Editor's Note: This is the first article in a two-part series looking at the Barbour County school system's new finger-scanning program.
Imagine a world where children have to scan their fingerprints before hopping on a school bus. Imagine those same children using their fingerprints to be counted for attendance, check out library books and pay for their lunches. Now realize this world is today.
Schools throughout the state - including ones in Wheeling, Martinsburg, Parkersburg and even Elkins - are using high-tech biometric technology to scan student's fingerprints. On Monday, Philip Barbour High School will be the next school to enter this brave new world.
On Aug. 22, PBHS students were sent home with a letter informing parents that their children's fingers are to be scanned for cafeteria purposes, unless parents send in written notification by Monday requesting that their child be exempt.
The letter sent to parents uses brief paragraphs to address how the decision came to be made, how the complex technical topic of biometrics works, and how the parents can count on the school securing the student's private information. In this two-part series, The Inter-Mountain digs deeper to better understand the complex and controversial use of biometrics on children.
How did the BOE decide?
The Barbour County Board of Education has decided PBHS will be the first school in the county to install the fingerprint scanners. If all goes well, the BOE plans to place scanners on the lunch lines of all the county's schools. As of right now, the school board has made no official plans to install scanners for uses beyond the cafeteria.
On May 28, Barbour County Superintendent of Schools Joe Super recommended to the school board that they approve the use of biometric finger scanning devices for the cafeteria.
Before the board voted, they heard a presentation by Tammy Martin, the school system's child nutritionist.
Martin said the biometrics will make the lunchroom lines move faster, and provide more accurate accounting of meal charges.
The Barbour County school system used funding from the West Virginia Department of Education to purchase the identiMetrics equipment and software. Martin said they are allocated so much for certain areas, but they can decide how to spend it to a degree.
No Barbour County schools representative would provide an estimate as to how much the system cost, but Terry George, superintendent of Randolph County schools, said a new scanner costs about $3,300.
Martin briefly outlined how the system, manufactured by identiMetrics, would function. After scanning the student's finger, several technical steps would securely store the data.
The presentation also made clear that the process is different from law enforcement applications. However, law enforcement agencies have begun updating their technology. They have abandoned ink, and they too use scanners. In fact, according to information on identiMetrics' website, one of their partners, called Bio-key, provides software for both identiMetrics and the Federal Bureau of Investigation.
The information delivered by Martin was in the form of talking points provided by identiMetrics. No independent expert was sought out to advise the board members.
That night, the board unanimously voted to agree with Super's recommendation to begin scanning students.
Why are scanners necessary?
In a later interview, Martin elaborated on why the school system will benefit from scanners.
"The reason we're going with this is because we have too many kids using other kids' numbers," said Martin. "We're getting bills coming in where the kids haven't eaten, and we feel like we're losing a lot of money."
Martin said she recently heard testimonials at a state conference.
"IdentiMetrics was there and they did a show of hands of how many counties were already using this, and it was amazing how many counties were ... It's speeding up the lunch lines and kids are eating more, because they're not standing in line as long," Martin said.
"They're even starting a new thing for school buses. They can use the identiMetrics when kids come on to make sure they have everybody that's supposed to be on the bus."
How does it really work?
Jay Fry, identiMetrics president and CEO, provided more details about how his company's software works.
Before students can start paying for lunches with their fingers, they will have to be enrolled in the system, which will begin at Philip Barbour High School Monday.
"We really just scan the fingerprint," said Fry. During the scan the software is looking for what are called "minutiae points." These minutiae points "are individual identification points like a sweat pore or a whorl or a swirl," said Fry. He said that the number of points in each print taken is in the hundreds.
The print is never saved. It's just temporarily used by the software, said Fry.
The hundreds of minutiae points become the actual biodata that is stored at the school. But before the biodata can be stored, the identiMetrics software takes steps to secure it.
First, the biodata is placed on a template. Next, the template is converted to a binary number, becoming digital information, represented by a series of 1's and 0's. After that, the software encrypts the binary code. The digital code is "encrypted with 128 proprietary encryption codes," said Fry.
Now, the student's biodata is ready to be stored. "Unlike some software which today is being done as a service housed at the company offices on their servers," said Fry, "our software is stored at the school site.
