Gym wants fingerprints

pinkypinky

So I can't really think of a better place for this discussion. I'm a member of Jackie Skellys - soon to be re-launched as Energie. There's been a lot of refurbishment at the gym and I'm delighted to see it. New machines have still to come but are impending. I've just renewed my membership (annual upfront) and it is the most convenient gym so I'm not going to leave but:

They are replacing the keyring barcode cards with fingerprint entry. I'm really not happy handing over my fingerprints just so I can work out. I'm told that it's just an encrypted version and nothing is stored but I'm still not keen. They've given me some literature; it's layman friendly but I still feel it's a level of security unnecessary for a gym

What do people think of this development? I imagine they'll be doing it in all their clubs.

the drifter

fingerprint and eye scanners are the way of the future...embrace them!

UnknownSpecies

It's so you can't lend your keyring to anyone who is not a member!

eden_my_ass

To be fair it is a simple way to authentic yourself...this was introduced in my gym some years back, at the time the literature stated that they were NOT holding full fingerprint scans, rather X number of distinctive points of a particular finger that would be enough for them to distinguish you from their other members...not the same as them having your "prints on file"!

pinkypinky

pinkypinky wrote: »

soon to be re-launched as Energie. .

As in Energie or NRG of Cork & Galway ?

Orando Broom

I have no problem with the fingerprint scaner but I was not too happy with them drawing a pint of my blood. But as the fella said to me 'suere you have seven pints more of the stuff'. It's a valid point.

Orando Broom

dorgasm wrote: »

It's so you can't lend your keyring to anyone who is not a member!

there are several inciodnets of people having thier finger cut off by people to access thier gyms.

True Story.

Happend my cousin's, mates' brother there a few months back.

pinkypinky

RoverJames wrote: »

As in Energie or NRG of Cork & Galway ?

Energie are a UK chain who have bought 10 of the 11 Jackie Skelly clubs. They spell it Énergie and have purple-pink colour branding.

DamienH

Use your baby finger, no one ever robs anything with their baby finger!

pinkypinky

dorgasm wrote: »

It's so you can't lend your keyring to anyone who is not a member!

Oh I understand that. I'm just wondering if they can force me to do it? I have confirmed they will have cards as well but will charge a large amount (don't have the exact) to get one.

Renn

Yeah I'm pretty sure I'd quit any place that started introducing something like that.

PeakOutput

if its any consolation the laws that cover privacy and personal information say that any personal information they have(including fingerprints) cannot be used for any other purpose then the one they were taken for

so it would be illegal for them to use them for any other reason then identifying you as you walk into the gym

aFlabbyPanda

we use these in work and to be honest I don't see the problem with it. what do you think they are going to do with them?

and I'd actually like it. I'm always forgetting to bring my card with me.

Wonkagirl

I'm with Brian.. it sounds really bloody handy to me. (if you pardon the pun)

Is it that i'm overly naive, or that are you overly paranoid pinky?

I'm in JS on shelbourne road, cant say the 'energie' changes have been signficant, but i liked it as it was anyway, it's one of the better branches.. this fingerprint development is probably the biggest change they've made- and i'm all for it!

Zamboni

Post this thread in the conspiracy theory forum for some awesome responses

Sangre

Data Protection Commissioner is very wary of stuff like this. I think you'll find something on his site with regards biometric data storage. You can even give them a call and they'd be happy to help.

The Davestator

Zamboni wrote: »

Post this thread in the conspiracy theory forum for some awesome responses

Big time, would be funny to see the outrage.

Op- it's the way things are going and in a few years most gyms will have this. They have it for lockers in some theme parks in the USA don't they?

Sangre

http://www.dataprotection.ie/docs/Biometrics_in_the_workplace./244.htm

This relates to the workplace but a lot of the same principles apply. You'd wonder what systems are in place to remove the information once you leave.

Pontificatus

You're more at risk with them having your bank details than your fingerprints.

eden_my_ass wrote: »

not the same as them having your "prints on file"!

