/ The climbing academy Glasgow. Biometrics.

This topic has been archived, and won't accept reply postings.
Milesy - on 27 Nov 2011
While signing up for tca in Glasgow I was asked to provide a fingerprint. I refused and was looked at like I had 2 heads! The only time I ever gave biometrics was on entry to the states and I didn't have much choice in the matter.

I know it is a fancy wee system for staff to use and I am sure they wouldn't supply it to anyone else but I really have no idea how securely they hold the data.
3 Names - on 27 Nov 2011
In reply to Milesy:

Did they let you in?
confusicating on 27 Nov 2011
In reply to Milesy:

Was it a fingerprint scan?
If so, I think it cant be transferred, it is just like a barcode.
Owain - on 27 Nov 2011
In reply to Milesy: Sounds OTT to me
subtle on 27 Nov 2011
In reply to Milesy:
>
> I know it is a fancy wee system for staff to use and I am sure they wouldn't supply it to anyone else but I really have no idea how securely they hold the data.

What are you concerned about - what do you have to hide?
Fraser on 27 Nov 2011
In reply to Milesy:

It's just a method of speeding up the entry recording process, nothing more sinister. I willingly gave mine, but the system doesn't always recognise it so give my surname and am logged in the old school way.

I can sort of understand your stance but it does seem a wee bit paranoid.
Milesy - on 27 Nov 2011
In reply to subtle:

Nothing but my personal details and identity are important. I work in IT so I have experience of how insecure systems can be. No one complains until it is in the news that their details have been stolen then they re up in arms. I have no idea how secure their system is.
Fraser on 27 Nov 2011
In reply to Milesy:

Fair enough, I wouldn't object to others objecting to it. I take it you weren't denied entry and they took the rest of your (presumably legit) personal details? How secure is that - where would you draw the line?

I suppose the risk of their system becoming compromised was one I could accept.
winhill - on 27 Nov 2011
In reply to Milesy:

It sounds like a daft idea for a climbing centre, the one thing fingerprint biometrics are really vulnerable to are fingerprint injuries!

The scan doesn't save your actual finger print, so the security aspect isn't necessarily on the storage side, the security aspect is rather that you are being encouraged to give one off information that could be misused (it would be really easy for someone to use a fake scanner and reproduce your prints).

Biometric scanning requires an awful lot of trust between the person doing the scanning and the person being scanned, so if they looked at you a bit weird when you queried it, they've broken the trust and should be avoided.
Milesy - on 27 Nov 2011
In reply to Fraser:

Name and address is fine. You can get a hold of them through a variety of means. However biometrics are not easy to come by personal details.

I was actually quite diplomatic in my response as I am sick to the back teeth of the usual "what do you have to hide" responses. I must be a criminal then so please take my prints and retina scans just to prove I am not a criminal? Have some DNA as well.
AJM - on 27 Nov 2011
In reply to winhill:

They use your thumb for the print in Bristol and I've rarely had a problem with it not recognising me. Takes 2-3 goes on occasion, but they've been using it for years now so presumably it can't give them any significant recognition issues.
wurzelinzummerset on 27 Nov 2011
In reply to Milesy: This kind of thing is becoming more common. TCA in Bristol do it, too, and a number of businesses use the system to monitor the comings and goings of contractors and employees -- unfortunately we can object all we want, but increasingly there is no choice. An interesting point is that the fingerprints of people who do certain manual work e.g bricklayers are frequently partially worn away, so I'd assume the same was true of some climbers.
agibb - on 27 Nov 2011
In reply to Milesy:

What I find particularly odd is that it clearly doesn't work. I've been to TCA I think three times, and it has never worked. Would you use retinal scans to identify laser eye surgery patients? Climbers hands change more and more often that just about any other part of them. Haircuts would be more reliable. Names might also work.
Fraser on 27 Nov 2011
In reply to winhill:
> (In reply to Milesy)

> ...... so if they looked at you a bit weird when you queried it, they've broken the trust and should be avoided.

No, you're wrong, it would be the OP who first broke the trust by querying it.

winhill - on 27 Nov 2011
In reply to Fraser:
> (In reply to winhill
>
> [so if they looked at you a bit weird when you queried it, they've broken the trust and should be avoided.]
>
> No, you're wrong, it would be the OP who first broke the trust by querying it.

