Thursday, May 26, 2005

Bioscan for library use

There've been a lot of disturbing things happening in the name of seurity, lately. Two of the biggest:
congress okayed Real ID cards, a probable precursor to national ID cards, as a measure to guard against illegal immigrants, and the Naperville, IL public library system has decided to spend a huge chunk of money "securing" public computer access.

Over $40,000 - that's more than $300 per computer - will be spent to outfit each of the library system's public access computers with fingerprint scanners. This is in response to the realization that many people are logging on via a friend or family member's library card. Many parents probably choose to enable filters on their children's accounts, and may be upset that these kids are getting around the filters so easily, but fingerprint scanning is not the answer. Parenting is. If the library has other issues with people using each other's cards, I'm not sure what they are. The library system doesn't list obtaining cards under its schedule of fees, so it isn't a revenue generating mechanism. While it may throw off statistical analysis, the pages accessed are still accessed - so they still need to be considered when deciding how to best serve library patrons. Sure, someone may steal a patron's card and utalize the computers for illegal purposes, but fingerprint scanning won't stop that. This will be one of those instances where someone who really wants to use the computer for nefarious purposes will.

The biometric scanner has not been created that can't be beaten, and most fingerprint scanners can be beaten by any teenager. Not only do the old methods of breathing on the sensor, or dusting the sensor with graphite filings (pencil dust, anyone?) still work on many of them, but with some Silly Putty and Jello, anyone can create a fake fingerprint. It will still be easy for kids to get their friends and siblings to let them use their IDs, and now it will be a lot more fun to do.

Besides the ease of getting around the system, I'm uncomfortable with the library board's belief that such a measure is necessary and good. With the USA PATRIOT Act insisting libraries turn over records when served with a warrant without informing the patron whose info has been requested, storing any personal data that isn't 100% relevant to library records is irresponsible. Perhaps the board is carried away with the library system's consistant top-ranking (for the past six years the library has been rated the #1 library in its population range; HAPLR). The library isn't in the top-ten ranking of Electronic Resource User category. Did they think that biometric scanners would help put them there? Did they think?

The company from whom they're getting the scanners, US Biometrics, is also located in Naperville. While this may be coincidence, it is something that warrants looking into. None of the Naperville library board members are managers of US Biometrics, but are there other ties? Or did the company offer a donation if the library uses its systems? Which organization approached the other? Since the May 18 library board meeting minutes are not yet online, these questions aren't answered. Hopefully they will be, once the minutes are posted.

A public library is an inappropriate place for fingerprint scanners. Even US Biometrics seems to agree. From its website:
The bottom line is US Biometrics has a role to play when PINs, passwords, and physical documents are not enough for authentication. These are instances in which US Biometrics uses unalterable physical biometric traits of an individual to secure his or her identity.

In a library, on public access computers, PINs, passwords, and physical documents are enough for authentication. Biometrics are overkill.


Anonymous .dor/mouse said...

Lovely article! And more lovely were the links therein. The one about the Japanese testing of various ones, i am fairly sure i have in pdf, but having an html copy is very nice indeed. And the other one was great to read through as well. Class.

6/12/2005 12:47 AM  

Post a Comment

<< Home