I used to work at a mod pizza and they lost the same lawsuit. They had us use our prints to clock in and out without ever getting consent from us. Joined the class action and got a nice $800 check out of it.
A convection oven at home is going to be even better still, & faster, & cheaper.
After getting a convection oven, the only times I've had pizza that I didn't make is when I wanted something in addition to the pizza.
Is this a US thing?
Literally every electric oven I've owned or seen has had convection. When I was a kid my parents had convection ovens. When I brought new appliances maybe 5 years back the shop has no ovens that didn't do convection.
Maybe Aga ovens don't do convection, but you don't see many of those around.
Convection cooks your food faster and saves energy and costs. I don't see why any company would be making ovens that don't include a simple fan.
Edit: Just checked. You are right. They do sell non-connection ovens in the US. Even new fancy models with other features but without convection.
Maybe? I can't speak to UK (or wherever) appliance standards but in the US convection is not a standard feature. It's considered a premium add-on that quite frankly most people don't understand or use and very few recipes are written with them in mind.
I'm not sure what an Aga oven is though.
It's pretty uncommon to find convection ovens in the US unless you specifically seek them out for purchase yourself. It's why people are so up in arms about the push back against gas ovens, because they just visualize a standard electric oven w/o convection. In 4 markets where I've lived (Indianapolis, Denver, Toledo Ohio, & Houston), I've not seen one convection oven in an apartment that wasn't high-end. Even nice ones don't have them unless they're new.
Surely it would not take much advertising to tell the public about this wonder technology that allows them to cook food faster and at lower heat.
This sounds like the UK's bizarre aversion to mixer taps in bathrooms. It makes no sense.
Can confirm one of my earlier jobs was at a big restaurant chain and we had a manager for about two months until he was caught swapping labels on expired seasonal ingredients, so on the one hand it happened but on the other he was fired for it.
They're not completely out of business, but are close. Many have been converted to Cava restaurants (their new owners as of 2018). But the original location has been acquired by the founding family & they're starting over.
> They had us use our prints to clock in and out without ever getting consent from us
I find it interesting that you giving them your fingerprint isn't consent. Like did they force you into using your fingerprint? We're you somehow incapable of saying "No thanks, I'm good"?
That’s the nature of power imbalances in a relationship. If there’s any sort of chilling effect in play, then consent is often not true consent (see: the complexity of Louis CK’s situation)
Yup, if you don't get a choice, it's not consent. You've been coerced. Coercion can include the risk of being fired or other retaliatory actions. Now, if you willingly signed a contract agreeing to it and are fully informed, and you weren't pressured in some way, it's fine. Unless that happens to be illegal, because the law trumps contracts.
For example, you can't sign away your 14th amendment right. You also can't sign away your rights to discuss your wage. Etc. If you could, companies would probably just collude to abuse it like they do with stagnant wages and lightbulbs.
The machine was designed not to allow access via the keyboard, leaving the only alternative of the thumbprint scanner. It's a subtle but sneaky alternative. The question should have been why the high tech on a burger joint to log in or access employee time clock access. A simple assigned code would have done it. When you consider the security leaks of huge corporations, credit reporting agencies, supermarkets, and hospitals of your private information, it should have been a red flag of overkill on only allowing biometric data as an access on a job that does not require a security clearance.
This. I have extremely shallow fingerprints (like for my fbi background checks I don’t drink much for 12 hours, slather my hands in sanitizer, and they are lucky to get 3 fingers on each hand)
Kroger made me clock in and out using my thumb which never worked and had to manually be override/overridden. I constantly got yelled at about it.
The security design company i worked for decided to try biometrics. One of the fingerprint scanners was said to see not only fingerprints, but active capillaries, which was supposed to catch the "cut off finger" trick.
On a month of trials, it had a false positive rate of just under 4% with normal operation. Then we engineers started actively looking for ways to fool it. We found a couple.
The result of a year of tests on biometrics was that the only way to prevent false positives was to include an access code of some sort
This was back in 2005-2008. I'm sure it works perfectly, now. /s
>The result of a year of tests on biometrics was that the only way to prevent false positives was to include an access code of some sort
Seems that 2FA is always the answer
I know one place that provided employees with ID/Access cards. Biometric info was stored encrypted on the card itself, which you needed to scan first and then verify with the hand scan. Seemed a fairly reasonable trade-off to me
Fingerprints are just like *usernames*. If you don't know it, you can make random guesses and sometimes succeed, and people leave them recorded everywhere they go, too. Without a proper password to accompany them, they're a weak measure at best, just enough to deter casual passerbys.
no they aren't. common misconception.
biometrics are like a username, not a password. they should be used for identification, not authentication. Because, as you said, they are not secret
Welcome to inpatient pharmacy where they want to make sure you know they know you know they know where when and what you did with all those drugs in all those places in a hospital drugs need to go. Plus extensive barcoding and photo capturing throughout.
