back to article Clock blocker: Woman sues bosses over fingerprint clock-in tech

A former employee at a nursing home is alleging the company and its equipment provider violated the US state of Illinois' biometric privacy laws with a fingerprint-scanning time clock system. Judge Matthew Kennelly, of the northern Illinois district court, has agreed to hear the claims of Cynthia Dixon against Smith Senior …

  1. JeffyPoooh
    Pint

    Fingerprints, versus an effective "hash" code of the print created on-board

    I immediately suspected that they probably didn't do it that way (emailing fingerprints around); so I looked it up.

    "Touch ID Plus scans the employee’s finger and converts the scan into a mathematical representation - creating a finger scan template, which is then stored in an encoded format. As a result, it’s not possible to reproduce the original image..."

    Yeah, that.

    1. elDog

      Re: Fingerprints, versus an effective "hash" code of the print created on-board

      And hashes, if done properly, should be able to be tied to an actual biometric reading (fingerprint, iris, mucus, etc.)

      Hashes aren't used to reconstruct the actual fingreprint/iris/mucus but are used to positively identify the donor. They should be just as protected as any other personal identification (PII) and misuse/transmission should be subject to statutory penalties.

      1. Anonymous Coward
        Anonymous Coward

        Re: Fingerprints, versus an effective "hash" code of the print created on-board

        If someone has the hash of your fingerprint, they can use it to compare to another fingerprint by using that same hashing algorithm. That's like someone having your unsalted encrypted password, it isn't plaintext but it is not a good thing if you want to keep whatever it protects secure. A password, at least you can change that. Your fingerprint, not so much.

        This why Apple makes a big deal out of the fact your fingerprint hash data never leaves the Secure Element on an iPhone (if you backup and restore it, you need to re-enroll your fingerprints because that data isn't part of the backup)

      2. Anonymous Coward
        Holmes

        Re: elDog

        Are you sure? An employee number identifies a person, but is not personal identification for the purpose of this case.

        If the hash is all that is transmitted, then it would not be personal information, just a confirmation the employee has clocked in at work. That information though, that they are attending work, could be construed as personal information that Kronos would be party to without her permission.

        PS, ok DougS, if the fingerprint is hashed *and* salted, then theoretically reconstruction can be "impossible"? Most hash functions may have some "collisions", that would make reconstruction rather impossible, even if you know the algorithm (theoretically different inputs can give different outputs, brute forcing gives you these, not the actual real input, as IRL the chances of 2 fingerprints being identically hashed is an acceptable risk, as not filling the search space as a brute force attack will).

        1. doublelayer Silver badge

          Re: elDog

          A salted hash of a fingerprint, if feasible, would still be inadequate safeguard. The reason for a salt in a hashed password is to protect large groups of passwords and insecure passwords. The salt, because it is different for each password, means that people can have the same password without that being obvious in a data dump. The salt also makes it less likely that the hashes can just be looked up in a list (a rainbow table). However, if I have *your* salted password and the desire, I can break it. The difference between salted and unsalted is that my work is significantly less useful for breaking into others' accounts after I got into yours.

          Fingerprints can be hashed; I hope that happened here. I'm not sure how feasible it is to salt one. In strings, some random chunk needs to be dropped into the string somewhere. Either the fingerprint data needs to have other data added somehow, or the model needs to be serialized and data added to that. If data is added in a fingerprint, it appears to me that that might affect the reliability of a scanning process, producing either false negatives or ways to authenticate with partial prints. If data is added to a serialized string which fits a specific pattern, it would probably be a bit more evident and therefore easier to remove.

          Finally, the security afforded by salted hashes is not intended to protect passwords forever. It is meant to limit damage and increase the lead time for an attack, hopefully long enough for the compromised credentials to be identified and revoked. Fingerprints can't be changed. A leak of such data can be used in a number of nefarious ways. Therefore, the distribution of biometric data or data used to represent biometric data are necessarily more dangerous than passwords or hashes.

