they use these systems causes them to be scrapped then that's a good outcome from my perspective.

In addition just because school fingerprint vendors have conned them into parting with ridiculous sums of money (in school budget terms) to install these systems, with promises that they are not really storing fingerprints and they can't be recreated, there is no doubt it is possible to recreate the image of a fingerprint from data stored on such systems. Ross, A et al 'From Template to Image: Reconstructing Fingerprints from Minutiae Points' IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol. 29, No. 4, April 2007 is just one example of how university researchers have reverse engineered these systems. The warning caveat emptor applies emphatically to digital technology systems that buyers don't understand especially when it comes to undermining the civil liberties of our younger generation.

Update: The Home Office moved the Protection of Freedoms Bill page since this post was done. So I've just updated the broken link above.

Ray 11:05 AM [ Permalink ] Make a New Post

B2fxxx
By Ray Corrigan

about Random thoughts on law, the Internet and society. RSS Feed Atom Site Feed A version of my old Open University net law course, T182 Law, the Internet and Society, is now available on OpenLearn. Arabic German Portuguese Chinese Italian Russian Japanese Spanish French Korean (About) My links Aaron Swartz Abusable tech ATAC Academic Copyright AdviceNow UK Advice service A copyfighter's musings Alex Salkever's Security Net American Prospect Andrew McLaughlin Ariadne Atlantic Monthly Ananova ARCH ALA Info-Commons blog Bag and baggage BALII Balkanization Battle Searchblog BBC Berkeley IP Blawg Berkman Center beSpacific Bhopal Justice Campaign Bitlaw Blawg Republic Blogbook Blogs at Harvard Blogscript Blogzilla Ian Brown BNA net news BNA Web Watch Boingboing Censorware Project CDT Chilling Effects Clearinghouse Chronicle of Higher Education CIA Factbook City of Sound Cluebot CNN CNet News Consensus at Lawerpoint Copyfight Copyfutures Copyright Colloquium Copyright Readings blog Cornell's LII Corner House Creative Commons Criminal waste of space Crypto-gram Current bytes in brief CyberRights UK Cyberspace law Daily Whirl Dan Gillmor Darknet J.D. Lasica David Isenberg disLEXia Doc Searls Don't link to us Drew Clark Economics of Privacy Economist Ed Techie EDDix top 50 blawgs E-evidence EFF EFF Deeplinks EFF Minilinks Elizabeth Rader EPIC Ernie the Attorney Electronic Telegraph Equal vote blog Ethical Spectacle EU Law Web Log EUpolitix Euractiv news EUR Lex index http://Euro-Copyrights.org/ Europa EU Commission Pressroom Europemedia Evoting-experts.com/ Feedmelegal footnotes Fravia web searchlore Freedom to Tinker First Monday Financial Times Findlaw FIPR Froomkin Froomkin blog Furdlog - Frank Field Gigalaw GILC Global Voices GovNet newsfeed Greplaw Groklaw Harvard Jolt How Appealing Ian Clarke's blog ICANN Watch Ideal e-government ID theft protection blog Importance of INDICARE on drm INDUCE Act blog Infolaw Inforlaw What's New blog Infosoctech Alan Cunningham Instapundit International Herald Tribune Internet censorship explorer Internet Legal Resource Grp Internet Scambusters IP Central weblog IPKat IP Matters IPRsonline portal IP Watch ITN James Boyle Jennifer Granick Jessica Litman JILT Jurist Jurist Paper Chase Justice Talking Kim Cameron's Identity blog Kuro5hin Law.com Lawmeme at Yale Law Society Gazette Legal Affairs Legal Theory (Solum) Blog Lessig weblog Lex Ferenda Lex in the city iNews Librarians' Internet Index LibraryLaw blog Linux Journal Madisonian Theory Martin W Mercury News Memex Mindjack MIT Technology Review MSNBC Napsterization Newsforge No2ID Nolo Law Center The Ndiyo Project New York Times NTK Ofcomwatch OneWorld Online Journalism Review On Lisa's Radar Once upon a time... On the Commons - Bollier On the Identity Trail Open Access News Open Rights Group O'Reilly OUseful Overlawyered UK Pangloss Lilian Edwards P2P policy course Berkeley Policy Power Tools Politech PLoS Posner & Becker Blog Privacy & economics Privacy Journal Privacy Policy Walt Mossberg Phil Agre Public Knowledge Quicklinks Reason Red Herring Reporting Civil Rights RIP archive at FIPR Roger Clarke Ross Anderson Rufus Pollock Salon Samuelson's cyberlinks SANS Computer Security Sarah Carter's lawlinks ScadPlus Activities of the EU SCOTUS blog Scripting News Shifted Librarian Shirky Siva Vaidhyanathan Siva Vaidhyanathan Googlization TalkLeft Village Voice Volokh Conspiracy SciDev