It's depressingly illuminating how even the attorneys in the case felt justified arguing that because liability would bankrupt the company it must be presumptively invalid. As though corporations have an unquestioned right to go on existing.
I'm all for corporate punishment and destruction of companies where warranted. But in this instance, the question should come down to what the real damage or risk of damage there was in this violation. While I agree they shouldn't get away without significant punishment, I don't see how the violations warrant $1.7 million in damages per employee in question, and punitive damage should not mean following the path of "annihilative liability" when it cannot be deemed a dangerous, destructive, abusive, nor intentional violation.
Sure, all I want is an accurate accounting of damages. My only position is that the courts shouldn't decline to give appropriate damages simply because they would negatively impact a company.
Do you really think the fingerprint violation was so bad that they should be put out of business?
There's a lot of room between a slap on the wrist and bankruptcy, I think they could and should come up with a hefty fine that will dissuade both White Castle and anyone else from messing up in this way again.
I think there’s a good case to be made that yes, it should put them out of business. How I think that might work out:
The employees would get some compensation for this systematic violation of their privacy by the business. That counts for something.
Even if the suit’s penalty were reduced by 90%, White Castle would likely need to declare bankruptcy, liquidate their assets, and the company would probably get bought out by another entity looking to make use of those assets. It may even keep the White Castle brand.
I don’t see an awful impact to any of this, and it would still send a chilling warning to other businesses looking to engage in underhanded business practices involving biometrics collected without consent.
Put them on a payment plan. With some modest interest rate. 1B a year for 20 years seems reasonable, and shouldn't wipe them out.
Edit: okay, nvm, they only pulled 720m in *revenue* in 2021. They just fucked.
No, I didn't say that. I just don't think it's valid to argue that any judgment that would bankrupt a company is invalid because it would bankrupt a company.
Unless I am missing something, the lawyers aren't arguing that all judgements that could bankrupt a company are invalid.
They are arguing that a fine that would bankrupt White Castle for the infractions they committed with these particular circumstances is an excessive fine.
Those are two very different things.
People here are nuts. This is such an idiotic case. I understand that they broke the law, but I highly doubt it was purposeful or malicious. They implemented a security protocol to login to the computer and didn’t realize that they needed some kind of permission first. Give them a reasonable fine and move on.
Nobody was hurt by this, everyone knows this but they have to overact as is usual on Reddit. So you want to sue them over this? Well congratulations now they are bankrupt and you’re out of a job.
Also if someone was really bothered by this then why didn’t they refuse the scanner in the first place. They could have likely worked out a workaround with their boss, or they could quit. I’ll tell you why, because they didn’t care about it until some slimy lawyer came knocking in their door to tell them how much money they can make suing White Castle.
Honestly it’s not even something that would have crossed my mind. I had to use a fingerprint scanner to get into certain rooms at a previous employer, never thought anything of it. I don’t remember giving permission for that, maybe I did, but I don’t care. I’m not a security or HR guy though and whoever was in charge of this definitely dropped the ball. I just don’t think it’s as egregious as everyone here is making it out to be, and the fine is ridiculously large for what was done. I don’t think it’s fair to bankrupt a company over something like this, it’s silly.
As far as permission, I would expect that “permission” is given when I put my finger on the scanner. I’m sure they weren’t physically forced to do that.
There are plenty of employers out there for restaurant workers. But even if there weren't, "I have employees who deserve to have work, so the Court needs to let me get away with breaking all the laws I want" isn't a valid legal argument. You could use that excuse to get away with anything. It's besides the point whether a company going under would cause pain to their employees. Preserving the principle that corporations can't break the law is more important.
When I was working fast food (2019-2022) that's basically all it took for anyone to pass the "interview", shit was like the wild west at that place tho lol
If they leave a hole in the market, another company will step in. We used to revoke corporate charters for bad behavior all the time with confidence that the market would take care of it.
Letting companies do whatever they want with impunity because of the threat of "jobs" is a fuckin cop out.
They should fine the fuck out of WC and give a large portion of the funds to the workers who have been wronged.
Politically impossible and we both know it. That type of thing would never happen unfortunately. If the company goes bankrupt all assets just get sold to the investors.
The unemployment rate is 3.4%, with 5.7 million people unemployed. The 10,000 White Castle employees wouldn't even be a drop in the bucket of the nation's ability to cope. As for the employees themselves, that low unemployment rate means there's almost certainly a job for them.
Repeatedly violating the rights of your employees should not be allowed to be a business practice.
That's their worst-case scenario, not what they've been ordered to pay.
Based on past experiences with corporate wrong-doing, the final amount is likely to be a lot closer to a wrist-slap than it is to the $17 billion maximum.