        2. Kevin McMurtrie Silver badge

          Salt free

          You can't salt a single component that performs both identification and authentication. The salt has to be exactly reproducible for each person or the final hash can't be matched to anything. This is why the world is based on at least two components of authentication. The first component is your public ID, and that is used to retrieve a secret salt value and hashed verification from a database. The second component is your secret verification, which is hashed with the salt then compared against the stored value. This can't work when you're trying to identify and authenticate with just a fingerprint.

          All salt does is prevent bulk hash reversal. Hashes can still sometimes be reversed, but the process must be repeated for each unique salting value.

          1. lglethal Silver badge
            Go

            Re: Salt free

            Guys, you're all thinking about this in entirely the wrong way.

            The scanner scans the fingerprint and uses some sort of algorithm to create a unique value. It should then be checking that against a local database to say, yep this is Person X. Boom the scanner has done its job.

            If it needs to send details that person X has clocked in or out somewhere else, why is it sending anything related to the fingerprint. It can safely send an employee ID number with the details clock in/out time and it has done its job. Encrypt that Employee ID number for sure, but an ID number is not a password so hashing/salting is not particularly required.

            The only reason, other than laziness, which I can think of for sending the data elsewhere is that the scanner cant actually do the processing locally (massive failure - means it is sending the fingerprint data externally) or the scanner cant do a simple database look up (equally stupid failure) to assign the ID to the fingerprint value. Neither of which is acceptable.

            There is nothing particularly wrong with using a fingerprint for timekeeping in my view, easier than carrying a badge (although not necessarily more secure), but under no circumstance should anything related to that fingerprint or the algorithm value it generates be leaving the scanner. If it does, then that is extremely poor and well worth the company getting a kicking for putting its staff's biometrics at risk...

            1. Anonymous Coward
              Anonymous Coward

              Re: Salt free

              Disclaimer. I work for a direct competitor of Kronos, although I'm not aware whether we have customers in that particular jurisdiction. IANAL so I cannot comment on that side of things, but I have written the integration to numerous biometric devices for time capture, both embedded and PC based. This has included fingerprint (multiple technologies with multiple vendors), vein scan, and facial recognition.

              Firstly, these biometric templates are not stored as images. It is true that enrollment starts off as a captured image, but the device or SDK will convert that image to a set of measurements. Those measurements are typically a handful of KB in size. They are usually encrypted by the device itself before it gets returned to the software, which must return it later on.

              Comparison involves a probabilistic score between the provided finger/hand/whatever and the template. Salting doesn't work because you are never expecting an exact match. You are looking for a score better than X, where X is determined by what is an acceptable false accept Vs false reject rate. These two ideals work against each other, so the balance is decided by your use case. Guarding a bank vault would be a much higher threshold than letting you clock out.

              Identify is just a special case of comparison where all templates are considered. Most algorithms today are in the 10K+ judgements per second, with some an order of magnitude better.

              In terms of why you might transfer the template, there are two use cases I know of. One is where the identification is performed on the server side which some systems do. Another is where the devices are set to sync with other devices where that employee may also clock.

              I doubt Kronos would be dumb enough to upload it to their own, but I would believe if they offer a hosted platform on Azure/AWS which might be what she is complaining about. And that system is likely to contain her name, phone, address, email, date of birth, salary, leave entitlements, work schedule, and in some cases tax or bank account details.

              But for perspective, if someone was really after her prints for some reason, starting with her office glass or the dozens of other surfaces that she would have touched would be a much easier avenue to head down.

              1. BinkyTheMagicPaperclip Silver badge

                Re: Salt free

                The third use case, which I've outlined below, is to synchronise biometrics back down to a replacement clock. Re-registering hundreds of employees is a little tedious.

                If Kronos offer a fully managed service, it is entirely possible that they are hosting a clock server in addition to any HR solutions they provide (no idea, though).

                This really is tinfoil hat territory. I mean, theoretically, IF you captured someone's fingerprint, then somehow turned it into a full fingerprint form that would work with a clock with a proper sensor (which would have to be the clocks only for the employee's work, or at least the same type of clock and sensor if you've hacked the clock server and downloaded all the templates to a clock), then either broke into the clock or the clock server, and determined the employee number. Then broke into the system with the employee's HR data, and then obtained personal information it's oh so very theoretically an issue.

