In this country, thousands of schools are collecting fingerprints or other forms of biometric data from pupils as young as three. They are collected for registration, the lending of library books and the administration of school dinners. Several enterprising companies contact schools directly to sell these packages and the benefits that they bring. Yet the Department for Children, Families and Schools—
I accept the Minister's correction; it is something we are all getting used to. I congratulate him on retaining his job.
The new Department has no idea in how many schools this is happening. Despite the fact that unofficial surveys would suggest that it is taking place in every local education authority area in the country, the Government have no records of how many schools are collecting biometric data. That was revealed in an answer by the former Schools Minister, Jacqui Smith, in February 2006:
"We are aware that some schools do hold a photograph of pupils on their management information systems; use fingerprint scanners for the twice daily attendance registration of pupils; or use iris-scanners. However, my Department does not collect any information on how many schools use such equipment or hold photos or any other biometric data on their systems."—[ Hansard, 27 February 2006; Vol. 443, c. 505W.]
Yet a survey conducted by the campaigning organisation Leave them Kids Alone has estimated that 3,500 primary and secondary schools now use biometric data systems and that approximately 750,000 children have been fingerprinted by their schools. It is estimated that 20 new schools a week are being added to those figures. Therefore, the issue needs to be addressed.
One thing is certain: we may not know how many schools this is happening in, but we do know that parents are often not being asked for consent and in many cases are not even being informed. Some schools will send a letter home—some do so before the system is introduced, some afterwards—but there is no requirement to do that. There is real concern among parents, parent groups and civil liberties organisations, which, I am afraid, up to this point has been ignored by the Government. Indeed, in responding to requests to devote parliamentary time to the issue, the former Leader of the House, Mr. Straw said:
"I am not aware of the practice, but obviously people have accepted it."—[ Hansard, 25 January 2007; Vol. 455, c. 1567.]
That is absolutely not the case. David Coulter, who runs Leave them Kids Alone, has reported that over 1,500 parents polled between July and September last year were against the use of fingerprinting systems. He has received more than 300 complaints from disaffected parents in one month alone.
I am delighted that finally—and, it seems, entirely coincidentally—the Department published the long-awaited guidance for schools on the issue today. That is welcome. However, as well as being overdue, it still leaves uncertainty as to the rights of parents and pupils to object, a point to which I shall return.
To give the background to the issue, biometric systems are being used for attendance, borrowing library books and cashless lunch systems. A form of biometric data such as a fingerprint or retinal image is collected and converted by an algorithm into a unique binary number. This is then stored in encrypted form and checked against the corresponding number every time the pupil places his thumb on a scanner allowing that pupil to borrow a library book or to buy lunch in the canteen. As a result of the encryption process, and because the fingerprint is stored as a number rather than a fingerprint, it is claimed by the companies who provide these systems that it cannot be reverse-engineered, and therefore, it is secure and not open to identity fraud or theft. However, that is not strictly accurate. Independent technology experts have stated that in their opinion it is impossible to say that data will remain secure. Advances in technology mean that it is inaccurate to say that it will not be possible to reverse-engineer the data stored in order to obtain the original fingerprint.
There is also concern about how the data is stored. It is generally stored on small school networks or stand-alone PCs, with the most basic level of firewall protection and anti-theft protection, or it is held by the agencies who provide the technologies—and we are talking, of course, about an industry that is unregulated. Further, as Action on Rights for Children points out, schools are not secure places. Theft of school equipment is alarmingly frequent and IT equipment is a magnet for thieves. The Metropolitan police recorded 7,500 school burglaries between 2000 and 2004. Outside London, local crime figures suggest that at least one school a day is burgled in each police area.
Andrew Clymer is a senior identity management security expert with more than eight years of experience working for organisations such as Cisco Systems, Visa, Fidelity and Merrill Lynch. He says
"There is an element of risk storing thumbprint" templates
"on a school computer. No system can guarantee the security of information against future technology. Attempting to protect lifetime relevant information is extremely tricky and potentially costly."
Banks invest millions of pounds in constantly updating and adapting their security systems to prevent identity fraud, but how can schools be expected to do the same? However, unlike a bank personal identification number—PIN—biometric data cannot be changed in the event of theft or identity fraud, and a person's biometric data remains the same for a lifetime. Therefore, once stolen, it is compromised forever.