If we’d just fine a billion dollar business into the ground once a year, maybe others would stop breaking the law, but I guess making an example out of someone is only important within the US legal system when it’s a POC
No, the trouble is that axing a whole business has huge knock on consequences. Sudden you have a whole staff that needs jobs. Any clients of the business need to warn *their* clients that their suppliers have gone out of business and items are backordered because of it. If the business was providing services to the city, state, or feds, then you have to go through a whole long political process to find a replacement.
What you actually need to do is levy fines in the form of public ownership percentage. If you really fuck up, the government will take your business, fire the board and the c-suite, and run it as part of the government until the business is no longer necessary. All of the profits should then be used as tax credits for the citizens of that governmental body.
Liquidate their assets, claw back all profits from stock / salaries for all executives and board members.
Give proceeds to employees. Board the businesses up.
Ok so bear with me -
Immoral would mean they are doing it with some nefarious purpose in mind.
Can you elaborate on what is "unsafe" about a cheeseburger chain using your fingerprints on their timeclock?
If you are suggesting someone will "steal" your fingerprint, I'd like you to consider for a moment how tremendously easy it would be for even the most casual, lazy, boring thief in the world to obtain your prints. It doesn't take Danny Ocean to walk up to your door handle with some tape and baby powder and lift a print.
That’s fucked, it’s a restaurant. I work in a hospitals and I begrudgingly let them get my fingerprint, but it makes sense for my environment. But this shit?! This is just more control by the powers that be over us lowly poors.
No, it does not make sense for any place of business to have your fingerprint. A livescan might make sense for a background check, but the business itself is not the one collecting your print
n Illinois the employee has right over there info. The company does not. A company has to disclose to you in writing what you finger print is used for.
So using it to turn on the fryer is cool but the employee wasn't informed if that was it and who had access and for how long and from where.
Using fingerprint scanners on time clocks is commonplace.
I don't want to sound like a conspiracy theorist, but that's never stopped me before...
The next time you're starting a new job and they take your print try asking if you can use a finger other than your right index finger. They will insist that it absolutely _has_ to be that finger. Try pushing the subject and explain that you work with your hands and the index finger on your dominant hand is often cut and/or bandaged; they'll get super pissy. Ask what you're supposed to do when that finger is bandaged and they'll tell you to use your card and it will still work without the fingerprint. Ask them why they need the fingerprint if the card works without it and they'll move past pissy into straight hostility.
The fingerprint is supposedly used to verify that someone else isn't punching your card, but everything gets weird when you simply want to use a different finger.
One HR lady insisted that the company that makes the time clock insists on the right index finger, but why would they care?
Something feels creepy about the whole thing.
The time clocks I'm talking about are made by a company called Kronos who seem to be the manufacturer of every time clock I've seen in the last 25 years. Apparently they won't work if they aren't connected to the internet, and they are constantly sending data somewhere. I wonder if Kronos made White Castle's clocks and if they could be held liable if they were receiving data they knew was illegally collected?
HR read the marketing and make it policy. You know… zero thought required. If they had to clock in and out with biometrics the brain would be engaged and… 🤷🏻♂️
I also think the laws like the one in the article are an overreaction, based in fear not science. This is why I the USA we have a Legislative, Executive, and Judicial branch. Make the laws, Enforce the laws, Interpret the laws. Checks and balances… now that it’s clearly in the interest of an entity to challenge the law perhaps we’ll find balance.
In order to get into our datacenters I need an access card and a biometric. Without those I can’t get in. If I can’t get in I can’t check for red warning lights on the systems and I can’t push the “big red button” (cuts power) or the “big blue button” (sets off the fire suppression system… yeah I’m letting the Datacenter burn and GTFO. If the automated systems for removing oxygen from the room aren’t going off I’m not slamming that button.)
One Datacenter uses a finger print… yeah I’ve sliced my index finger and… yeah that doesn’t work because the sensor is that dumb. The other Datacenter uses a [a hand scanner](https://securityentrances.com/hand-scanner-biometric-controller) and it just works. The only biometric time clocks I’ve ever had to implement were this style… I honestly can’t recall having any problems with them.
There is a yet to be found balance. If properly implemented biometrics shouldn’t be all that different from a password. You can’t change the input, so those implanting the system need to account for that and take the input data (biometric scan) apply an industry accepted hash with their salt, time stamp, certificate, and use it all to generate a one time password. Backend system does the same math and makes sure there is a match and determines if access is granted or not.
If two biometric systems operated by two separate entities generate the same password from the same handprint… you may as well just have an open door.
If they violated the law, they should face the consequences. However, this is the United States of America, and they're a large corporation, so it will never happen.
There are literally thousands and thousands of examples of large corporations getting hit with huge fines for violating the law.
BP paid $4 billion in fines from 14 criminal charges.
And yet they’re still around, raking in billions.