This

DamienH wrote: »

Use your baby finger, no one ever robs anything with their baby finger!

and this

Red Alert

Yeah they've done that in Rathfarnham too. Most of those systems don't "encrypt" the fingerprint per-se, but they just extract a information about the overall patterns. So even if somebody stole the computer they couldn't actually re-create your fingerprint.

It does mean that you won't have to pay a ridiculous amount of money if you lose your card.

Wonkagirl

Red Alert wrote: »

It does mean that you won't have to pay a ridiculous amount of money if you lose your card.

i was forever losing (correction: snapping) my card, and they never once charged me in JS ballsbridge?

It's weird, cos they always get such a slating, but i've always found them brilliant.. the instructors are super, the place is always spotless, the guys at the desk are very helpful.. i've never had the woeful experiences that others seem to have had.. plus, i broke my elbow last yr and they froze my membership for 4 months for me, not a bother..

anyway, OT!

Orando Broom

Red Alert wrote: »

Yeah they've done that in Rathfarnham too. Most of those systems don't "encrypt" the fingerprint per-se, but they just extract a information about the overall patterns. So even if somebody stole the computer they couldn't actually re-create your fingerprint.

It does mean that you won't have to pay a ridiculous amount of money if you lose your card.

I alwys bring my fingers out with me so it's handy that I won't forget them.

squod

The finger print system will last about a month. Very unreliable. They'd be far better off put their cash into buying some squat racks, lifting platforms and new staff.

JayRoc

First I thought it was a joke that this was actually being proposed.

Now I'm just left scratching my head that people could this is A) necessary or acceptable.
I'd like to think that I wasn't being paranoid on a Mulder-esque scale if I objected to my gym scanning my fingerprint on entry, thanks very much.

Barry.Oglesby

What do people think can happen? Worst case?

Gyms and businesses have a massive problem with people ripping them off. Card systems are expensive to run as are most other forms of access control. If we had some spare cash we'd be biometricking the **** outta people!

The Davestator

Jaysus, Some people here need to ring Joe Duffy first thing Monday. He'd love this topic.

If you don't like it, even after reading the info, leave.

As I said, it's the way things are going and I think it's great

TheVoodoo

When i was in secondary school, there were two sets of Identical twins, who would always only buy one membership to anywhere. So when the photo was taken, they'd obviously look the same. I guess that you can lend your fingerprint to anyone, so its a way to eliminate sharing of fobs/memberships. + As stated above, its the way forward. It's not like they can really do anything else with your fingerprint anyway.

Much more practical as well, there can be none of the ' oh i left my card at home' Because, you can really leave your fingers at home. Not being smart, but i'd say the effort of repeatedly looking up profiles etc on a system becomes annoying after a while.

FruitLover

PeakOutput wrote: »

so it would be illegal for them to use them for any other reason then identifying you as you walk into the gym

As opposed to all the other uses they might have...

...

Gillo

Really don't see the problem, much handier than a card. I accept that some people may have concerns about their finger prints being taken, but really don't understand it.
Can someone clearly explain what they are?

King of Kings

JayRoc wrote: »

First I thought it was a joke that this was actually being proposed.

Now I'm just left scratching my head that people could this is A) necessary or acceptable.
I'd like to think that I wasn't being paranoid on a Mulder-esque scale if I objected to my gym scanning my fingerprint on entry, thanks very much.

I hear and agree with you.

Barry.Oglesby wrote: »

What do people think can happen? Worst case?

Gyms and businesses have a massive problem with people ripping them off. Card systems are expensive to run as are most other forms of access control. If we had some spare cash we'd be biometricking the **** outta people!

I simply don't want any organisation (even the state if it were possible) having any of my bio data on file.
It's how I feel - I don't intend to be the next larry murphy or anything I just feel uncomfortable with anybody having such personal data.
I can close a bank account if I'd like and move on but they'll have my prints for ever.

If I'm not allowed opt out I'll be quitting there.

I'm surprised very few here actually find this objectionable -

chin_grin

From someone who used to support biometric (fingerprint) readers they DO NOT TAKE A PICTURE OF YOUR FINGERPRINT.

(Sorry for the caps!)