How long data is stored is also an issue. Schools act independently. Some might destroy the data they hold as soon as the child leaves school, but there is nothing to stop them keeping the data for longer, or permanently, if they have sufficient storage space. Not only does that raise questions about whether the data could be used by organisations, including the police or security services, in later life, or indeed while the child is still at school, it raises further concerns about the security of the data and the chance that it might be compromised.
There is also the question of whether biometric information collected in schools is prohibited by data protection legislation. The Government's defence is that the information stored is not sensitive, but how can that be the case? The data is unique to each individual. As plans are being drawn up to introduce cash machines that use biometric data such as fingerprints, not to mention biometric passports, how can the Government suggest that that is not sensitive data?
The fundamental issue, however, is that of parental consent—or rather the lack of it in respect of the collection of biometric data in schools. Many schools collect that data without directly consulting parents, never mind obtaining explicit parental permission. An online poll last summer of 1,400 parents by Leave Them Kids Alone found that 94 per cent. were against schools taking biometric data without parental consent. Many parents have contacted MPs and Ministers to express their outrage following their discovery that biometric data had been collected from their children without their knowledge, never mind their consent. Action on Rights for Children states:
"Given the seriousness of the issues involved, it is nothing short of astonishing that children's fingerprints are being taken without parental knowledge or consent."
Some parents have taken the step of withdrawing their children from systems such as cashless lunch arrangements, but that is not without consequence, and many parents fear that their children might be stigmatised or marginalised as a result. If parents were given the right to withdraw consent and did so to any extent, the use of biometric systems would be entirely undermined. An alternative system would need to be in place. However, instead of there needing to be two systems, why not have one system that works and that delivers the same benefits as biometric data systems, without issues and concerns?
The lack of guidance has been a concern. Regardless of what the Minister might say, there has been a U-turn. In an answer to a written question last year, the former Schools Minister said:
"My Department has issued no guidance to schools on the collection and recording of pupils' biometric information. In collecting data of this type the school is likely to rely on the broad powers contained in paragraph 3 of Schedule 1 of the Education Act 2002. This enables a governing body to do anything which appears to them to be necessary or expedient for the purposes of, or in connection with the conduct of the school."—[ Hansard, 27 February 2006; Vol. 443, c. 504W.]
Today, finally, the guidance is published. I welcome that, but it is six months after the Government said that they would publish it and it is very conveniently timed for this debate. However, the Government still have not fundamentally addressed the issue of whether parents have the right to be asked for consent: the guidance merely says that they should be asked. It is welcome that parents should be fully informed about how their children's biometric data will be used, what is involved, what data will be held and stored, why it is required, how it will be secured, and for how long it will be retained. However, the guidance critically fails to introduce a legal requirement for parental consent to be obtained before a child's biometric data can be collected. That is unacceptable, on such a critical issue that has so many ramifications for the children involved and the security of their personal data. The only way to resolve the problem is to introduce a legal requirement for consent.
The collection of biometric data by schools is not necessary. There are reasons why schools are buying such systems and why the companies are telling schools that it is a good idea to do so. They suggest reasons of efficiency; traceability, of library books, for example; or identification of pupils who qualify for free school meals without revealing that to other pupils. But all those could equally be achieved by swipe cards. It is interesting to note that swipe cards are 100 per cent. accurate when passed over a reader, but biometric systems such as fingerprint scanners are only 93 per cent. accurate. So they are less accurate than swipe cards and considerably more expensive.
Will the Minister clarify the situation regarding e-learning credits? There is some confusion about what part of such systems can or cannot be purchased with e-learning credits. Many parents feel that it is not an appropriate use of e-learning credits, but I would welcome the Minister's comments.
In conclusion, this is a real issue that needs to be addressed. I am glad that the Minister and the Department are taking it seriously and have finally published guidance.
It raises many issues, including those of security, consent and information, as well as benefit, necessity and cost. I mean cost not only in monetary terms, but in the possible ramifications and consequences of the introduction of that practice. The Government have been too slow to listen and too slow to act. They are finally engaging with the issue, but their response is still inadequate. It is not enough to say that parents should be consulted. They must be consulted, if biometric data, such as fingerprints, are to be taken from their children. Like a child's safety on a school trip, the collection of a child's fingerprints or other biometric data is enormously important, and should be treated with the same respect.