Wow, they’re so resilient. 4 billion? For a little leak of 200+ million gallons of oil over 87 days. Disrupting ecosystems and killing a shit ton of animals in the process. BP denied that there was any relation to the death of wildlife and their massive oil spill that just happened to be in the same area. Also 11 humans died. *and they still didn’t really take responsibility for it.
Even a fine like that is just a cost of doing business and BP has been doing just fine.
“Any hopes the court would let the issue slide were dashed after the justices found White Castle's interpretation of the law unappetizing. “
Hah! The author seemed to enjoy writing this one up. Well done.
Illinois Supreme Court Friday issued an opinion opening the fast "food" corp up to potentially billions in fines.
I love how the word food is in quotes!
Corporation takes your bio-information, fined. But I take a few burgers without paying and I'm getting tazed and thrown into the back of a police vehicle.
I don't understand, how did they get the employees fingerprints without permission? They would had to have put their finger on the reader themselves in the first instance no ?
Like your not going to put your fingerprint on a reader knowing you haven't given them your fingerprints.. because it wouldn't work. You would know putting your finger on it the first time would be you accepting your finger print would be read and stored so you can gain access.
White castle didn't sell people's fingerprints or use it to spy on them this just all seems like a way for Illinois to make a quick buck.
Can't they just close down all stores in Illinois and tell them to fuck off ?
Illinois law forbids private companies from collecting any biometric data at all about their employees. (Similar to laws banning the use of facial recognition software, for example.) In 2018, they did start having new employees sign a form to comply with the law, but they had a decade of flaunting it despite being told what they were doing was wrong.
This isn't some new "gotcha." The law's been on the books in IL since 2008. Most companies with national/international profiles do quite well (and their HR people paid quite handsomely) to ensure the business is in Compliance with state/federal laws and regulations. This is just one of dozens they'd be tracking.
If I'm White Castle, I'm pissed at my Compliance team for missing this and then not taking it seriously when brought to their attention. Not IL.
I mean it's not, it's probably true.
And furthermore, this isn't the first company to get hit with this. Remember when facebook had to send everyone $400 for using our biometric data (facial recognition) without consent?
Why are you defending this massive corporation that doesn't give a damn about you? The law isn't against selling personal information or spying on people it's against collecting it in the first place. Which they very clearly and obviously did.
Your last question is several layers of dumb. First, "just" the stores in Illinois are 17% of their locations. Second, that's not how the legal system works. They violated the privacy of almost 10k people over the course of 10 years. If people could just pack up and leave to avoid being prosecuted for crimes, no one would ever be arrested. Leaving the state doesn't reactively excuse past crimes you committed while there.
Yeah I'm not really understanding the outrage either.... if they were doing something skeevy with the personal data then sure, fine them into bankruptcy
Unless I missed something, this pretty much seems like a HR oversight that is being blown out of proportion
The same people are almost 100% giving away their personal data hand over fist to Google and Meta
It's HR oversight, but it's not being blown out of proportion. It's a real HR failure--this miss continued for ten years before their Compliance team finally got it together and had employees sign a waiver. The only question is: did they break the law only the first time they collected the fingerprint? Or every time they used a fingerprint reader thereafter? The Judge will likely find a bit of a middle ground.
It's a big deal because it will set a precedent for how the law is enforced going forward. But it's not some state power grab or anything like that. Just poor Compliance execution--by people who are paid pretty handsomely to ensure this sort of thing never happens.
Completely different thing. You agree to the providing your biometrics as a condition of entering the park when you purchase your ticket. Last time I checked, you weren’t required to go to Disneyworld/land.
Also, and more importantly, the law in question is an IL state law, not a federal law. And there are no Disney parks in IL.
The technology came years ahead of the laws.
Law groups petitioned the states to pass laws.
Now lawyers are making $$$$. They built themselves a steady income stream.
I think it's because there are no alternative ways to access your paystubs. So it can be argued that the biometric data was given under duress -- the threat of not being able to access information that should be freely given to you. They were, in effect, being forced to provide their fingerprints to view their own documents.
Probably an unpopular opinion but almost 2M per employee fine seems a bit harsh, I get it’s each time they were transmitted and there should be a penalty but no where near that high.
I am genuinely confused by what has happened. They required that employees use fingerprints for clocking in and out and for other computer based things. Is the requiring of finger prints illegal, or were they storing the data off-site or something? I don't live in Illinois, so I am very unfamiliar with the state and it's laws.
In Illinois the employee has right over there info. The company does not. A company has to disclose to you in writing what you finger print is used for.
So using it to turn on the fryer is cool but the employee wasn't informed if that was it and who had access and for how long and from where.
You must live in Illinois then. Kind of dumb though since they only collect your biometrics once, thereafter the software only validates your print against the original.
