cypherpunks-legacy
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
July 2018
- 1371 participants
- 9656 discussions
> Carl is most certainly not an idiot. In fact, there might be a reasonable
> argument for this: You're changing the defaults of a contract by
specifying
> what should be interpreted as reasonable authentication or not. Still,
> I don't agree with it, and it's something that should be left up to the
> courts, not Washingtonians and their lobbyists.
In my opinion, everything should be left to the market to solve, and nothing
to politicians. I'd agree with you about the courts if they were private.
Mark
1
0
> Carl is most certainly not an idiot. In fact, there might be a reasonable
> argument for this: You're changing the defaults of a contract by
specifying
> what should be interpreted as reasonable authentication or not. Still,
> I don't agree with it, and it's something that should be left up to the
> courts, not Washingtonians and their lobbyists.
In my opinion, everything should be left to the market to solve, and nothing
to politicians. I'd agree with you about the courts if they were private.
Mark
1
0
> Carl is most certainly not an idiot. In fact, there might be a reasonable
> argument for this: You're changing the defaults of a contract by
specifying
> what should be interpreted as reasonable authentication or not. Still,
> I don't agree with it, and it's something that should be left up to the
> courts, not Washingtonians and their lobbyists.
In my opinion, everything should be left to the market to solve, and nothing
to politicians. I'd agree with you about the courts if they were private.
Mark
1
0
> Carl is most certainly not an idiot. In fact, there might be a reasonable
> argument for this: You're changing the defaults of a contract by
specifying
> what should be interpreted as reasonable authentication or not. Still,
> I don't agree with it, and it's something that should be left up to the
> courts, not Washingtonians and their lobbyists.
In my opinion, everything should be left to the market to solve, and nothing
to politicians. I'd agree with you about the courts if they were private.
Mark
1
0
Show Your Hand, Not Your ID
The Chronicle of Higher Education, 5.12.2
http://chronicle.com/free/v52/i15/15a02801.htm
[Colloquy transcript appended.]
[Yes, I can see the advantages of using these scanners, and I think the
concerns over theft and privacy issues are reasonably countered. But the
real problem is that, in making such identifications mandatory, the
informal and generally harmless violations of rules are no longer
possible. Suppose a researcher wants to sneak a friend into his lab after
hours. This, and many, many other technical violations will no longer be
allowed. We must be ever vigilant about this kind of "unreasonableness of
reason," to almost coin a meme. There is a single hit on Google! I lack a
better term.]
Colleges use biometric scanners to screen for access to dining halls,
labs, dorms, gyms, and computer networks
By VINCENT KIERNAN
At many colleges, students flash a photo ID at a food-service worker
to get into a dining hall. Things work differently at the University
of Georgia, where Gavin Beck, a senior, places his hand on a sensor
that determines if the person waiting to eat really is Gavin Beck.
The process, which measures the size and shape of the hand, takes only
a few seconds. "No system is foolproof, but this is far more efficient
for us than a photo-based system," says J. Michael Floyd, director of
food services at Georgia. The university is among the first to use the
biometric technology widely, having relied on it in one form or
another in its dining halls since 1974.
Hand scanners, electronic fingerprint readers, even retina scanners
are not just for super-spies in Hollywood movies anymore. The
technology is increasingly being used by colleges to allow students,
professors, and staff members to gain access to dining halls,
laboratories, gyms, and other facilities on their campuses.
Improvements in the technology are spurring greater interest among
some college administrators.
Faculty and staff members who seek weekend access to the Biodesign
Institute at Arizona State University, for example, must be approved
by a device that checks 240 points in the iris of the eye.
Locks on dormitory doors at Johnson & Wales University at Denver are
controlled by a hand-geometry reader similar to Georgia's.
Food-service workers at Georgia punch in and out of their shifts with
a time clock that scans their fingerprints so that a worker cannot
clock in for an absent friend.
Proponents say biometric technology offers increased security and
efficiency, making lines move faster while keeping unauthorized
visitors out. And at a time when colleges are trying to safeguard
campus data, the technology offers colleges a new tool to control
access to computers and networks.
But cost and various technical obstacles are likely to slow the
technology's adoption by colleges. And some observers worry that the
systems could leave an electronic paper trail -- open to abuse or
theft -- of the activities of students and faculty and staff members.
"It's an extremely disturbing trend," says Lee Tien, a senior staff
lawyer at the Electronic Frontier Foundation, a group that promotes
online civil liberties. "Biometrics is a technology that is dangerous
for privacy."
How It Works
Administrators who support the use of biometric technology say
scanning body parts is far more secure than asking users for
passwords, which can be forgotten or stolen. The scanning devices look
for some unique characteristic of the user, such as the arrangement of
ridges on the finger, the pattern of blood vessels in the eye, or the
size and shape of the hand. The characteristic -- called a biometric
measurement -- must be unique for each individual, must not change,
and must be easily measured.
Typically a person's hand, fingerprint, or eyeball is measured once
when he or she is enrolled in the system, and that measurement is
stored in a computer database or on a smart ID card. At the entrance
to a controlled area, such as a dining hall, the individual's
characteristic is measured again and compared with the original
recording. If the two measurements match, the person is admitted.
Georgia's early system recorded two-dimensional measurements of users'
hands. But in 1995, as part of a campuswide move toward biometric
identification, the system was upgraded to one that takes
three-dimensional measurements. Now the 32,500 students use their
hands as passports to all-you-can-eat meal plans, the recreation
center, and dormitories. They either swipe an ID card through a card
reader or enter an ID number on a keypad before presenting their hand
for scanning.
Mr. Floyd, the food-service director, says the system rarely
misidentifies anyone. Mr. Beck, the Georgia senior, recalls only one
glitch, when the system wouldn't recognize him at the start of fall
semester, probably because of a subtle change in his hand's shape over
the summer. At a nearby office, he showed his ID, had his hand
rescanned, and was cleared to eat his meal. "It set me back a couple
of minutes," he says, "but it was no big deal."
The University of New Hampshire installed a hand-reading system in its
dining halls when campus officials wanted to halt the sharing of
all-you-can-eat meal plans by several people, says David J. May,
executive director of hospitality services.
"It really has worked wonderfully for us," he says. Although he cannot
estimate the amount of fraud that the system has stopped, he is
convinced that "students would beat the system if we were using ID
cards."
The cost of putting biometric security in place is not exorbitant,
says Mr. May. Each hand reader costs about $2,500, and the turnstile
to which it is connected costs $8,500 to $9,000. The 12,000-student
university has seven biometric stations at its dining halls, he says.
Recently, New Hampshire expanded the system to control employees'
access to one of its dining halls. That way the university will not
have to issue keys to employees -- or replace locks if keys are
stolen. "If an employee leaves, we just take them out of the
database," so the hand-reading system will no longer recognize that
person, says Mr. May.
Smaller-Scale Projects
Biometric systems are also being used on a smaller scale on some
campuses. At Rutgers University at New Brunswick, fingerprint-scanning
devices are being installed on computers attached to laboratory
equipment in the materials-science department.
The department, with some 80 potential users of the technology, has a
password system to track usage of the equipment, so that the
appropriate research grant is charged. But some students complained
that they were being charged for others' use, says W. Roger Cannon, a
professor of materials science and engineering.
That prompted him to investigate a biometric alternative. "If we had a
fingerprint system, there would be no argument," he says.
The new system has functioned well in tests, Mr. Cannon says. "It
seems to go pretty smoothly if you get the fingerprint centered
right." Those with concerns about personal privacy can elect to
continue using passwords, he adds.
The University of California at Santa Barbara recently installed an
iris-scanning system for controlling access by about 500 people to a
10,000-square-foot "clean room" in a semiconductor-research center.