As mentioned earlier the scanner will take certain points of your fingerprint and convert this to a hexidecimal number. Now that's your own ID. This is stored in the applications database against your code (if you have to log in with a number too). There is no one else who'll have the same mapped points (hex number) as you.

King of Kings

chin_grin wrote: »

From someone who used to support biometric (fingerprint) readers they DO NOT TAKE A PICTURE OF YOUR FINGERPRINT.

(Sorry for the caps!)

As mentioned earlier the scanner will take certain points of your fingerprint and convert this to a hexidecimal number. Now that's your own ID. This is stored in the applications database against your code (if you have to log in with a number too). There is no one else who'll have the same mapped points (hex number) as you.

but can they can recreate your print from this hexidecimal number? Is so it's the same thing regardless of the form it's stored?

chin_grin

King of Kings wrote: »

but can they can recreate your print from this hexidecimal number? Is so it's the same thing regardless of the form it's stored?

Just found this link.

http://www.artemis-usa.com/gummybear.htm

Most devices today use between 16 and 40 minutiae points to create a template. It should be noted here that the fingerprint itself is not stored anywhere on the PC or network and creating a fingerprint model from 16-40 minutiae points is virtually impossible. It is virtually impossible for someone to "steal your fingerprint" even if they had full access to your template on the network or device.

SpookyBastard

This happens to be tech I am a little familiar with. Some of the scanners don't even use the normal level of min points. Some of the machines match 12 and I think there was an 8 mp machine knocking about too (for things like lockers I think... much cheaper to set up).

1. They don't take a pic of your print. At all.

2. They need to take only enough points to reduce the likelihood of another person sharing the same points living nearby/in the same country etc. Even with as little as 8 points this is extremely unlikely. If you were looking to suggest reasonable certainty that a finger print was belong to, for arguments sake, a murder suspect say then you'll need way more than the few min points that the standard door scanners uses (an even then its not a print). In reality the code made from your print is just that, a code. It only really works one way as you'd need to know how the code was generated to reverse engineer it and get the points. Theoretically doable but practically unlikely. So really you'd have to be worried about the gym working out the key used to generate the code and then reversing it. Even then, and we're right out on the edge here, they'd have some almost unique data but damn near no way to use it. They can't make a fake finger to use on other another door, nor can they insert your unique data into someone else's database without hacking it (this includes working out how that system generates the code) or having it entered for them by someone with access to the db. This is wayyy past the x-files folks.

And all of this is before we get into the fun of quantum cryptography where trying to reverse the hex code back into the data will actually corrupt the data itself.

Still, if you aren't happy then you can go elsewhere or pay for a card but really I wouldn't worry much about it. There's a reason we don't use photo-scans of prints... because the data could get misused. Good luck doing anything with 8 (or even 40 points) as it's still not your print. Also, as has been mentioned above , your bank details are much more vulnerable. In fact, your name address and dob are more vulnerable than the hash made from your print. You're worried about a code that is almost impossible to use but you freely give them the data that could be much more easily abused.

tomdublin

In principle I wouldn't object to it but not with this outfit (at least unless you are sure they have changed significantly from what they were...). Say you want to leave the gym without giving them 40 months notice or whatever the small print in the contract says and you cancel your DD, they could then threaten you with passing your fingerprints on to some dodgy private detective or debt collector, for example - or simply with keeping them forever. Also, you need to be sure their system of erasing data when you leave is watertight. I would just say no and go to another gym.



QUOTE=pinkypinky;68517406]So I can't really think of a better place for this discussion. I'm a member of Jackie Skellys - soon to be re-launched as Energie. There's been a lot of refurbishment at the gym and I'm delighted to see it. New machines have still to come but are impending. I've just renewed my membership (annual upfront) and it is the most convenient gym so I'm not going to leave but:

They are replacing the keyring barcode cards with fingerprint entry. I'm really not happy handing over my fingerprints just so I can work out. I'm told that it's just an encrypted version and nothing is stored but I'm still not keen. They've given me some literature; it's layman friendly but I still feel it's a level of security unnecessary for a gym

What do people think of this development? I imagine they'll be doing it in all their clubs.[/QUOTE]

COH

Luckily in my gym the combination of dilligent highly trained staff along with ultra-high-tech security measures at the entry point ensure a safe and smooth bio-data free transition from outside to inside.

