Using Biometrics in the Workplace

The advances that have been made over the years with regard to identification technology have led to a number of new introductions to this sector. Whereas pictures were the main means of identification in the past, there are now more accurate ways of ensuring that people are who they claim to be. Though this may have improved the level of security that can be enjoyed by companies and like parties, there are a number of disadvantages such as an increase in privacy invasion that have discouraged people from willingly offering the needed details for these new measures. 

Why would a Company Require this Information? 
There are a number of reasons that many companies have turned to these new forms of identification for their employees. Some of the main motivators include the need for a more accurate tracking system with regard to the hours put in by their workers. Given the chance, some employees may be tempted to record false hours in a bid to rise the pay owed to them and this could have an adverse effect on a business’ finances. 

The issue of overtime also comes into play in this regard. In some cases, it may be difficult for a company to confirm the amount of additional hours claimed by the employee. The new tech that is used today has reduced the potential for errors when it comes to calculating overtime. It also provides a more efficient method of determining the exact time owed to the employee. 

The use of new tracking devices and identification has also made it easier for companies to control the traffic within sensitive sectors of the workplace. Some companies may work with the need to restrict certain parts of the company due to sensitive information and/or material that is located in those parts. The new tech allows companies to keep track of the people who may be in these areas at any given time, as well as restrict access to others. 

Tracking systems also enable employers to note the location of mobile assets such as vehicles through the use of GPS. This has reduced the chances of such commodities being subjected to theft. This can be essential, especially when the assets in question hold a high financial/technical value. 
Though GPS systems have been accused of being overly invasive by some parties, they have slowly been gaining acceptance as the parties involved begin to realize the benefits offered by this form of tracking. The systems are set in place with the knowledge of the employees involved, and thus it cannot be said to be a means of spying on the privacy of workers. 

Biometric locks are steadily gaining popularity in the workplace as it has eased the control of access to restricted areas. It also enables employers to track the activities that take place within these areas as well as identify the individuals behind these actions. The enhanced security that can be enjoyed from these systems have allowed companies to protect their assets from any potential danger. 

The introduction of biometric screening has also been encouraged by the development of the Affordable Care Act. This allows employers to hand notices to their workers with regard to this free process, and there have been rumors that this screening might be mandatory in most workplaces in the near future. 

Though these rumors might not be very welcome by those keen on protecting their privacy, the need for these new measures cannot be ignored. The threat of information and asset theft has increased with the continued advancement of technology, and as such companies are not able to protect their assets using traditional methods. This means that increased levels of information such as an employee’s biometric data will be needed. The main worry of those who are resisting this change has to do with the safety of the information provided. Needless to say, this kind of information can be classified as sensitive and could be misappropriated in the wrong hands. 

Could an Employee Refuse to Submit to these New Measures? 

As would be expected there have been a number of people who are not so pleased with the introduction of the new security measures that have been implemented by some employers. A good example of this would be the reaction that Bloomberg received from some corners with regard to the implementation of biometric tracking of their employees. A large number of workers argued against this invasion of their privacy, but the final majority opinion within the city was positive as most welcomed the efficiency of the system. 

The contention by some workers towards biometric systems has thus raised the question of what the potential repercussions could be for those who simply refuse to comply with these new measures. This is an essential question as one should be aware of any risk involved with their refusal so as to make an informed decision. The query also raises a related question with regard to what a company should do when they come across such resistance. 

An employer is able to terminate a worker’s contract within the provisions of the law according to the employment-at-will memorandum. This means that an individual could actually get fired for refusing to comply with the additional biometric measures unless they are able to find a legislation that supports their abstinence. This also has the potential of souring employer – employee relationships and thus should be approached with caution by both parties. 

This being said, there are a few instances that prove that the law exists to protect the rights of both parties involved when it comes to the provision of sensitive data. In a case where some companies had started collecting passwords to people’s social media accounts for example, a law in a majority of states was quickly set in place to protect them from such invasion of privacy. Similar results were seen when some employers tried to involve social security numbers in the process of identification and access provision. 

Countries such as Canada and some states in the U.S. require any employer using the biometric details of their employees to ensure that such information is adequately protected or suffer the consequences. In New York, an employer is not allowed to collect the fingerprints of their employees unless specifically required by the law. Legislation in this sector continues to develop and individuals can use these as a means of resisting the biometric requirements that have been set by some companies should they feel the need to. 

