Thursday, June 11, 2009

Biometrics and Your Library

A good definition of Biometrics is “The study of measurable biological characteristics. In computer security, biometrics refers to authentication techniques that rely on measurable physical characteristics that can be automatically checked.”

What does this mean to our libraries? Well, it could mean a lot. To make ID cards more secure, libraries could add fingerprint scanners to their location, so that the person who checks out an item or uses the computer is no doubt who they really are. A library could deploy other biometrics methods, including hand geometry or even by analyzing a person’s unique vein pattern.

One known library system has enacted fingerprint scanning in their facilities. In 2005, Naperville, Illinois purchased biometric equipment. The Deputy Director for Naperville’s Public Library stated that they spent three months debating the merits of it, if the benefit of using biometrics outweighed the security risks. Apparently, too many patrons were borrowing each other’s cards to access the Internet, thereby causing a demand for more a stringent identification protocol. Before the biometrics system was operational, The Chicago-Times Tribune wrote a commentary about the upcoming changes. In that commentary, Ed Yohnka, spokesperson for the American Civil Liberties Union of Illinois, remarked: “"You're creating just another database of information about people. I'm sure they started out with the best of intentions of not sharing this information, but the reality is sometimes intentions go awry."

That, in my opinion, is the problem. Fingerprint scans may mean faster access time for the Internet, and it may mean that the three-library system of Naperville, Illinois can rest easy knowing that everyone using their Internet is truly themselves, but at what cost? Their patrons unique identifier is “secured” in a new database, but truly how secure is that data two years from now? Five? Or even ten? There is a chance that their patron’s unique records will stay unbothered, but if they are hacked into? Alternatively, the government could request access to those very private records. Then, will Naperville’s harmless intentions turn harmful? The fingerprint scans remind me of fingerprint records that police keep of criminals. I don’t think that association is a positive one.

I understand the usefulness of biometrics regarding high security. A retina or iris scan, voice recognition, all that is fine if you are working a job that requires precise security and high authentication levels. I do not see the need for these excessive measures in a library system. Was the patrons swapping and sharing each other’s cards so big of a deal that Naperville Illinois had to spend $40,000 plus dollars to stop it? I think that is an extreme tactic.

I hope that this is what other library systems are also saying as they consider biometrics. Naperville’s biometrics happened four years ago. At that time, Naperville was only the second library to have some kind of biometric system in place. Four years and no other libraries have installed a biometric device. Maybe all those other libraries have come to the same conclusion that while the system could be faster, it could also backfire and be negative and hurt their patrons. Maybe some libraries worry that if they install these systems, it will turn off patrons and they will lose pieces of their community.

Even if biometrics is considered too extremist at the moment, I wonder, as the technology becomes possibly less expensive and more expansive in other areas of our everyday world, will other libraries eventually crumble and install fingerprint scans too?

I hope not. Only time will show us how biometrics is going to be played out in our library arena.

REFERENCES:

What is Biometrics? Retrieved June 10 2009. http://www.webopedia.com/TERM/B/biometrics.html

Kimberly, James. Library card? Check. Fingerprint? Really? (May 20 2005.) Chicago Times Tribune. (Electronic Version.) Retrieved June 10 2009. http://www.usbiometrics.com/news/Chicago_Tribune_052005.htm

American Library Association. Naperville To Launch Fingerprint ID systems for Internet Access. Retrieved June 10 2009. http://www.ala.org/ala/alonline/currentnews/newsarchive/2005abc/may2005ab/naperville.cfm


8 comments:

Kate Van Auken said...

Virginia,
I had not heard of this being used in a library setting. As you point out, it has been 4 years and no other system has installed this type of technology since. This does beg the question you point out, was it worth the extreme cost to verify Internet usage? Maybe in a large system like Naperville's they justified it, but as a patron, I think I would be concerned with these measures.
I also wonder if the technology used to support the biometrics has kept up since this was done 4 years ago. Might this system already be somewhat outdated? Does the library system continue to invest in updating this equipment? Has it worked for them as they had hoped?

anna block said...

