[HN Gopher] White Castle collecting burger slingers' fingerprint...
___________________________________________________________________
White Castle collecting burger slingers' fingerprints looks like a
$17B mistake
Author : rntn
Score : 150 points
Date : 2023-02-18 13:28 UTC (9 hours ago)
(HTM) web link (www.theregister.com)
(TXT) w3m dump (www.theregister.com)
| [deleted]
| synu wrote:
| Why is this article written like something from Idiocracy?
| gjsman-1000 wrote:
| A. _The Register_ has been in decline for a long time. Take a
| look at their headlines and stories a decade ago, far more
| interesting and bombastic.
|
| B. The service that shall not be named is probably infiltrating
| more journalistic output than we think without us noticing. So
| attractive when you're overworked... (also notice the short
| paragraphs the article and the service share)
|
| C. As for the lawyers... they don't want "annihilative
| liability" and are doing everything they can to prevent such an
| outcome.
| tgsovlerkhgsel wrote:
| I don't think ChatGPT would fill the article with puns.
| Operyl wrote:
| > Absolutely! Here are some additional puns for an article
| title about White Castle's biometric issue:
|
| "White Castle's Fingerprint Fiasco: Slider Chain Gets a
| Wake-Up Call in Illinois"
|
| "Bun Intended: White Castle Gets Grilled Over Biometric
| Privacy Violation in Illinois"
|
| "Hold the Mayo, But Not the Biometrics: White Castle's
| Slippery Slope in Illinois"
|
| "From Crave Case to Court Case: White Castle's Fingerprint
| Foible in Illinois"
|
| "White Castle's Biometric Burglary: Slider Empire Slammed
| with Legal Woes in Illinois"
|
| It would if you asked, it seems.
| reaperducer wrote:
| Mayo? I guess ChatGPT has yet to scan a White Castle
| menu.
| zaroth wrote:
| Well GPT said " _Hold_ the Mayo" after all.
| crazygringo wrote:
| OMG. I just had the horrible realization that a computer
| may be more creative than I am. At least when it comes to
| writing headlines. Wow.
| Operyl wrote:
| Hands down for me, here. I have zero writing creativity.
| justin66 wrote:
| Have you ever read a tech site where the articles were
| generally well-written and insightful? The authors who cannot
| get jobs with that site need somewhere to work too.
| tgsovlerkhgsel wrote:
| Because that's the humorous writing style The Register uses.
| more_corn wrote:
| This is silly. They're being penalized for not adding a legal
| form to their onboarding.
|
| There's no real option to say no. Biometric auth is a condition
| of employment. If you can't say no it's not consent.
|
| The punitive judgement would in no way protect citizens from
| future abuses. It'd just make every company spend more on
| lawyers. I don't disagree with protecting people from having
| their biometric data collected without consent, I just don't
| think another page of incomprehensible legal bullshit in your
| hiring packet does anything to protect anyone.
|
| Again it's not consent if you can't say no. If it's a condition
| of employment many vulnerable people cannot say no.
| Scubabear68 wrote:
| What's interesting here is that the data was not collected
| secretly per se. White Castle used finger prints to unlock
| computers and access pay stubs, so employees had to know what was
| going on. The ruling is that they did not ask for and receive
| consent from those employees for years. The employee in question
| had been having her finger print scanned since 2004, and they
| only asked for consent in 2018.
|
| Which begs the question, if they asked and an employee said "no",
| what happens? Are they fired? Banned from register work?
| tgsovlerkhgsel wrote:
| This - if it requires "consent" but not "informed and voluntary
| consent", the law is worthless and just increases the amount of
| paperwork.
|
| If an actual alternative has to be provided, that's a very
| sensible law. Biometrics can't be revoked, and every use puts
| them at risk, so making sure people aren't forced to let
| employers collect their biometrics is a good idea.
|
| Edit: If I read it right, the "consent" is required in the pure
| paperwork sense, unfortunately. That means for employees it
| only prevents biometrics from being used covertly.
|
| However, it still has value for non-employees, and the
| "written" aspect is particularly important here. A supermarket
| for example can't use biometrics to track people for
| advertising or theft protection purposes, because they'd first
| need to stop them at the entrance so they can sign a waiver. No
| cheating out of it with a small sticker "by entering these
| premises, you consent" in some corner.
| dehrmann wrote:
| > Which begs the question, if they asked and an employee said
| "no", what happens? Are they fired?
|
| This is like no-competes or binding arbitration agreements. If
| you decline to sign, your rights were honored, and you're free
| to find a job elsewhere.
| astura wrote:
| Almost certainly given a PIN code.
| nroets wrote:
| Surely the system was designed to accommodate people who lack
| fingerprints.
| crazygringo wrote:
| This article makes it sound like White Castle was collecting
| "biometric data" to invade employees' privacy, as if it were
| using it to track their movement or connect them to potential
| crimes.
|
| The reality is "use of workers' fingerprints to access pay stubs
| and company computers". So it set up a fingerprint reader much
| like the one I use to unlock my MacBook, or sign in at my
| doctor's office, or open the turnstile at my gym.
|
| I understand that according to Illinois state law this is illegal
| without consent, and so legally they missed having employees sign
| a form. But morally/ethically is there really any problem with
| this? This is just how iPhones and MacBooks work, for example.
| Really seems like perhaps Illionis state law needs to be updated
| to reflect the widespread use of fingerprint readers for
| authentication on computers, tablets and phones.
| brasic wrote:
| The architecture of this system, in which fingerprints are
| captured at a local terminal and transmitted to a third party
| vendor over the network, is explicitly a source of added
| liability due to how the law is written, where disclosure to a
| third party is its own separate offense.
| zitterbewegung wrote:
| When you unlock your MacBook you are opting in to unlock the
| MacBook and you don't need to use it. Also, it is protected by
| a Secure Enclave and the actual fingerprint isn't stored.
|
| Reading the bill it even points this out.
|
| Biometrics are unlike other unique identifiers that are used to
| access finances or other sensitive information. For example,
| social security numbers, when compromised, can be changed.
| Biometrics, however, are biologically unique to the individual;
| therefore, once compromised, the individual has no recourse, is
| at heightened risk for identity theft, and is likely to
| withdraw from biometric-facilitated transactions.