Alternative Legal Approaches 

As mentioned earlier, the legal system is designed to protect the interests of both the employer and the employer without showing any favoritism. There are a number of theories that one can try to put into play should they feel the need to resist the requirement for biometric details by their employer. 
Workers can use the federal and state laws that protect against discrimination in the workplace to make a case for themselves. These legislations have been used by workers who were resistant to having their photographs stored by their employers. It is always wise to have the law on a person’s side should they want to go against the wishes of their employer to increase their protection from risks such as termination. Using this route would mean the individual will have to adequate research on the various laws and legislations that can assist them in putting their point across. 
A case in point of such an approach can be found in the lawsuit that was filed by the Equal Employment Opportunity Commission, on the behalf of an employee for Consol Energy Inc, as well as the Consolidation Coal Company. In this case, the employee in question did not want to provide a hand scan to the company despite the fact that the employer wanted to introduce this biometric detail to their time keeping efforts. 

The employee (of Christian faith) stated that his religious beliefs prevented him from complying with the new measures as he related the scan to “the mark of the beast”, something that was to be avoided by followers of his religion. This led him to request for a different means of tracking his work hours, and the company’s refusal resulted to the lawsuit in question. 

Such a case should serve as a warning to employers when it comes to the implementation of biometric systems and the potential resistance they might meet. No company would want to go through the process of dealing with a lawsuit, as this is something that requires time and finances that could be better utilized elsewhere. 

How do Biometric Systems Function? 

Before one decides whether they are for or against the biometric systems that could potentially be put in place at the workplace, it is essential for them to understand how these systems function. This better grasp of the system will help them come to an informed decision based on their views after all the facts have been laid bare. 

The main aim of a hand scan is to identify an employee using their hand as a form of biological identification. The geometrical details of an individual’s hand is initially captured by the system and stored in connection with the employee to be used for their identification at a later date. This is done using a camera set in the system that photographs the employee’s hand and notes various details such as length, curvature, thickness and width. 

The basics of these functions are similar to other types of scanners such as fingerprint and iris related devices. The overall function of such scanners is the identification of specific individuals, via the details that can be found in the particular part of the body that is being scanned. 

This allows for a more accurate identification process as no one person is able to have the same biometric details as another individual. This reduces cases such as workers having their colleague clock in or out on their behalf and allows the company to keep a better track of the hours worked by employees. 
It should be noted that current biometric designs are susceptible to a few flaws and still need to work a few kinks out of the system before they can be considered to be absolutely precise. The scanners may not work for example, if an individual suffers a type of trauma to the area being scanned. A worker cutting their hand may lead to the biometric system failing to identify them, as a result a result of a change in the initial dimensions that were recorded by the device. 

Applicable Employer Advice 
Companies that may be considering implementing the use of biometric systems in the workplace will need to be careful with regard to how they approach the matter. There are a number of issues that should be addressed during the process in a bid to make the process as trouble free as possible. Some of these include: 

1. Make a point of notifying all employees in written form of the intended switch to biometric systems beforehand. All needed information such as the details involved, the reason behind the move and the safeguards that will be initiated should be included in this notification. A means through which the employees can address any further queries they may have should also be provided. 
2. Conduct adequate research on the various laws that could govern this process with regard to privacy and any other related matters so as not to be blindsided by any potential legislative complications. 
3. Ensure that all biometric information is safely stored and protected from any potential compromise by individuals with ill intent. 
4. Ensure any existing union is also informed of the company’s intention to use biometric systems. This will allow the employer to work out any potential issues that may arise from this sector in good time. 
5. Leave room for any potential accommodation that may have to be provided for individuals who resist this change and are protected by law in their claims. ​

Biometric systems are steadily gaining popularity in most places of work but as in any new change, those involved will have to be adequately prepared to face this development no matter their particular stance on the matter. ​

The first computer password is believed to have been created in the 1960’s at M.I.T.  It was first applied 

to CTSS, an early computer with only 27kb of data storage. This computer was considered to be state of 

the art in its time, and the password a robust way to keep the data stored within it safe.

A lot has changed in the nearly sixty years since CTSS’ time however, as those early computers evolved 

and lead the world into today’s Information Age. Today the average household computer has a data 

storage capacity roughly 1 billion times greater than CTSS. Information storage is cheap and readily 

available. 

With so much more information in circulation today then, why is it that password protection is still 

adequate for safeguarding sensitive information?

The answer is simple - it’s not. 

The password was created in simpler times and although it was adequate protection for that time the 

adoption of more modern protection methods has failed to keep pace with the proliferation of 

information technologies. 

It is only now, with the increasing examples of security breaches into private data (Sony, JP Morgan, 

Home Depot, Ebay etc) that industry leaders are waking up to the need for more robust security 

technologies and increasingly adopting Biometric authentication as a solution as it offers a more robust 

and secure method of protection. 

Advantages of Biometrics over Password Authentication

Uniqueness

The first, and perhaps biggest, advantage Biometric authentication has over password based 

authentication is its uniqueness. It is easy to compromise any password based system once an individual 

gains access to a user’s credentials. With biometric authentication however, the user IS the 

authentication key. Only the user’s unique features can be used to gain access to a system, and by 

necessity that user must be present, eliminating the possibility of defeat by Fraud. 