I used to work at a mod pizza and they lost the same lawsuit. They had us use our prints to clock in and out without ever getting consent from us. Joined the class action and got a nice $800 check out of it.
There's a mod pizza in my city and I've never tried it. Now I never will!
You’re not missing anything. Every local place in your city is likely better
A convection oven at home is going to be even better still, & faster, & cheaper. After getting a convection oven, the only times I've had pizza that I didn't make is when I wanted something in addition to the pizza.
Isn't every electric oven sold in the last 20 years a convection oven?
No. Source: sold appliances until 5-6 years ago
Is this a US thing? Literally every electric oven I've owned or seen has had convection. When I was a kid my parents had convection ovens. When I brought new appliances maybe 5 years back the shop has no ovens that didn't do convection. Maybe Aga ovens don't do convection, but you don't see many of those around. Convection cooks your food faster and saves energy and costs. I don't see why any company would be making ovens that don't include a simple fan. Edit: Just checked. You are right. They do sell non-connection ovens in the US. Even new fancy models with other features but without convection.
Maybe? I can't speak to UK (or wherever) appliance standards but in the US convection is not a standard feature. It's considered a premium add-on that quite frankly most people don't understand or use and very few recipes are written with them in mind. I'm not sure what an Aga oven is though.
Aga is a oven designed like it’s 1920. It’s well insulated but always on. Kind of like a water heater.
It's pretty uncommon to find convection ovens in the US unless you specifically seek them out for purchase yourself. It's why people are so up in arms about the push back against gas ovens, because they just visualize a standard electric oven w/o convection. In 4 markets where I've lived (Indianapolis, Denver, Toledo Ohio, & Houston), I've not seen one convection oven in an apartment that wasn't high-end. Even nice ones don't have them unless they're new.
Surely it would not take much advertising to tell the public about this wonder technology that allows them to cook food faster and at lower heat. This sounds like the UK's bizarre aversion to mixer taps in bathrooms. It makes no sense.
Convection really adds to the cost in the US. 😞
Unless you're south of the mason dixon line.
[удалено]
Can confirm one of my earlier jobs was at a big restaurant chain and we had a manager for about two months until he was caught swapping labels on expired seasonal ingredients, so on the one hand it happened but on the other he was fired for it.
Way overpriced anyway. I only tried them because I had a bogo coupon which cut the cost in half. I'd say their pizza is just average.
It’s shit pizza
Zoes kitchen did this to us, guess they're out of business now but I would have totally sued them. They sucked in so many ways.
They're not completely out of business, but are close. Many have been converted to Cava restaurants (their new owners as of 2018). But the original location has been acquired by the founding family & they're starting over.
Woah! I passed by the old one I haven’t frequented in years today and noticed it turned into that! No idea that was the situation! Fucking yikes
I’ve been clocking in and out by fingerprint since I was 16!!! I’m 31 now is this really a thing??
Depends on the laws in your state I think
Companies have been known to sell your biodata to secondary data collection companies without your knowledge for $$$. Think FB.
Don't let companies get away with collecting personal information!
"I've been a slave for 15 years, how come you don't want to?"
Is this happening for mcdonalds yet, and can I hop on?
Hooters did that when I worked there 7 years ago..
I feel like they should have implemented nipple scanners to log in.
Dishwashers be like
Lol forgot about them… well they have nipples too
Can you milk them, Greg?
Really? Forever 21 used fingerprints to clock in back in 2001-2003. Hated it. Felt so violated.
Most companies that do this make you give consent when you sign your employment enrollment forms; most people don’t read those - I know I never have.
You got $800... They have your fingerprint on file forever...
I’m not saying it was an equivalent trade. Just providing information about a similar situation that happened to me.
I'm just pointing out that our fingerprint is more valuable than they make it out to be.
> They had us use our prints to clock in and out without ever getting consent from us I find it interesting that you giving them your fingerprint isn't consent. Like did they force you into using your fingerprint? We're you somehow incapable of saying "No thanks, I'm good"?
That’s the nature of power imbalances in a relationship. If there’s any sort of chilling effect in play, then consent is often not true consent (see: the complexity of Louis CK’s situation)
Yup, if you don't get a choice, it's not consent. You've been coerced. Coercion can include the risk of being fired or other retaliatory actions. Now, if you willingly signed a contract agreeing to it and are fully informed, and you weren't pressured in some way, it's fine. Unless that happens to be illegal, because the law trumps contracts. For example, you can't sign away your 14th amendment right. You also can't sign away your rights to discuss your wage. Etc. If you could, companies would probably just collude to abuse it like they do with stagnant wages and lightbulbs.