Its called 'I know your face go on ahead there you're grand... and I have a sledgehammer if you're lying' :pac:

In all seriouness though, I really dont see why anyone would have a problem with this. I've been to nightclubs in Dublin where you get finger printed on admission, I've worked for companies who used finger scanning as a time sheet clock-in. So far I haven't been cloned or the victim of finger identity theft

SpookyBastard

tomdublin wrote: »

they could then threaten you with passing your fingerprints on to some dodgy private detective or debt collector, for example - or simply with keeping them forever.

Doesn't really matter as the data they have is not your print merely a code made up using your print as a random pattern.

Example...

Spooky's Finger --> Locker Room Scanner --> 12 points taken (distance and orientation from each other) --> Scanners randomly generated key (using a forgetful function such as two or more numbers multiplied by each other... try guessing the original numbers) --> Spooky's Hex Code which the door mechanism recognises and lets me in.

Spooky's Hex Code as kept by the gym => DFDD3568 BBGH7854

It's not my print, it's not even the points.

Spooky's hex --> Find a way to feed it to my Banks Scanner --> different key function algorithm --> FAIL

Spooky's hex --> Bank Scanner --> 1 in a trillion chance its the same key just for the hell of it --> Bank Database --> NO MATCH --> FAIL

Spooky's hex ---> use magic (and possibly power balance wristbands and maybe even Homeopathy) --> Spooky's 16 Minutiae Points but no idea what the actual finger looked like just the orientation of the points ---> more magic to make a finger with those points arranged correctly --> Bank scanner scans and guess what... it doesn't scan the same points --> FAIL

Seriously, this has been thought through. The only way you could do something nasty like take money out of my account (if my bank used biometrics) for example is if you can:

A. Get my Hex Code
B. Reverse it to find out the Min Points used to make it
C. Figure out where these points would be on the finger (having never seen the finger)
D. Make a fake finger
E. Have the scanner scan the exact same points, in the right order
F. Have this data match the bank database for my account (so you'll need this added to database by an insider or you're an uber hacker)
G. Assuming there are no other security measures like, say, the bank teller noticing the fake finger or you don't also have my pin.
H. Profit.

It'd be easier to just impersonate me with a fake passport with my details on it (taken from the gym) or have your insider bank employee transfer the money out to an account set up with fake id, etc.


However tom, if you really didn't trust your gym not to pass on your hex code to the 'dodgy debt collector' then why are you happy to give them your name, address, phone number, date of birth, bank account number, bank branch sort code and in some places even a photo (if they use photo id such as universities). The debt collector will know who you are and where you live and where you bank but got forbid he has a random number that can be reversed into another set of random numbers.

tomdublin

chin_grin wrote: »

Just found this link.

http://www.artemis-usa.com/gummybear.htm

They don't take an imageof our fingerprint, but they take enough information to be able to identify it which could potentially be stolen and be passed on. It's still enough to create a potential privacy issue.

COH

tomdublin wrote: »

They don't take an imageof our fingerprint, but they take enough information to be able to identify it which could potentially be stolen and be passed on. It's still enough to create a potential privacy issue.

Seriously.. and do what? Forge fake fingers and poke people.. leaving your print

The Davestator

Oul tomdublin can always be relied upon to show up when the subject is gym contracts and JSF. For all those who are opposed, including king of kings , if you are not convinced by the experts who have posted here then you really need to get over to conspiracy theories!

King of Kings

The Davestator wrote: »

Oul tomdublin can always be relied upon to show up when the subject is gym contracts and JSF. For all those who are opposed, including king of kings , if you are not convinced by the experts who have posted here then you really need to get over to conspiracy theories!

ouch - a low blow.
They wouldn't have me over there. I've too much muscle tone and fitness for them.

However I see some informed people posted here - but nobody claimed to be an "expert". Spooky is a little familiar with it (his own words) and makes some good points. anyway all the informed people posted after my points which I thanked one for them for the link.

maybe you could allow me the time to digest this for myself before casting me out to the 8th level of hell that is conspiracy theories.