Biometric authentication is near impossible to forge, and unlike a password, cannot be shared with 

another individual. It can be used in plain sight without risk of compromise, and in no way can be ‘lost’ 

or ‘stolen’ (like an ID badge).

Additionally, as the authentication key is unique to the user, it can be used to unequivocally link a user 

to any transaction or event accessed by the user, something password based authentication cannot 

offer. 

Scalability

Unlike password authentication, Biometric authentication presents opportunities for scalability much 

greater than other means of authentication. 

Biometric authentication, especially finger print authentication is amongst the most affordable means of 

authentication. The need for infrastructure is minimal, and once a user has been added to a biometrics 

driven system there is no need for additional costs related to authentication key change requests and 

maintenance (as with password based authentication). 

Biometric authentication also does not require a keyboard interface, allowing for it to easily be adapted 

for use with other devices outside of a computer system (i.e. Building security, time keeping systems, 

banking, etc) while still ensuring security is maintained. 

Removes Human Fallibility  

Another practical advantage Biometric Authentication offers over Password Authentication is its ease of 

use. Unlike a password driven system which requires the user to remember necessary information 

which can easily be forgotten, the use of Biometrics authentication means an authorized user can never 

be locked out accidentally. 

Biometric authentication also eliminates the problems caused by the utilization of the same password 

for multiples systems. Although it is not recommended, many users make use of the same password for 

multiple systems. Users often use the same password in order to better remember it, especially when 

special characters and numerals are required making passwords difficult to memorize.

This opens users up to the possibility that of all systems becoming compromised with the discovery of 

just once password. 

With Biometrics authentication, however, there is nothing to remember, and no way in which a user’s 

credentials can be misappropriated to access a single or multiple systems.

Hackers took fingerprints from the Office of Personnel Management. The government agency now admits that cyber hackers stole 5.6 million fingerprints of American citizens. Initially, the federal government had estimated that “only” 1.1 million fingerprints had been taken during the cyber attack.

The hackers that stole fingerprints also stole the Social Security numbers and home addresses of more than 21 million current and former government employees, MSN reports. Both the Office of Personnel Management (OPM) and the Department of Defense are currently investigating the breach of personal information and biometric data pertaining to staffers.

The 5.6 million people who had their Social Security numbers and other personal data stolen could have the bulk of that information changed and even move, but fingerprints are set for life. The use of fingerprints instead of traditional passwords for daily security members and access to personal technology has enhanced public concerns regarding how the cyber hackers could use the stolen material.

“Today’s blatant news dump is the clearest sign yet that the administration still acts like the OPM hack is a PR crisis instead of a national security threat,” Republican Nebraska Senator Ben Sasse said.

Chinese cyber hackers have been suspected of the fingerprint theft, but federal investigators have not yet publicly announced any suspects in the cyber attack. Chinese President Xi Jinping is visiting the U.S. and claimed China is as a strong defender of cyber security, the New York Times reports.

“The fact that the number [of fingerprints breached] just increased by a factor of five is pretty mind-boggling,” Center for Democracy and Technology Chief Technologist Joseph Lorenzo Hall said. “I’m surprised they didn’t have structures in place to determine the number of fingerprints compromised earlier during the investigation.”

Federal experts reportedly feel the possible “misuse” of the fingerprints stolen by the cyber hackers is limited, according to a statement made by officials at the OPM.

“If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach,” OPM stated.

However, agency experts also noted that while they believe the use of stolen fingerprints is “currently limited,” that could “could change over time as technology evolves.” Intelligence experts are now reviewing the ways in which fingerprint data can be used and are attempting to develop a process to prevent that from happening.

“OPM keeps getting it wrong,” Republican Representative Jason Chaffetz said. “I have zero confidence in OPM’s competence and ability to manage this crisis.”

The 5.6 million people who were impacted by the hackers taking fingerprints are still reportedly in the process of being notified by OPM. All of the government employees will be offered “free” fraud protection and identity theft services.

Qudot Photonics is please to announce their upcoming attendance at ISC West, from April 15th to 18th, at the Sands Expo Center, in Las Vegas. 
This show will mark a historic event for Qudot Photonics, an Ottawa based company, as it will be showcasing a new proof-of-concept device, demonstrating its exciting and innovative new 'VIP.ID' Bio-metric security token system. 

Qudot Photonics promises that this newly developed approach to Fingerprint Bio-metrics will offer protection from many vulnerabilities faced by traditional Bio-metric systems, including the use of fake fingers, or a compromise of the local client device (scanner).

Additionally, its unique approach to Fingerprint authentication means that this technology can be customized for an unlimited number of applications or environments, requiring no costly on-site Server technologies, or physical devices to carry around unlike any other authentication service.  

