The ever-increasing need for school safety and surveillance, as well as a desire for more accurate record-keeping, is driving wider adoption of biometric technology in school districts.
Biometric technology captures the intricate and unique measurements of one’s finger, palm, face or iris. This degree of automatic recognition can save time and resources. Anecdotally, at least, some school users have improved the accuracy of cafeteria debit systems and generated more reliable and auditable attendance records for state and federal funding sources.
And when it comes to computer logins, lost, forgotten and stolen passwords pose a constant challenge. But measurable characteristics are “something everyone has,” says Serena E. Sacks, chief information officer for Georgia’s Fulton County Schools, an early adopter of biometric technology.
“They are also specific to you, and they are something you really can’t lose,” Sacks says. “Scanning a finger or face is also much quicker than typing a password.”
Is there a biometric impact on privacy?
Biometric technology turns physical characteristics into encrypted algorithms that are stored on secure servers. Anne Marie Dunphy, chief financial officer and co-founder of identiMetrics, says the company’s finger scanners identify hundreds of unique swirls, ridges and points on a child’s finger and translate the features into a binary number. The number is encrypted, linked to the student’s ID and stored in a school database. At no time are actual finger scans stored, and none of the scans can be recreated from the software, Dunphy says.
When the user returns, the system compares the numerical template against a database until a match is discovered and sent to a host application. The process takes about a second, and one finger scan can last a child’s entire K-12 career.
An actual fingerprint, on the other hand, is an image that is physically captured with ink on paper or digitally, and is the equivalent of a photo, making it more easily identifiable than a biometric scan, says Brenda Leong, senior counsel and director of strategy at Future of Privacy Forum, an advocacy organization.
Frequently asked questions: Biometric technology and school security
Schools have used recognition technology for nearly a decade to control access to buildings, track attendance and manage lunch payments. In recent years, schools have expanded the use of biometrics for checking out library materials, providing access to computer labs and ensuring that the right students get on the right buses, Leong says.
Finger scanners are usually integrated into point-of-sale systems in cafeterias. Schools also use USB-connected devices, kiosks or tablets to scan students entering classrooms to confirm attendance.
Schools often station facial-recognition security devices at school entrances or checkpoints, such as a main lobby or administrator’s office. Facial-recognition software may provide advantages over access cards, which can be lost, and over access codes, which can be seen by others or shared.
But between the initial outlay and maintenance fees, facial-recognition technology costs more to implement. Unlike finger scans, students’ faces change as they grow. Creating and “cleaning” a database requires more effort, says Sara Collins, policy counsel for the Education Privacy Project at the Future of Privacy Forum.
If schools are equipped with modern technologies that contain built-in web cameras, for instance, integrating biometric systems into existing school infrastructure is usually seamless. Also, many single-sign-on applications currently offered by third-party solution providers allow for facial recognition and touch authentication, says Emily E. Bell, director of enterprise applications for Fulton County Schools.
“Facial recognition removes common pain points such as early learning students who are unable to type in a strong password or older students who may share passwords,” she says.
In general, biometric technology “significantly” reduces login time, she says. It also requires less ongoing maintenance and technical support compared with traditional password authentication.
“Anything we can do to increase instruction time by reducing administrative time is a benefit to students,” adds Sacks, of Fulton County Schools. “However, we’re moving forward with biometrics carefully.”
School safety that’s harder to hack
Nonetheless, many experts consider biometric technology in all of its forms to be a better identification solution than passwords, swipe cards and PINs. Biometrics may reduce the risk of data breaches, particularly because the encryption process makes the data less vulnerable than passwords.
“Passwords can be ‘brute force’ cracked fairly easily if they’re not strong and people tend to reuse them, so having someone’s password from one account is likely to provide access to other accounts,” says Leong, of Future of Privacy Forum.
A breach of a database containing biometric data, however, will likely yield nothing, except for a “string of numbers,” which is “worthless and much harder to exploit in any systematic way,” Leong says. The biometric data “cannot easily, if at all, be ‘back engineered’ into the template or fingerprint itself.”
Also, biometrics usually function in a two-factor authentication system, meaning they are one component of a multistep security or access process. Therefore, in order to breach a system, one must already have a student’s device or other access code, such as a PIN or password, Leong explains.
Law enforcement’s access to biometric data is dependent on the terms of collection and under what circumstances police are requesting access. “If you’re talking about a database in a school, police would most likely have access, but only via a ‘service of process’ such as a warrant or other appropriate court action requiring such compliance,” Leong says.
Vetting products and providers
District leaders should emphasize how biometric technology offers more security than birthdates, names and other combinations for password-protected systems. They should also provide information on who has access and how biometrics can preserve instruction time, says Sacks, of Fulton County Schools.
Negotiating agreements with third-party vendors protects student biometric data against misuse or privacy infringement, Sacks says.
Administrators can host listening sessions and establish parent councils to learn about community concerns. Creating and posting FAQs for biometrics provides another opportunity to answer questions, she says.
“One factor that determines whether people will accept the use of new technology is transparency,” says Tovah LaDier, managing director for the International Biometrics + Identity Association, an international trade group. “Let stakeholders know what it is, how it works and the purpose for which it is being used, as well as who’s going to have access to information and how student data is protected.”
Fulton County Schools is adopting facial-recognition software as part of a single-sign-on application that manages instructional resources and apps. Sacks and her IT team conducted a pilot with staff members first. She advises testing biometric technology in a single school before expanding it districtwide.
Leaders can convene a team of individuals from IT, instructional technology and academic instruction to adequately vet technology, she says.
“Adopting new technology takes about a year to do,” Sacks says. “The entire process requires effort, but once we test technology in various settings of our district, then we proceed with the rollout.”
Sacks cautions against using bleeding-edge technology. Though many players in the biometrics market serve K-12 schools, stick with providers who understand school policy and can comply with state and federal data privacy regulations, she suggests. “Use tried-and-true technology in innovative ways,” Sacks says. “But work with vendors who have a track record, and whose views, values and technology strategy you understand. Tread cautiously.”
Emily Ann Brown is associate editor.
Interested in edtech? Keep up with the Future of Education Technology Conference®.