In the past, having those people swipe their ID cards at the door
would result in more work for staff members, who would have to replace
lost or broken cards, says Jack Whaley, manager of the Nanofabrication
Facility. Moreover, the card readers were sometimes balky, he says,
and nothing prevented people from lending their cards to others.
In the new system, an individual's eyes are photographed, and the
images are digitized, encrypted, and stored on a computer server with
information about what doors the individual is authorized to use and
at what times. Researchers who want to get in simply step up to an
iris reader, which transmits an image of the iris to the server. If
the images match, the computer opens the door.
Some challenges remain, like reminding people who have "droopy
eyelids" to open their eyes wide, says Mr. Whaley. But the system,
which cost between $20,000 and $30,000, has made a negligible number
of errors. "It's pretty good," he says.
More-exotic technology is on the horizon. Fujitsu Ltd. announced in
June that the Chiba Institute of Technology, in Japan, has adopted a
company device that uses infrared light to read the unique pattern of
veins in a student's hand. The patterns are recorded on each
individual's ID card. At kiosks on the campus, students can get access
to their academic transcripts and other personal records by inserting
the cards and holding their hand over a palm reader.
Next year the institute, which has about 11,000 students, plans to
issue similar cards to faculty and staff members. It is considering
expanding the system for such purposes as tracking library checkouts
and class attendance.
Joel Hagberg, vice president for marketing and business development at
Fujitsu Computer Products of America, says the company is discussing
use of the technology with American colleges, which he does not
identify. The system could start surfacing on American campuses early
next year, he says. The vein scanner costs more than a fingerprint
reader, which can run as much as $100, but less than an iris reader,
he says, although he declines to provide specific figures.
The technology will probably materialize first at a large research
institution, most likely as part of a centralized service such as
controlling college officials' access to student records, Mr. Hagberg
predicts, noting that such an application would require only a few
palm readers.
"This is something that you will see coming to a university near you
in the near future," he says.
Privacy Concerns
For all the efficiency and gee-whiz value of biometric technology,
civil libertarians say it raises serious concerns about privacy. The
theft or abuse of biometric measurements could be even more
threatening than misuse of Social Security numbers, warns Mr. Tien, of
the Electronic Frontier Foundation.
Campus officials using fingerprint readers stress that their systems
do not record individuals' fingerprints in images like those used by
law-enforcement agencies. Rather, the systems produce a mathematical
representation of fingerprints that would be useless to anyone outside
the colleges.
Hand-geometry systems seem to cause the least apprehension because
such measurements are not commonly used off campus and so would have
little or no application if the biometric data were to leak out. "The
only person it does any good is me," says Mr. Beck, the Georgia
student.
Keene State College, in New Hampshire, moved to a hand-reader system
this semester. Paul A. Striffolino, director of campus life, says the
system does not intrude on the privacy of the college's 5,000
students. "An eye-scanning system would seem over the top to me," he
says.
But some observers say even hand-geometry data could be misused. If
hand readers become commonplace, authorities could use records from
the systems to reconstruct a student's movements and activities on the
campus or across a broader area, says Mr. Tien.
"It facilitates an atmosphere or a climate of checkpoints," he says.
"All it is, is maybe a faster way to get through a door. We have to
wonder whether these are the right trade-offs to be making."
Indeed, records of a student's biometric measurements, as well as
records of where and when that student used a biometric device,
probably would be protected from public disclosure under the Family
Educational Rights and Privacy Act, says Steven McDonald, general
counsel at the Rhode Island School of Design, who tracks the effect of
the federal law on the use of technology on campuses.
In most cases, he says, Ferpa would not allow a college to disclose,
without a student's permission, where and when that student had
entered a dining hall, for example. But the records could still be
used by the college's own staff and might be vulnerable to subpoena by
law-enforcement officials, he says.
Nancy Tribbensee, deputy general counsel at Arizona State, says a
college should acknowledge privacy concerns before settling on
biometric technology. She suggests that college officials consider
whether the benefits, like tighter security, would be outweighed by
ways in which the data could be abused.
Recordings from the iris scanner at the university's Biodesign
Institute are not covered by Ferpa, Ms. Tribbensee notes, because the
system is used by faculty and staff members. But the university treats
the data as personnel records and therefore as confidential, and it
would fight any effort to obtain copies through the state's
public-records law, she says.
High Price Tag
Privacy is not the only concern about biometric security systems. Some
users also worry about safety -- for example, whether touching a hand
reader could expose someone to colds and the flu from previous users.
Mr. May, of New Hampshire, says the device is "no different than a
doorknob." Still, liquid hand sanitizer is available at each hand
reader, in a dispenser attached to the wall, and a staff member wipes
the readers with a sanitizing solution every 15 minutes.
Another hurdle facing biometric systems is cost. Last year Creighton
University considered using fingerprint readers to control access to
the 1,500 to 2,000 computers in its laboratories and offices. At $90
to $100 a pop, Creighton would have had to spend as much as $200,000
on the devices -- and that wouldn't have included the cost of
upgrading the machines as technology advanced. "That would have been a
huge expense," says Michael M. Allington, assistant director of
student-technology support in the information-technology department.
Creighton took a pass.
Still, industry officials argue that biometric systems make financial
sense for colleges, at least in some situations. The staff and systems
needed to maintain a list of passwords for security systems might cost
a college $50 per student annually, says Tom Doggett, director of
marketing for Saflink Corporation, which makes a variety of biometric
systems. By contrast, he says, a large college might spend $30 to $40
per student to deploy a biometric system.
"You could make the case that the system would pay for itself in a
year," Mr. Doggett says.
But James L. Wayman, director of the National Biometric Test Center at
San Jose State University, which explores technical issues related to
the technology, is less optimistic.
It is unclear, he says, whether dining halls are losing enough money
from fraud to warrant the expense of a biometric system. "Will it
pay?" he asks. "That's where it all falls apart."
"Tell me again," he says, "why you need them on college campuses."
Biometric systems can also have technical problems, which have prodded
a few colleges to back away from the technology.
Recently the New York State Center for Engineering Design and
Industrial Innovation, at the State University of New York at Buffalo,
encountered problems with a fingerprint-scanning system used to
control access to its facilities. The readers worked well in 2000,
when they were installed inside the building, says Kenneth W. English,
deputy director. But the design center is planning an expansion that
would require placing the access controls on the building's exterior,
and the fingerprint readers worked poorly there because of snow and
ice. So the center is reverting to having users swipe ID cards through
a card reader.
Mr. English hopes that improvements in biometric technology will allow
the center to move back to fingerprint readers in the next two or
three years.
'Weak Fingerprints'
When Creighton considered fingerprint readers, it tested several
models. But the machines had a hard time recognizing faculty members
in the dental school, recalls Mr. Allington. They seemed to have
less-visible fingerprints, probably because of the frequency with
which they washed their hands, he says.
A similar problem surfaced in Georgia's food-service department, where
600 employees use a fingerprint system to sign in and out of work.
About 10 of them, whose work often keeps their hands submerged in
water, have "weak fingerprints" and so cannot use the biometric
system, says Christopher H. Wilkins, an information-technology manager
in the university's food-service division. They still clock in and out
by swiping an ID card or entering an ID number.
_________________________________________________________________
Colloquy Transcript
http://chronicle.com/colloquy/2005/12/bio/
Throwing Away the Keys
Thursday, December 1, at 2 p.m., U.S. Eastern time
The topic
Forget keys and photo ID's. Students trying to get into dormitories at
Johnson & Wales University in Denver must have their hands measured by
an electronic scanner. Food-service workers at the University of
Georgia punch in and out of their shifts with a time clock that scans
their fingerprints. And faculty and staff members seeking weekend
access to the Biodesign Institute at Arizona State University must be
approved by a device that checks 240 points in the iris of the eye.
