Give us your biometric data to get your lunch in 5 seconds, UK schools tell children

Facial recognition for meal payment system works for kids, supplier says

Updated Facial recognition technology is being employed in more UK schools to allow pupils to pay for their meals, according to reports today.

In North Ayrshire Council, a Scottish authority encompassing the Isle of Arran, nine schools are set to begin processing meal payments for school lunches using facial scanning technology.

The authority and the company implementing the technology, CRB Cunninghams, claim the system will help reduce queues and is less likely to spread COVID-19 than card payments and fingerprint scanners, according to the Financial Times.

Speaking to the publication, David Swanston, the MD of supplier CRB Cunninghams, said the cameras verify the child's identity against "encrypted faceprint templates", and will be held on servers on-site at the 65 schools that have so far signed up.

He added: "In a secondary school you have around about a 25-minute period to serve potentially 1,000 pupils. So we need fast throughput at the point of sale." He told the paper that with the system, the average transaction time was cut to five seconds per pupil.

The system has already been piloted in 2020 at Kingsmeadow Community School in Gateshead, England.

North Ayrshire council said 97 per cent of parents had given their consent for the new system, although some said they were unsure whether their children had been given enough information to make their decision.

Seemingly unaware of the controversy surrounding facial recognition, education solutions provider CRB Cunninghams announced its introduction of the technology in schools in June as the "next step in cashless catering."

"This intuitive technology enables the PoS operators to quickly identify the pupil's cashless account whilst payments are instantly adjusted in the same way as all other identification methods in CRB Cunninghams' Fusion software," the company said.

According to Professor Fraser Sampson, the UK government's Surveillance Camera Commissioner, facial recognition technology may need to be regulated in much the same way as some ethically sensitive medical techniques to ensure there are sufficient safeguards in place to protect people's privacy and freedoms.

Sampson, who works with the Home Office overseeing tech-related surveillance in the UK, told The Register last month that facial recognition was "a fast-evolving area and the evidence is elusive but it may be that the aspects currently left to self-determination present the greatest risk to communities or simply to give rise to the greatest concern among citizens."

Privacy campaigners voiced concerns that moving the technology into schools merely for payment was needlessly normalising facial recognition.

"No child should have to go through border style identity checks just to get a school meal," Silkie Carlo of the campaign group Big Brother Watch told The Reg.

"We are supposed to live in a democracy, not a security state. This is highly sensitive, personal data that children should be taught to protect, not to give away on a whim. This biometrics company has refused to disclose who else children's personal information could be shared with and there are some red flags here for us. "Facial recognition technology typically suffers from inaccuracy, particularly for females and people of colour, and we're extremely concerned about how this invasive and discriminatory system will impact children."

Jen Persson, director at defenddigitalme, a children's rights and privacy group, pointed out that Sweden had issued its first fine under GDPR in the case of a school using facial recognition and the French data protection authority ordered high schools in Nice and Marseille to end their facial-recognition programs.

"We expect a similar response from the UK ICO and for all biometrics to be removed from UK schools. The law says if we can, we must, use less invasive approaches to protect children's fundamental rights and freedoms," she toild The Reg.

Those concerned about the security of schools systems now storing children's biometric data will not be assured by the fact that educational establishments have become targets for cyber-attacks.

In March, the Harris Federation, a not-for-profit charity responsible for running 50 primary and secondary academies in London and Essex, became the latest UK education body to fall victim to ransomware. The institution said it was "at least" the fourth multi-academy trust targeted just that month alone. Meanwhile, South and City College Birmingham earlier this year told 13,000 students that all lectures would be delivered via the web because a ransomware attack had disabled its core IT systems.

North Ayrshire Council and the ICO were contacted for comment. ®

Updated on 18 October to add:

An ICO spokesperson said: "Organisations using facial recognition technology must comply with data protection law before, during and after its use. In addition, data protection law provides additional protections for children, and organisations need to carefully consider the necessity and proportionality of collecting biometric data before they do so. Organisations should consider using a different approach if the same goal can be achieved in a less intrusive manner.

"We are aware of the introduction and will be making enquiries with North Ayrshire Council."

"Anyone who feels that their personal data has been processed in a manner that is unlawful can raise a complaint directly with the ICO."

A spokesperson for North Ayrshire Council told us: "Our catering system contracts are coming to a natural end and we have the opportunity to install IT infrastructure which makes our service more efficient and enhances the pupil experience using innovative technology.

"Given the ongoing risks associated with COVID-19, the Council is keen to have contactless identification as this provides a safer environment for both pupils and staff. Facial recognition has been assessed as the optimal solution that will meet all our requirements.

"Additionally, the time taken to be served at till points is a common complaint and potentially one of the reasons why pupils opt to go out [of] school grounds for lunch. Contactless payment using facial recognition is very fast and efficient and gives time back to pupils to spend with friends or at lunchtime activities. "Facial recognition involves faceprint templates being taken, which are measurements of key points on the face, where consent has been received. In keeping with the ICO UK GDPR guidance, pupils in S4-S6 have been allowed to provide their own consent while pupils in S1 – S3 require parental consent. "We have received an excellent response from pupils, parents and carers, with over 97 per cent of responses being positive and providing consent. Pupils often forget their PINs and unfortunately some have also been the victim of PIN fraud, so they are supportive of the planned developments and appreciate the benefits to them."

Similar topics

Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021