WhodahWoodah

What about amputees and burn victims? I know they're a minority and they can't lift weights but I'm sure lots of them are gym members for the treadmill / pool / exercise classes / access to trainers / cardio etc. Isn't there a People with Disabilities type act? And the conscientious objector should be able to opt out of the scheme if they like. That said I wouldn't be bothered about scanning my thumb print. Sure if someone really wanted my prints they could just dust my car door handle or pick up my used coke can out of the bin. Privacy is SO 20th century!! Lol

SpookyBastard

WhodahWoodah wrote: »

What about amputees and burn victims? I know they're a minority and they can't lift weights but I'm sure lots of them are gym members

I reckon that'd be why the finger scans will never be the only option available. Personally I see accessibility as a right not a privilege. I'd be surprised if a gym were to charge someone who couldn't use to finger scan for a swipe card... well sure, it could happen but they should be told exactly were to shove it. In most uses of the print scan system there is also a pin or similar for extra security... no reason why this can be a swipe card for those of us who need it or even another option (depending on the needs of the gym member).

twowheelsonly

tomdublin wrote: »

They don't take an imageof our fingerprint, but they take enough information to be able to identify it which could potentially be stolen and be passed on. It's still enough to create a potential privacy issue.

But you can only be identified relative to the code assigned to the scan.
In other words, dx1256 ar38234 is assigned to code number 1234.
Now all you need to do, (having gone throught the whole rigmarole of decoding the numbers created by the original scan and creating a copy of your finger), is to find out who that 'print' belongs to and steal his identity and bank details.
Hang on..... Chances are that each gym has somebody that can already do that without the whole decoding of the 'fingerprint'.
It's a security measure, nothing more or nothing less. And it works in your favour believe it or not. As it stands, if I find your Gym card tomorrow morning I can , in all likelihood, walk into your gym locker room undetected. I'll wait a few minutes until the locker room is clear, burst open a couple of lockers, steal what I want and walk out again - all without being challenged. At least with Biometrics just about everybody going through that door is challenged.

(All of the above doesn't count of course if I happen to find your finger lying around...)

pinkypinky

I guess what it comes down to is that the old system of card and photo wasn't manageable because they have so few staff, and those staff were not diligent enough.

System A:
Photo taken when you join the gym and linked to your swipe card.
You swipe your card, your photo comes up, person on desk can verify.
If you don't have your card, you can't come in - simple as that.

New system:
Finger print (or some version of it) is stored.
No person needs sit on the reception desk and monitor.

They're cutting costs and dressing it up as better security.

I'm going to see if I can have a card instead. I've yet to be asked to submit my fingerprints and though the new system is up and running, there was no one at the reception when I went in yesterday, and the barrier was wide open.

SpookyBastard

pinkypinky wrote: »

I guess what it comes down to is that the old system of card and photo wasn't manageable because they have so few staff, and those staff were not diligent enough.

System A:
Photo taken when you join the gym and linked to your swipe card.
You swipe your card, your photo comes up, person on desk can verify.
If you don't have your card, you can't come in - simple as that.

New system:
Finger print (or some version of it) is stored.
No person needs sit on the reception desk and monitor.

They're cutting costs and dressing it up as better security.

I'm going to see if I can have a card instead. I've yet to be asked to submit my fingerprints and though the new system is up and running, there was no one at the reception when I went in yesterday, and the barrier was wide open.

To be honest I think it's a tad (read: grossly) unfair to suggest that the only reason a different system is being brought in is because the staff as lazy. Do luas smart cards exist because the staff are lazy? Monthly Bus tickets? Mobile phones (lazy operators?) , Aeroplanes (boat staff are too lazy to ferry you across). It's about improving a system to make things easier for the people.

As has been mentioned here, a bunch of us would like finger scanning because we always have are fingers with us. So it's easier for us , what you think of the quality of staff is irrelevant. I do find it interesting that you think the only thing the receptionist does is scan people in... god forbid they have phones to answer, enquiries from members of the public interested in joining, etc.

