Date | November 2019 | Marks available | 2 | Reference code | 19N.1.SL.TZ0.1 |
Level | SL | Paper | 1 | Time zone | no time zone |
Command term | Identify | Question number | 1 | Adapted from | N/A |
Question
Biometric authorization
Bright Creativa is an advertising company with approximately 100 employees, all of whom work in their head office in Seattle, USA. The company has decided to introduce a biometric authorization system using fingerprint scanners (see Figure 1). This enables the employees to gain access to the company’s resources, such as entering the building, logging on to the company network and even purchasing items from the company café.
Figure 1: An employee using biometric authorization to access the office at Bright Creativa
[Source: adapted image (recoloured) “Fingerprint scanner in Tel Aviv” by David Shankbone (https://commons.wikimedia.org/).
Under copyright and creative commons licence 3.0 (https://creativecommons.org/licenses/by/3.0/).]
The authorization system is linked to the company database. The employee’s identification number (employee ID) is the primary key field in the Employee table, which stores their personal details. The company database includes other tables that store data on when they access the building, the frequency that they log on to the network and the items they purchase from the café. Some employees are concerned about the increased level of surveillance within the company, but the company has reassured these employees that a privacy policy has been developed.
Identify two other forms of biometric data Bright Creativa could collect.
Identify two characteristics of a relational database.
Identify two methods that could be used to ensure that the data input to the database is accurate.
As part of the implementation of the biometric authorization system, Bright Creativa has written a privacy policy.
Explain three features that Bright Creativa would need to include in a privacy policy linked to the company’s biometric authorization system.
To what extent are the benefits of employees’ improved access to company resources outweighed by their concerns about the level of surveillance by the company?
Markscheme
Answers may include:
- Facial
- Iris / retina
- Voice
Award [1] for identifying each other form of biometric data up to maximum of [2].
Answers may include:
- More than one linked table/entity
- Primary key fields linked to foreign key fields
- Each record is unique
- Eliminates data redundancy
- Is a smaller file than a flat-file database
Award [1] for identifying each characteristic of a relational database up to maximum of [2].
Answers may include:
- Validation
- Verification
Award [1] for identifying each method that can be used to ensure the data added into the database is accurate up to maximum of [2].
Answers may include:
- The privacy policy will need to be easily understood/transparent…
- so employees are able to understand how their data will be collected and stored or who it may be shared with.
- The privacy policy must explain what data is being collected about them…
- and this data is intended to be used by the company.
- The privacy policy will need to explain that data will only be stored for as long as necessary / for the length of time the employee is with the company…
- and that appropriate measures have been taken to safeguard it from unauthorized access.
- If a data breach occurs, i.e., the data is compromised or stolen…
- the company must inform the users immediately.
Award [1] for identifying a feature that Bright Creativa would need to include in a privacy policy and [1] for explaining why that feature should be included up to a maximum of [2].
Mark as [2] + [2] + [2].
Answers may include:
Advantages to the employee:
- Convenience, such as no need to carry ID cards to unlock doors (systems).
- There is no need to remember passwords to log on to the network, or to continuously change the password (systems).
- It is likely to be more secure than relying on authentication techniques like a username and password, as it is harder to forge a fingerprint than remember a password (systems).
- It may provide quicker access to resources.
- Employees don’t need to carry cash to buy items from the café.
Concerns of the employee:
- Their performance could be monitored and performance ratings based on information provided by the system (system, values).
- Monitoring may become covert surveillance, which may be unethical, especially if the employees are not aware of the ways in which the information is used (values).
- Purchases are tracked and judgements might be made about them, e.g., what foods they purchase (values).
- The fingerprints may not always be reliable, for example if the employee cuts the finger that is used for biometric authentication, which means that a resource may not be accessible (values).
- Logging on to each resource using biometric identification may be time-consuming and lead to inefficient working practices (systems).
In part (c) of this question it is expected there will be a balance between the terminology related to digital systems and the terminology related to social and ethical impacts.
Keywords: economic, security, privacy, monitoring, surveillance, access, productivity, trust, transparency, change, power, systems, values, ethics
Refer to SL/HL paper 1, part c markbands when awarding marks. These can be found under the "Your tests" tab > supplemental materials > Digital society markbands and guidance document.