More and more colleges are using such biometric technology, which its
fans say is more secure and efficient than traditional tools. The
technology also offers a new way to control access to campus computers
and networks. But biometric systems can have technical problems, and
they are expensive to install. And some observers worry that the
systems could leave an electronic trail -- open to abuse or theft --
of employees' and students' activities.
Are the advantages of biometric technology worth its high cost? Do
they outweigh its potential misuses? Are biometric records protected
from public disclosure under the Family Educational Rights and Privacy
Act, or do colleges need to take extra steps to protect such data?
The guest
J. Michael Floyd is director of food services at the University of
Georgia, which has used biometric technology in one form or another in
its dining halls since 1974.
_________________________________________________________________
A transcript of the chat follows.
_________________________________________________________________
Vincent Kiernan (Moderator):
Good afternoon, and welcome to Colloquy. I'm Vincent Kiernan, a
senior writer at The Chronicle, and I will be moderating today's
discussion about the use of biometrics in higher education.
Our guest is J. Michael Floyd, director of food services at the
University of Georgia. His institution is a pioneer in the use of
biometrics -- Georgia has used hand readers in its dining halls since
the 1970s.
Just a quick reminder to everyone out there in cyberspace: Send in
your questions and comments!
Now, welcome, Mike. Could you start by giving us a thumbnail sketch of
what your institution does in this area?
_________________________________________________________________
J. Michael Floyd:
The University of Georgia Food Services has utilized biometric
technology since 1972 for access control for its voluntary meal plan
program that allows unlimited access for its customers from 7 am to
midnight daily. The department is presently on its third generation of
hand image readers and has recently implemented a biometric
timekeeping system for its 700 employees. The department has chosen
biometric technology for its access control to prevent sharing of meal
plans by customers, reduce labor cost for access control, and to
increase speed of entry for its customers. The average customer gains
access into our dining commons within a 3-5 second time period with
the use of biometric technology. Presently 33,000 students here at the
University utilize this technology for access for dining commmons,
residence halls and campus recreation facilities.
_________________________________________________________________
Vincent Kiernan (Moderator):
Now onto our questions...
_________________________________________________________________
Question from Terri Moreman, U.S. Olympic Training Center:
Terri Moreman
U.S. Olympic Training Center
Colorado Springs, Colorado
Advantages to Biometrics
Easy to maintain and archive guest access (various reports available
with the ability to customize)
Quicker smother entry - especially when most students dont want to
carry I.D. card.
Cheaper and easier then re-keying access doors
Less chance of misuse
Card access is even higher however; here again the student would need
to carry the card at all times. Without the card they have no access.
Disadvantage
Dont go with new technology out the start gate. Seek out a proven
product in the marketplace.
Initial equipment set-up is high however in the long run it pays for
itself
Hand geometry readers cost an average of $3,000 per location
Certified technicians trained in this specialty are required to
maintain, trouble shoot and make repairs. Generally speaking an
electrician or layman may understand the electrical components;
however he would lack the necessary knowledge to function in this
capacity.
The challenge is that technology changes and if you maintain a system
too long its hard to find parts it. Routine upgrades in software and
hardware need to be considered to maintain your system.
Electronic access is great until you have a power outage.
Systems normally reset themselves however; surges and losses in power
can cause damage to your system. If your facility is in a high risk
lightning area it would advantageous to secure a back up generator.
J. Michael Floyd:
Terri Moreman makes some excellent comments on her use of
biometric handreaders at the US Olympic Training Center. One of the
big advantages that we find in our application of biometrics here at
the University of Georgia is the financial savings that we realize
with this system. Let me explain this statement. In our application
customers activate the system themselves by either swiping their id
card or punching in their id number then placing their hand in the
reader. Once the reader recognizes the hand image as a customer it
then sends a signal to the turnstyle that allows the customer to enter
the dining commons. By using this self activation system we do not
need a cashier at every entry device, only a cashier to monitor all
the entry devices for each dining commons. This reduces our labor cost
by eight fulltime cashiers. This cost savings greatly outweighs the
additional cost of the biometric readers. A disadvantage of the system
is that it does require trained technicians to maintain the system,
which a photo base only system normally does not require. The main
service issue that we have is the routine replacement that we have to
do on the keypad due to the large amount of usage our systems receive
by our customers choosing to enter their student id number in lieu of
swiping their id card. The numbers are actually worn off the keypad.
_________________________________________________________________
Question from G. Buhl, Rutgers U.:
WIth the loss and theft of personal data by Universities reported
recently in the media, what are the risks to students and faculty of
entrusting biometric data to Universities?
J. Michael Floyd:
With any systems the appropriate safeguards must be in place to
protect data. However, the biometric data that we use is hand & finger
images and not prints. This data is of no value to an outsider to
identify a customer by a hand or finger image. The key to our system
is that we do not store finger or hand prints. In addition we do not
identify our customers or employees by their social security number in
our systems, but we utilize University identification numbers instead.
_________________________________________________________________
Question from Vincent Kiernan:
Mike, a big issue with any new IT system is cost. Can you give us
an idea of how much this system costs Georgia -- and how much it saves
you in operational costs?
J. Michael Floyd:
The cost of any system is reflective of the size of the
application, number of hand readers and the number of locations. In
our case the initial cost was approximately $100,000. But this cost
was immediately offset by reduction of staffing. With the use of
biometric readers where the customer activates the system you do not
need a cashier for every entry device. In our case we are able to
staff our cashier station with one cashier who monitors two hand
readers. This alone reduced labor by 8 fulltime positions. In today's
dollars this is a savings of approximately $186,000 in salary and
benefits cost every year. But the true savings is the speed of access
for our customers. Thereby allowing greater thru put of customers in
dining centers, which allows us to maximize our operations and reduces
the need to build operations for peak customer periods. In our case we
provide meal plan service for our customers in four dining centers. On
some other campuses this same number of customers may need five to six
dining centers.
_________________________________________________________________
Question from Vincent Kiernan:
Mike, biometrics make some people nervous from a privacy
perspective. Have you encountered any concern on your campus? How do
you reassure people that their privacy is being protected?
J. Michael Floyd:
We have not experienced the privacy concern from our customers
because we take an aggressive approach of educating our customers that
our system is a hand image and not a hand print. One of the ways we
educate our customers on the system is including this information in
our Food Service presentation during the summer Freshman Orientation
program. In addition we have previous articles from the Wall Street
Journal and New York Times framed and in our lobbies to educate our
customers on our biometric application. Our biometric system was also
featured in "Beyond 2000" on the Discovery Channel several years ago
and when the film crew was on campus we attempted to get as many of
our students involved with the filming. In addition, during my 20 year
tenure here at the University I have never had a customer express
concern on this issue. What I do encounter from our customers is a
sense of pride that they are using state of the art technology and I
find they are normally our best PR agents as they love to explain our
system to visitors.
_________________________________________________________________
Question from Vincent Kiernan:
Do you have any plans to further expand your use of biometrics in
the dining hall system?
J. Michael Floyd:
Yes. We have recently expanded the use of biometrics for
timekeeping for employees. Utilizing a different biometric system, our
employees clock in & out daily using a finger image. The next
expansion is to utilize these devices for backdoor employee access
into our operations. This will increase the overall security of our
operations, especially since we have operations open till midnight and
our plans include a 24-hour dining center in the near future. In my
opinion, the real future of biometrics in the workplace is in
timekeeping. This application for employers with large work forces
will greatly increase the accuracy of paying for actual hours worked
and prevent "buddy punching."