Sure the new system doesn't need as many staff, it's called automation. You think it's a secret that they're cutting costs? Since when was wasting less money a bad thing? When a whey protein company like bulk powders cuts costs by saving on advertising and selling on-line we applaud this but god forbid our gym try and save money... in a recession of all times... i mean seriously? :rolleyes:

Less staff one the reception should mean either more staff on the gym floor or less staff in general so less money spent on wages which should keep the costs down (and maybe keep your membership costs from creeping upwards).
Also, depending on how they're using the new system they may be able to get a better idea of how many people are in the gym at any given time, etc. Like tesco do with your club card. They find out what you buy so that they try to always have the most popular items in stock. The photo card system can do the same but not all gyms make good use of their data.

From your original post I got the impression you were worried about giving your print to the gym for security reasons (not because you wanted to keep the staff from not being diligent). The finger scan (which does not store your fingerprint or a version there of) is far safer than a card with your name and photo on it. If you are worried about misuse of a mathematically generated id number rather than your bank details, name, address, phone number, photo, etc then you really are jumping at the wrong shadow. Not to scare you but why aren't you worried about someone in the gym looking at when you visit and your address and going around to your house to burgle you?

On a closing point, as the new system is up and running (but probably still being perfected) but you haven't given your prints, wasn't it nice of the receptionist to leave the barrier open when he or she had to leave the desk so that people like you who haven't given their prints yet could get in? Or would you have preferred that you be forced to wait 5 minutes at the barrier for him/her to come back? :P

Guy:Incognito

WhodahWoodah wrote: »

? And the conscientious objector should be able to opt out of the scheme if they like.

You can, by not joining or leaving if you are a memeber.

People are far too paranoid about things these days. As was said and pretty much ignored above, what could happen to you, worst case?

tomdublin

OK but the problem with rapidly evolving technologies is that you don't know how it can be used and potentially abused a few years or months down the line. That's why the government and the medical profession have very strong privacy codes regarding the use of personal data (at least in theory). As for private companies it's a largely matter of trust, so if you think JS is trustworthy based on its track record you should give them the data, if you don't think its trustworthy you shouldn't.

Stekelly wrote: »

You can, by not joining or leaving if you are a memeber.

People are far too paranoid about things these days. As was said and pretty much ignored above, what could happen to you, worst case?

Mr. Presentable

If they want your fingerprints for nefarious purposes an easier and cheaper way to get them would be to lift them off the rowing machine with a bit of tape.

They are probably collecting your dna from the X-Trainer too. <.<._.>.>

thebullkf

have to say i don't agree with it all. had a similar experience on a building site- they wanted a 'full hand' biometric scan....i/we refused as we felt it was unnnecessary. they used the excuse that it wasfor security measures....essentially it was to stop people clocking other people in and out.
We went to the union about it and we won. New security systems over here take biometric scans of your hand and vascular system .
i don't agree with it,i also have seperate bank accounts to pay bills,memberships etc.


on another note.....

http://www.rte.ie/news/2009/1013/aviation.html



i used to think this was cool....now i'm not so sure....

https://www.youtube.com/watch?v=cWIHv7a6luY

pinkypinky

SpookyBastard wrote: »

snipped

On a closing point, as the new system is up and running (but probably still being perfected) but you haven't given your prints, wasn't it nice of the receptionist to leave the barrier open when he or she had to leave the desk so that people like you who haven't given their prints yet could get in? Or would you have preferred that you be forced to wait 5 minutes at the barrier for him/her to come back? :P

I think that's a very heavy handed response. I didn't suggest the staff were lazy and obviously I am aware they have plenty of other work to do but I have been a member of said gym for 6 years and have lost count of times there was no visible member of staff anywhere. I am more concerned with society in general's acceptance of handing over biometric data and the attitude of "sure if you haven't done anything wrong, what does it matter" but on reflection, I see that this new system is a cost-cutting measure.

On your last point, she wasn't at the desk but she was standing watching a football match on the nearby tv with her back turned to the door, and she didn't even glance when I went past.