| gruez wrote:
| >is at heightened risk for identity theft
|
| This feels like pearl clutching to me. While it's probably
| technically true that having your fingerprint leaked
| increases your risk of identity theft by some non-zero
| amount, in the overwhelming majority of the cases it's
| effectively zero, because for the overwhelming majority of
| people the only place they have their fingerprints enrolled
| is on their phones. In the event you somehow acquire stolen
| fingerprint image data, it will be very difficult to use
| those to perform identity theft at mass scale, because you
| need physical access to phones.
|
| >and is likely to withdraw from biometric-facilitated
| transactions.
|
| What "biometric-facilitated transactions" are these? Aside
| from fingerprint unlock on phones, I'm struggling to come up
| with cases where fingerprints are used to secure sensitive
| information.
| ohyes wrote:
| I disagree with you in principle, just because the phone is
| the only avenue that has so far made use of fingerprint
| biometric data doesn't mean it won't be used more in the
| future. (It seems to be used here for paystubs, so it is
| possibly getting more reach currently). Looking at it from
| a tightening of cybersecurity perspective it would make
| sense if people thought to add it as a second factor.
|
| "The building isn't on fire currently so there's no need to
| move the gas can away from the fireplace." Isn't a
| compelling argument.
| ehnto wrote:
| > What "biometric-facilitated transactions" are these?
| Aside from fingerprint unlock on phones, I'm struggling to
| come up with cases where fingerprints are used to secure
| sensitive information.
|
| Phones have become people's defacto computing device, that
| they link to all kinds of personal, private, and
| governmental accounts. Medicare, councils, state accounts,
| bank details, taxes, private chats, private images and
| videos, work accounts, work documents, work chats, group
| memberships, on and on. Think of any sensitive information
| possible, someone is storing it on their phone. Most people
| have their phone as the center of their information
| technology worlds.
|
| If access to that isn't concerning then there isn't much
| else that could change your mind I don't think.
| 2devnull wrote:
| > Most people have their phone as the center of their
| information technology worlds.
|
| Those people are foolish. Putting all your eggs in one
| basket and then whining about the consequences is a sign
| of bad character. Besides that it's pretty irrelevant to
| the topic at hand, which is whether fingerprint readers
| are an acceptable means of securing digital transactions.
| In fact you seem to be suggesting they are, by proxy.
| gruez wrote:
| My claim isn't that your phone doesn't contain sensitive
| information, or that a stolen fingerprint image can be
| used to unlock your phone, it's that the attack is very
| unlikely to be carried out, scales poorly (you need
| physical access to the phone), and there are a dozen
| other ways of obtaining the same result (ie. lifting the
| fingerprint off the phone or a nearby object). It's not
| as simple as hacking into the HR system's fingerprint
| database and you get all the employees' dickpicks at your
| fingertips.
| boppo1 wrote:
| I mean, you could leave someone's fingerprints at the scene
| of a crime.
| brookst wrote:
| You could also write a confession in their name and leave
| it at the crime scene.
|
| I don't think this happens a lot.
| gruez wrote:
| If you're out to frame someone for a crime, I have a
| feeling that you're not going to stop just because you
| can't buy the victim's fingerprint on darknet markets.
| You can follow the person around and lift fingerprints
| off objects that he touched, for instance.
| mandmandam wrote:
| Post a hi-res scan of your fingerprints with your name and
| address, and see what happens - it might be a learning
| experience for you...
|
| Note: I don't actually recommend you do this - it opens you
| up to the very real dangers which you're claiming don't
| exist.
| 2devnull wrote:
| Do you realize how easy it is to get a person's
| fingerprints?
| shanebellone wrote:
| "Do you realize how easy it is to get a person's
| fingerprints?"
|
| Very easy. Though, it's more difficult to get a specific
| person's fingerprints. Frankly, this is a terrible
| argument. Fingerprints require an escalation from the
| digital world to the physical.
|
| Physical security keys are great for exactly this reason.
| If you want my account, you must break into my home. That
| fundamentally changes an attacker's calculus.
| [deleted]
| crazygringo wrote:
| Presumably whatever fingerprint reader White Castle used for
| logins also stored a hash, similar to MacBooks. I don't know
| of any general-purpose fingerprint readers for authentication
| that store the original image.
|
| Also I don't see how compromising that hash is a problem in
| practice, if that ever happened. If it's salted it's
| worthless, but even if not, I don't know how you'd reasonably
| physically use it to hack into another fingerprint reader
| anyways.
| reaperducer wrote:
| Lots of assumptions and "shoulds," but the reality is that
| the tech industry makes mistakes with security all the
| time.
|
| Every month or so there's another horror story on HN about
| some company storing passwords as plain text.
|
| Just because something can be done right does not mean it
| is done right.
| gautamdivgi wrote:
| You're assuming a lot here. Most IOT security is on shaky
| ground. They probably went with the cheapest vendor too.
| There isn't a compromise reported but I'm willing to bet
| that whatever was implemented was very insecure.
| lozenge wrote:
| If the fingerprint worked across multiple computers, they
| did store the fingerprint. Maybe it wasn't an image, but it
| would need to be informative enough to distinguish between
| multiple employees. Embedded fingerprint readers only
| provide a matches user/doesn't match user result.
| acdha wrote:
| There's no technical reason why they couldn't share
| hashes across devices. It might be specific to a
| particular model of scanner but presumably they're buying
| a lot of a standard model.
| acdha wrote:
| Unless you have first-hand knowledge of the devices they
| used, you can't assume sensible developers. For example,
| HTC shipped this mess:
|
| https://www.theverge.com/2015/8/10/9126027/htc-
| fingerprint-s...
|
| Similarly, a vendor of facility access control systems left
| fingerprint scans in an exposed ElasticSearch instance:
|
| https://www.vpnmentor.com/blog/report-biostar2-leak/
| [deleted]
| fallingknife wrote:
| How can you store a hash of a fingerprint for this use
| case? A fingerprint reader needs to recognize close matches
| in the input data as valid.
| loeg wrote:
| https://en.wikipedia.org/wiki/Locality-sensitive_hashing
|
| You essentially have N different hashes and require at
| least N - M (M < N) matches.