_________________________________________________________________
Question from Edward Marshall, University of Pennsylvania:
Are you aware of any health related issues resulting from the use
of biometric technologies? In particular, retinal scans.
J. Michael Floyd:
No, there is no greater risk with the hand image readers than the
doorknob on the front of the building. However, we do have a procedure
in place to sanitize the hand reader surface on a routine schedule
thru out the day. In addition we have hand sanitizer stations located
inside our dining operations for customers who would like to use this
product. We do not utilize retinal scans here. However, the most
common form of eye scanning is iris scanning and with these devices
the eye is typically 10 to 14 inches away from the scanner.
_________________________________________________________________
Vincent Kiernan (Moderator):
We're about half way through our scheduled time for this
conversation. If you have any questions for Mr. Floyd, now would be a
great time to send them in.
_________________________________________________________________
Question from Dick Sigelko, Michigan State University:
If the system is not storing fingerprints or hand geography, how
does it identify the individual as having the privilege?
J. Michael Floyd:
The system is storing hand and finger image templates. The
templates are a mathematical representation of the hand or finger
ridges. These stored templates are then compared to the image
presented by the customer/employee when they place their hand or
finger in the reader. All verifications are done on a one to one
comparison, not a one to many comparison. For example the customer
will input their ID number by scanning their card or typing their card
number on a keypad and then they place their hand in the reader. The
customer / employee must be active in the system prior to utilizing
the system.
_________________________________________________________________
Question from Matt Miller, Gettysburg College:
How long on average does it take to add a new hand image to the
system?
J. Michael Floyd:
For both systems the initial image is captured at an orientation.
Each image takes approximately 30 seconds to capture and verify the
first time. However, with our meal plan system this one time
enrollment is the only time we must physically see the student to
begin participation in the meal plan for their entire academic stay at
UGA. The enrollment for students is done when they have their ID card
produced.
_________________________________________________________________
Question from Vincent Kiernan:
What advice do you have for colleges that might consider hand
scanning in the future? Are there any particular land mines to avoid?
J. Michael Floyd:
The key is to promote this as state of art technology and to
excite the customers that they are involved in a unique application of
technology. One installation issue to avoid is to make sure that all
hand image readers are installed at the same height. Readers installed
at different height can result in a higher error ratio.
_________________________________________________________________
Question from Dick Sigelko, Michigan State University:
Have students expressed a concern about contamination, germs or
the "ick" factor?
J. Michael Floyd:
Over the years we have heard this question from a few customers,
which allows us to explain our system and how we sanitize the reader
surface. But normally when we share the comparison about the front
doorknob on the building the student then realizes the enormous number
of common surfaces they touch with their hands each day.
_________________________________________________________________
Question from Dick Sigelko, Michigan State University:
How many mis-reads per 100 do you get?
J. Michael Floyd:
We are at less than 1% of false-negatives. This allows our Cashier
to then look up the customer in our data base and then permit the
customer to dine.
_________________________________________________________________
Question from Francine Reynolds, University of Richmond:
Mike, what systems are your biometric readers interfacing with
(i.e. CBORD's CSGold, etc.)
J. Michael Floyd:
Our system is a proprietary system that our campus IT department
developed and maintains for the campus.
_________________________________________________________________
Question from Terri Moreman, U.S. Olympic Training Center:
Mike, is your system tied to dorm room or buliding access?
J. Michael Floyd:
Yes, our system is tied to residence hall building access. But not
individual rooms.
_________________________________________________________________
Question from Rich Bredahl, University of Texas at Austin:
How about issues of cleaniness? With potentially several hundred
people using a reader per hour, how do you:
1) Keep the reader clean
2) Ensure the reader does not become a means of passing
germs/bacteria/viruses
J. Michael Floyd:
No, there is no greater risk with the hand image readers than the
doorknob on the front of the building. However, we do have a procedure
in place to sanitize the hand reader surface on a routine schedule
throughout the day. In addition we have hand sanitizer stations
located inside our dining operations for customers who would like to
use this product.
_________________________________________________________________
Question from Vincent Kiernan:
That will be our last question. Mike, any final thoughts?
J. Michael Floyd:
In conclusion, the key benefit of a biometric system is that it
can be a user activated system that creates a great deal of ownership
by the customer. With this ownership, there is a buy in from the
customer to assist the organization in making the system work.
Additionally, biometric systems have the potential of reducing
personnel cost and improving overall levels of security and customer
thru put. There is also a greater awareness of security by the
customer than the traditional photo base system. Biometrics is the
technology that our children will see in their future workplace.
_________________________________________________________________
Vincent Kiernan (Moderator):
That about does it for today. On behalf of The Chronicle, thanks
to Mike Floyd and his staff for their illuminating answers to the
questions, and thanks to all of you for participating. Have a good
afternoon.
_________________________________________________________________
J. Michael Floyd:
A special thank you to Donald Smith, Department Manager of UGAcard
Support Services and Chris Wilkins, IT Manager, UGA Food Services for
joining me today on the Colloquy and assisting with the
responses.Additionally Biometric systems have the potential of
reducing personnel cost and improving overall levels of security and
customer thru put.
------------------------ Yahoo! Groups Sponsor --------------------~-->
Get fast access to your favorite Yahoo! Groups. Make Yahoo! your home page
http://us.click.yahoo.com/dpRU5A/wUILAA/yQLSAA/PMYolB/TM
--------------------------------------------------------------------~->
Post message: transhumantech(a)yahoogroups.com
Subscribe: transhumantech-subscribe(a)yahoogroups.com
Unsubscribe: transhumantech-unsubscribe(a)yahoogroups.com
List owner: transhumantech-owner(a)yahoogroups.com
List home: http://www.yahoogroups.com/group/transhumantech/
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/transhumantech/
<*> To unsubscribe from this group, send an email to:
transhumantech-unsubscribe(a)yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
On Sun, Jan 08, 2012 at 04:44:34PM -0500, gsistare(a)gmail.com wrote 2.9K bytes in 85 lines about:
: Considering this, which mobile phone
: providers and manufacturers remain the most secure? It seems like
: the numbers are dwindling, and the user-end side of things is
: becoming more uneasy.
Roughly zero if your threat model involves a government. All cell
phones have two operating systems, one is the baseband for managing
communications with the cell towers and signal processing, the other is
the one for the humans. The baseband has 'lawful intercept' built in to
appease western governments, at least.
I'm not sure to which OS the slashdot story
refers, but here's a crash course in iphone's OSes,
http://www.ihackintosh.com/2009/07/difference-between-iphone-baseband-bootl….
And here's a quick presentation on what the
baseband OS, or firmware, does in a 3G phone,
http://bwrc.eecs.berkeley.edu/seminars/Seminars_Archive/Sriram-9.15.00/3G_C….
For an example of the details, the osmocombb project,
http://bb.osmocom.org/trac/, is trying to write a completely free
baseband stack for cell phones. They have some pretty good details and
presentations on the hardware hacking involved in re-writing the baseband
from scratch.
As for actually secure phones, from the baseband through the user
interface, Cryptophone, http://www.cryptophone.de/, makes a few models,
but as you can expect, they are expensive. There are probably others,
but I've only used the cryptophone g10+ model.
And just in case you think the baseband isn't fun to
explore and exploit to win contests at security conferences,
https://www.readwriteweb.com/archives/baseband_hacking_a_new_frontier_for_s…
--
Andrew
http://tpo.is/contact
pgp 0x74ED336B
_______________________________________________
liberationtech mailing list
liberationtech(a)lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders.
