Required to provide fingerprints.
Discussion
I have recently become employed by a company that undertake work on behalf of a large corporate asset holder. At the end of last year before I was employed, the asset holder used the guise of safety to implement the fingerprinting of all workers that are involved with project delivery, as the company claims the system is used to manage staff attendance which stops workers working multiple shifts. For the sake of the thread, I believe the system is referred to as a 'fingerprint time clock' - which appears to be unobtrusive.
Whilst there's no dispute that the work is potentially dangerous, every safety precaution under the sun is implemented to minimise risk, and there are other less intrusive methods of monitoring staff attendance. Understandably I am questioning the usage of these fingerprint systems, plus I have concerns of lax data and/or system security.
So, as I am unwilling to provide my biometric data willy nilly, I am left with a difficult decision to make regarding my future with my new employer. Additionally I may have provided my prints with the local police in my youth - which adds to my reluctance, however it is against my ethic to comply with such systems in any case.
So what is the best way to deal with this scenario? I have identified 4 options:
1) Register with the system, provide prints - accepting there may be negative consequences in the future.
2) Hand in my resignation without fuss - thank them for the opportunity but explain the work's not my thing.
3) Get to the point where I am required to register and refuse to do so.
4) State to my manager that I am unwilling to provide sensitive biometric data.
Unfortunately the job is decent, it's my first 'career' type job following university and I am new to the industry which is somewhat of a niche with respect to project delivery..
Whilst there's no dispute that the work is potentially dangerous, every safety precaution under the sun is implemented to minimise risk, and there are other less intrusive methods of monitoring staff attendance. Understandably I am questioning the usage of these fingerprint systems, plus I have concerns of lax data and/or system security.
So, as I am unwilling to provide my biometric data willy nilly, I am left with a difficult decision to make regarding my future with my new employer. Additionally I may have provided my prints with the local police in my youth - which adds to my reluctance, however it is against my ethic to comply with such systems in any case.
So what is the best way to deal with this scenario? I have identified 4 options:
1) Register with the system, provide prints - accepting there may be negative consequences in the future.
2) Hand in my resignation without fuss - thank them for the opportunity but explain the work's not my thing.
3) Get to the point where I am required to register and refuse to do so.
4) State to my manager that I am unwilling to provide sensitive biometric data.
Unfortunately the job is decent, it's my first 'career' type job following university and I am new to the industry which is somewhat of a niche with respect to project delivery..
Edited by SpeedDontMatter on Monday 14th July 22:13
I'd just go for it.
As more and more biometric data is available, lost, distributed, it'll also become less useful as a means to do anything with or prove anything with.
I bet in 10yrs they won't be worth using for anything as people will just 3d print them etc.
It looks like the future of bio-metric security etc will be in cool things like 3d camera scanning faces (to see if your face is actually the right shape) and gestures that are unique to you etc.
Dave
As more and more biometric data is available, lost, distributed, it'll also become less useful as a means to do anything with or prove anything with.
I bet in 10yrs they won't be worth using for anything as people will just 3d print them etc.
It looks like the future of bio-metric security etc will be in cool things like 3d camera scanning faces (to see if your face is actually the right shape) and gestures that are unique to you etc.
Dave
marshalla said:
Prosthetics : http://www2.washjeff.edu/users/ahollandminkley/Bio...
You can't fool these machines with gelatin - already tested.dirty dog said:
They don't actually store your print so it can't be reproduced.
That's what is claimed. I've deployed biometric recognition systems that use finger scan technology, I very much doubt they are capturing an image of your fingerprint.
They usually work by scanning the topography of your finger to collect data from a number (10, 20, 30 etc) points across the finger landscape. These data points are then munged into a large (512, 1024 bit) string; based on your landscape, a system encryption key and some other variables like date/time etc., that effectively becomes your key. The key is unique to you and that instance of the biometric system. Therefore in the event of the biometric data being stolen and copied to another instance of the same biometric kit, the data is useless.
In the systems I've used the key cannot be reverse engineered to generate your fingerprint to upload into a 3D printer. (It may well be technically possible I guess with enough computing power, will and time, but you'd likely be dead before that has been done.)
So, I wouldn't worry about it.
They usually work by scanning the topography of your finger to collect data from a number (10, 20, 30 etc) points across the finger landscape. These data points are then munged into a large (512, 1024 bit) string; based on your landscape, a system encryption key and some other variables like date/time etc., that effectively becomes your key. The key is unique to you and that instance of the biometric system. Therefore in the event of the biometric data being stolen and copied to another instance of the same biometric kit, the data is useless.
In the systems I've used the key cannot be reverse engineered to generate your fingerprint to upload into a 3D printer. (It may well be technically possible I guess with enough computing power, will and time, but you'd likely be dead before that has been done.)
So, I wouldn't worry about it.
I can't see the problem myself. Do you get concerned that they take a photo of you for your pass?
In the past I've been asked for bank details, had to undertake various medicals, undergone various background checks, all way more intrusive that a fingerprint scan.