                However it would be far *far* easier to

                1) Steal their fingerprint by dusting/etc if you want the fingerprint. After all you can't get their finger print from the clock.

                2) Break/socially engineer access into the HR system based on more easily obtained employee information.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Salt free

                  > The third use case, which I've outlined below, is to synchronise biometrics back down to a replacement clock.

                  That is just a specialised case of "where the devices are set to sync with other devices where that employee may also clock."

                  Our system doesn't care whether the new device is going to be mounted on the old bracket or whether the location has multiple entries and is destined for a different door.

                  But yes, hardware breaks and occasionally with assistance of those who are somewhat less enthralled with the loss of the unnoticed long lunches too.

                  > Re-registering hundreds of employees is a little tedious.

                  Very much so. Some of these devices have linked relays to unlock doors, so you can't just let a user enroll themselves like this is a phone. You have to have a trusted party take those enrollments. They need to eyeball some ID (which employees may not even be carrying, and if not you need to find their line manager who can vouch for their identity). Enrolling takes a lot longer than clocking because you are also scanning backup templates and for some types of biometric scanning or photographing from multiple aspects to improve FRR without compromising FAR.

                  It is definitely less hassle for everyone involved to be couriered a replacement clock which can with about 5 minutes of configuration and authorisation go straight into service.

            2. Lee D Silver badge

              Re: Salt free

              Do you store the user's data in a way which can be linked to a person?

              If yes, you're subject to proper control of that data.

              Whether it's a hash, an employee number, a photo, a fingerprint, or their favourite toilet paper, you have indicated that Fred Bloggs has this property X. And you're storing both the name and property X and transmitting it off-site.

              Bang. Subject to DPA/GDPR (in the UK/EU), and similar laws elsewhere. That person has the right to review, authorise, request deletion, etc. any usage of that data.

              (P.S. Even if you anonymise entirely, you still need permission to store and use for given purposes. Otherwise, literally, I could take your work photo... spread it around the Internet and use it for stock-photos without your permission. Or a picture of your fingerprint. Or a copy of your DNA. Or a picture of your house keys. Or anything. It's all the same.).

            3. FuzzyWuzzys

              Re: Salt free

              "The only reason, other than laziness, which I can think of for sending the data elsewhere is that the scanner cant actually do the processing locally.."

              I would say laziness, rather cost cutting. Get a cheap scanner to cut cost to a minimum, spend some of the money you saved on the backend infrastructure and profit. Know the kind of f**kwits who will poke, hit and smash these readers and knowing you have to replace them every so often, you might look to save money by using the cheapest you can. I'm not defending them, it's utter bollocks that they have to transmit hashes or what-have-you off the device to another device, rather than a unique and simple ID, simply playing devil's advocate.

        3. Dodgy Geezer Silver badge

          Re: elDog

          ...If the hash is all that is transmitted, then it would not be personal information...

          The GDPR defines personal data as data which can uniquely identify a person, either on its own or with other information which the holder of the data could reasonbly expect to have available to him.

          Biometric data such as this hash is also considered 'sensitive' personal data under the GDPR, and is subject to a number of required additional protections....

        4. Anonymous Coward
          Anonymous Coward

          Re:

          Ah, ok, if the company is not storing and salting a hash, then no, this is not helpful for them to do. But replies are still nicer than downvotes, as my point stands providing that is what companies do.

    2. Anonymous Coward
      Anonymous Coward

      Re: Fingerprints, versus an effective "hash" code of the print created on-board

      > ... creating a finger scan template, which is then stored in an encoded format.

      Please don't confuse this with a hash as it's not.

      They're likely using ISO 19794-2 and 19794-4, which are electronic representations specifically for fingerprint data.

      They're widely used in the industry, with both Open Source and commercial programs and libraries available for working with them.

      Relevant links:

      • OpenBR - Open Source Biometric Recognition project
      • SourceAFIS - Java & .Net library for fingerprint matching
      • NIST Standard (PDF)
      • MINEX - Minutiae Interoperability Exchange

    3. TheVogon

      Re: Fingerprints, versus an effective "hash" code of the print created on-board

      "It is reasonable to infer from the allegations in the complaint that Kronos obtained Dixon's biometric data without her knowledge or consent,"

      Uhm, did they send special agents to secretly scan her finger prints when she was at home asleep then? Or is she rather dim witted?