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
> Carl is most certainly not an idiot. In fact, there might be a reasonable
> argument for this: You're changing the defaults of a contract by
specifying
> what should be interpreted as reasonable authentication or not. Still,
> I don't agree with it, and it's something that should be left up to the
> courts, not Washingtonians and their lobbyists.
In my opinion, everything should be left to the market to solve, and nothing
to politicians. I'd agree with you about the courts if they were private.
Mark
1
0
Show Your Hand, Not Your ID
The Chronicle of Higher Education, 5.12.2
http://chronicle.com/free/v52/i15/15a02801.htm
[Colloquy transcript appended.]
[Yes, I can see the advantages of using these scanners, and I think the
concerns over theft and privacy issues are reasonably countered. But the
real problem is that, in making such identifications mandatory, the
informal and generally harmless violations of rules are no longer
possible. Suppose a researcher wants to sneak a friend into his lab after
hours. This, and many, many other technical violations will no longer be
allowed. We must be ever vigilant about this kind of "unreasonableness of
reason," to almost coin a meme. There is a single hit on Google! I lack a
better term.]
Colleges use biometric scanners to screen for access to dining halls,
labs, dorms, gyms, and computer networks
By VINCENT KIERNAN
At many colleges, students flash a photo ID at a food-service worker
to get into a dining hall. Things work differently at the University
of Georgia, where Gavin Beck, a senior, places his hand on a sensor
that determines if the person waiting to eat really is Gavin Beck.
The process, which measures the size and shape of the hand, takes only
a few seconds. "No system is foolproof, but this is far more efficient
for us than a photo-based system," says J. Michael Floyd, director of
food services at Georgia. The university is among the first to use the
biometric technology widely, having relied on it in one form or
another in its dining halls since 1974.
Hand scanners, electronic fingerprint readers, even retina scanners
are not just for super-spies in Hollywood movies anymore. The
technology is increasingly being used by colleges to allow students,
professors, and staff members to gain access to dining halls,
laboratories, gyms, and other facilities on their campuses.
Improvements in the technology are spurring greater interest among
some college administrators.
Faculty and staff members who seek weekend access to the Biodesign
Institute at Arizona State University, for example, must be approved
by a device that checks 240 points in the iris of the eye.
Locks on dormitory doors at Johnson & Wales University at Denver are
controlled by a hand-geometry reader similar to Georgia's.
Food-service workers at Georgia punch in and out of their shifts with
a time clock that scans their fingerprints so that a worker cannot
clock in for an absent friend.
Proponents say biometric technology offers increased security and
efficiency, making lines move faster while keeping unauthorized
visitors out. And at a time when colleges are trying to safeguard
campus data, the technology offers colleges a new tool to control
access to computers and networks.
But cost and various technical obstacles are likely to slow the
technology's adoption by colleges. And some observers worry that the
systems could leave an electronic paper trail -- open to abuse or
theft -- of the activities of students and faculty and staff members.
"It's an extremely disturbing trend," says Lee Tien, a senior staff
lawyer at the Electronic Frontier Foundation, a group that promotes
online civil liberties. "Biometrics is a technology that is dangerous
for privacy."
How It Works
Administrators who support the use of biometric technology say
scanning body parts is far more secure than asking users for
passwords, which can be forgotten or stolen. The scanning devices look
for some unique characteristic of the user, such as the arrangement of
ridges on the finger, the pattern of blood vessels in the eye, or the
size and shape of the hand. The characteristic -- called a biometric
measurement -- must be unique for each individual, must not change,
and must be easily measured.
Typically a person's hand, fingerprint, or eyeball is measured once
when he or she is enrolled in the system, and that measurement is
stored in a computer database or on a smart ID card. At the entrance
to a controlled area, such as a dining hall, the individual's
characteristic is measured again and compared with the original
recording. If the two measurements match, the person is admitted.
Georgia's early system recorded two-dimensional measurements of users'
hands. But in 1995, as part of a campuswide move toward biometric
identification, the system was upgraded to one that takes
three-dimensional measurements. Now the 32,500 students use their
hands as passports to all-you-can-eat meal plans, the recreation
center, and dormitories. They either swipe an ID card through a card
reader or enter an ID number on a keypad before presenting their hand
for scanning.
Mr. Floyd, the food-service director, says the system rarely
misidentifies anyone. Mr. Beck, the Georgia senior, recalls only one
glitch, when the system wouldn't recognize him at the start of fall
semester, probably because of a subtle change in his hand's shape over
the summer. At a nearby office, he showed his ID, had his hand
rescanned, and was cleared to eat his meal. "It set me back a couple
of minutes," he says, "but it was no big deal."
The University of New Hampshire installed a hand-reading system in its
dining halls when campus officials wanted to halt the sharing of
all-you-can-eat meal plans by several people, says David J. May,
executive director of hospitality services.
"It really has worked wonderfully for us," he says. Although he cannot
estimate the amount of fraud that the system has stopped, he is
convinced that "students would beat the system if we were using ID
cards."
The cost of putting biometric security in place is not exorbitant,
says Mr. May. Each hand reader costs about $2,500, and the turnstile
to which it is connected costs $8,500 to $9,000. The 12,000-student
university has seven biometric stations at its dining halls, he says.
Recently, New Hampshire expanded the system to control employees'
access to one of its dining halls. That way the university will not
have to issue keys to employees -- or replace locks if keys are
stolen. "If an employee leaves, we just take them out of the
database," so the hand-reading system will no longer recognize that
person, says Mr. May.
Smaller-Scale Projects
Biometric systems are also being used on a smaller scale on some
campuses. At Rutgers University at New Brunswick, fingerprint-scanning
devices are being installed on computers attached to laboratory
equipment in the materials-science department.
The department, with some 80 potential users of the technology, has a
password system to track usage of the equipment, so that the
appropriate research grant is charged. But some students complained
that they were being charged for others' use, says W. Roger Cannon, a
professor of materials science and engineering.
That prompted him to investigate a biometric alternative. "If we had a
fingerprint system, there would be no argument," he says.
The new system has functioned well in tests, Mr. Cannon says. "It
seems to go pretty smoothly if you get the fingerprint centered
right." Those with concerns about personal privacy can elect to
continue using passwords, he adds.
The University of California at Santa Barbara recently installed an
iris-scanning system for controlling access by about 500 people to a
10,000-square-foot "clean room" in a semiconductor-research center.
In the past, having those people swipe their ID cards at the door
would result in more work for staff members, who would have to replace
lost or broken cards, says Jack Whaley, manager of the Nanofabrication
Facility. Moreover, the card readers were sometimes balky, he says,
and nothing prevented people from lending their cards to others.
In the new system, an individual's eyes are photographed, and the
images are digitized, encrypted, and stored on a computer server with
information about what doors the individual is authorized to use and
at what times. Researchers who want to get in simply step up to an
iris reader, which transmits an image of the iris to the server. If
the images match, the computer opens the door.
Some challenges remain, like reminding people who have "droopy
eyelids" to open their eyes wide, says Mr. Whaley. But the system,
which cost between $20,000 and $30,000, has made a negligible number
of errors. "It's pretty good," he says.
More-exotic technology is on the horizon. Fujitsu Ltd. announced in
June that the Chiba Institute of Technology, in Japan, has adopted a
company device that uses infrared light to read the unique pattern of
veins in a student's hand. The patterns are recorded on each
individual's ID card. At kiosks on the campus, students can get access
to their academic transcripts and other personal records by inserting
the cards and holding their hand over a palm reader.
Next year the institute, which has about 11,000 students, plans to
issue similar cards to faculty and staff members. It is considering
expanding the system for such purposes as tracking library checkouts
and class attendance.