Ultimately they are asking you to do something as part of a job. If you don't want to do it them move somewhere else.
In the past I've been asked for bank details, had to undertake various medicals, undergone various background checks, all way more intrusive that a fingerprint scan.
Ultimately they are asking you to do something as part of a job. If you don't want to do it them move somewhere else.
FunkyGibbon said:
I've deployed biometric recognition systems that use finger scan technology, I very much doubt they are capturing an image of your fingerprint.
They usually work by scanning the topography of your finger to collect data from a number (10, 20, 30 etc) points across the finger landscape. These data points are then munged into a large (512, 1024 bit) string; based on your landscape, a system encryption key and some other variables like date/time etc., that effectively becomes your key. The key is unique to you and that instance of the biometric system. Therefore in the event of the biometric data being stolen and copied to another instance of the same biometric kit, the data is useless.
In the systems I've used the key cannot be reverse engineered to generate your fingerprint to upload into a 3D printer. (It may well be technically possible I guess with enough computing power, will and time, but you'd likely be dead before that has been done.)
So, I wouldn't worry about it.
This.They usually work by scanning the topography of your finger to collect data from a number (10, 20, 30 etc) points across the finger landscape. These data points are then munged into a large (512, 1024 bit) string; based on your landscape, a system encryption key and some other variables like date/time etc., that effectively becomes your key. The key is unique to you and that instance of the biometric system. Therefore in the event of the biometric data being stolen and copied to another instance of the same biometric kit, the data is useless.
In the systems I've used the key cannot be reverse engineered to generate your fingerprint to upload into a 3D printer. (It may well be technically possible I guess with enough computing power, will and time, but you'd likely be dead before that has been done.)
So, I wouldn't worry about it.
Stop being so bloody paranoid. There is no global corporate conspiracy to enslave and control you.
Well, apart from the Lizard Overlords obviously.
SpeedDontMatter said:
I believe the system is referred to as a 'fingerprint time clock'
Loads of people use them. Do you really think an employer is going to bring in a system like this so that they can pin some spurious fabricated 'crime' on you, years down the line?My advice is to don your tinfoil hat and start collecting tins of soup ready for when the invasion comes.
Oh, and please don't ever apply for a job with me. Thanks.
After a considerable amount of thought, I've decided to start looking for another job. To say I'm disappointed is an understatement, but to provide my fingerprints would be stepping beyond my personal boundaries and I have to draw a line unfortunately.
Let me pose a question, if everyone simply complies it doesn't end there. Perhaps a DNA attendance monitor is next, or how about your very own microchip tracker? They're on the way.
Let me pose a question, if everyone simply complies it doesn't end there. Perhaps a DNA attendance monitor is next, or how about your very own microchip tracker? They're on the way.
You know it doesn't store your fingerprint in the same way that you would if you were scanned at a police station?
You have not given them something they can use. You've given them a way to identify you via a unique signature, not your identity to be shared.
Read funky gibbons post and read up on the technologies.
Principles are fine until the real world hits.
You have not given them something they can use. You've given them a way to identify you via a unique signature, not your identity to be shared.
Read funky gibbons post and read up on the technologies.
Principles are fine until the real world hits.
Vaud said:
You know it doesn't store your fingerprint in the same way that you would if you were scanned at a police station?
You have not given them something they can use. You've given them a way to identify you via a unique signature, not your identity to be shared.
If anyone can provide an independent parties expert testimony on how these things work - apart from the manufacturers claims on their own websites - then that would certainly have some credibility. But until then nobody other than the manufacturers know what data is stored and the security there of. You have not given them something they can use. You've given them a way to identify you via a unique signature, not your identity to be shared.
Identity theft is one major concern if you consider the ability of 3D printers and fingerprint images.
SpeedDontMatter said:
After a considerable amount of thought, I've decided to start looking for another job. To say I'm disappointed is an understatement, but to provide my fingerprints would be stepping beyond my personal boundaries and I have to draw a line unfortunately.
Let me pose a question, if everyone simply complies it doesn't end there. Perhaps a DNA attendance monitor is next, or how about your very own microchip tracker? They're on the way.
Your employers have your DoB, NINO, address, bank details, references/employment history and most likely passport number. You were happy to provide them information that is much, much more likely to be used maliciously or in a fraudulent manner (and even then the likelihood is very low). Accessing and exploiting this information is much easier than accessing biometric data stored in pretty much any commercial product. Let me pose a question, if everyone simply complies it doesn't end there. Perhaps a DNA attendance monitor is next, or how about your very own microchip tracker? They're on the way.
You have provided personal info that is more likely to be misused but don't like the idea of another piece of personal data being used to authenticate yourself in a potentially more reliable way than a smart card or similar.
Using DNA or personal microchips is a bit beyond my sphere of expertise in the security world but I am not losing sleep over having to provide either as it is unlikely that I will come across a scenario where that is a proportionate ethos of authentication.
Gassing Station | Jobs & Employment Matters | Top of Page | What's New | My Stuff