| sanp wrote:
| Even if that were the case, the still did not get consent
| and that is the problem. "Secure" fingerprint access does
| not excuse the lack of consent.
| fragmede wrote:
| That is a _huge_ presumption and, as GP pointed out, the
| problem is if your fingerprint gets leaked, it 's rather
| difficult to change it. Apple did a great job with TouchID
| but security experts went all over it trying to poke holes.
| Most other fingerprint systems don't get anywhere near the
| same amount of scrutiny. So in an unfortunate turn of fate,
| Apple's awesome implementation of fingerprint
| authentication on the iPhone resulted inthe general public
| being comfortable with fingerprint auth in other places,
| when they really shouldn't be.
| loeg wrote:
| You leak your fingerprints everywhere you go on every
| surface you touch. Fingerprints are highly convenient but
| they have never been an especially secure mechanism for
| locking devices.
| A4ET8a8uTh0 wrote:
| But, and here is the important part, those 'leaked
| fingerprints' in the wild are not digitally preserved. It
| would actually take some effort to preserve on a scene.
| The comparison is not apt.
| pixl97 wrote:
| What form must a malicious fingerprint scanner take by
| law?
|
| When it comes to fingerprints you must assume that the
| attacker has the ability to control the scene and the
| ability to retry until successful.
| A4ET8a8uTh0 wrote:
| Is it not an argument against using fingerprints as a
| basis for id verification to begin with?
| libraryatnight wrote:
| Yeah it just seems like a bad idea. It's like we never
| got over how cool it is that fingerprints can be a unique
| identifier, and we jut assume it must be a good one.
| crazygringo wrote:
| Just like it actually takes some effort to hack a
| fingerprint reader.
| A4ET8a8uTh0 wrote:
| You are missing the point.
|
| The point is that reader has those preserved and stored
| somewhere, while fingerprints that a person just leaves
| about by going about their day are not. Just the fact
| that they are stored is an issue. Note, this is a
| response to the original question of 'pfft, a person
| leaves fingerprints all the time anyway'.
|
| Again, the comparison is just not apt.
| [deleted]
| [deleted]
| [deleted]
| indymike wrote:
| I'm not sure that this is true with 15+ MP cameras
| shipping even on burner phones. I've been amazed what can
| be extracted from a photo of a dinner table at 20MP.
| agwa wrote:
| > Also I don't see how compromising that hash is a problem
| in practice, if that ever happened. If it's salted it's
| worthless, but even if not, I don't know how you'd
| reasonably physically use it to hack into another
| fingerprint reader anyways.
|
| If an attacker had a fingerprint and wanted to figure out
| who it belonged to, they could hash it and compare the hash
| against a database of leaked names and hashes. Salting
| doesn't prevent this, unless the hash is intentionally
| slow, in which case the attacker would merely be slowed
| down.
|
| Also, how much entropy is in a fingerprint anyways? If it's
| low, an attacker could generate every possible fingerprint
| and hash it to build a mapping from hash to actual
| fingerprint.
|
| Since humans only get one set of fingerprints for life,
| fingerprints should only be stored and compared on secure
| enclaves on your own devices (like iPhones). It's way too
| risky otherwise.
| NoZebra120vClip wrote:
| >Since humans only get one set of fingerprints for life,
| fingerprints should only be stored and compared on secure
| enclaves on your own devices (like iPhones). It's way too
| risky otherwise.
|
| _This exactly!! QFT!_
|
| No biometrics should ever be used for shared or public
| devices! Biometrics are fine for personal devices that
| are always with us, and not shared by others, especially
| anyone outside our family/household.
|
| I've made my peace with biometrics as far as unlocking my
| phone via fingerprint. My threat model is such that a
| fingerprint lock is often safer than pecking in a long
| password. (Because I'm often surrounded by shoulder
| surfers.)
|
| So yeah, if a restaurant is forcing employees to scan
| fingerprints (or retinas or DNA or saliva or what have
| you) on public or shared devices for purposes of clocking
| in, or payroll, or whatever, then that is wrong and a
| perversion of biometric authentication. The company would
| be much better served by a correct application of
| security techniques.
|
| And yes, if this means going back to passwords for
| awhile, then so be it. Passwords are a good first-line
| auth measure for shared devices that are not open to the
| public (let's assume that this restaurant's devices were
| only physically accessible by employees in the back
| office or something.)
|
| Another idea is to let the employees authenticate using
| their smartphone. My bank has something set up with this.
| You install a smartphone app, it authenticates you, and
| it vouches when you set foot in the bank so that the
| teller already has your account pulled up. Then, in terms
| of biometric locking for the smartphone, knock yourself
| out; the company has no need to collect the data, just
| interface to an app.
| saghm wrote:
| > Presumably whatever fingerprint reader White Castle used
| for logins also stored a hash, similar to MacBooks.
|
| Presumably they would have checked if their policy was
| legal before implementing it too. The problem is that they
| haven't really earned the presumption of diligence in this
| matter.
| batch12 wrote:
| I may have missed this. Were they storing hashes of images or
| points of images- or were they storing the original image?
| Any platform worth its salt would hash and salt the
| fingerprint data and it'd be worthless elsewhere as other
| systems would have different hashes.
| CatWChainsaw wrote:
| I don't work in tech. Yet it has always seemed obvious to me
| that, since biometrics cannot be changed, they are a "username"
| at best, not a "password". So why are they treated like the
| reverse so often?
| geoduck14 wrote:
| Your password is just to prove that _you_ are using _your_
| username. You really don 't need a password, if you have
| perfectly honest users or a fool proof way of preventing
| people from using usernames that aren't theirs.
| CatWChainsaw wrote:
| I doubt either of those will ever exist which is why
| passwords and other MFA techniques will always be
| necessary. But I don't think that addresses that biometrics
| are more suited to identification rather than
| authentication...
| GauntletWizard wrote:
| There are plenty of places where quick and easy
| authentication is important, and some amount of hard to
| fake is desirable, but it's not important enough for a
| strong password. Fingerprint readers are harder to fool
| than a 4-digit pin and unique enough that a mid-large
| group of people won't have any confusion.