Joel Hagberg, vice president for marketing and business development at
Fujitsu Computer Products of America, says the company is discussing
use of the technology with American colleges, which he does not
identify. The system could start surfacing on American campuses early
next year, he says. The vein scanner costs more than a fingerprint
reader, which can run as much as $100, but less than an iris reader,
he says, although he declines to provide specific figures.
The technology will probably materialize first at a large research
institution, most likely as part of a centralized service such as
controlling college officials' access to student records, Mr. Hagberg
predicts, noting that such an application would require only a few
palm readers.
"This is something that you will see coming to a university near you
in the near future," he says.
Privacy Concerns
For all the efficiency and gee-whiz value of biometric technology,
civil libertarians say it raises serious concerns about privacy. The
theft or abuse of biometric measurements could be even more
threatening than misuse of Social Security numbers, warns Mr. Tien, of
the Electronic Frontier Foundation.
Campus officials using fingerprint readers stress that their systems
do not record individuals' fingerprints in images like those used by
law-enforcement agencies. Rather, the systems produce a mathematical
representation of fingerprints that would be useless to anyone outside
the colleges.
Hand-geometry systems seem to cause the least apprehension because
such measurements are not commonly used off campus and so would have
little or no application if the biometric data were to leak out. "The
only person it does any good is me," says Mr. Beck, the Georgia
student.
Keene State College, in New Hampshire, moved to a hand-reader system
this semester. Paul A. Striffolino, director of campus life, says the
system does not intrude on the privacy of the college's 5,000
students. "An eye-scanning system would seem over the top to me," he
says.
But some observers say even hand-geometry data could be misused. If
hand readers become commonplace, authorities could use records from
the systems to reconstruct a student's movements and activities on the
campus or across a broader area, says Mr. Tien.
"It facilitates an atmosphere or a climate of checkpoints," he says.
"All it is, is maybe a faster way to get through a door. We have to
wonder whether these are the right trade-offs to be making."
Indeed, records of a student's biometric measurements, as well as
records of where and when that student used a biometric device,
probably would be protected from public disclosure under the Family
Educational Rights and Privacy Act, says Steven McDonald, general
counsel at the Rhode Island School of Design, who tracks the effect of
the federal law on the use of technology on campuses.
In most cases, he says, Ferpa would not allow a college to disclose,
without a student's permission, where and when that student had
entered a dining hall, for example. But the records could still be
used by the college's own staff and might be vulnerable to subpoena by
law-enforcement officials, he says.
Nancy Tribbensee, deputy general counsel at Arizona State, says a
college should acknowledge privacy concerns before settling on
biometric technology. She suggests that college officials consider
whether the benefits, like tighter security, would be outweighed by
ways in which the data could be abused.
Recordings from the iris scanner at the university's Biodesign
Institute are not covered by Ferpa, Ms. Tribbensee notes, because the
system is used by faculty and staff members. But the university treats
the data as personnel records and therefore as confidential, and it
would fight any effort to obtain copies through the state's
public-records law, she says.
High Price Tag
Privacy is not the only concern about biometric security systems. Some
users also worry about safety -- for example, whether touching a hand
reader could expose someone to colds and the flu from previous users.
Mr. May, of New Hampshire, says the device is "no different than a
doorknob." Still, liquid hand sanitizer is available at each hand
reader, in a dispenser attached to the wall, and a staff member wipes
the readers with a sanitizing solution every 15 minutes.
Another hurdle facing biometric systems is cost. Last year Creighton
University considered using fingerprint readers to control access to
the 1,500 to 2,000 computers in its laboratories and offices. At $90
to $100 a pop, Creighton would have had to spend as much as $200,000
on the devices -- and that wouldn't have included the cost of
upgrading the machines as technology advanced. "That would have been a
huge expense," says Michael M. Allington, assistant director of
student-technology support in the information-technology department.
Creighton took a pass.
Still, industry officials argue that biometric systems make financial
sense for colleges, at least in some situations. The staff and systems
needed to maintain a list of passwords for security systems might cost
a college $50 per student annually, says Tom Doggett, director of
marketing for Saflink Corporation, which makes a variety of biometric
systems. By contrast, he says, a large college might spend $30 to $40
per student to deploy a biometric system.
"You could make the case that the system would pay for itself in a
year," Mr. Doggett says.
But James L. Wayman, director of the National Biometric Test Center at
San Jose State University, which explores technical issues related to
the technology, is less optimistic.
It is unclear, he says, whether dining halls are losing enough money
from fraud to warrant the expense of a biometric system. "Will it
pay?" he asks. "That's where it all falls apart."
"Tell me again," he says, "why you need them on college campuses."
Biometric systems can also have technical problems, which have prodded
a few colleges to back away from the technology.
Recently the New York State Center for Engineering Design and
Industrial Innovation, at the State University of New York at Buffalo,
encountered problems with a fingerprint-scanning system used to
control access to its facilities. The readers worked well in 2000,
when they were installed inside the building, says Kenneth W. English,
deputy director. But the design center is planning an expansion that
would require placing the access controls on the building's exterior,
and the fingerprint readers worked poorly there because of snow and
ice. So the center is reverting to having users swipe ID cards through
a card reader.
Mr. English hopes that improvements in biometric technology will allow
the center to move back to fingerprint readers in the next two or
three years.
'Weak Fingerprints'
When Creighton considered fingerprint readers, it tested several
models. But the machines had a hard time recognizing faculty members
in the dental school, recalls Mr. Allington. They seemed to have
less-visible fingerprints, probably because of the frequency with
which they washed their hands, he says.
A similar problem surfaced in Georgia's food-service department, where
600 employees use a fingerprint system to sign in and out of work.
About 10 of them, whose work often keeps their hands submerged in
water, have "weak fingerprints" and so cannot use the biometric
system, says Christopher H. Wilkins, an information-technology manager
in the university's food-service division. They still clock in and out
by swiping an ID card or entering an ID number.
_________________________________________________________________
Colloquy Transcript
http://chronicle.com/colloquy/2005/12/bio/
Throwing Away the Keys
Thursday, December 1, at 2 p.m., U.S. Eastern time
The topic
Forget keys and photo ID's. Students trying to get into dormitories at
Johnson & Wales University in Denver must have their hands measured by
an electronic scanner. Food-service workers at the University of
Georgia punch in and out of their shifts with a time clock that scans
their fingerprints. And faculty and staff members seeking weekend
access to the Biodesign Institute at Arizona State University must be
approved by a device that checks 240 points in the iris of the eye.
More and more colleges are using such biometric technology, which its
fans say is more secure and efficient than traditional tools. The
technology also offers a new way to control access to campus computers
and networks. But biometric systems can have technical problems, and
they are expensive to install. And some observers worry that the
systems could leave an electronic trail -- open to abuse or theft --
of employees' and students' activities.
Are the advantages of biometric technology worth its high cost? Do
they outweigh its potential misuses? Are biometric records protected
from public disclosure under the Family Educational Rights and Privacy
Act, or do colleges need to take extra steps to protect such data?
The guest
J. Michael Floyd is director of food services at the University of
Georgia, which has used biometric technology in one form or another in
its dining halls since 1974.
_________________________________________________________________
A transcript of the chat follows.
_________________________________________________________________
Vincent Kiernan (Moderator):
Good afternoon, and welcome to Colloquy. I'm Vincent Kiernan, a
senior writer at The Chronicle, and I will be moderating today's
discussion about the use of biometrics in higher education.
Our guest is J. Michael Floyd, director of food services at the
University of Georgia. His institution is a pioneer in the use of
biometrics -- Georgia has used hand readers in its dining halls since
the 1970s.
Just a quick reminder to everyone out there in cyberspace: Send in
your questions and comments!