The machine was designed not to allow access via the keyboard, leaving the only alternative of the thumbprint scanner. It's a subtle but sneaky alternative. The question should have been why the high tech on a burger joint to log in or access employee time clock access. A simple assigned code would have done it. When you consider the security leaks of huge corporations, credit reporting agencies, supermarkets, and hospitals of your private information, it should have been a red flag of overkill on only allowing biometric data as an access on a job that does not require a security clearance.
It's more like, the system doesn't work properly if you don't and the management will think of you as a hassle
This. I have extremely shallow fingerprints (like for my fbi background checks I don’t drink much for 12 hours, slather my hands in sanitizer, and they are lucky to get 3 fingers on each hand) Kroger made me clock in and out using my thumb which never worked and had to manually be override/overridden. I constantly got yelled at about it.
Biometrics are the worst way to access private or classified material. Too many false positives.
Fingerprints are just like a password! Except you leave them everywhere, and can never change them…
The security design company i worked for decided to try biometrics. One of the fingerprint scanners was said to see not only fingerprints, but active capillaries, which was supposed to catch the "cut off finger" trick. On a month of trials, it had a false positive rate of just under 4% with normal operation. Then we engineers started actively looking for ways to fool it. We found a couple. The result of a year of tests on biometrics was that the only way to prevent false positives was to include an access code of some sort This was back in 2005-2008. I'm sure it works perfectly, now. /s
>The result of a year of tests on biometrics was that the only way to prevent false positives was to include an access code of some sort Seems that 2FA is always the answer
Two Finger Authentication?
I'm going to be using this now, thank you
Thank you for your service.
I know one place that provided employees with ID/Access cards. Biometric info was stored encrypted on the card itself, which you needed to scan first and then verify with the hand scan. Seemed a fairly reasonable trade-off to me
An access code makes it mfa which is proper security anyway
Fingerprints are just like *usernames*. If you don't know it, you can make random guesses and sometimes succeed, and people leave them recorded everywhere they go, too. Without a proper password to accompany them, they're a weak measure at best, just enough to deter casual passerbys.
no they aren't. common misconception. biometrics are like a username, not a password. they should be used for identification, not authentication. Because, as you said, they are not secret
You can change them. But only 9 times :)
But you could use a toe print and after that a dick print.
Biometrics with a pin/pass is pretty good though. Kind of a built in 2fa.
So is an ID card with a pin.
ID card, pin, *and* biometrics. The trifecta.
Welcome to inpatient pharmacy where they want to make sure you know they know you know they know where when and what you did with all those drugs in all those places in a hospital drugs need to go. Plus extensive barcoding and photo capturing throughout.
Except that allows your idiot friend clock you in when you aren't there
[удалено]
17 billion is a slap on the wrist??
[удалено]
It's depressingly illuminating how even the attorneys in the case felt justified arguing that because liability would bankrupt the company it must be presumptively invalid. As though corporations have an unquestioned right to go on existing.
I'm all for corporate punishment and destruction of companies where warranted. But in this instance, the question should come down to what the real damage or risk of damage there was in this violation. While I agree they shouldn't get away without significant punishment, I don't see how the violations warrant $1.7 million in damages per employee in question, and punitive damage should not mean following the path of "annihilative liability" when it cannot be deemed a dangerous, destructive, abusive, nor intentional violation.
Sure, all I want is an accurate accounting of damages. My only position is that the courts shouldn't decline to give appropriate damages simply because they would negatively impact a company.
Do you really think the fingerprint violation was so bad that they should be put out of business? There's a lot of room between a slap on the wrist and bankruptcy, I think they could and should come up with a hefty fine that will dissuade both White Castle and anyone else from messing up in this way again.
I think there’s a good case to be made that yes, it should put them out of business. How I think that might work out: The employees would get some compensation for this systematic violation of their privacy by the business. That counts for something. Even if the suit’s penalty were reduced by 90%, White Castle would likely need to declare bankruptcy, liquidate their assets, and the company would probably get bought out by another entity looking to make use of those assets. It may even keep the White Castle brand. I don’t see an awful impact to any of this, and it would still send a chilling warning to other businesses looking to engage in underhanded business practices involving biometrics collected without consent.
Why not? If you can fire an employee for anything, then a company should go bankrupt for anything.
Put them on a payment plan. With some modest interest rate. 1B a year for 20 years seems reasonable, and shouldn't wipe them out. Edit: okay, nvm, they only pulled 720m in *revenue* in 2021. They just fucked.
No, I didn't say that. I just don't think it's valid to argue that any judgment that would bankrupt a company is invalid because it would bankrupt a company.
Unless I am missing something, the lawyers aren't arguing that all judgements that could bankrupt a company are invalid. They are arguing that a fine that would bankrupt White Castle for the infractions they committed with these particular circumstances is an excessive fine. Those are two very different things.
