Patrick J. Gossman, Ph.D Deputy CIO Wayne State University Detroit, MI
Overview Present a short case study, still in development, to illustrate the “power” of privacy concerns around biometrics Discuss key questions that may be raised in any campus deployment Lead into an in-depth review of the law 11/18/10Wayne State University2
The Situation A large urban campus, 100 buildings 200 custodial staff, unionized Central check-in inefficient, error-prone Desire distributed readers so staff can report directly to their work location Remote check-in easily spoofed with magnetic stripe card readers 11/18/10Wayne State University3
Perfect Solution Biometric readers inside all buildings for check-in and check-out of custodial staff Biometric readers well-proven technologies, not easily spoofed Initial up-front cost, but reasonable maintenance costs 11/18/10Wayne State University4
So, why are we installing CARD readers? Privacy became a key issue Concern about dealing with privacy led to many other questions: Does the technology solve our problem? Introduce other problems? Worth the cost? Maintenance questions? 11/18/10Wayne State University5
Biometrics - Privacy Concerns How secure are the data? Hosted solution, added concerns? Who has access? What data are we gathering? If released, how might it be used? How long do we keep it? What will be done with it? 11/18/10Wayne State University6
Security Storage is in highly secure environments SAS 70 security audit Access to data is strictly controlled by password and role All data are transmitted via VPN 11/18/10Wayne State University7
What Data? Biometric identifier vs. tracking data Biometric identifier considered was hand geometry Physical images would not be stored Hand geometry technology is encrypted on both ends (storage and reader) and of no use if decrypted otherwise 11/18/10Wayne State University8
How Will Data Be Used? Management reports only Reports using biometrics would be no different than if card readers or manual entry of attendance data were deployed 11/18/10Wayne State University9
So why are we installing CARD readers? No guarantees (are there ever?) Technology sounds complex, obtuse Don’t trust what you don’t understand Don’t trust technology and administration Deployment plan with biometrics would close some loopholes, but not all Therefore, start with less intrusive process 11/18/10Wayne State University10
In Our Case... More Work Card readers are accepted and address the first problem of efficiency – staff go directly to work assignments Biometrics would help eliminate spoofing and problems with lost cards Neither solves absence between check-in and check- out Building access is a related issue 11/18/10Wayne State University11
In Your Case Problem analysis is critical. Biometrics are just tools. Processes are critical. Total plan must be solid, ROI analysis solid, need for biometrics solid, particular technology well chosen. Campus culture cannot be ignored. 11/18/10Wayne State University12
Closing Choose least intrusive technology Make it simple to understand Transparency is required Consider broad participation in decision process to aid adoption Differentiate between what is required by law and what is required by your culture 11/18/10Wayne State University13
Patrick J. Gossman, Ph.D. Deputy Chief Information Officer Wayne State University Detroit, MI (313) /18/10Wayne State University14