      1. Dodgy Geezer Silver badge

        Re: Fingerprints, versus an effective "hash" code of the print created on-board

        No! Read the article!!!

        She complained that the data was put on a local machine at work, but later sent off to a remote company without her knowledge or consent...

      2. John Brown (no body) Silver badge

        Re: Fingerprints, versus an effective "hash" code of the print created on-board

        "Uhm, did they send special agents to secretly scan her finger prints when she was at home asleep then? Or is she rather dim witted?"

        No, she will have authenticated the first time she used it but only later found out they were sending her PII off to a 3rd party without her permission, which is when the shit hit the fan.

      3. Marcus Fil

        @TheVogon

        Kronos was not her employer. Take the same situation and substitute FBI or GRU for Kronos. Would you be happy?

  2. Jim Mitchell

    Is a "hash" created from biometric data != "biometric data" under the law in question? And "it’s not possible to reproduce the original image..." does not mean it is not possible to create SOME quality of image. Trust, but verify, while carrying a big stick.

    1. JohnFen

      And I love how companies doing fingerprint scanning always make a big deal about how an actual image of your fingerprint isn't stored, as if that has some significant meaning.

      1. Anonymous Coward
        Anonymous Coward

        I really don't get it. I leave my fingerprints all over the place. I don't care who has one of my prints or a hash of a print. If I did care I wouldn't leave them lying around.

        1. Remy Redert

          Which in turn means that fingerprints are not a great means of authentication. You could use a fingerprint like you use a username, but you wouldn't want to use it instead of a password.

          1. James 139

            Exactly. Identification not Authentication.

            Just like at an ATM, the card is the identity, the PIN the authentication.

          2. John Brown (no body) Silver badge

            "Which in turn means that fingerprints are not a great means of authentication. You could use a fingerprint like you use a username, but you wouldn't want to use it instead of a password."

            Which, in terms of a clocking in system is fine since the more usual way is use a card/barcode/ID badge etc which makes it simple for anyone to clock a colleague running late in so they don't get caught or dealing with lost badges. Using fingerprints may or may not be more convenient but it eliminates the likelihood of other people clocking you in or out. No doubt the employers and suppliers will hail the benefits and not mention the bit about not trusting their staff to be honest Where it becomes difficult, as in this case, is transferring the biometrics off-site and not keeping at all in house or in device.

        2. fruitoftheloon
          FAIL

          @AC

          Ac,

          if you're not bothered about leaving personal idents everywhere, why are you hiding behind the cowards' curtain then????

          Jay

          1. Anonymous Coward
            Anonymous Coward

            Re: @AC

            @fruitoftheloon

            Jay,

            Do I take it you go around wearing gloves or perhaps a bunny suit to avoid leaving DNA to avoid leaving exceedingly personal idents everywhere you go?

            I do give you credit however for signing as Jay along with "frutioftheloon" to avoid the comment that it is no more identifying that "Anonymous Coward". I posted as AC more out of random chance than any desire to hide a virtual identity.

            Looking at it from a risk perspective what is the risk I incur from someone/anyone having a copy of my fingerprint? Finger prints are not secret.

            Andy

            1. cosmogoblin

              Re: @AC

              My name, job title and employer are not secret, but I still take off my ID badge before I go to the pub.

        3. Dodgy Geezer Silver badge

          You would cut your fingers off?

          Since you CAN'T avoid leaving fingerprints everywhere, you'd better not care. Which is why people are a biit cautions about using them for sensitive actions like bank access....

  3. Nolveys
    Big Brother

    Hope She Wins

    Biometrics are a nightmare. I'd love if using them came with the expectation of looking like an idiot and being sued into oblivion.

