JISCMail - DATA-PROTECTION Archives

Also not forgetting the fact that most kids can't remember their PE kit let
alone a unique reference number!  Now if it was a friend's mobile number...
That's a different story!  TGIF

Lee

-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Griffiths, Ian
Sent: Fri 19 January 2007 10:26
To: [log in to unmask]
Subject: Re: [data-protection] School fingerprinting: Warning: likely to
raise blood pressur e

Presumably because the issue is not robustness of the system or even how
integrated the school is with the wider national systems. I think the school
will have chosen to go with this because it speeds up dinner time.  The
similarity in the notion of a unique number is a little inaccurate.  The UPN
has only very rudementary modulus integrity checks and I wouldn't want to
use that for authenticating a student - its too easy to guess.

The fingerprint number I would suspect is generated as a result of a one-way
hashing algorithm which is designed not to be decrypted.  These are actually
not unique - there is a very small possibility that two distinct inputs
would cause the same number to be generated.  This is so minutely small that
it would not be a worry for one single school.  It is fairly standard
practice in systems like this to do this as you only store the hash, not the
number.  You only need run the algorithm again when your pupil returns the
next day and if the result is the same as the one you stored, you give them
lunch.  Generally this would be done for passwords so that the password is
not stored and cannot be reverse engineered from the hash.  Less of an issue
here as the number is no use anyway and that itself is the result of some
maths on a picture, which is very lossy indeed in terms of the amount of
data that is discarded in capture.

The above paragraph of course is largely irrelevant to users.  I suspect
they've been told this as it sounds fancy and will allay their fears of
being cloned.

Regarding the cost of fingerprinting, I'm sure there is a case for reducing
the staff time in administering such things and I would quite strongly argue
that pressing your finger on a plate is a lot quicker and less error-prone
(and therefore quicker) than asking 9 year olds for a
13 digit number which the staff then type in somewhere.

Ian

-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Scourfield, Brenda
Sent: 19 January 2007 09:42
To: [log in to unmask]
Subject: Re: [data-protection] School fingerprinting: Warning: likely to
raise blood pressur e


I'm not in the education sector but why don't they use the UPRN (Unique
Pupil Record Number) that will stay with the child for the length of his/her
education. Saves the cost of fingerprinting.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask] All user commands
can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list
owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your
needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses using Sophos 
anti-virus software.

www.mimesweeper.com
www.sophos.com
**********************************************************************

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^