Given all the problems and concerns about the issue, which have been raised by parents, parents' groups and civil liberties groups over the past few months, I have come to the conclusion that the costs of introducing that technology into our schools utterly outweigh any positive benefits that may ensue. The collection of biometric data in our schools is unnecessary, intrusive and insecure. A can of worms has been opened and, as yet, the Government have failed adequately to close it. The situation is now a little clearer, but we want real clarity. The only way to achieve real clarity is for the Government to say that schools must always ask parents for consent before taking biometric data from children.
I thank Greg Mulholland for raising such an important issue. The subject has generated a great deal of debate, some controversy and a lot of mythology. The hon. Gentleman has written to me and questioned me several times about the issue, so I welcome this opportunity to try to offer him further reassurance, although as he said the response was inadequate, he may have prejudged me.
For some time, I have been keen to publish guidance on how the secure use of biometric technologies can support efficient school management, and we did so today. The guidance was produced in consultation with the Information Commissioner. Once the debate was announced, I was determined to have the guidance published by today so that the debate could be informed by it, and I am grateful to officials and to the commissioner for their co-operation in ensuring that we could do so. The guidance was produced on behalf of the Department for Children, Schools and Families by the British Educational Communications and Technology Agency—the Government agency that leads our national drive to improve learning through technology. I have placed a copy of the guidance in the Library and it will soon be available on the BECTA website. The Information Commissioner has also produced a complementary statement, which I shall ensure is available on the commissioner's website. Furthermore, Members will have noticed the publication of a written ministerial statement on the subject today.
The debate is driven by the legitimate need to ensure that the privacy of pupils is both respected and protected, but unfortunately it is characterised by some significant misconceptions and I hope that I can address them effectively today. It is important to clarify exactly what we mean by biometric data. The biometric element in this case, as the hon. Gentleman said, is an algorithmic representation of a fingerprint—not the recording of a fingerprint. It is extremely important that people understand that it is not the recording of a fingerprint, but the algorithmic representation of one.
In plain English, the technology derives a unique numerical value from a fingerprint—a number to identify an individual pupil. Images of actual fingerprints are neither created, nor are they stored. The number is linked to basic identifying data about the pupil such as their name and form. That means that biometric data stored by schools are of no more practical use than that stored on the swipe-card system to which the hon. Gentleman referred.
Biometric data are in common use for security and identification purposes; indeed, I have fingerprint recognition on my laptop. Some schools see biometric technology as a practical solution to some of the day-to-day issues they face. In a number of instances, schools may find it helpful and effective to collect and use biometric data.
I have seen at first hand how such systems can help the running of schools—maintaining accurate attendance records, enabling cashless canteens to be introduced and maintaining accurate and efficient library records. Of course, as the hon. Gentleman said, there are alternative solutions for improving school management and administration, including the use of smartcards.
Smartcards are not without their own issues, however, as I saw recently on a visit to a school in Harrow. As happens in many other schools, a child's family is charged £5 every time a card is lost, which is a common occurrence and £5 that many families can ill afford—it is clearly much more difficult to lose one's finger. Not only can swipe cards easily be lost or forgotten, they can also be swapped between pupils, causing a particular problem for maintaining accurate attendance records, which could put the education and safety of our children at risk.
Using biometric data means that there are no cards to be lost. In addition, if the technology is used in the canteen, pupils no longer need to carry money, thus helping to reduce opportunities for bullying and theft. Cashless canteens, which can be facilitated by swipe cards, mean that it is not possible to tell who is receiving free school meals, thereby reducing stigma and increasing take-up.
It is up to schools to decide whether any of those systems will work for them. We certainly do not advocate one technology over another, or technology for technology's sake. We want schools to adopt it where it makes sense for them. The hon. Gentleman refers to answers from the then Schools Minister, my right hon. Friend the Secretary of State for the Home Department that referred to the Education Act 2002. That Act enables governing bodies to do anything that is necessary or expedient for the purposes of, or in connection with, the conduct of the school or the provision of facilities or services. As a result, schools are free to use biometric technologies in the ways that I describe if they feel that it will help the school to run more smoothly, in accordance with data protection legislation and with regard to the guidance that we have issued.