  4. Ugotta B. Kiddingme

    Hopefully

    this will become a landmark case, ultimately leading to such protections* at the national level. Or at the very least I hope my state will follow the example of Illinois.**

    *PLEASE don't wake me up. It's such a pleasant dream

    ** far more likely but less useful in general.

  5. JohnFen

    Stupidity

    This is a really stupid use for biometrics. What's wrong with a badge?

    1. Anonymous Coward
      Anonymous Coward

      Re: Stupidity

      Badges can be passed around. It is slightly harder to do that with a finger, especially if it needs a pulse too...

      (I guess Smith's Human Remains crew is one of those thinking all employees are cheats who can't be trusted under any circumstance.)

      1. Remy Redert

        Re: Stupidity

        A lot of these scanners were and probably still are vulnerable to some extremely simple duplication attacks. While breaking into a fingerprint scanner lock with a print out of a fingerprint was perhaps a bit extreme and is unlikely to work on any kind of quality scanner made these days, it's absolutely conceivable to make copies of fingerprints for other people to scan you into work with at minimal expense.

        1. Anonymous Coward
          Anonymous Coward

          Re: Stupidity

          Most are probably easier to hack via a solenoid bump/magnet/short than actually trying out the biometrics.

      2. Anonymous Coward
        Anonymous Coward

        Re: Stupidity

        "I guess Smith's Human Remains crew is one of those thinking all employees are cheats who can't be trusted under any circumstance"

        A place where I used to work did a lot of overnight processing so there was a small operations team on site to monitor, fix and escalate issues. One night all hell broke loose and it soon became apparent that instead of there being a team on site it was just one chap, and he couldn't cope. The access card logs showed that the full team was on site but the security camera recordings showed otherwise. In fact they showed it had been going on for months with the team members taking it in turns to do the night shift and most of the time they were at home in bed but earning night shift pay.

        Whilst it's good to trust employees that trust does need to be verified or else it can and will be abused.

        1. JohnFen

          Re: Stupidity

          "Whilst it's good to trust employees that trust does need to be verified or else it can and will be abused"

          Yes, but fingerprint scanners don't really address this problem. In fact, the belief that they do makes it easier to get away with spoofing them.

          Also, "trust but verify" has always been an insulting nonsequitor. If you have actual trust, verification isn't necessary. If you're verifying, then you don't have trust. The two things are mutually exclusive.

          1. silverfern

            Re: Stupidity

            Exactly.

            The saying "Trust but verify." means nothing more or less than "I don't trust you."

    2. Andy E

      Re: Stupidity

      The thing about a badge is that anyone can carry it and clock-in for you. It's a bit harder to do that with someone else's finger.

      1. JohnFen

        Re: Stupidity

        It's isn't *that* much harder to have yoru buddy clock in for you using your fingerprint. It does require knowing how to google and about a half hour of preparation time, though.

        That said, if this is such a large problem at that company, wouldn't the company be better off by enacting better hiring practices?

      2. eldakka
        Holmes

        Re: Stupidity

        > The thing about a badge is that anyone can carry it and clock-in for you. It's a bit harder to do that with someone else's finger.

        If the badge gets stolen or reported as missing, it's easy to de-authorize that badge from the systems it was used for, and to allocate a new badge to the user - the actual entity who needs to be authorized.

        If a copy of a fingerprint gets stolen, on the other hand, while sure, it might be easy to de-authorize the fingerprint, but umm, how are you going to allocate a new fingerprint to that user so they can get about their work?

        1. StewartR

          Re: Stupidity

          "If a copy of a fingerprint gets stolen, on the other hand, while sure, it might be easy to de-authorize the fingerprint, but umm, how are you going to allocate a new fingerprint to that user so they can get about their work?"

          Fortunately most users have up to 9 readily available backups which can easily be deployed.

        2. BinkyTheMagicPaperclip Silver badge

          Re: Stupidity

          It's not difficult to identify cheats, just more expensive.

          The number of clocks is limited. The exact time and location the employee (or fake fingerprint) swipes in is known - because it's a time clock..

          Stick a camera covering the clocks (some clocks have this built in). Ensure the video is timed.

          Probably also worth changing the employee's unique id to something else when re-registering a different biometric source, so it's easy to spot the miscreant when they swipe in under the old id.

