W ell, Luzerne County spends $700,000 for a sophisticated biometric time clock system that verifies a person actually checked in by scanning fingerprints, and finds out the system can be duped with a gimmick any fifth-grader would have tried just for the heck of it.
Kudos to County Controller Walter Griffith for following up on a tip and bringing this flaw to the attention of administration and the public. According to Times Leader staff writer Jennifer Learn Andes, Griffith learned – and demonstrated – that employee A could enter his or her employee code, have a finger scanned, and then immediately punch in the code for an absent employee B and proffer the same finger that was just scanned. If done quickly enough, the system decides employee B was present.
The question now is how to fix it, but frankly, that should be no question at all. If an internal investigation by County Manager Robert Lawton confirms the problem, the supplier – Kronos Inc. based in Chelmsford, Mass. – should fix the glitch or refund county money.
The point of a biometric time clock is to make precisely this sort of thing all but impossible. Sure, there's always some way to outwit the most sophisticated technology, but it should involve something equally sophisticated – carefully constructed fake fingertips, or an amazingly clever gizmo a la all those spy movies. Who would believe James Bond could enter the super-secret vault by simply being quick with a stolen code entry?
And surely Kronos would want to fix this. One assumes that publicity about such a low-tech flaw in their high-tech system could cripple business. Who would buy the product once they learned it can be as ineffective as an antique time clock that stamps an employee card?
In fact, Kronos may want to contact Lawton prior to completion of his investigation to clear up this issue as quickly as possible – before, say, more articles and editorials about the apparent flaw pop up when someone Googles Kronos.