California school bus service eyes biometric technology for pupils
The topic of school safety evokes a visceral response from听parents, teachers, administrators, and lawmakers. It鈥檚 the subject of , nonprofit , and countless studies, all attempting to make campuses and schools more secure.
For several southern California schools, the latest attempt comes in the form of biometrics.
The Antelope Valley Schools Transportation Agency (AVSTA), which serves four school districts in the Lancaster, Calif. area, is testing iris scanning devices on three special needs buses this semester through December. It鈥檚 meant to ensure that no student is accidentally left on the bus. Though the trial has been a few months in the making, the death of a special needs in Whittier, Calif., who died of unknown causes after being accidentally left on a school bus, fortified the transportation agency's efforts to find a solution to keep something like that from happening in their districts.
"This could be the long awaited silver bullet to solve the problem of, 'where is my child?' " said Shawn Cabey, administrator at Westside Union School District,听which is testing the scanners. Mr. Cabey is the vice president of the AVSTA board of directors.
The experiment in California comes as schools nationally are increasingly deploying technologies to monitor students in the name of safety.听In recent years, districts across the country have implemented social media monitoring to detect threats, and some debated improve the speed of a lunch line. Iris scanners are rarer in schools,听but have been used as ID cards in . Iris scanners are commonly used by law enforcement agencies听at 听such as Amsterdam Airport Schiphol,听 in the United Arab Emirates, and in .
While some school administrators听see the scanners as an innovative way to bolster safety, the devices come with a host of privacy issues, according to privacy experts.
When it comes to iris scanning in general, advocates are particularly concerned about how securely the iris data is stored, whether that data is shared and with whom, and the ability to track people through 听scanning.听
Those concerns feel even weightier when school kids are added to the equation.
Sold by a company called Iritrak, the devices听on buses look like a pair of binoculars attached to a tablet by a cord. When a student boards the bus, he or she looks into the binoculars while it takes a scan of both irises and matches it against the听Iritrak database. Then, the bus driver receives a notification of听whether or not the student is authorized to board the bus at that stop, and the school gets a notification that the student has boarded the bus. Parents can also remotely听track their student鈥檚 bus in real time via an app.
"The thing that kind of appeals to me about the process is that the method of identification is acutely attached to the child," said Morris Fuselier III, chief executive officer of the transportation company. Unlike a bus pass, which can be lost, stolen, or misplaced, the iris isn鈥檛 something a student needs to keep track of, Mr. Fuselier said.
It's also a fairly reliable way to tell people apart. Iris scanning cameras use near-infrared light to see past the surface of the eye and detect that specific iris' texture. What's more, irises can't easily be changed. Research into exactly how unique irises are from one another is ongoing, but Dr. Arun Ross, director of the Integrated Pattern Recognition and Biometrics lab at Michigan State University, said its unique patterns and unchanging nature make an iris a "powerful" identifier.
Privacy concerns
This is where privacy advocates begin to worry.
"You鈥檙e collecting a piece of information you can't change, and you're doing it to solve a problem that may have easier nontechnical solutions," said Chris Calabrese, vice president for policy at the Center for Democracy and Technology (CDT). Solutions, he said, could听include requiring听the bus driver walk to the back of the bus to check for students.
Because of the sensitive nature of iris scanning, Mr. Calabrese said, vetting a company's security measures is paramount for schools pursuing the practice. That begins with understanding what data is being collected and how it is used. For iris scans, the first level of collection is whether only the iris scan will be collected, or if other personal information, like name and contact information, will also be linked to the scan.听
In Iritrak鈥檚 case, only scans of the students' irises are collected and stored by the company. Personal information, including student names, addresses, phone numbers, birthdays, and emergency contact information is kept in a separate database maintained by contracting schools.
According to Michigan State鈥檚 Dr. Ross, work the same way, but with slight variations per company depending on any proprietary elements they have. Each system, though, begins with enrolling people into a database. For an iris scanner to verify a person is who they say they are, there must be an existing iris scan on record match against. This is done by taking several pictures of the eye with the scanner to identify the unique points in someone鈥檚 iris.
Then, the image is converted into a binary code. That code is stored in the database and used as a baseline to match future scans of that person's iris against. According to Ross, many companies have proprietary algorithms when converting the images to code, meaning that if the same person was scanned by multiple companies, the codes produced would likely be different.
Companies that run iris scanning systems can either retain the original picture of the iris and the code, or they can discard the image and just keep the code. Keeping the picture, Ross said, can allow a company to generate a new code for that iris should the original code be compromised, but that can also be accomplished by applying a mathematical function to the existing code if the picture is deleted.