    3. 2Nick3
      Coat

      Re: Stupidity

      "This is a really stupid use for biometrics. What's wrong with a badge?"

      If it's just a timeclock I don't see how a fingerprint is useful. But for facility access it's hard to get to work and realize you don't have your finger when you get to the door.

      At a medical facility the staff may be changing clothes at the start and end of their shifts. The dirty scrubs hamper often has more than a few badges in it at the end of the day.

      (Mine's the one with the Deluxe Edition BluRay of Blazing Saddles in the pocket)

      1. Anonymous Coward
        Anonymous Coward

        Re: Stupidity

        If you cannot trust your staff without the use of a fingerprint scanner for clocking in, why are you employing them?!

        (Security of access is a different kettle of fish fingers. But timesheets are rather mundane in access rights)

        1. Snowy Silver badge

          Re: Stupidity @TechnicalBen

          Most likely because they where cheap

    4. DiViDeD

      Re: Stupidity

      At a company I've done some work for, they have the old Half Life iris scanner at the door. Great for that Gordon Freeman feeling, and generally pretty quick and accurate.

      1. JohnFen

        Re: Stupidity

        Yes, I've used those as well. They share the main problems as fingerprints, although forgery is rather more difficult to do.

        My favorite biometric of the ones that I've used over the years measured the distances between the joints in your fingers on one hand. It's quick and easy to measure, and is as unique as anything else. But it has the advantage of being much harder to have ruined through accident or injury, and it's very difficult to forge as long as anyone is watching you do the scan.

        1. phuzz Silver badge
          Joke

          Re: Stupidity

          "My favorite biometric [...] measured the distances between the joints in your fingers on one hand.[...] it has the advantage of being much harder to have ruined through accident or injury"

          I suspect the Yakuza won't be giving that one a try any time soon.

          1. Anonymous Coward
            Anonymous Coward

            Re: Stupidity

            Back in 2000 I was a frequent traveller to NY so enrolled with their hand geometry biometric system (INSPASS) so I could skip the immigration control queues. It worked very reliably for me, however the woman from the NY Port Authority who enrolled me had huge problems getting it to verify her identity. She told me that due to her role the system was configured to require a much more stringent level of verification and her ability to access the system reliably varied with time of month as her hands routinely swelled.

    5. BinkyTheMagicPaperclip Silver badge

      Re: Stupidity

      Also note, you can't forget your fingers, and if a site has several dozen employees biometrics are cheaper (based on a hardware write down cost of a few years). Cards are not that expensive, but they're not zero cost either.

    6. Jason Bloomberg Silver badge
      Paris Hilton

      Re: Stupidity

      This is a really stupid use for biometrics. What's wrong with a badge?

      That provoked a flashback to my school days and being made to provide answers as to why round manhole covers are better than square. I would have thought anyone reading El Reg would be able to produce many compelling reasons why it's better than badges, could role play selling the fingerprint system as advantageous over badges.

      People rarely misplace fingers, they tend to always be where they usually are, no one forgets to take them with them. Fingerprints don't really wear out, damaging them is usually self-rectifying, and losing fingers is hopefully rare. They can't be easily lent to others, they tend to come with the person and don't have to be created separately, and we usually carry around our own spares.

      Thinking on how badges would be better than fingers: Being not so easy to slide up backsides avoids unexpected surprises and lawsuits. They can carry human readable information and can be checked without requiring technology. They probably make for better bookmarks if wanting to put a book down.

      1. JohnFen

        Re: Stupidity

        I'm not asserting that there are no advantages to fingerprint scanning for this purpose. There clearly are. What I am asserting is that when you add up the advantages and disadvantages for each, fingerprints don't obviously win.

  6. Curious

    Our office had the GDPR legal consultants in, their advice was that collecting biometrics for time management was a lawsuit waiting to happen and that the employer must offer an opt-out / alternative path for employees.

  7. WilliamBurke
    Happy

    side effects

    In the early noughties I worked for a company where we had fingerprint scanners at the doors. More for show than for real use (we were some kind of demo lab, and the parent company tried to sell them). They didn't really work if your fingers were dry or cold. So we learnt to blow at our finger before we entered. At least I thought we had learnt that, until one winter morning I entered behind a guy who stuck his finger into his mouth before pressing it on the glass. I don't remember if we all got the flu at the same time...