If you plan on attending this show, Qudot Photonics can be visited at booth 30498.

By Michael Thieme

The use of biometric technology is directly associated with privacy concerns, such that it is impossible to discuss biometrics without addressing the negative perceptions which surround its usage. As with the perceptions surrounding most new technologies, many concerns are well-grounded, some are based on fundamental misconceptions of the technology’s operation, and others are unrelated to the technology. All privacy-related concerns must be addressed fully in any situation where biometrics might be deployed. 

Privacy-related concerns expressed regarding biometric technology can be divided into Personal Privacy and Informational Privacy.

Personal privacy. There is a segment of the population for whom the use of biometric technology is inherently offensive, distasteful, invasive, or embarrassing. This may be attributable to a variety of cultural, religious, or personal beliefs.

The percentage of the population for whom the use of biometrics is inherently problematic is unknown; further, the percentage of people whose personal disregard for biometrics is so strong as to increase the likelihood of non-compliance with biometric systems is unknown. In either case, fears and concerns relating to privacy of the person are difficult to address through legislation, system design requirements, and can only be partially addressed by public awareness campaigns. The presence of such concerns, though held by a small percentage of users, is an inevitable component of any potential biometric deployment.

Informational privacy. Of more immediate significance to many users is the issue of informational privacy. Fears and concerns classified under informational privacy are not expressions of inherent discomfort with biometrics, but are centered on the potentially ominous impact of the collection, use, retention, and disclosure of biometric data.

• Unauthorized collection. Although only certain technologies are even theoretically capable of collecting biometric information without the subject’s knowledge, the increased deployment of certain types of biometric technologies does bring with it the concept of biometric information being gathered, and biometric identification functions being performed, without consent. This would facilitate, if not be an instantiation of, unauthorized use of biometric technology. 
  
  
  
• Unnecessary collection. Biometric technology, in its various iterations, is normally deployed as a means of addressing a specific identity verification problem. Primary examples include controlling physical access to specific locations, controlling logical access to specific data, or ensuring that an individual does not enroll multiple times in a single-identity system. A potential fear, if and when biometric technologies become pervasive, is that they will be deployed in situations where there is little to no benefit to strong user authentication or identification. Unnecessary collection would also facilitate unauthorized use of biometric technology.  
  
  
  
• Unauthorized use. Unauthorized uses of the biometric technology are seen to represent the greatest risk biometrics pose to privacy. It is not the intended uses of biometrics that are seen as problematic, but the ways in which it might be used for purposes than originally intended. “Unauthorized use” concerns use can be classified as forensic usage and usage as unique identifier. 
  
  
• Forensic usage. Given the use of fingerprints as the primary means of forensic identification, it is natural that the requirement to provide one’s fingerprints to receive public benefits should be looked at with hesitation. The fear is that information provided for public or private sector usage will facilitate police searches, both automated and through use of latent images. By virtue of this, every database with a biometric could be used as a database of criminal records, representing a significant increase in the potentially intrusive investigative powers of the state.
  
  
• Usage as unique identifier. The use of biometrics to monitor, link and track a person’s daily activities is another commonly held fear. Being that biometric technologies are based on physiological or behavioral characteristics, and that some of these characteristics (such as fingerprints) are unique, the fear is that biometric technology can thereby serve as a unique identifier. The fear is that biometric information in "identifiable form", that is, as "raw image" biometrics, will be used to link information.
  
  Unique identifiers are a danger in a world where databases are underlying building blocks of almost every modern system, service, and transaction, because such identifiers can link disparate databases and information. Hence the opposition to the broad use of citizen ID numbers - such a unique number would facilitate searches in any database in which it resided.
  
  When considering the various environments where one might provide biometric information in the public or private sector - banking, medical, public service, retail, and employment – the prospect of information linkage and collection is extremely problematic.
  
  
• Unauthorized disclosure. Unauthorized disclosure, in addition to being an obvious facilitator of unauthorized usage, undermines an individual’s control over his or her own information. Fears of the loss of control over one’s personal information are at the heart of privacy concerns. As a necessary condition of biometrics being considered for inclusion in any project , unauthorized disclosure must be prevented through the development of privacy-sympathetic system design and procedural protections.
  
  
  
• Function creep. The fears categorized as informational privacy represent various types of function creep, or the expansion of a program, system or technology into areas for which it was not originally intended. The reality of the U.S. Social Security Number being used for a broad variety of applications illustrates the danger of function creep, as information-gathering services are able to use this unique identifier to locate and link information across databases.
  
  

Large-scale, non-forensic biometric systems are not deployed with the intention of facilitating surveillance, forensic usage, or unique cross-database identification. However, protective measures must be in place to ensure that such usage cannot occur, regardless of intentions, and that biometrics are only used for specified purposes.