Now, welcome, Mike. Could you start by giving us a thumbnail sketch of
what your institution does in this area?
_________________________________________________________________
J. Michael Floyd:
The University of Georgia Food Services has utilized biometric
technology since 1972 for access control for its voluntary meal plan
program that allows unlimited access for its customers from 7 am to
midnight daily. The department is presently on its third generation of
hand image readers and has recently implemented a biometric
timekeeping system for its 700 employees. The department has chosen
biometric technology for its access control to prevent sharing of meal
plans by customers, reduce labor cost for access control, and to
increase speed of entry for its customers. The average customer gains
access into our dining commons within a 3-5 second time period with
the use of biometric technology. Presently 33,000 students here at the
University utilize this technology for access for dining commmons,
residence halls and campus recreation facilities.
_________________________________________________________________
Vincent Kiernan (Moderator):
Now onto our questions...
_________________________________________________________________
Question from Terri Moreman, U.S. Olympic Training Center:
Terri Moreman
U.S. Olympic Training Center
Colorado Springs, Colorado
Advantages to Biometrics
Easy to maintain and archive guest access (various reports available
with the ability to customize)
Quicker smother entry - especially when most students dont want to
carry I.D. card.
Cheaper and easier then re-keying access doors
Less chance of misuse
Card access is even higher however; here again the student would need
to carry the card at all times. Without the card they have no access.
Disadvantage
Dont go with new technology out the start gate. Seek out a proven
product in the marketplace.
Initial equipment set-up is high however in the long run it pays for
itself
Hand geometry readers cost an average of $3,000 per location
Certified technicians trained in this specialty are required to
maintain, trouble shoot and make repairs. Generally speaking an
electrician or layman may understand the electrical components;
however he would lack the necessary knowledge to function in this
capacity.
The challenge is that technology changes and if you maintain a system
too long its hard to find parts it. Routine upgrades in software and
hardware need to be considered to maintain your system.
Electronic access is great until you have a power outage.
Systems normally reset themselves however; surges and losses in power
can cause damage to your system. If your facility is in a high risk
lightning area it would advantageous to secure a back up generator.
J. Michael Floyd:
Terri Moreman makes some excellent comments on her use of
biometric handreaders at the US Olympic Training Center. One of the
big advantages that we find in our application of biometrics here at
the University of Georgia is the financial savings that we realize
with this system. Let me explain this statement. In our application
customers activate the system themselves by either swiping their id
card or punching in their id number then placing their hand in the
reader. Once the reader recognizes the hand image as a customer it
then sends a signal to the turnstyle that allows the customer to enter
the dining commons. By using this self activation system we do not
need a cashier at every entry device, only a cashier to monitor all
the entry devices for each dining commons. This reduces our labor cost
by eight fulltime cashiers. This cost savings greatly outweighs the
additional cost of the biometric readers. A disadvantage of the system
is that it does require trained technicians to maintain the system,
which a photo base only system normally does not require. The main
service issue that we have is the routine replacement that we have to
do on the keypad due to the large amount of usage our systems receive
by our customers choosing to enter their student id number in lieu of
swiping their id card. The numbers are actually worn off the keypad.
_________________________________________________________________
Question from G. Buhl, Rutgers U.:
WIth the loss and theft of personal data by Universities reported
recently in the media, what are the risks to students and faculty of
entrusting biometric data to Universities?
J. Michael Floyd:
With any systems the appropriate safeguards must be in place to
protect data. However, the biometric data that we use is hand & finger
images and not prints. This data is of no value to an outsider to
identify a customer by a hand or finger image. The key to our system
is that we do not store finger or hand prints. In addition we do not
identify our customers or employees by their social security number in
our systems, but we utilize University identification numbers instead.
_________________________________________________________________
Question from Vincent Kiernan:
Mike, a big issue with any new IT system is cost. Can you give us
an idea of how much this system costs Georgia -- and how much it saves
you in operational costs?
J. Michael Floyd:
The cost of any system is reflective of the size of the
application, number of hand readers and the number of locations. In
our case the initial cost was approximately $100,000. But this cost
was immediately offset by reduction of staffing. With the use of
biometric readers where the customer activates the system you do not
need a cashier for every entry device. In our case we are able to
staff our cashier station with one cashier who monitors two hand
readers. This alone reduced labor by 8 fulltime positions. In today's
dollars this is a savings of approximately $186,000 in salary and
benefits cost every year. But the true savings is the speed of access
for our customers. Thereby allowing greater thru put of customers in
dining centers, which allows us to maximize our operations and reduces
the need to build operations for peak customer periods. In our case we
provide meal plan service for our customers in four dining centers. On
some other campuses this same number of customers may need five to six
dining centers.
_________________________________________________________________
Question from Vincent Kiernan:
Mike, biometrics make some people nervous from a privacy
perspective. Have you encountered any concern on your campus? How do
you reassure people that their privacy is being protected?
J. Michael Floyd:
We have not experienced the privacy concern from our customers
because we take an aggressive approach of educating our customers that
our system is a hand image and not a hand print. One of the ways we
educate our customers on the system is including this information in
our Food Service presentation during the summer Freshman Orientation
program. In addition we have previous articles from the Wall Street
Journal and New York Times framed and in our lobbies to educate our
customers on our biometric application. Our biometric system was also
featured in "Beyond 2000" on the Discovery Channel several years ago
and when the film crew was on campus we attempted to get as many of
our students involved with the filming. In addition, during my 20 year
tenure here at the University I have never had a customer express
concern on this issue. What I do encounter from our customers is a
sense of pride that they are using state of the art technology and I
find they are normally our best PR agents as they love to explain our
system to visitors.
_________________________________________________________________
Question from Vincent Kiernan:
Do you have any plans to further expand your use of biometrics in
the dining hall system?
J. Michael Floyd:
Yes. We have recently expanded the use of biometrics for
timekeeping for employees. Utilizing a different biometric system, our
employees clock in & out daily using a finger image. The next
expansion is to utilize these devices for backdoor employee access
into our operations. This will increase the overall security of our
operations, especially since we have operations open till midnight and
our plans include a 24-hour dining center in the near future. In my
opinion, the real future of biometrics in the workplace is in
timekeeping. This application for employers with large work forces
will greatly increase the accuracy of paying for actual hours worked
and prevent "buddy punching."
_________________________________________________________________
Question from Edward Marshall, University of Pennsylvania:
Are you aware of any health related issues resulting from the use
of biometric technologies? In particular, retinal scans.
J. Michael Floyd:
No, there is no greater risk with the hand image readers than the
doorknob on the front of the building. However, we do have a procedure
in place to sanitize the hand reader surface on a routine schedule
thru out the day. In addition we have hand sanitizer stations located
inside our dining operations for customers who would like to use this
product. We do not utilize retinal scans here. However, the most
common form of eye scanning is iris scanning and with these devices
the eye is typically 10 to 14 inches away from the scanner.
_________________________________________________________________
Vincent Kiernan (Moderator):
We're about half way through our scheduled time for this
conversation. If you have any questions for Mr. Floyd, now would be a
great time to send them in.
_________________________________________________________________
Question from Dick Sigelko, Michigan State University:
If the system is not storing fingerprints or hand geography, how
does it identify the individual as having the privilege?
J. Michael Floyd:
The system is storing hand and finger image templates. The
templates are a mathematical representation of the hand or finger
ridges. These stored templates are then compared to the image
presented by the customer/employee when they place their hand or
finger in the reader. All verifications are done on a one to one
comparison, not a one to many comparison. For example the customer
will input their ID number by scanning their card or typing their card
number on a keypad and then they place their hand in the reader. The
customer / employee must be active in the system prior to utilizing
the system.