|
| Fast food sign-in is the perfect low-stakes use of
| fingerprints. There's some real baggage from when they
| were harder to gather and how they're used in law
| enforcement as to why they're considered sensitive, but
| they're really not. Getting the law and society to agree
| will take some time, though, and there's a ton of
| reactionary forces trying to hype up the threat.
| jareklupinski wrote:
| yup, see every action scene where the hero subdues the
| guard standing in front of a biometrically secured door,
| then uses the knocked-out guard's hand to open the door
| A4ET8a8uTh0 wrote:
| Well, my current job required my fingerprints for security
| check ( which in this case was reasonable; I have too much
| access to crap as is ), but, not completely unlike non-
| competes, I am not sure this is a reasonable request to ask of
| your burger flippers. It is a little extra bad, because this
| group is even less likely to complain, because 1: they are
| young and don't know any better 2: they are likely to be paid
| peanuts 3: their need of a job overrides any other
| consideration
|
| All three indicates a type of person that should be protected
| from random idiocy of an employer. It is not often that I
| praise IL for anything, but the biometric law is one of those
| few instances.
| twobitshifter wrote:
| it didn't make sense to me that every swipe is considered a
| collection by the court, only enrollment is collecting the
| fingerprint, the other swipes are making comparisons, not
| collecting new data.
| more_corn wrote:
| "Transmit"
| barbazoo wrote:
| > sign in at my doctor's office, or open the turnstile at my
| gym.
|
| I see how it's convenient but personally I wouldn't use
| biometrics here, sounds like an obvious avenue to get your
| biometrics leaked.
|
| MacOS unlocking is different like others have pointed out
| already.
| tgsovlerkhgsel wrote:
| There are multiple problems:
|
| 1. Biometrics can't be revoked, so if your gym leaks your
| fingerprint images (linked to your name), that's a mistake that
| in practice simply cannot be fixed. You just can't use that
| finger for sensitive biometrics ever again. People should not
| be forced to take the risk.
|
| 2. It's hard to distinguish between biometric surveillance and
| "good" uses of biometrics, and they can fluently blend into
| each other. The law draws a rather clear line and has to
| enforce it.
|
| Should a company be allowed to use biometrics to make sure you
| don't let your brother sub in for you? Preventing fraud like
| that is a noble goal, but how far do we want to allow pervasive
| biometric surveillance to go? Should stadium owners be allowed
| to ban people? Should they be allowed to ban all employees of a
| law firm they don't like? Should they be allowed to surveil
| everyone's faces with a biometric system for this purpose?
|
| The lines between "perfectly reasonable" to "Black Mirror
| dystopia" are fluent, and the way there consists of many steps
| that individually seem reasonable (preventing crime is good,
| right?) and yet the outcome is something we don't want. This is
| why the law exists, this is why it also hits some "legitimate"
| uses, and this is why consent (if implemented meaningfully, in
| the voluntary, GDPR style sense, not in the "you have to sign
| here or you will be excluded from normal life" sense) is such a
| powerful tool: It _generally_ lets the harmless stuff happen
| and prevents the dystopia.
| PragmaticPulp wrote:
| > Biometrics can't be revoked, so if your gym leaks your
| fingerprint images (linked to your name), that's a mistake
| that in practice simply cannot be fixed. You just can't use
| that finger for sensitive biometrics ever again. People
| should not be forced to take the risk.
|
| Fingerprint scanner systems don't store photos of your
| fingerprint. They store information that can be used to match
| against your fingerprint within their own system, but they
| can't be used to reconstruct your fingerprint.
| greedo wrote:
| In a perfect world, this would be the case. Just as in a
| perfect world, no one would store un-hashed passwords.
| kube-system wrote:
| Many fingerprint scanners are just optical and just return
| an image of the finger, and it is up to the implementation
| of the security software as to whether or not that image is
| converted to a hash and/or disposed of securely. And just
| like password hashes, some fingerprint hashes can be
| broken.
| indymike wrote:
| This is what I found on my laptop when I got the
| fingerprint reader working: The scanner was surprisingly
| low-resolution (92x62px), and nothing like the "5000ppi
| super secure" scanner I was expecting... The driver would
| get a scan from the reader and the driver passed that
| scan on to whatever was asking for a scan. Not so secure.
|
| Regardless fingerprints are really bad for security
| because they can be detached from the finger or recreated
| from things you touch. They are probably slightly better
| than nothing, but with such low resolution, I suspect
| that if we let 100 random people try to unlock my laptop
| with their finger... someone would get in... but I could
| be wrong.
| kube-system wrote:
| I don't really think there's such thing as a "good" or
| "bad" authentication factor. The suitability of an
| authentication scheme is entirely dependent on the
| requirements of the problem one is trying to solve.
|
| For identifying a fast food worker at a cash register,
| they are (functionally, not legally or morally) a good
| fit for the problem, because they are hard for a coworker
| to replicate, and not likely to lose. For applications in
| which you need to protect against high skilled attackers,
| they're not as great.
| tgsovlerkhgsel wrote:
| a) the data can often be used to recreate a fake
| fingerprint that isn't identical but will be accepted,
| sometimes even by systems from different vendors
|
| b) what they actually store varies, and I'm sure some
| systems do just store the picture (your passport does, for
| example), some likely don't store it in the database but
| happen to have a temp folder somewhere with everything they
| scanned, and some claim they don't store it and then store
| it under advanced military-grade 512 bit RSA encryption
| with the key stored next to the images.
|
| The software quality of biometrics systems is among the
| worst I've seen. Worse even than embedded/IOT stuff.
| blowski wrote:
| > the data can often be used to recreate a fake
| fingerprint that isn't identical but will be accepted,
| sometimes even by systems from different vendors
|
| Do you have an example of this happening?
| lightedman wrote:
| Where I work, we use a fingerprint scanner to clock
| in/out.
|
| My right index and left ring finger are similar enough in
| their prints that either will work for the device.
| tgsovlerkhgsel wrote:
| https://www.google.com/search?q=reconstruction+of+fingerp
| rin... has a number of different papers.
| blowski wrote:
| These all seem to be academic studies. I can't see any
| links that show a fingerprint being reconstructed and
| then used on a different system.
