• United States



Your Kingdom for a Hot Dog: Privacy Concerns in the Elementary School Lunch Line

Oct 08, 20073 mins
Data and Information SecurityPhysical Security

Elementary and high schools in Vermont, New Jersey and Pennsylvania have recently rolled out new technology in the school cafeterias in an attempt to speed up the lunch line and provide students with more time to sit and eat their meals.  These schools have decided to solve the lunch line problem with fingerprint scanners.  Each student in the school district has their fingerprint scanned and stored in the school’s system.  Upon arriving at the cashier the student simply places their finger on the scanner and the system looks them up.  This eliminates the need for students to carry cash and also decreases any stigma for students who receive free or discounted lunches due to economic status.  It is all handled behind the scenes.When this technology was proposed in Boulder Valley, CO however it met with the resistance of hundreds of concerned parents.  Many saw the new technology as an invasion.  They worried about where the data was stored and how protected it would be.  Identity theft and Big Brother government tracking concerns were voiced by many.  There was one issue which did not have a voice and it is the one that concerns me most.  That is the issue of desensitization.  What lesson are we teaching our children when we teach them to swipe their finger print daily in exchange for a hot dog and chips?Back when I was in college everyone’s student ID was their social security number.  This number was printed clearly on your student ID card and was recited to everyone who asked.  The one example that struck me most was that a deal was reached with local pizza vendors which allowed students to order pizza on weekends using their University meal plan.  Students would call the local Dominoes and recite their social security number to the young man who answered the phone to take their order.  They didn’t even call it a student ID, everyone would ask for your social security number and students would eagerly hand it over.The first step in protecting ourselves from identity theft is learning to be careful with our sensitive information.  Clearly teaching our children to automatically swipe their finger print for lunch does not send this message.  This is worse than the social security number example.  While it may be difficult to change other unique identifiers after compromise, it is impossible to change your finger print.  You can’t simply revoke it like a certificate or change it like a password.  It’s who you are.Fortunately some of these programs have been met with resistance.  Michigan and Iowa have passed laws which essentially ban schools from taking electronic fingerprints of children.  Illinois has recently passed a law which requires parental consent for such collection.  Boulder Valley’s attempt to implement the system was shut down due to parental protest.  However, some schools already have the programs in place.  Paranoid Orwellian nightmares aside, are we teaching our children the correct message about sensitive data?  Or are we teaching them that their identity is worth no more than a hot dog?- John

Joe Basirico - Security Analyst Joe studies security and develops tools that assist in the discovery of security vulnerabilities and general application problems. His primary responsibility at Security Innovation is to deliver security courses to software teams in need of application security expertise. He has trained developers and testers from numerous world-class organizations, including Microsoft, HP, EMC, Symantec and Joe is also responsible for participating in customer security process assessments as well as security engineering activities such as security design reviews, security code reviews, and security testing and security deployment reviews. Joe holds a B.S in Computer Science from Montana State University. John Carmichael - Security Researcher John leverages his strong lab development, programming and security process skills to deliver factual and useful training courses to testers and developers. John is a skilled software and Web developer with deep expertise in several different languages and environments. He has made many contributions to the open source software community by developing an open source structured drawing tool implemented in Python, testing several release candidates of the Sarge installer for the Debian Linux distribution, and writing a soon to be released Windows OS crash analyzer product. John has a B.S. in Computer Science and Business Administration from the University of Vermont and is currently working toward an M.S. in Computer Information System Security from Boston University.