I want to turn now to the concerns that have been raised about the implications for privacy. There are several safeguards in place that I want to draw to the attention of the House. First, the Data Protection Act 1998 protects against the improper use of all types of data, including biometric data. As part of their responsibilities under the Act, schools have a duty to ensure that personal data are kept secure. Today's additional guidance will make it clear how the law relates to biometric data and advise schools on how to comply with it. By law, such data can only be used for their stated purpose; they cannot be shared with third parties beyond that stated purpose, and they must be destroyed when pupils leave their schools. Some have raised concerns about, for example, the police using such data. Not only do we know of no circumstance where biometric data have been used by the police, but they could only access the data as part of an investigation into a specific crime. There certainly can be no read-across to other databases.
Schools already hold pupils' personal details. Information such as a pupil's address, date of birth and reports from social services are securely held as a matter of routine. I am sure that no one would argue that schools should not collect and store that information while pupils attend school. Many of those data are much more sensitive than an algorithmic number, generated by a fingerprint. Schools are used to holding such data securely and within the boundaries of the Data Protection Act 1998, and the introduction of biometric data does not represent a significant addition.
Schools and local authorities are responsible for developing their own policies about the information that they wish to collect and hold, subject to relevant legislation on data protection and freedom of information. There have been calls for the Government to introduce further regulation specifically to clarify how biometric data can be collected and used. As I have stated, that is already covered by existing legislation and is not necessary. It would also go against the essential principle of giving governing bodies the freedom to manage their school as they see fit, free from unnecessary interference from Whitehall, which is something that hon. Members on both sides of the House keep asking me to bear in mind.
Secondly, as I stated earlier, it is not possible to recreate a fingerprint using the numbers that are stored. The algorithm generates a unique number, producing no information of any use to identity thieves. I shall quote from a statement from the Information Commissioner's Office—a thoroughly independent source—that says in the third paragraph:
"Full fingerprint images are not stored and cannot be generated ('reverse engineered') from the template."
I hope that that is clear to all those listening, because it is an important reassurance on the points that the hon. Gentleman has made.
Thirdly, pupils and, where appropriate, parents must be fully informed of the data collected and kept, through a fair processing notice, as part of the data protection legislation. No data can be collected without their knowledge. That is common sense and a central principle of the guidance that we will publish tomorrow.
Fourthly, the use of biometric data in schools does not, as some say, edge us closer to a surveillance society any more than taking the register at the start of class ever has. By law, the data cannot be shared. There are no fingerprints to be handed to the police or stolen by anyone, nor any personal data that are not already held electronically by every school in the land.
This is technology introduced for the benefit of our pupils and teachers. It is not "1984" by the backdoor. There are no sinister forces at work here, and I would argue that it is irresponsible to suggest otherwise to get some cheap headlines.
I recognise, however, that although schools are acting legally and that all data collected will be handled in line with the Data Protection Act 1998, some parents may want further information. The guidance clearly lays out the legal position for schools. It advises head teachers on the practical and legal steps they need to follow if they decide to introduce the technologies. It will help schools to operate such systems, while respecting the wishes of pupils and parents who do not wish to participate. The guidance specifically recommends that schools give pupils and parents with genuine concerns the opportunity to opt out. Those who choose to do so should be offered an alternative means of accessing the same services. We have had some reassurance that the sorts of technology that might be used in the dining hall, the library, or for attendance could be interchanged with the use of swipe cards.
The guidance also encourages schools to be open and clear with parents, providing straightforward information on the nature and use of biometric technologies through a fair processing notice. I understand parents' concerns if they believe that images of their children's fingerprints are being taken and stored. That is a perfectly legitimate concern and I am sure that many of the parents to whom the hon. Gentleman referred are raising exactly that concern. It needs to be made clear to them that that is not the case: images of fingerprints are not being kept or stored. An algorithmic number is being generated from those fingerprints that cannot be reverse engineered.
I have seen how biometric data can have a very positive impact in schools. The technology does not put pupils' information at increased risk, nor does it imply a criminalisation of our children. It is the decision of the individual school, in consultation with parents, whether to introduce the technology. It is a way for head teachers to improve the administration and safety of their schools. For many, it may be common sense. I hope that I have reassured the hon. Gentleman about the use of biometric data in schools.
Question put and agreed to.
Adjourned accordingly at twenty-four minutes to Ten o'clock.