  8. Throatwarbler Mangrove Silver badge
    Joke

    She's lucky!

    At my workplace, we use rectal scans. On the plus side, they've really cut down on smoke breaks.

  9. Sleep deprived
    FAIL

    '... first obtain permission and a written release from the subject"

    If your job depends on it, this kind of false opt-in condition is pretty phony, and shouldn't be left up to employees.

    1. eldakka

      Re: '... first obtain permission and a written release from the subject"

      > If your job depends on it

      I'm not sure how a job could possibly depend on your biometrics (outside of if the business itself was a biometrics business - making these devices)

      Using biometrics is an optional choice that would have to be made by someone at some level. The biometric systems (door locks or whatever) didn't just evolve themselves into place.

      1. Sleep deprived

        Re: '... first obtain permission and a written release from the subject"

        If biometrics are used for access or time management and you don't want it, you may be refused for the job. Decades ago, they day I went to sign my work contract, I told HR I wasn't interested in the collective life insurance. I was harshly told it was part of the work conditions, and if I didn't want it, I just had to return home...

  10. Chairman of the Bored

    And in the middle of the Venn diagram...

    You've got the intersection of the "stupid" and "HR" sets.

    One of the guys in my office is missing an arm, and one fingerprint on the remaining hand is badly distorted. HR and security weenies still occasionally call and ask him why he doesn't have a full set on file. If this keeps up, at some point people will get some knuckle prints...

  11. JimmyPage Silver badge
    Stop

    Gummy bears ?

    Just sayin'

  12. Rameses Niblick the Third Kerplunk Kerplunk Whoops Where's My Thribble?

    Obvious assumption, but...

    ...what was she fired for? Something tells me she wouldn't have given a rats ass about her biometric security if she was still employed there.

  13. BinkyTheMagicPaperclip Silver badge

    ex-employee with axe to grind, rather than actual concerns..

    Part of my work involves timeclocks with biometrics. Not Kronos, but it is probably similar.

    As mentioned, what is stored in the clocks is a template, not data reversible to a fingerprint image. The image of the fingerprint that is shown on the clock when registering (if it has a display) is not retained.

    The typical reason a biometric template is transmitted to a server is so that they can be distributed between different clocks, allowing an employee to clock in and out at any of the customer sites. You also want to record the biometrics in case the clock fails and the data need to be synchronised down to the new clock.

    The biometric distribution is an overnight process, clocks send upload/update/delete biometric requests to the central clock server, so if it the biometric is deleted from the clock used to register it, it's removed from all other clocks.

    When swiping in and out, all that is transmitted is the unique id for the employee, the time and date, and clock status information. Biometrics are not included.

    The sensors used are rather better than the pieces of crap included in laptops and phones, and cost hundreds of pounds just by themselves. Whilst I've been able to lock myself out of a Thinkpad by having sanded down fingerprints after doing some DIY, on a clock the accuracy of my finger print recognition went down by about 4%, it was still perfectly able to check my prints.

    It's possible to register multiple biometrics (most people add a backup finger), and a lot of clocks offer multiple input options, so if biometrics can't be used for a small number of staff, proximity cards or other identification can be used instead.

    An 'ex-employee'. I definitely sense a huge axe to grind here.

    However, it is critical to get employee buy in. I know of instances of repeated clock vandalism. Repairing of deliberate damage is not covered by warranty, and these clocks are not cheap.

  14. Anonymous Coward
    Anonymous Coward

    Biometric "security" uses

    identifiers that cannot be secret and cannot be changed.

  15. Cyril

    Piece of glass, check.

    Digital camera, check.

    3D printer, check.

    Make an id fingerprint "card" that works all the time. Wear it on a necklace and scan it. Make one for each co-worker.

    Finger print security is already obsolete.

    1. Anonymous Coward
      Anonymous Coward

      > 3D printer, check.

      3D printers these days don't yet have the required resolution. They're not too far off, but it's not quite good enough.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like