The Russian state authorities have finally admitted that they are planning to launch a face recognition system in the country’s schools after repeatedly denying the relevant rumors in recent months. The plan is based on the coordination between the Department of Information Technology and that of Education and Science to introduce the facial recognition systems in Moscow schools first. From a legal perspective, there should be no problems with the implementation since the capital already has regulations on collecting biometrics in place, so everything will be dealt with through an expansion.
The incident that got the ball rolling was a tragedy in Kazan where children got killed during a school shooting. The government initiative is supposed to reduce the risk of this happening again and make children and their parents feel safe again. However, the connection between facial recognition and the possibility of carrying a gun on the school bag is obscure, to say the least, so the Kazan incident appears like a mere excuse to roll out a mass surveillance system.
Teachers are unlikely to object to the system even if they would have their faces scanned every morning, but not all parents are equally acceptive of the state’s plans. As Ilona Menkova, the head of the Parents of Moscow organization, stated on local media that the danger of the collected biometric data falling in the hands of hackers or unauthorized entities is always there, and the risks outweigh the alleged advantages. No one can guarantee the safety of the data, and if something bad happens, which should be only a matter of time, the exposed children would carry the compromise for their entire lives. You can’t reset biometric data.
To those concerns, the state answers that while Moscow has a lax regulatory context regarding digital technologies, the collection and storage of biometric data is very strictly regulated. All data will be stored in processing centers that are certified by FSTEC and then encrypted with strong algorithms so that they can’t be read even in the case of a data breach.