Privacy advocates' concern is whether the image could be used by another company to create a record of that person. While the images can be reverse engineered to create an approximate image of an iris, it won鈥檛 do anyone much good, said Ross. Recreated irises are easy to identify if the system knows how to detect them, and it鈥檚 still up for debate how much 鈥 if any 鈥 reliable information someone can glean from an iris picture, such as health or gender.
According to biometrics expert Samir Nanavati, author of "Biometrics: Identity Verification in a Networked World,"听whether or not a company keeps the image is an important part of the privacy puzzle, but there are other factors to consider as well. "It鈥檚 a spectrum, but the less you keep the better," he said.
听
Data retention and storage
What also matters when it comes to preserving people's privacy with iris scans, privacy experts said,听is how long the data is kept and whether there are appropriate security measures while stored. Appropriate security measures, they said, include anonymity. According to Iritrak, scans in the school bus test are given a unique identifier not associated with the student's student ID number to anonymize the database entries. Those are stored in a cloud server, encrypted, until the schools request the information be deleted, according to Iritrak founder John DeVries.
Parents, and the schools, can follow along with a student鈥檚 ride by accessing an online portal protected with a username and password. For parents, that means seeing in real time where their child is to ensure that their student gets home or to school. For schools, that means tracking buses and every student on the bus in real time. School administrators can also add or subtract stops from a route.
"I don鈥檛 think it can be right that this is somehow anonymous information," the CDT鈥檚 Calabrese said. "You can say say it's not linked to child's name, but if a parent can know whether the child is on a bus or not, it's not anonymous."听This could also be an area of concern if someone other than an authorized guardian or school official obtained a login credential, he notes.听
But Iritrak's Mr. DeVries said he was not concerned about this, insisting听that the听schools will take security seriously.
Sharing and selling data
When asked if Iritrak would sell or share听any student data collected, DeVries said, "Heck no!"
It may be, however, that his verbal agreement is all that exists 鈥 at least for now. Since the program is only a trial, Iritrak has no formal contract with the transportation company that would regulate the sharing or selling of student data collected, according to DeVries.听
What's more,听Iritrak does not have a public privacy policy, where companies generally outline when they will share data and with whom on their website.
This has privacy advocates concerned. Without something more firm, Calabrese said, "There鈥檚 nothing that would prevent the company, except maybe a contractual agreement with the school, from selling or sharing the information."
There are also relatively few laws that protect biometric data. The Family Educational Rights and Privacy Act requires that biometric records not be disclosed without consent. According to privacy lawyer Leeza Garber of Capsicum Group, the , which governs the collection of personal information for children under 13 by websites, could apply in the Iritrak case. Illinois鈥 , she said, will likely be looked to as a standard. BIPA is the most comprehensive law governing biometric privacy, as it regulates the "collection, use, safeguarding, handling, storage, retention, and destruction" of biometric information.
Scope creep
Scope creep, where the technology could be used in ways beyond the original mandate, is another facet to examine, Calabrese said, as any other areas iris scanning is used could bring further听concerns.
For Iritrak, founder DeVries said there are multiple other uses for the product -- such as keeping attendance or checking out in the lunch line -- that he and the schools have yet to explore.听
The possibilities are reminiscent of in Colorado, Pennsylvania, New Jersey, and West Virginia. After a Colorado school proposed fingerprint scanning to speed up lunch lines, parents raised enough concern about identity theft and government tracking that the plan never saw the light of day.
While the schools involved are not currently pursuing any additional use of the iris scanners, parents of children in the pilot program are听noticeably absent from the school bus scanner听debate. According to AVSTA CEO Fuselier, the bus service sent multiple letters home to parents and called their homes, offering to schedule meetings to address any concerns the parents have.听But no one came.
"We kind of took it as a good sign that the communications we had with them [before] the trial gave them the explanation they needed and we had no one opt out," Fuselier said.听There will likely be parental concerns once more students are involved should the program move forward, he said.
Audits
One way that companies can reassure customers that their security measures are up to par is through an independent audit. A third party will compare the company's security measures to best practices and recommend areas for improvement. But Iritrak founder DeVries said he doesn鈥檛 see a need for a security audit beyond security checks the schools do before contracting with a company. For parents who are uncomfortable with the service, he said, just don鈥檛 use it.
"If you don鈥檛 like it opt out," he said. "It鈥檚 only security of your child."
According to the Capsicum Group鈥檚 Ms. Garber, not opting for an audit is concerning. "There is no system that can be 100 percent secure every minute of every day," she said. "The threat technology moves faster than the security can keep up."
听
