Are face recognition clocking in machines Legal?

For ever odd

Hi guys,
My workplace are introducing a face recognition (eye scanner) clock in clock out system for time keeping purposes, with a finger print taken as a back up system (finger print scanner).

Is this legal? Do I have the right to decline?

Thanks in advance, as I cannot provide anymore details other than it is not a security issue.

GreatDefector

For ever odd wrote: »

Hi guys,
My workplace are introducing a face recognition (eye scanner) clock in clock out system for time keeping purposes, with a finger print taken as a back up system (finger print scanner).

Is this legal? Do I have the right to decline?

Thanks in advance, as I cannot provide anymore details other than it not a security issue.

No idea about legal but it shows complete and utter lack of trust if it's just for timekeeping

If it's to give you and only you access to a vault? Different story

well spoken man

Amazon?????

durtybit

For ever odd wrote: »

Hi guys,
My workplace are introducing a face recognition (eye scanner) clock in clock out system for time keeping purposes, with a finger print taken as a back up system (finger print scanner).

Is this legal? Do I have the right to decline?

Thanks in advance, as I cannot provide anymore details other than it is not a security issue.

You can decline yes, but they can also decline to pay you.

gman2k

Have a read here
https://www.dataprotection.ie/docs/Biometrics-in-the-workplace-/244.htm

and here is a case study
https://www.dataprotection.ie/docs/Case-Studies-2008/c/732.htm#12

Grolschevik

It depends. Do you work for Cyberdyne Systems?

D.24

My wife is a HR manager and she has the same opinion as dirtybit, you can refuse but as the eye scanner is used to calculate your hours your employer could argue they don't have any record of hours worked. Sadly it's a sign of the times...

howamidifferent

Just out of curiosity what's the problem with this if it's just a clock in system? Personally I wouldn't have an issue with biometric systems. Not trying to be controversial just genuinely curious.

franknottaken

The data stored in these devices in general made up of a string of numbers....something like 10101010101 for example. An image of a finger print or your face is not actually saved anywhere.

markfinn

howamidifferent wrote: »

Just out of curiosity what's the problem with this if it's just a clock in system? Personally I wouldn't have an issue with biometric systems. Not trying to be controversial just genuinely curious.

For me the problem would be the result when the system is inevitably connected to the internet and immediately cracked.

Generally if any HR database becomes public knowledge it's bad, but a few password changes, bank account resets etc later it;'s mostly good.

How do you go about getting new fingerprints/ facial structure after this one goes public? You know the majority of companies are not going to work from hashes and will have the biometric base data sets saved in files named by employee.

TheChizler

It would only be a very careless and incompetent company that uses a system that stores data that your actual fingerprint or retinal scan could be derived from. Most likely your data is used to create a variant of a cryptographic hash which could only verify that the same finger/eye was presented as before. If it was stolen all it could do is verify your finger/eye if you presented them to the hacker.

Did the employer provide any information on the system to be used?

FobleAsNuck

eye scan and face recognition are completely different things

Aye Bosun

TheChizler wrote: »

It would only be a very careless and incompetent company that uses a system that stores data that your actual fingerprint or retinal scan could be derived from. Most likely your data is used to create a variant of a cryptographic hash which could only verify that the same finger/eye was presented as before. If it was stolen all it could do is verify your finger/eye if you presented them to the hacker.

Did the employer provide any information on the system to be used?

I manage a biometric access system for finger prints. As an above poster mentioned no actual image of your finger print is stored, it is converted to an algorithm and stored as a series of numbers eg. 01010101011
The data cannot be used for any type of forensic purposes.

For ever odd

durtybit wrote: »

You can decline yes, but they can also decline to pay you.

My wife is a HR manager and she has the same opinion as dirtybit, you can refuse but as the eye scanner is used to calculate your hours your employer could argue they don't have any record of hours worked. Sadly it's a sign of the times...

Thanks, but it does sound a bit like bullyboy tactics.

As regards the other posts- I am only interested in the legality of the system, not the various mechanics of it.

rock22

Aye Bosun wrote: »

I manage a biometric access system for finger prints. As an above poster mentioned no actual image of your finger print is stored, it is converted to an algorithm and stored as a series of numbers eg. 01010101011
The data cannot be used for any type of forensic purposes.

All data stored digitally is stored as a series of binary digits.
"converted to an algorithm" makes no sense. Would you care to explain what the algorithm addresses?
Any database can be accessed by authorities for forensic purposes on order of the courts.

harr

For ever odd wrote: »

Thanks, but it does sound a bit like bullyboy tactics.

As regards the other posts- I am only interested in the legality of the system, not the various mechanics of it.