| duxup wrote:
| I'm working on an app for a company who doesn't think much of
| the user's ability to use apps (I find this misguided).
|
| They constantly tell me to simply things because "these guys
| aren't very smart".
|
| To the point that (on top of other problems) they're creating
| foolishly simple logins...
|
| I thought about finger print reading but the legal questions
| make me second guess it.
| reaperducer wrote:
| _This is just how iPhones and MacBooks work_
|
| It's optional on the devices you mention. It's not a
| requirement. In the court case, there was no way for an
| employee to opt out, short of quitting.
|
| My company (about 2,000 employees) issues iPhones to its
| employees. You are given a choice of face scanning or
| fingerprint scanning device. You do not have to use either
| method: you can choose a suitably long PIN, instead.
|
| If you choose to use biometric access, HR send your a 15-page
| document to sign, and you have to take an online course about
| biometric privacy.
|
| I think if more companies did that, society wouldn't be so
| casual with giving away their biometric data.
| indymike wrote:
| > If you choose to use biometric access, HR send your a
| 15-page document to sign,
|
| Sounds like legal has experience with this issue.
| GauntletWizard wrote:
| We are incredibly casual about giving away our biometric data
| - most societies don't constantly wear face masks (with
| obvious exceptions for women in the middle east), the past
| few years excepted. Gloves aren't that common either. You
| leave your face and your fingerprints everywhere, if anyone
| is looking. They're just not, typically, because it doesn't
| matter.
| raisin_churn wrote:
| I don't have enough information to form strong opinions about
| this specific case, but
|
| > what White Castle's lawyers described as "annihilative
| liability"
|
| sounds like something that should very much be on the table more
| frequently when large companies have repeated egregious
| violations of law as is alleged here.
| vineyardmike wrote:
| This is a common tactic in law suits. Go for the biggest
| flashiest number, to set the tone. It also helps shareholders
| be more willing to see a large settlement.
|
| In this case, they're alleging _every finger scan_ violates
| consent while White Castle says they should settle with _the
| initial scan violated consent -once per employee_.
|
| If the initial suit was for a more modest sum and a more modest
| allegation, White Castle may never have even considered
| admitting fault. I agree though, that we need laws with teeth
| so big companies can't consider it a cost of doing business.
| The 17B number could wipe out many businesses entirely. Maybe
| they should. Chapter 11 protects the economy and jobs by
| ensuring the organization could still run, just with
| shareholders losing out.
| batch12 wrote:
| Sounds like they were using biometric MFA as a security control.
| A breach would have been cheaper.
| gjsman-1000 wrote:
| > A breach would have been cheaper.
|
| Especially considering we are talking about a sandwich shop,
| not Google or AWS.
| Turing_Machine wrote:
| While it's certainly not Google, White Castle had 2019
| revenue of $720 million, and has around 10,000 employees. A
| little more than just a "sandwich shop".
| Zigurd wrote:
| No, really, it is just a sandwich shop. All those shops
| could be sold off to pay a fine for this violation. We need
| to stop thinking a corporate entity and/or brand image
| deserve to be protected from the consequences of
| lawbreaking. This is the misperception that makes white
| collar crime, which is often several orders of magnitude
| more damaging in monetary value than street crime,
| published far less than the size of the crime would
| suggest.
| fshbbdssbbgdd wrote:
| With a revenue of $720M in the restaurant business, there
| is no way you're going to make $17B from a sale.
|
| Subway has revenue of around $10B and is selling itself
| for $10B.
| bannedbybros wrote:
| [dead]
| superkuh wrote:
| White Castle's complaint against "annihilative liability" is more
| corporate/institutional exceptionalism. Human persons are often
| completely financially destroyed by civil suits. I don't see any
| reason why just because it's a corporate person they should be
| protected from this outcome. If anything it should be more likely
| against a corporate person who has no real criminal liability.
| crazygringo wrote:
| The question is, does the punishment fit the crime.
|
| You don't impose the death penalty for stealing an orange.
|
| With corporations the point of a penalty is to deter, not
| destroy.
|
| If White Castle goes out of business and thousands of people
| lose their jobs, how is that good for society?
|
| Justice requires proportionality.
| galleywest200 wrote:
| There are absolutely cases where a company should be
| "destroyed" instead of just punished. Cases involving willful
| loss of human life, etc.
| wpietri wrote:
| Justice does require proportionality. But if only the
| especially rich get proportionality, then it's not really
| justice, is it?
|
| I agree it wouldn't be fair _to White Castle_ if they were
| destroyed over this. But I 'm not so sure it's particularly
| unfair when counted on the "workers vs corporations"
| scoreboard, or the one for "privacy vs exploitation".
| dehrmann wrote:
| Reminds me of the PG&E situation. You can't actually hold
| them liable for all the fire damage because they'd have to
| pass it on to rate payers. I'm not even sure if they can
| specifically raise rates in areas with high fire risk.
|
| PG&E is in an even tougher bind because the fix (burying the
| lines) might be prohibitively expensive.
| yathaid wrote:
| "With corporations the point of a penalty is to deter, not
| destroy."
|
| I don't know if this actually the point like you suggest, but
| why do you believe this should be the point?
| kilotaras wrote:
| > If White Castle goes out of business and thousands of
| people lose their jobs, how is that good for society?
|
| Why would they lose their job? White Castle would declare
| bankruptcy, someone else will buy physical properties and
| equipment, and I would assume open a new restaurant(s) there.
| count wrote:
| A death penalty for the company shouldn't involve all those
| people losing their jobs, it should involve the wiping out of
| the existing shareholders and the sale of assets at auction
| to another buyer, who, presumably, would continue to operate
| the business in a law abiding manner.
| forgotusername6 wrote:
| I like this idea. Does any country operate such a
| punishment for companies?
| palmtree3000 wrote:
| Isn't this chapter 11 bankruptcy?
| vineyardmike wrote:
| Most American companies don't just run out of money and
| close the doors with a shrug. Bankruptcy cases involve
| selling assets (including brands, employment, etc) to
| other investors.