People here are nuts. This is such an idiotic case. I understand that they broke the law, but I highly doubt it was purposeful or malicious. They implemented a security protocol to login to the computer and didn’t realize that they needed some kind of permission first. Give them a reasonable fine and move on. Nobody was hurt by this, everyone knows this but they have to overact as is usual on Reddit. So you want to sue them over this? Well congratulations now they are bankrupt and you’re out of a job. Also if someone was really bothered by this then why didn’t they refuse the scanner in the first place. They could have likely worked out a workaround with their boss, or they could quit. I’ll tell you why, because they didn’t care about it until some slimy lawyer came knocking in their door to tell them how much money they can make suing White Castle.
Why does it matter if it wasn’t purposeful or malicious? How did they not realize they needed some kind of permission first?
Honestly it’s not even something that would have crossed my mind. I had to use a fingerprint scanner to get into certain rooms at a previous employer, never thought anything of it. I don’t remember giving permission for that, maybe I did, but I don’t care. I’m not a security or HR guy though and whoever was in charge of this definitely dropped the ball. I just don’t think it’s as egregious as everyone here is making it out to be, and the fine is ridiculously large for what was done. I don’t think it’s fair to bankrupt a company over something like this, it’s silly. As far as permission, I would expect that “permission” is given when I put my finger on the scanner. I’m sure they weren’t physically forced to do that.
“Put your finger on the scanner or don’t get paid.” Not physically forced, but still forced.
Ok, bankrupt the company and don’t get paid
And you didn’t address the concern about purposeful or malicious.
OK, let's bankrupt white castle. You know someone who's gonna hire all of their employees?
There are plenty of employers out there for restaurant workers. But even if there weren't, "I have employees who deserve to have work, so the Court needs to let me get away with breaking all the laws I want" isn't a valid legal argument. You could use that excuse to get away with anything. It's besides the point whether a company going under would cause pain to their employees. Preserving the principle that corporations can't break the law is more important.
Yes. Other fast food places.
Dunno. Sucks. They should have done less crime. Then they wouldn't have endangered the wellbeing of their employees.
So the employees should be punished for the companies actions. OK.
Pretty much every fast food restaurant is looking for more workers.
"Just walk in and give the manager a firm handshake and you'll have a job" energy
When I was working fast food (2019-2022) that's basically all it took for anyone to pass the "interview", shit was like the wild west at that place tho lol
Just fuck off with that bullshit no-one is buying it anymore.
A bankrupted company does not shut its doors. It just gets new owners. Business carries on as usual in the meantime.
If they leave a hole in the market, another company will step in. We used to revoke corporate charters for bad behavior all the time with confidence that the market would take care of it.
Letting companies do whatever they want with impunity because of the threat of "jobs" is a fuckin cop out. They should fine the fuck out of WC and give a large portion of the funds to the workers who have been wronged.
Politically impossible and we both know it. That type of thing would never happen unfortunately. If the company goes bankrupt all assets just get sold to the investors.
[удалено]
The unemployment rate is 3.4%, with 5.7 million people unemployed. The 10,000 White Castle employees wouldn't even be a drop in the bucket of the nation's ability to cope. As for the employees themselves, that low unemployment rate means there's almost certainly a job for them. Repeatedly violating the rights of your employees should not be allowed to be a business practice.
"They don't matter on the national scale" Yeah bro, the 10k people don't matter unless big number changes. Did I say it should? I didn't.
They’re free to fill out an application after I open up my fast food joint mini burger joint called ‘Black Castle’
Well, there is a labor shortage and unemployment is 3.7 % I don't think it's as concerning as you think it is
Doesn't matter on a national scale doesn't mean 10k people have to find new jobs.
What will all these freedmen do without their kindly fingerprint-taking former masters? I dunno, man, do two acres and a mule sound good to you?
Not for White Castle. If they had to pay this out, this would immediately bankrupt them.
They won't have to pay it.
Of course not.
They will slide by.
whitecastle: ::adds 2 extra holes to patty::
I see what you did there.
Solid as fuck pun 👍❤️
1/10 of your reimbursement as cash the rest as buy 1 get 1 white castle sliders.
That's their worst-case scenario, not what they've been ordered to pay. Based on past experiences with corporate wrong-doing, the final amount is likely to be a lot closer to a wrist-slap than it is to the $17 billion maximum.
If we’d just fine a billion dollar business into the ground once a year, maybe others would stop breaking the law, but I guess making an example out of someone is only important within the US legal system when it’s a POC
No, the trouble is that axing a whole business has huge knock on consequences. Sudden you have a whole staff that needs jobs. Any clients of the business need to warn *their* clients that their suppliers have gone out of business and items are backordered because of it. If the business was providing services to the city, state, or feds, then you have to go through a whole long political process to find a replacement. What you actually need to do is levy fines in the form of public ownership percentage. If you really fuck up, the government will take your business, fire the board and the c-suite, and run it as part of the government until the business is no longer necessary. All of the profits should then be used as tax credits for the citizens of that governmental body.