Don't think it's a legal issue,I have worked in a few companies with fingerprint log in systems and have seen it a good number of times in other firms where I used to do contract work...as others have said it's just a number connected to your finger print....the main reason I have seen employers using this system is to stop people clocking each other in and out...haven't seen a facial recognition system yet or an Iris scan yet for that Matter...

TheChizler

rock22 wrote: »

Aye Bosun wrote: »

I manage a biometric access system for finger prints. As an above poster mentioned no actual image of your finger print is stored, it is converted to an algorithm and stored as a series of numbers eg. 01010101011
The data cannot be used for any type of forensic purposes.

All data stored digitally is stored as a series of binary digits.
"converted to an algorithm" makes no sense. Would you care to explain what the algorithm addresses?
Any database can be accessed by authorities for forensic purposes on order of the courts.

Your retinal or fingerprint data may come to several kilobytes, however after it goes through the hashing algorithm it might only be 128 bytes. There is no way to recover the original data from this small amount of data.

listermint

Sounds like ridiculous overkill, but it depends on the type of work you are in.

If it's sensitive then I suppose it warrants checks and balances.

If it's a shop or call centre its pure laughable,and some IT provider has just made a sale laughing to the bank.

hullaballoo

listermint wrote: »

Sounds like ridiculous overkill, but it depends on the type of work you are in.

If it's sensitive then I suppose it warrants checks and balances.

If it's a shop or call centre its pure laughable,and some IT provider has just made a sale laughing to the bank.

That is exactly what it is in many cases. HR depts all over the place buying pups.

There is absolutely no need for most employers to use these machines. It strikes me that they just do it because "they can." The attitude above that if the employee doesn't like it, they don't have to be paid is typical of an attitude that is all too common and holds all employees, no matter what their worth to the employer, in utter contempt.

meeeeh

hullaballoo wrote: »

That is exactly what it is in many cases. HR depts all over the place buying pups.

There is absolutely no need for most employers to use these machines. It strikes me that they just do it because "they can." The attitude above that if the employee doesn't like it, they don't have to be paid is typical of an attitude that is all too common and holds all employees, no matter what their worth to the employer, in utter contempt.

Spare me. We have around 10 people working for us, I spend at least 15 minutes every week chasing around those who forgot to clock out, forgot their card or key fob, clock card isn't working and so on. And then you have to get duplicates for lost ones. You can multiply that for bigger companies. I certainly wouldn't fancy doing the same for 1000 people. I can completely see how finger scanner eliminates a lot of hassle and if you also make realize people they are responsible for their clockings there will be a lot of time saved. And spare me about valued employees, people in payroll are not there to evaluate how valued someone is they are there to process data.

hullaballoo

People forget to scan their bits just as often.

Sorry you find your job a lot of hassle but you could try and look at things from the employees point of view and you'll see that your attitude to them is contemptuous, you deem them incompetent to remember something that isn't attached to them and they need to be chased after. Awful management attitude if I'm honest and probably the kind of thing that drives most employees mad.

People don't prioritise what they regards as unnecessarily bureaucratic processes. They are perfectly capable of timekeeping without presenting biometric information about themselves to prove they worked 7.96 hours last Tuesday.

While the information might be important from your perspective, it isn't for people whose jobs mean they are in a completely different head space.

meeeeh

hullaballoo wrote: »

People forget to scan their bits just as often.

Sorry you find your job a lot of hassle but you could try and look at things from the employees point of view and you'll see that your attitude to them is contemptuous, you deem them incompetent to remember something that isn't attached to them and they need to be chased after. Awful management attitude if I'm honest and probably the kind of thing that drives most employees mad.

You are absolutely right. Next time I will deem them competent to remember stuff and pay them only for the hours that are clocked. :rolleyes:

endacl

I work in a place with a face recognition system. When I arrive, Paul the porter looks at my face and verifies that it's me.

Walter2016

For ever odd wrote: »

Thanks, but it does sound a bit like bullyboy tactics.

As regards the other posts- I am only interested in the legality of the system, not the various mechanics of it.

Where do you see the issue? What "data" are you concerned about?

Usually the only people who have a problem with something like this are those with something to hide.

Its simply a more secure way of signing in and ensures you are paid properly and staff cannot scam the employer.

And as per another poster, its not face recognition, its an eye scan. Similar technology is coming to atm machines and many other things, so get used to it.

K.Flyer

For ever odd wrote: »

Hi guys,
My workplace are introducing a face recognition (eye scanner) clock in clock out system for time keeping purposes, with a finger print taken as a back up system (finger print scanner).

Is this legal? Do I have the right to decline?