|
| Original shareholders lose all their money, as the shares
| are deemed worthless (debt>>assets). Then new investors
| want to buy the remaining assets and have to pay the
| government (or other debt-holders) back for the debts (or
| the "fair market value" of the assets).
|
| There is no guarantee that this process with oust
| management, but the new owners may not believe in the
| ability of the old management after they bankrupted a
| company. Realistically, companies sometimes go into
| chapter 11 knowing it's not the end just to restructure
| debt.
| giardini wrote:
| 24 Hour Fitness gyms asks for a fingerprint/thumbprint on each
| visit. Is this not legal?
|
| It doesn't work for me: I always must make multiple login
| attempts and inevitably an employee must intervene and approve.
| sandworm101 wrote:
| This isnt about fingerprints. This is about a large corporation
| not reading a law. This is about recklessly adopting a new
| business practice without first consulting basic legal advice.
| The big numbers will get knocked down eventually but they are
| going to be rightfully on the hook for millions.
| kderbyma wrote:
| They should. Big business means you front the costs to do
| proper business. if you make billions and cannot do your
| legals....too bad. that money will be theirs soon
| crazygringo wrote:
| White Castle doesn't make "billions". It's annual profit is
| in the very low _millions_.
|
| It doesn't even take a billion in _revenue_ a year.
|
| White Castle isn't Google or Facebook. It's a relatively
| minor burger chain.
| crazygringo wrote:
| Honestly it's pretty easy to see this fall through the cracks.
| Because it's one of 50 sets of state law, and it's entirely
| non-obvious that there would be a law around fingerprint
| readers in the workplace at all.
|
| The IT person who decided to adopt it would have needed it to
| occur to them to check with legal. And I can imagine that for
| most people it wouldn't occur to them. Any more than you'd
| think to check with legal about whether a password should
| require at least one punctuation character.
|
| I'm not defending White Castle here but neither do I think it's
| anywhere close to "reckless". I think it was just a normal day
| to day IT decision that nobody thought anything of.
|
| In other words, there was probably no criminal intent here nor
| recklessness. Just ignorance of a relatively unknown statute,
| that sure you should pay a reasonable fine for. Not a big deal.
| vineyardmike wrote:
| I knew about the biometric law. I've worked in places that
| collect biometric data. It's your job to know these things
| when you do this work. At the very least, that law makes an
| appearance on HN regularly.
|
| No law is truly obscure anyways. because they're all written
| down for your corporate lawyers to check when you start
| business. White Castle operates in many states with over 100
| years of corporate history. The idea that they couldn't be
| bothered to check the laws of all the states they operate in
| before making changes is not only foolish but if true
| illustrates a greater sense of recklessness. If you operate
| in Illinois, you should check the laws in Illinois.
| crazygringo wrote:
| But you understand that it's easy to imagine nobody was
| aware of doing "biometric work", and that it's something
| corporate lawyers would easily never be alerted to and
| never become aware of on their own.
|
| Like I said, an IT guy decides to install fingerprint
| access for computer access for franchises nationwide.
| They're not an expert on biometric security, they just
| thought it was a good idea.
|
| As laws go, this one is not exactly common knowledge. Even
| corporate lawyers in a state aren't aware of every statute
| in every area of law -- they have specific areas of
| expertise. Hiring a biometric security lawyer is not
| something you do unless you know you have a reason to, if
| you're just a fast food company. It's not like lawyers
| review every tiny action by every single employee and
| contractor. It's easy to see how things like this slip
| through the cracks.
| vineyardmike wrote:
| The only excuse they have is the fingerprint scanners
| were installed before the law.
|
| If an IT guy is making a change to accessing payroll that
| affects 10k employees... it's corporate lawyer time. I
| would never touch a payroll system or related (eg time
| tracking) without labor lawyers at a minimum. This wasn't
| a casual IT guy plugging a usb fingerprint sensor into a
| computer in the break room of a mom and pop sandwich
| shop. It was across an entire national chain and they
| were _transmitting and storing prints with multiple third
| parties_. They totally had contracts reviewed and lawyers
| involved already.
|
| By now (maybe not in 2008) everyone should know that if
| you touch personal data or god forbid medical/biometric
| at all you should get a privacy lawyer review. It's 2023
| and even Facebook asks for consent. At my previous job
| we'd schedule a lawyer call before started logging new
| data or updating schemas in a database. Only takes 15
| minutes to explain, and a business day for preliminary
| research on the lawyers part.
|
| White Castle started requiring consent in 2018 co-timed
| to when a major employer in the state was sued for the
| using fingerprints for payroll. So someone must be paying
| attention to something, just not soon enough.
| sandworm101 wrote:
| Well, if it met the legal definition for recklessness then
| the leadership would be sued by the shareholders. That isn't
| this. This is reckless as in not-smart rather than per se.
| They will have to pay a price so that lawyers for a thousand
| other companies can walk into the next board meeting to say
| "See, I told you and I was right about that fingerprint thing
| last year!" They will be punished, but the courts will not
| allow this to destroy the company.
| lordnacho wrote:
| How could you buy 23B burgers with $17B? Seems too good to be
| true.
| bell-cot wrote:
| White Castle's reputation is not for large burgers. Nor for
| premium-quality ones.
| pksebben wrote:
| they're so deliciously awful. It's like raw grease with a bit
| of burger-flavored material between pieces of pure carbs made
| zesty with sweet pickle-adjacent pucks.
| rolph wrote:
| do not travel for 72 hrs after eating these things
| Cody_C wrote:
| Can you imagine the founder of White Castle being shown this in
| some quick burst of future vision?
|
| He would have to have his mind blown beyond belief. He was born
| in 1880. https://www.whitecastle.com/about-us/our-history
|
| Gotta say those are some good burgers, regardless of the
| biometrics case.
| Zigurd wrote:
| This raises the question of whether corporate "death penalty"
| verdicts should be enforced. Corporations are just a collection
| of assets, as their management will remind you when they are
| bought and sold (even though they are portrayed as "persons" when
| "speaking" with money).
|
| This is outlier example, but why should any corporation that
| created an environmental disaster not pay what a complete
| liquidation of assets would yield, if that is less than the cost
| of remediation? Asking for a friend in the railroad business.