Network Security Focus Seltzer blog Seth Finkelstein Shifted Librarian Silicon Valley Slashdot Slate Snopes Urban legends Spyblog Stephen Fry STLR Susan Crawford American Prospect Weblog Tech Law Journal The CATO Institute The Blog of Doom The Corner House The Green Bag The Guardian The Industry Standard The Laboratorium James Grimmelmann The Nando Times The New Republic TNR The Register The Times The RISKS Digest The Trademark Blog Tony H Townhall UCLA Cyberspace Law UEA law blog UK Court Service UK Criminal Justice blog UK FOI blog UK Human Rights Archive UNESCO copyright site Urban Legends USACM blog VUNet Weatherall's law Wikipedia WIPO WIPO CLEA WJIN xkcd ZDNet RSS 2.0 Feed Atom Site Feed Sitemeter count: Search WWW B2fxxx Twitter Updates follow me on Twitter	Tuesday, March 22, 2011 The Association of School and College Leaders (ASCL) is reportedly opposing the controls on school fingerprinting proposed in the UK coalition government's Protection of Freedoms Bill. I always understood the reason that unions existed was to protect the rights of individuals. That ASCL should give what they perceive to be their own members' managerial convenience priority over the civil rights of kids should make them thoroughly ashamed of themselves. Oh dear - now head teachers are going to have to fill in a few forms before they abuse children's fundamental right to privacy - how terrible. Although headteachers and governors at schools deploying these systems may be typically 'happy that this does not contravene the Data Protection Act', a number of leading barristers have stated that the use of such systems in schools may be illegal on several grounds. As far back as 2006 Stephen Groesz, a partner at Bindmans in London, was advising: "Absent a specific power allowing schools to fingerprint, I'd say they have no power to do it. The notion you can do it because it's a neat way of keeping track of books doesn't cut it as a justification." The recent decisions in the European Court of Human rights in cases like S. and Marper v UK (2008 - retention of dna and fingerprints) and Gillan and Quinton v UK (2010 - s44 police stop and search) mean schools have to be increasingly careful about the use of such systems anyway. Not that most schools would know that. Again the question of whether kids should be fingerprinted to get access to books and school meals is not even a hard one! They completely decimate Kim Cameron's first four laws of identity. 1. User control and consent - many schools don't ask for consent, child or parental, and don't provide simple opt out options 2. Minimum disclosure for constrained use - the information collected, children's unique biometrics, is disproportionate for the stated use 3. Justifiable parties - the information is in control of or at least accessible by parties who have absolutely no right to it 4. Directed identity - a unique, irrevocable, omnidirectional identifier is being used when a simple unidirectional identifier (eg lunch ticket or library card) would more than adequately do the job. It's irrelevant how much schools have invested in such systems or how convenient school administrators find them, or that the Information Commissioner's Office soft peddled their advice on the matter (in 2008) in relation to the Data Protection Act. They should all be scrapped and if the need for schools to wade through a few more forms before they use these systems causes them to be scrapped then that's a good outcome from my perspective. In addition just because school fingerprint vendors have conned them into parting with ridiculous sums of money (in school budget terms) to install these systems, with promises that they are not really storing fingerprints and they can't be recreated, there is no doubt it is possible to recreate the image of a fingerprint from data stored on such systems. Ross, A et al 'From Template to Image: Reconstructing Fingerprints from Minutiae Points' IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol. 29, No. 4, April 2007 is just one example of how university researchers have reverse engineered these systems. The warning caveat emptor applies emphatically to digital technology systems that buyers don't understand especially when it comes to undermining the civil liberties of our younger generation. Update: The Home Office moved the Protection of Freedoms Bill page since this post was done. So I've just updated the broken link above. Ray 11:05 AM [ Permalink ] Make a New Post

B2fxxx

Twitter Updates

Tuesday, March 22, 2011