Thanks in advance, as I cannot provide anymore details other than it is not a security issue.

Sounds a bit like overkill, both retina and finger scan, unless its a high secure facility which requires very limited access to the area.
But I don't think that there is anything illegal about it as similar clock in / out systems have been around for quite a while.


I know one particular company that has been using biometric hand scanners for years. The main reason for its introduction was that staff entered the work place at variable times and some people were "forgetting" to clock out using their older system and others would "clock out" for them.
The introduction of the hand reader came with a simple rule if you don't clock in and out, you did not get paid that day.
Overtime pay was slashed within the first month.

atticu

hullaballoo wrote: »

People forget to scan their bits just as often.

Sorry you find your job a lot of hassle but you could try and look at things from the employees point of view and you'll see that your attitude to them is contemptuous, you deem them incompetent to remember something that isn't attached to them and they need to be chased after. Awful management attitude if I'm honest and probably the kind of thing that drives most employees mad.

People don't prioritise what they regards as unnecessarily bureaucratic processes. They are perfectly capable of timekeeping without presenting biometric information about themselves to prove they worked 7.96 hours last Tuesday.

While the information might be important from your perspective, it isn't for people whose jobs mean they are in a completely different head space.

One of the problems is that people will forget that they worked 7.96 hours last Tuesday until they get their pay slip.
And being paid correctly is very important for most working people.

So, it is often easier to use some biometric clocking in and out system in a lot of companies.

Gatling

I remember a good few years back working for a large multinational we had an issue with stock loss at a particular facility .
After several attempts to prevent losses through traditional means we had to install airport style security scanners and hand held metal detectors ,
We had similar issues with staff saying it wasn't legal and so on nearly all the female workers declared they were pregnant( 3days in )and all the male staff had epilepsy that's prevented them from walking through scanners and having the handhels been used too ,
People always fear new things like finger or hand print readers after a while people forget about them and carry on with what there supposed to be doing

Markcheese

I dont see a problemwith it...
But I also think everyones thumb print should be linked to their driving licence,passport,government services card....
And gardai/appropriate services should have access to handheld scanners...

Senna

If you are opposed to this, what do you possibly think the information could be used for? I'd love some examples.

dev100

Markcheese wrote:

I dont see a problemwith it... But I also think everyones thumb print should be linked to their driving licence,passport,government services card.... And gardai/appropriate services should have access to handheld scanners...

Why ?

Gatling

Markcheese wrote: »

I dont see a problemwith it...
But I also think everyones thumb print should be linked to their driving licence,passport,government services card....
And gardai/appropriate services should have access to handheld scanners...

The PCS card (social welfare) when you go to get one the digital photograp embedded in it is run through facial recognition software to detect fraud ,
I'd expect in the next few years it will be the same for driving licenses and other means of identification

Pawwed Rig

Walter2016 wrote: »

Usually the only people who have a problem with something like this are those with something to hide.

Would you be happy with a camera in your house so you could be monitored?

Kings Inns or bust

Pawwed Rig wrote: »

Would you be happy with a camera in your house so you could be monitored?

God no I've far too much to hide!

(Please don't let my silly jokes detract from the seriousness of your point or the naivety of the one you quoted.)

Kings Inns or bust

dev100 wrote: »

Why ?

The prevention of fraud I would imagine. I can't help thinking seeing that scene in Demolition Man though... urrrgh.

gctest50

TheChizler wrote: »

Your retinal or fingerprint data may come to several kilobytes, however after it goes through the hashing algorithm it might only be 128 bytes. There is no way to recover the original data from this small amount of data.

And who guarantees the software doesn't store the raw images as well ?

Is the system connected to the internet in any way ?

Is it connected to any computer that has usb slots ( or simliar etc) or is connected to the internet in any way ?

Is there a usb slot ( or anything similar etc ) on the system ?

davo10

Don't most new phones have fingerprint unlocking? Would you refuse to buy a phone based on this? I really don't see what the big deal is, other systems can be easily abused, this method is specific and particular to each person and limits the employees ability to abuse the clock in system.

Some of the posts here say it is overkill and an abuse of power, but presumably it would not be needed if current systems were not being abused.

TheChizler

gctest50 wrote: »

TheChizler wrote: »

Your retinal or fingerprint data may come to several kilobytes, however after it goes through the hashing algorithm it might only be 128 bytes. There is no way to recover the original data from this small amount of data.

And who guarantees the software doesn't store the raw images as well ?

The threat of that software company never making a sale again if they did the exact opposite of what they claimed and mishandled personal information in this way. Also the threat of the DPC and legal liability. Like all data an employer keeps on you.

davo10

TheChizler wrote: »

The threat of that software company never making a sale again if they did the exact opposite of what they claimed and mishandled personal information in this way. Also the threat of the DPC and legal liability. Like all data an employer keeps on you.