I agree that the cost of this technology seems to outweigh its benefit. It doesn't seem like such a stringent security policy is necessary in a library setting. I wonder what other solutions to this problem were discussed in the Naperville system before deciding to implement biometrics. In response to this internet problem -Why not try a simpler solution first, like requiring patrons to show a picture i.d. along with their library card in order to verify their identity before granting them internet access?

Unknown said...

Considering very few libraries in the U.S. do this, this seems a little extreme. Judging by the fact that other libraries are not adopting the use of biometrics, I would say other libraries think the same way. However, will say that I think biometrics are not going away and that other places like Disney World have begun using them in their ticketing/admission process, so I have a feeling that biometrics will become more prevalant in the near future.

Gail said...

This is new to me, too. I agree that it could be hacked into. The iris scan is something that might work. In this economy, though, we are grateful to have money to buy books.

Ashley Smith said...

From my 6080 class, I've learned that obtaining usable fingerprint scans can be tricky. If the pressure isn't just right, then the scan is not going to "take." (Sarah Norris 5/22/09 and Kazi Jestribek 5/29/09) I looked up the NPL's Internet agreement and policy, both of which had been updated in spring 2009, and I couldn't find anything that required a patron to submit to a fingerprint scan in order to use the library's Internet. I wonder if the NPL abandoned this practice. If so, was it because this unique identification process was not very effective? I also wouldn't be surprised if a lawsuit was brewing.

Holly said...

I can understand why some libraries would feel that this could be useful, but it makes me feel like we're living in the 3000. I cannot even fathom this kind of technology on a day-to-day basis- it's like something I'd see in James Bond or something. I couldn't imagine have my fingerprint scanned to check out a book!

Geetha Baddigam said...

US Biometrics website (http://www.usbiometrics.com/libraries.htm) mentions that the use of Biometric system in libraries provide a single point of control to manage the access to library resources such as computers, buildings, doors, the Internet, and software applications. Furthermore managing one core system is less expensive and less time consuming than managing different systems from many vendors.
As libraries are in networked digital environment and connected to user community globally around the clock, with increased cyber crimes there is every need to control library assets. If cost and privacy violations are the major issues, I wonder as to how several schools are implementing this system for issuing library books etc? It is not known that how successful are other libraries elsewhere. However, it is observed that quite a few libraries in UK, Japan, India and other countries have adopted Biometrics. Here it may be noted that as per ALA 2006 poll results for use of RFID and Biometrics in libraries, only 38% are in favor of this system. Since Biometrics technology is being implemented in schools, hospitals, banks and major industries globally it is time for ALA and other professional bodies to have a fresh look at it again.

G-man said...

I generally agree with others' skepticism about the cost/benefit of biometrics. There's also a certain creepiness factor involved in fingerprint identification. At In 2005 a spokesman for the ACLU in Illinois said of the Naperville scenario: "We take people's fingerprints because we think they might be guilty of something, not because they want to use the library" ("Ill. Library" 2005). I have to agree that I would feel very weird (like I did something wrong--like I was "guilty") having my fingerprint scanned just to check out books or use the internet.
And yet this is a fear that is not rational. I just don't know what the studies show. Is holding a cabinet full of registration cards any less secure than storing "measurable biological characteristics" (cited in Pierce, 2009)? I find it encouraging that the actual fingerprint is not stored but an algorithm uses information from the fingerprint to create a unique ID. We're perfectly willing to have a barcode assigned to us but why is it that we don't want to use what is already unique to us?
Virginia is right that $40,000 is excessive given the infrequent problems Naperville was having. Yet they were purchasing the system for 130 computers with several years of customer support. That's about $308 a computer. That's still a lot of money for a problem that didn't seem too severe.
However it would be interesting to see if the convenience of not having to fumble around looking for your card would justify the price. (You also wouldn't have to pay a replacement charge for a lost card.) I can't tell you how many minutes are wasted waiting for a patron to find their library card only for me to hand it back to them within two seconds of scanning it.
Geetha tells us that 38% of libraries in 2006 wanted a biometric security system. Clearly there's some marketing work that needs to be done. I wonder what a survey of patrons would show?

References
AP. (2005, May 21). Ill. library getting fingerprint scanners. Retrieved June 22, 2009, from http://www.infowars.net/Pages/May05/210505scanners.html.