Crikey, each to their own, I guess but if you were interviewed in the street by someone 'researching computer passwords' would you tell them your banking passwords?

The default has to be that a user doesn't reveal ID details unless the person requesting them can establish trust, the first onus is on the requester, not the requestee. A trustable requester will acknowledge this.

Biometrics is a particularly high trust environment, if they used a combination of your membership number and a PIN, if someone compromised your PIN, what's the worst that could happen? An unauthorised user at the wall or someone burning up your ten session ticket or costing you a few quid?

On the other hand if someone compromises your biometric, thumb print, iris, foreskin pattern, then you can't grow another iris or thumb or cock. Biometrics are for life (barring surgery), PINs last until you change them.
Lord_ash2000 - on 27 Nov 2011
In reply to Milesy:
> (In reply to subtle)
>
> Nothing but my personal details and identity are important.

Are they? What use would someone have for your fingerprint.
syv_k - on 27 Nov 2011
In reply to Lord_ash2000:

I don't believe these systems store the entire fingerprint. The most popular ones just store a set of numbers which are measurements of various bits of the fingerprint. So if the database gets compromised, nobody can reproduce your fingerprint in a way that will be accepted by another system. These systems are sometimes used in schools for registration.

However, this might not be the case for this particular system. Or perhaps someone could subvert it by putting their own fingerprint scanner over the top or replacing it, the way dodgy petrol stations manage to steal the PIN on your card.

Security is a complex business, and the most obviously secure solutions are rarely the actually most secure ones.
elsewhere on 27 Nov 2011
In reply to syv_k:
You can fake a fingerprint with a jelly baby, that was done about 10 years ago.

http://www.zdnet.co.uk/news/security-management/2002/05/16/jelly-babies-dupe-fingerprint-security-21...

The other climbing wall in Glasgow just uses photos.
Fraser on 28 Nov 2011
In reply to elsewhere:
>
> The other climbing wall in Glasgow just uses photos.

Not to record your attendance on that day it doesn't, it uses your registration number and they check your name once they've searched their database. The photo is simply as back-up.

At least, that's how they've operated for years until a few weeks ago, when I was last in there. Could be wrong, but I don't imagine they've changed it since then.

In theory, the TCA fingerprint scanner is instead of giving a number when you enter (ie just a different means to the same end.)

mike71 - on 28 Nov 2011
In reply to Milesy: Do you not leave your finger print in public all day every day! I do think the system is pointless,slows entry Down in my opinion, don't really understand why you would have that system in a climbing centre, guess the sales man must have played a blinder.
JLS on 28 Nov 2011
In reply to mike71:

>"guess the sales man must have played a blinder"

I agree. It doesn't seem to offer much over, "What's your number?"

It's certainly no quicker, and, as the double dip recession bites, will almost certainly lead to one of the annual pass holders having their right thumb hacked off during a brutal mugging, near Kinning Park underground.
ads.ukclimbing.com
rallymania - on 28 Nov 2011
In reply to JLS:

ha ha, so shall we call that a Friday night then?

To the thread

My primary knowledge of this kind of thing comes from Bloomberg, who have a finger print scanner as part of their multi factor login process to their trading platform. (It uses, I believe, an algorithm to create a numerical representation of your finger print and actually works very well)... for something like that, it makes sense.

For accessing a climbing wall though, seems a little OTT. just because you can do something doesn't mean you should.

In a parallel (sort of)
I got a phone call from a withheld number a while back asking me to confirm my name
mr rally mania
and your DOB?
before i answer that Iíd like you to tell me who you are
we can't you yet for data protection. Once we've established your ID we'll tell you who we are
I see, so for data protection you can't tell me who you are, but you think it's ok for me to give you my DOB and other personal details to confirm who I am?

It was my credit card company, I finally managed to establish (by guessing) but they just couldnít see the problem with what they were trying to do. This is why I think itís important for people to understand what they are doing with regard their own data. (and yes i may be a touch paranoid lol)

This topic has been archived, and won't accept reply postings.