There was a previous thread on this a year or two ago, a software designer who worked on the design of these types of biometric clock in systems posted that it was impossible even for the software company who made the system to reproduce a workable fingerprint/retina scan from the system installed.

TheChizler

Yup. Practically impossible. Technically with enough processing power (I'm talking years with today's fastest supercomputers) you might be able to recreate a scan that would match the key, but it wouldn't be your print. Like many locks can be opened by one master key, but you couldn't make the master key by examining any one lock.

goz83

OP, just get your clock out buddy to put on a face mask of you and a latex copy of your finger print.

Walter2016

Walter2016 wrote: »

Usually the only people who have a problem with something like this are those with something to hide.

That is the type of bullcrap statement that is used to ram privacy restricting legislation through governments

TheChizler

TheChizler wrote: »

Yup. Practically impossible. Technically with enough processing power (I'm talking years with today's fastest supercomputers) you might be able to recreate a scan that would match the key, but it wouldn't be your print. Like many locks can be opened by one master key, but you couldn't make the master key by examining any one lock.

And what about software/hardeware weak points before encryprion?

TheChizler

Deleted User wrote: »

TheChizler wrote: »

Yup. Practically impossible. Technically with enough processing power (I'm talking years with today's fastest supercomputers) you might be able to recreate a scan that would match the key, but it wouldn't be your print. Like many locks can be opened by one master key, but you couldn't make the master key by examining any one lock.

And what about software/hardeware weak points before encryprion?

How do you mean? Some hacker coming in and getting the image directly from the scanner? I think if you worry about this kind of thing logically you have to worry about someone snooping around your office lifting your fingerprint directly from your mug.

gctest50

TheChizler wrote: »

The threat of that software company never making a sale again if they did the exact opposite of what they claimed and mishandled personal information in this way. Also the threat of the DPC and legal liability. Like all data an employer keeps on you.

The threat of prosecution/jail etc didn't stop Jimmy Saville now did it ?

harr

Most work places would have cctv which more than likely would record your coming and goings anyway ....and that footage would be stored locally or cloud based servers ....do you also have a problem with that...
As mentioned the only people who would have a problem with such a system would be people taking the piss with the current clock in process...this type of identification will be very normal in a few years...even my current gym you can only gain access by thumb print which is linked to your photo on the gyms computer screen....

davo10

TheChizler wrote: »

How do you mean? Some hacker coming in and getting the image directly from the scanner? I think if you worry about this kind of thing logically you have to worry about someone snooping around your office living your fingerprint directly from your mug.

If I remember from previous thread, an image is not taken of either fingerprint nor retina, the software just identifies a couple of specific markers, not the whole identifiable field/image.

davo10

gctest50 wrote: »

The threat of prosecution/jail etc didn't stop Jimmy Saville now did it ?

Paedophilia v clock in systems, that's a huge jump.

K.Flyer

Driving Ĺicences, Passports, SW Cards, Club Memberships etc etc. Your information is out there on all their systems, so why the paranoia about an advanced form of clocking in, they are all as secure / vulnerable as each other.

joeguevara

The answer to the question is that they can't mandatorily impose it on you. They can have it but if you opt out they must have an alternative less invasive way of clocking you in like clock in cards....that is unless there is a legitimate (burden of this is very high) reason to have a biometric clock in system.

davo10

joeguevara wrote: »

The answer to the question is that they can't mandatorily impose it on you. They can have it but if you opt out they must have an alternative less invasive way of clocking you in like clock in cards....that is unless there is a legitimate (burden of this is very high) reason to have a biometric clock in system.

A post like that always needs a link to definitively back it up, this will be a short thread if you can provide that link.

This is the link I could find about it, it pretty much says that if the employer can show it is necessary, it is not illegal and they can use it. The op hasn't given those details so as far as we know, it is not illegal.

https://www.dataprotection.ie/docs/Biometrics-in-the-workplace-/244.htm

harr

joeguevara wrote: »

The answer to the question is that they can't mandatorily impose it on you. They can have it but if you opt out they must have an alternative less invasive way of clocking you in like clock in cards....that is unless there is a legitimate (burden of this is very high) reason to have a biometric clock in system.

Of course you don't have to use it but good luck getting paid your wages when they don't have any records of you being in work...and no they don't have to offer anybody a less invasive way of clocking in...the business in question could have any number of reasons as to why they need to change the clock machines...ffs it's only a clock in machine...op should be happy they have a job to clock into...