If your gym wants to use your fingerprints as a biometric identifier to save you the trouble of carrying a membership card, is this a good thing? It's a topic of some debate in the Golden State and beyond.

This week at my 24-Hour Fitness club in Silicon Valley, I noticed the installation of fingerprint scanners at the front desk. A day or so later, they began asking patrons who signed in to allow the scanners to record biometric images of their right and left index fingers. It's all part of the giant gym chain's national cardless check-in program, designed to eliminate the need for members to carry gym cards and make it easier for them to validate their identities.

When biometrics get down to the local gym, however, serious questions must be raised. Your biometric identifiers are immutable and, once stored on a computer, impossible to take back. So if the 24-Hour Fitness database gets hacked and some enterprising Black Hat team of computer experts makes off with this sensitive information, many people could forever lose control of this permanent identification marker. Of course, you could scrape off your fingerprints and replace them with new ones. (This is probably possible). But that's getting a little too close to Total Recall for my taste.

A Whole New Level of Identity Theft


As we all know too well, once something is digitized and in a computer we don't control, it's safe to assume that piece of information will exist forever somewhere in the world on someone's computer. The New York Times Magazine recently ran an article about how the Internet has made it virtually impossible for people to reinvent themselves or to escape from past judgments and circumstances. And The Wall Street Journal detailed the emergence of information exchanges where Web publishers install tracking software on the computers of unsuspecting visitors, track their movements across the Web and sell that information to the highest bidder. Further, its well known that underground marketplaces exist for stolen social security numbers and credit cards. Those problems are painful for identity theft victims, but can largely be addressed: You can always change an account number. Stolen fingerprint metrics, however, would be far harder to resolve.

To be sure, 24-Hour Fitness does not mandate fingerprint scanning. And its technology partner claims to have put in place rock-solid security procedures. In fact, they make the totally plausible claim that your fingerprint image is not stored at all -- that the record is just a jumble of numbers tied to your name. Those numbers are put through an algorithm to obscure the original digit, making it impossible to recreate the original biometric fingerprint map. From the 24-Hour Fitness website:

"We've partnered with MorphoTrak, a leader in the biometric industry, to develop this convenient new way to check in to our clubs. By scanning your finger, we chart the distance between a few distinct points that are unique to you and come up with an identifying number based on those distances. We do not store a fingerprint, nor can the data we store be re-created into a fingerprint image."

My reaction to this is that its never impossible to crack a code or an algorithm. More importantly, we need to think very hard before we start adopting biometrics to solve trivial problems like making entry to a health club easier. To date, biometrics have largely been used to applications that truly require high security, such as banking or military matters. As that starts to change, identity theft could take on a whole new and more troublesome meaning. Biometric hackers have already demonstrated that fingerprints can be faked or distorted. When these types of biometrics become more ubiquitous, rest assured, someone will find a way to use them for questionable ends.

Increase your money and finance knowledge from home

Finding Stock Ideas

Learn to do your research and find investments.

View Course »

How to Buy a Car

How to get the best deal and buy a car with confidence.

View Course »

Add a Comment

*0 / 3000 Character Maximum

87 Comments

Filter by:
ycplum

If this system actually "stored an image" of your fingerprint, I would be against it, just like I would be against them "storing a sample of DNA". However, this technology does nothing of the kind. Therefore all this paranoia is moot. I'm starting to think that people simple "enjoy" being paranoid, loudly protesting a self delusional threat for self empowerment.

August 25 2010 at 9:29 AM Report abuse rate up rate down Reply
okinadao

You really think you're so special as to have someone be motivated enough to "steal" your fingerprints? To what end could they use this information? Honestly.... Stupid.

August 25 2010 at 5:10 AM Report abuse rate up rate down Reply
BERNARD

To Purleyaddicted, You're sick!

August 25 2010 at 2:54 AM Report abuse rate up rate down Reply
crumshar

I am a member of 24 hour....it's no hassle...

August 25 2010 at 1:35 AM Report abuse rate up rate down Reply
Kingofhearts1287

People are always trying to fix what isn't broken... Too reliant on technology, no wonder we're spiraling downhill...

August 24 2010 at 11:14 PM Report abuse +3 rate up rate down Reply
richar5795

Would you allow them to take your DNA? How far as an individual would you allow a third party (excluding applications for jobs that require it, or medical information) to take personal data from your body for identification purposes? As our society grows more techinical, and identity theft gets more advanced, each of us will at one time or another face this question. The answer...I truly do not know.

August 24 2010 at 11:09 PM Report abuse +3 rate up rate down Reply
Daddy

how stupid is that? fingerprints to go to the gym? no wonder those clowns charge so much for memberships there is enough eletronic crap out there now, too many ways for someone to steal your ID Id refuse to give them the scans, I mean how difficult is it to show a card? I bet the gym is looking for ways to eliminate humans to save money

August 24 2010 at 10:09 PM Report abuse +1 rate up rate down Reply
purleyaddicted

Where I work we clock in/out with the whole hand. This is nothing new. This system stops from aunt cindy, uncle randy, sister tammy and bff from using a card to secretly getting in places. Thumbs up! Now police need this so when you get a ticket, instead of asking for your DL, or ID, they can ask for your print. The DMV, police station should make this force able to every American. It would stop the above fraud I mentioned. and may catch criminals on the run. And every applacaon you fill out should require it. Without a fingerprint on any piece of paper will be rejected. If you have any problems with this then you must have something to hide.

August 24 2010 at 8:52 PM Report abuse -3 rate up rate down Reply
1 reply to purleyaddicted's comment
dan22601

So what use are your fingerprints to anyone else anyway? What are they going to clone just your finger for use against you later? I mean I understand privacy and I also understand insanity. This story goes to both, if you don't want 24/7 access then only go when the gym is properly staffed otherwise give up the print to get the access you want. Seems pretty simple to me and the paranoia is thick enough to smell.

August 24 2010 at 8:31 PM Report abuse -2 rate up rate down Reply
HAPPY

They are finger printing at my church I go to at choir practice, every Wed. rehearsal and Sundays to sing at service. As llong they keep it for church records.

August 24 2010 at 7:39 PM Report abuse -5 rate up rate down Reply