| scott00 wrote:
| To have a debate about this we really need to add some
| precision to some of your terms. When you talk about "complete
| liquidation of assets" there's sort of two things that come to
| mind, and I'm not 100% sure what you mean.
|
| Option one is what I would call a reorganization: the rights of
| equity holders are terminated, and creditors (which would
| include beneficiaries of civil judgements) get some fraction of
| what they are owed, through a combination of keeping some
| portion of their existing claims, receiving cash received from
| selling new stock, and receiving some amount of new stock.
| Crucially, the business keeps operating when this happens, it's
| really just reorganizing the capital structure, not doing much
| to actual business operations.
|
| Option two is a true liquidation: the business stops operating,
| all of its assets are sold, and the proceeds distributed to
| creditors and then the corporate entity simply ceases to exist.
|
| The original debate about the "corporate death penalty" arose
| from how Arthur Anderson was treated in the wake of the Enron
| scandal. In that case, AA was criminally indicted. A criminal
| conviction is a huge problem for a public accounting firm,
| because convicted felons can't be CPAs or audit public
| companies. Indeed, it was ultimately convicted and barred by
| the SEC from auditing public companies. But it actually
| collapsed far before that, basically immediately after the
| indictment, as all of its clients saw the writing on the wall
| and dropped them. This was an option 2 liquidation.
|
| Personally, I would only consider an option 2 liquidation the
| "corporate death penalty". In the case of your friend in the
| railroad business, it's probably not the socially optimal
| outcome because you would actually get more money for the
| victims through an option 1 reorganization than option 2
| liquidation. In general that's why option 2 should be sparingly
| applied: it reduces the resources available to compensate
| victims, and inflicts collateral damage on employees, vendors,
| and customers who mostly didn't do anything wrong.
|
| In addition to option 1 and option 2, some people also consider
| simply indicting a corporation as the "corporate death penalty"
| because of how in the case of Arthur Anderson, the criminal
| indictment did pretty much immediately cause option 2. I think
| that that position is not really consistent with the facts,
| however. There are at least 54 publicly traded companies that
| received criminal convictions between 2001 and 2010; 37 of them
| were still around in 2013, only 5 failed, and of the 5 it
| doesn't really seem like the conviction had much to do with
| their demise[0].
|
| [0]
| https://scholarship.law.upenn.edu/cgi/viewcontent.cgi?articl...
| Zigurd wrote:
| Just the costs make the human death penalty hard to justify
| as "socially optimal" but it's done anyway, despite even the
| supposed deterrent value being debunked.
|
| In the corporate case it has the positive effect of punishing
| a management structure that allowed/enabled the injury.
| jehb wrote:
| I totally love this idea, and would love to be able to think up
| a way to make it viable. My concern under current law in most
| countries is that it's just going to lead to the proliferation
| of the complicated ownership structures like we see today,
| where the entity operating the assets is completely separate
| (legally) from the entity owning the assets. Imagine a world
| where every train and every track is owned by a separate LLC,
| with complicated usage agreements shared between them, but
| somehow still all owned by a handful of "blameless" holding
| companies.
| Zigurd wrote:
| Tax authorities, and the accountants who file returns, seem
| to navigate that space pretty well.
| donatj wrote:
| This is a weird one to me. To not consent to having your
| fingerprint scanned yet continuously doing so seems questionable.
| To do something for years without issue and then sue long after
| the fact doesn't feel like justice.
|
| It feels to me that providing your print to begin with without
| coercion fulfills consent. I understand that the need to keep
| one's job can be seen as coercion but I am confident the
| percentage of employees that actually objected at the time was
| negligible.
| lumost wrote:
| I strongly disagree. This presumes that the employee is a free
| agent able to decline - this is rarely unambiguously true in
| the US economy, particularly for service workers. Employees may
| also have extremely limited negotiating power and be forced to
| accept a "shrink wrapped" contract.
|
| Reasons the employees might not consent but still go through
| with the fingerprinting.
|
| - Every other employer mysteriously started doing the same
| thing as their owned by the same franchise owner and/or their
| friends.
|
| - There are no other employers.
|
| - You live paycheck to paycheck and can't just quit a job.
|
| - Commuting to a different site would increase your gas bill.
|
| - The extra .25 that BK pays is necessary for you to live.
| DangitBobby wrote:
| That's all speculation and frankly has nothing to do with
| whether White Castle violated the law or the spirit of the
| law. Either way, I can't agree. If everything a potential
| employer requires you to work there is considered to be
| "under duress" then we've got bigger problems on our hands.
| Namely, lots of slaves in the US.
| badrabbit wrote:
| Imagine being in prison and getting raped by some guy in the
| shower yet you keep taking showers. You adapt to hostile
| conditions out of neccesity and helplessness.
|
| That's an extreme, but you get the point. When the law says get
| consent, it clearly means there is none implied by
| participation. Even if the employee signs a paper on their own
| volition granting consent, your inability or refusal to obtain
| that consent makes you a violator of the law because as far as
| you know and can prove in court, your finger print collection
| was being done without you specifically knowing about that
| employee's consent. It is your state of mind and intent that is
| a violation of the law .
| donatj wrote:
| That's just a bad take. No one is forcing you to work at
| White Castle
| badrabbit wrote:
| Coercion was never a factor in the law. Even if you wanted
| your fingerprints taken, you can still sue them for taking
| it without consent. It is a restriction put into place to
| enforce a practice.
|
| Another example would be medicine, even if you took
| medicine knowing possible side effects, the maker of the
| medicine is still culpable if they don't follow FDA rules.
|
| You can't say consent was implied when the law is telling
| you a definition of what viable consent is in a specific
| way. You can't just ignore the law and make excuses or
| blame the employees. On their part, they only have to prove
| that fingerprints were taken and consent was not. If you
| are they can just quit, then the entire point of the law is
| sl they won't have to and instead punish the company.
| nulbyte wrote:
| Extreme, yes, and also a faulty analogy. I don't think White
| Castle took an employee's finger and placed it on the reader
| by force.
| COGlory wrote:
| >It feels to me that providing your print to begin with without
| coercion fulfills consent. I understand that the need to keep
| one's job can be seen as coercion but I am confident the
| percentage of employees that actually objected at the time was
| negligible.