"It's up to the school as to where the encrypted binary number is stored," said Fry. "It could be stored on a cafeteria computer or on the school's server in a closet that's behind their server's firewall."
The biometrics information at Philip Barbour High School will interface with other software on other computers because its purpose is to keep track of meals. For example, identiMetrics links to WVEIS, a statewide network for the West Virginia Department of Education. This is done when Philip Barbour High School scans a student for the first time. They will correlate the biodata to the student's WVEIS ID number.
Martin described WVEIS as "the program, when students enroll here, that their file goes into."
Once these enrollment steps have been taken, the students can scan their fingers to pay for cafeteria meals. This process works by conducting similar steps on the finger scan as during enrollment. The identiMetrics software looks for a match. IdentiMetrics then works with a cafeteria program called PremieroEdge and WVEIS to send a meal count for each student to the West Virginia Department of Education's Child Nutrition Office.
Is the system really secure?
The Barbour County school district and identiMetrics make two primary claims about security. First, they say the system's encryption is strong enough to keep anyone from obtaining the fingerprint minutiae on the template, and second, even if someone obtains the minutiae, they are worthless because they can't be used to reconstruct a fingerprint.
The claim that a fingerprint can't be reconstructed should be addressed first, since it is technology that deals directly with the biodata.
"It's not possible to reverse engineer the fingerprint," said Fry. "I've done a lot of research in that area."
A differing opinion was provided by Arun Ross, associate professor of computer science and engineering at Michigan State University and adjunct professor at West Virginia University, who has been a key player in the biometrics community for several years. This year he is co-chair of the "Biometrics: Theory, Applications and Systems" conference to be held in Washington, D.C. in late September. The conference will bring together biometrics experts from all over the globe.
In 2007, Ross co-authored a paper entitled, "From Template to Image: Reconstructing Fingerprints from Minutiae Points." The paper was considered a turning point in the biometrics community.
"It was commonly assumed that if one were to just get (minutiae) points, how could one generate the structure itself?" Ross said. "We demonstrated that it is possible to take those points so that you can regenerate the original fingerprint to the extent that it can match with the true print at about 80 percent of the time.
"It's true that some recent advances in the literature suggest that the accuracy is much more than what we obtained in 2007," said Ross. "So the position is that it can be reconstructed."
Ross explained that the extremely technical process used can be summarized by beginning with three values associated with each minutiae point. Two of these values provide the location on the original fingerprint and the third provides the information about that location's feature, such as the orientation of a ridge or flow pattern. A mathematical model is then applied to reconstruct the original ridge and valley structures of the fingerprint.
The Inter-Mountain confirmed Ross's claim that fingerprints can be reconstructed from minutiae by talking to a biometrics expert who works for a non-governmental organization that manages federally funded research, including biometrics, for such agencies as the U.S. Department of Defense and the Department of Homeland Security. Due to the security sensitivity of his position, the expert would only agree to speak anonymously.
"Ross is an academic expert on biometrics," said the source. "His opinions are well-respected throughout the biometrics community."
The revelation that fingerprints can be reconstructed from minutiae on templates has since caused vendors to turn to encryption. This is the other technical topic discussed by identiMetrics to claim absolute security of students' biodata.
According to Fry, the biodata is "encrypted with 128 proprietary encryption codes." He went on to say, "No one has ever been able to break those codes to my knowledge and then figure out the digitization." Because Fry doesn't agree that minutiae can be used to reconstruct fingerprints, he said that if you could crack the encryption, "You would be left with basically a connect-the-dots template, not knowing what any of the dots represent."
Ross agrees that Fry is correct about the high security when using encryption.
"It is likely that the encryption is preventing the possibility of reverse engineering," said Ross. "If it is encrypted and stored, it is going to be very difficult to defeat the encryption system. Encryption should prevent the attack we described in 2007."
When asked if he believed the system at Philip Barbour High School will be secure, Ross said, "I would think the arrangement is secure to the extent that the encryption is strong enough, the firewall is strong enough, and the internet security protocols are being appropriately used ... But nothing is fool proof. That goes for any data in our computers."
Watch for the second article in this series in Friday's edition.