_________________________________________________________________
Question from Matt Miller, Gettysburg College:
How long on average does it take to add a new hand image to the
system?
J. Michael Floyd:
For both systems the initial image is captured at an orientation.
Each image takes approximately 30 seconds to capture and verify the
first time. However, with our meal plan system this one time
enrollment is the only time we must physically see the student to
begin participation in the meal plan for their entire academic stay at
UGA. The enrollment for students is done when they have their ID card
produced.
_________________________________________________________________
Question from Vincent Kiernan:
What advice do you have for colleges that might consider hand
scanning in the future? Are there any particular land mines to avoid?
J. Michael Floyd:
The key is to promote this as state of art technology and to
excite the customers that they are involved in a unique application of
technology. One installation issue to avoid is to make sure that all
hand image readers are installed at the same height. Readers installed
at different height can result in a higher error ratio.
_________________________________________________________________
Question from Dick Sigelko, Michigan State University:
Have students expressed a concern about contamination, germs or
the "ick" factor?
J. Michael Floyd:
Over the years we have heard this question from a few customers,
which allows us to explain our system and how we sanitize the reader
surface. But normally when we share the comparison about the front
doorknob on the building the student then realizes the enormous number
of common surfaces they touch with their hands each day.
_________________________________________________________________
Question from Dick Sigelko, Michigan State University:
How many mis-reads per 100 do you get?
J. Michael Floyd:
We are at less than 1% of false-negatives. This allows our Cashier
to then look up the customer in our data base and then permit the
customer to dine.
_________________________________________________________________
Question from Francine Reynolds, University of Richmond:
Mike, what systems are your biometric readers interfacing with
(i.e. CBORD's CSGold, etc.)
J. Michael Floyd:
Our system is a proprietary system that our campus IT department
developed and maintains for the campus.
_________________________________________________________________
Question from Terri Moreman, U.S. Olympic Training Center:
Mike, is your system tied to dorm room or buliding access?
J. Michael Floyd:
Yes, our system is tied to residence hall building access. But not
individual rooms.
_________________________________________________________________
Question from Rich Bredahl, University of Texas at Austin:
How about issues of cleaniness? With potentially several hundred
people using a reader per hour, how do you:
1) Keep the reader clean
2) Ensure the reader does not become a means of passing
germs/bacteria/viruses
J. Michael Floyd:
No, there is no greater risk with the hand image readers than the
doorknob on the front of the building. However, we do have a procedure
in place to sanitize the hand reader surface on a routine schedule
throughout the day. In addition we have hand sanitizer stations
located inside our dining operations for customers who would like to
use this product.
_________________________________________________________________
Question from Vincent Kiernan:
That will be our last question. Mike, any final thoughts?
J. Michael Floyd:
In conclusion, the key benefit of a biometric system is that it
can be a user activated system that creates a great deal of ownership
by the customer. With this ownership, there is a buy in from the
customer to assist the organization in making the system work.
Additionally, biometric systems have the potential of reducing
personnel cost and improving overall levels of security and customer
thru put. There is also a greater awareness of security by the
customer than the traditional photo base system. Biometrics is the
technology that our children will see in their future workplace.
_________________________________________________________________
Vincent Kiernan (Moderator):
That about does it for today. On behalf of The Chronicle, thanks
to Mike Floyd and his staff for their illuminating answers to the
questions, and thanks to all of you for participating. Have a good
afternoon.
_________________________________________________________________
J. Michael Floyd:
A special thank you to Donald Smith, Department Manager of UGAcard
Support Services and Chris Wilkins, IT Manager, UGA Food Services for
joining me today on the Colloquy and assisting with the
responses.Additionally Biometric systems have the potential of
reducing personnel cost and improving overall levels of security and
customer thru put.
------------------------ Yahoo! Groups Sponsor --------------------~-->
Get fast access to your favorite Yahoo! Groups. Make Yahoo! your home page
http://us.click.yahoo.com/dpRU5A/wUILAA/yQLSAA/PMYolB/TM
--------------------------------------------------------------------~->
Post message: transhumantech(a)yahoogroups.com
Subscribe: transhumantech-subscribe(a)yahoogroups.com
Unsubscribe: transhumantech-unsubscribe(a)yahoogroups.com
List owner: transhumantech-owner(a)yahoogroups.com
List home: http://www.yahoogroups.com/group/transhumantech/
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/transhumantech/
<*> To unsubscribe from this group, send an email to:
transhumantech-unsubscribe(a)yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
On Sun, Jan 08, 2012 at 04:44:34PM -0500, gsistare(a)gmail.com wrote 2.9K bytes in 85 lines about:
: Considering this, which mobile phone
: providers and manufacturers remain the most secure? It seems like
: the numbers are dwindling, and the user-end side of things is
: becoming more uneasy.
Roughly zero if your threat model involves a government. All cell
phones have two operating systems, one is the baseband for managing
communications with the cell towers and signal processing, the other is
the one for the humans. The baseband has 'lawful intercept' built in to
appease western governments, at least.
I'm not sure to which OS the slashdot story
refers, but here's a crash course in iphone's OSes,
http://www.ihackintosh.com/2009/07/difference-between-iphone-baseband-bootl….
And here's a quick presentation on what the
baseband OS, or firmware, does in a 3G phone,
http://bwrc.eecs.berkeley.edu/seminars/Seminars_Archive/Sriram-9.15.00/3G_C….
For an example of the details, the osmocombb project,
http://bb.osmocom.org/trac/, is trying to write a completely free
baseband stack for cell phones. They have some pretty good details and
presentations on the hardware hacking involved in re-writing the baseband
from scratch.
As for actually secure phones, from the baseband through the user
interface, Cryptophone, http://www.cryptophone.de/, makes a few models,
but as you can expect, they are expensive. There are probably others,
but I've only used the cryptophone g10+ model.
And just in case you think the baseband isn't fun to
explore and exploit to win contests at security conferences,
https://www.readwriteweb.com/archives/baseband_hacking_a_new_frontier_for_s…
--
Andrew
http://tpo.is/contact
pgp 0x74ED336B
_______________________________________________
liberationtech mailing list
liberationtech(a)lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders.
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
YouTube (Dec 5) - "SIGKILL imminent [SIGINT09]" by CCCen:
http://www.youtube.com/watch?v=MDgq5-RW2jw
This is a talk from the SIGINT 2009 event (Cologne, Germany: May 22, 2009)
by Astera and George Shammas.
http://events.ccc.de/sigint/2009/Fahrplan/events/3166.en.html
http://astera.soup.io/
http://wiki.nycresistor.com/wiki/User:Georgyo
A survey of the road to killer robots + more. Pretty remarkable
collection of information.
Was just posted to the English-language YouTube channel of the venerable
Chaos Computer Club:
http://www.youtube.com/user/CCCen
Here's the video they start off the talk with, an old Saturday Night Live
skit featuring Sam Waterston pitching Old Glory Insurance's killer robot
plan:
http://www.nbc.com/saturday-night-live/video/old-glory-insurance/229049/
And here's the mentioned Boston Dynamics Big Dog Beta video, which at 4.7M
views I was a little disappointed I had not seen it before :)
http://www.youtube.com/watch?v=VXJZVZFRFJc
~22:25 - Spends a little time on iRobot, which is interesting considering
their co-Founder was in the news a few days ago:
http://www.wired.com/dangerroom/2012/12/cyphy/
gf
--
Gregory Foster || gfoster(a)entersection.org
@gregoryfoster <> http://entersection.com/
_______________________________________________
drone-list mailing list
drone-list(a)lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/drone-list
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders.
Should you need immediate assistance, please contact the list moderator.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0