|
| This comes across as a pretty privileged take. For many fast-
| food workers, a few things are true:
|
| * They have no money or other job opportunities
|
| * They have a legal requirement to work (parole, child support,
| rehab)
|
| * The local franchise operator is influential and owns multiple
| franchises
|
| * Already owed pay (and already spent pay) are locked behind
| these barriers
|
| * The average fast food worker doesn't have education or
| resources to challenge them
|
| It absolutely is coercion, and another arm of corporatism.
| donatj wrote:
| This is like the infantilization checklist.
|
| Have I got news for you, poor people are people. They're not
| the hapless imbeciles you make them out to be, they are just
| as capable as you and I, and they have just as much access to
| information as you and I.
|
| We live in a literal world of plenty for unskilled jobs. They
| exist everywhere and they are screaming for workers. We
| literally don't have enough unskilled workers to fulfill the
| need.
|
| If you can work fast food you can work in a shop, you can
| deliver packages. The person who HAS TO work at White Castle
| or they die simply does not exist. Figment of the
| imagination.
| COGlory wrote:
| Way to double down on your biases. I assure you these
| people do exist. Work in a shop? What shop doesn't require
| skills? Deliver packages? Usually need a drivers license,
| no criminal background.
|
| Not everywhere is San Francisco. When you get to rural IL,
| there's not endless jobs. There's hardly any. Many people
| working fast food need the flexible schedule, or can't
| speak English well, or any other of a multitude of other
| reasons. Also, the complaint is from 2008, not this
| temporary strange job market that has recently developed.
|
| If what you say is true, and it's so easy to find gainful
| employment elsewhere, why is anyone working at these places
| to begin with?
| wpietri wrote:
| > We live in a literal world of plenty for unskilled jobs.
|
| Oh? When's the last time you worked a minimum wage job?
|
| > you make them out to be
|
| That is false. The only one making a claim of "hapless
| imbeciles" here is you.
| aardvarkr wrote:
| He's right, you're infantilizing then and removing any
| agency on their behalf. I've worked minimum wage jobs and
| around unskilled labor for half my life and I guarantee
| you that they're people too and can make their own
| decisions.
| wpietri wrote:
| One, I'm not even the person who made those claims. Two,
| I have also worked minimum wage jobs and believe that I
| too am a person with agency. And three, noting that
| people have different levels of privilege is not denying
| them humanity or agency.
|
| Indeed, privilege-based analysis is often used to get
| recognized as human groups that are often treated as less
| than that.
| A4ET8a8uTh0 wrote:
| << They exist everywhere and they are screaming for
| workers.
|
| Eh. I don't really want to make it sound that way, but,
| well, if they are screaming, they are screaming for cheap
| workers.
|
| << This is like the infantilization checklist.
|
| Can you elaborate a little? It is possible that I am
| misunderstanding your point.
| DangitBobby wrote:
| Absolutely. There's 0% these employees weren't consenting to
| fingerprint scans when accessing their paystubs. My question
| is, if they didn't consent to having their fingerprints
| collected, how did they have the fingerprint to begin with? I'm
| not reading anything claiming the employees were held down or
| that prints were secretly pulled off of surfaces. They very
| obviously consented. Below are the law in question and the
| opinion. Dissent is interesting.
|
| 1.
| https://www.ilga.gov/legislation/ilcs/documents/074000140K15...
|
| 2. https://ilcourtsaudio.blob.core.windows.net/antilles-
| resourc...
| autoexec wrote:
| My question is what would happen to an employee who refused
| (as I would) to the collection of their fingerprints. If
| they'd lose their job, that'd mean they were being subject to
| coercion and consent was not given.
| advisedwang wrote:
| > To do something for years without issue and then sue long
| after the fact doesn't feel like justice.
|
| Perhaps the person didn't know Illinois had a biometric privacy
| law? Imagine you're company has been making you do something
| you hate for years, then you discover it's illegal. You'd
| absolutely want to sue, and to have lost that right because you
| waited is unjustified.
| wpietri wrote:
| >providing your print to begin with without coercion fulfills
| consent
|
| Informed consent? Absolutely not. People here are arguing that
| the poor white collar employees and execs of White Castle
| couldn't possibly be expected to understand the nuances of
| installing fingerprint readers. So how could minimum wage
| workers, many of them minors, be expected to understand the
| issues at play?
| tantalor wrote:
| > involves the use of workers' fingerprints to access pay stubs
| and company computers
|
| Maybe: requiring fingerprint to access your pay is effectively
| coercion.
| donatj wrote:
| Pay stub, not pay. Very different things
| NoZebra120vClip wrote:
| If these employees are receiving any sort of public
| benefit, or become involved in some legal claim, or
| basically just need to prove their income to someone, they
| will absolutely require pay stubs. If they're not able to
| come up with proof of income, they could be denied
| Medicaid, Social Security, Section 8 housing assistance,
| SNAP "food stamps", WIC, TANF, or all sorts of other
| benefits that they would be entitled to, if only they could
| prove that they're earning a legitimate income from their
| employer who is required to provide pay stubs in an
| accessible fashion (they used to be simply attached to the
| paper check, or mailed via postal service; how complicated
| was that?)
| wpietri wrote:
| Given the rampant level of wage theft in this country, not
| so different at all.
| [deleted]
| anonymousiam wrote:
| So they implemented the fingerprint system in 2004, but the
| biometric law was enacted in 2008. Yeah, suddenly they were
| breaking the new law, but whose job was it to continuously
| monitor all the state/local laws and ensure compliance? Not every
| business gets this right and they should not be severely punished
| when behavior that had been legal for years suddenly became
| illegal. Obviously White Castle did not intentionally violate the
| 2008 law when they implemented the system in 2004.
| jahewson wrote:
| > whose job was it to continuously monitor all the state/local
| laws and ensure compliance
|
| For a company over 100 years old with 10,000 employees? I
| suspect the answer is _their compliance department_.
| wonderwonder wrote:
| Waiting for the inevitable follow up story where the company has
| been sharing the data with law enforcement.
___________________________________________________________________
(page generated 2023-02-18 23:02 UTC)