Reading Time: 4 Minutes

The content on this website is strictly the property of Insight and the Students’ Gymkhana IIT Bombay. If you wish to reproduce any content herein, please contact us:
Chief Editors: Rishabh Israni, Chintan Savla

After a news report in 2011, of an IITB classroom showing a mere 8-10 students attending the class was published, the Biometric System was developed to tackle this possible tarnishing of reputation of an otherwise reality. In order to eliminate the need for the professor to manually maintain an attendance record for every class and thereby spend their valuable time in doing so, the concept of biometric attendance was put in place. The software and the hardware of this system were developed entirely through the work of IITB officials. Interestingly, this made IITB the first institute in India to have a biometric data system for purpose of attendance. Propelled by its success, perhaps, the UGC mandated all college campuses to have a similar system, later in 2015.

Even though this was started initially for undergraduate students, it wasn’t just limited to them. The system of biometric attendance has also been used for Post-Graduate students to mark their attendances in order to get their scholarships and salaries. A Principal Investigator of a project can also use this to take attendance of other members involved. This can further be used for attendance of temporary staff members in the campus. For students, attendance can be taken and recorded even before the they are officially registered for courses. The scheme of attendance can be tuned as per the needs of professors and students. The basic aim behind developing the entire system was to account for such variations in academic proceedings.

With multiple details cropping up about Aadhar in the recent times, it seems reasonably fair to examine how secure the biometric details submitted by every student in the institute are. The biometric data is stored under high security in an encrypted format. Furthermore, access to this sensitive environment is severely curtailed. So much so that even the officials involved in its functioning are expected to handle such information in the same encrypted format. Measures are taken to ensure that unauthorised members are not made privy to such sensitive particulars entirely. When in use, the input provided by the student’s card is expected to match with their fingerprints in order for the reader to report attendance of the card holder. What this effectively ensures is that every student carries, with themselves, the details of their thumb-prints through their card, which can only be “accessed” with the ASC monitored reading devices. When the student formally exits their stay in the campus, they are not expected to submit their ID cards back as the cards are dated and their validity is nulled automatically. In cases where a third party might get hold of a student’s ID card, the nature of encryption would make it impossibly hard to decrypt the details within. Impressively, all these measures along with the regulations laid down for the system’s functioning help it qualify as an ISO standard.

One might question, “Is it mandatory for students to submit their biometric details in this fashion?” And to that, there is no straight answer. Providing Attendance is mandatory. Hence, if the professor chooses to mark attendance by way of the ID cards, then in effect, it is expected that the students oblige and obtain a ID card for that purpose. Legally speaking, under the Information Tech Act, 2000, no organisation can force its members to submit their Biometric details, usually onto a centralised server. And even if they are collected, voluntarily of course, then the responsibility of protection and maintenance its security falls on the organisation as biometrics are deemed as sensitive data. With the aforementioned checks in place, the ASC Administration certainly does its part in protecting the identity of its students.

At times, interesting cases come out when enforcing the biometric system. Some students’ thumbprints don’t work. This has to do with the lack of fingerprint ridges or their amplified sweat gland response. In those cases, the card is issued, nevertheless. However, the student at the time of attendance, will not be expected to punch in their thumbprints into the readers. Instead a mere waving of the ID card would suffice. Ironically, these cases form the best examples of proxy attendances wherein the student is not expected to be physically present to mark theirs. All that is required are their ID cards and a willing friend, perhaps. This goes without saying that it is not encouraged to use such an aspect of its technicality for academic dishonesty.

Remarkably, there is a time infrastructure incorporated within the reader devices to ensure that they run on the right time. This, as expected, can be a critical aspect in those cases where the attendance is marked at the last moment. In order to guarantee that the reader devices installed all over the academic block see same time, the system works with a built in self-correcting function. If, due to a malfunction, a clock starts ticking faster then it is automatically re-adjusted to maintain the right time as agreed upon everywhere else.

Access control in Department buildings however doesn’t necessarily run on this same ASC Biometric system. The most telling evidence of this difference is in the reader designs as they are installed outside department rooms as compared to the ones in lecture halls. The Office of ASC does not ensure any form of overseeing or monitoring in those settings. The biometric system installed in the departments are independent and not part of the central structure. Due to the difference in the principle of working, the data of the fingerprint may actually be stored on local servers as images, without appropriate encryption and security. This, in most general cases, is maintained by the computer laboratory in-charge, not necessarily the department officials. This unfortunately, leaves the possibility of the thumbprint data being accessible to a third party, if not maintained securely. In the worst of cases, they can even be illicitly downloaded from the server and consequently the degree of malfeasance, on the part of the downloader, may determine the extent of their misuse. There is an exception however, the department of Computer Sciences is using the same ID card to regulate entry into certain rooms in its building. Because, the ASC system is better managed the chances of misuse diminish drastically.

The ID cards have been designed to serve other functions as well, as a mark of a well thought through initiative when started back in 2011. The cards may also function as Cash Cards allowing the user to make transactions using the money stored onto them. This system, as can be imagined, could be applied all throughout the campus. Besides that, they would also be able to function as Library Cards. Even though these measures haven’t been put in place, the possibility still exists and can be initiated when required.