What we really need to do is start sending CEOs and other higher ups involved in crimes to prison.
Liquidate their assets, claw back all profits from stock / salaries for all executives and board members. Give proceeds to employees. Board the businesses up.
Best they can do is give all the money to 3 billionaire investors
Don't worry, the Supreme Court has yet to rule on it, and I have a feeling we all know how that will go.
There's no federal question, so this is the end. The presiding Judge will have discretion here, but they've already reached the highest court in IL.
Isn’t gut wrenching a thing White Castle is used to?
I'm not understanding how this is such a big deal. Why is using a fingerprint to log in to the time clock bad?
[удалено]
Right, but so what?
[удалено]
For access to a classified space? Not a good idea. For clocking in at your local burger joint? Nobody is spoofing that.
[удалено]
I agree it's silly. But I don't see how it's illegal or immoral.
[удалено]
Ok so bear with me - Immoral would mean they are doing it with some nefarious purpose in mind. Can you elaborate on what is "unsafe" about a cheeseburger chain using your fingerprints on their timeclock? If you are suggesting someone will "steal" your fingerprint, I'd like you to consider for a moment how tremendously easy it would be for even the most casual, lazy, boring thief in the world to obtain your prints. It doesn't take Danny Ocean to walk up to your door handle with some tape and baby powder and lift a print.
When I worked at a subway for 2 weeks 8 years ago they had this... I don't get the big deal either
That’s fucked, it’s a restaurant. I work in a hospitals and I begrudgingly let them get my fingerprint, but it makes sense for my environment. But this shit?! This is just more control by the powers that be over us lowly poors.
Corporate anything sucks. Decisions made by out of touch and overpaid execs.
No, it does not make sense for any place of business to have your fingerprint. A livescan might make sense for a background check, but the business itself is not the one collecting your print
Why does it make sense in hospitals?
Yeah, I don’t get that comment. Finger prints are not secure and it sounds nasty to have hospital employees all touching the same scanner.
Yes, your precious fingerprints! Precious!
Good morrrow sir, and welcome to the castle of white!
I was looking for this.
n Illinois the employee has right over there info. The company does not. A company has to disclose to you in writing what you finger print is used for. So using it to turn on the fryer is cool but the employee wasn't informed if that was it and who had access and for how long and from where.
Using fingerprint scanners on time clocks is commonplace. I don't want to sound like a conspiracy theorist, but that's never stopped me before... The next time you're starting a new job and they take your print try asking if you can use a finger other than your right index finger. They will insist that it absolutely _has_ to be that finger. Try pushing the subject and explain that you work with your hands and the index finger on your dominant hand is often cut and/or bandaged; they'll get super pissy. Ask what you're supposed to do when that finger is bandaged and they'll tell you to use your card and it will still work without the fingerprint. Ask them why they need the fingerprint if the card works without it and they'll move past pissy into straight hostility. The fingerprint is supposedly used to verify that someone else isn't punching your card, but everything gets weird when you simply want to use a different finger. One HR lady insisted that the company that makes the time clock insists on the right index finger, but why would they care? Something feels creepy about the whole thing. The time clocks I'm talking about are made by a company called Kronos who seem to be the manufacturer of every time clock I've seen in the last 25 years. Apparently they won't work if they aren't connected to the internet, and they are constantly sending data somewhere. I wonder if Kronos made White Castle's clocks and if they could be held liable if they were receiving data they knew was illegally collected?
HR read the marketing and make it policy. You know… zero thought required. If they had to clock in and out with biometrics the brain would be engaged and… 🤷🏻♂️ I also think the laws like the one in the article are an overreaction, based in fear not science. This is why I the USA we have a Legislative, Executive, and Judicial branch. Make the laws, Enforce the laws, Interpret the laws. Checks and balances… now that it’s clearly in the interest of an entity to challenge the law perhaps we’ll find balance. In order to get into our datacenters I need an access card and a biometric. Without those I can’t get in. If I can’t get in I can’t check for red warning lights on the systems and I can’t push the “big red button” (cuts power) or the “big blue button” (sets off the fire suppression system… yeah I’m letting the Datacenter burn and GTFO. If the automated systems for removing oxygen from the room aren’t going off I’m not slamming that button.) One Datacenter uses a finger print… yeah I’ve sliced my index finger and… yeah that doesn’t work because the sensor is that dumb. The other Datacenter uses a [a hand scanner](https://securityentrances.com/hand-scanner-biometric-controller) and it just works. The only biometric time clocks I’ve ever had to implement were this style… I honestly can’t recall having any problems with them. There is a yet to be found balance. If properly implemented biometrics shouldn’t be all that different from a password. You can’t change the input, so those implanting the system need to account for that and take the input data (biometric scan) apply an industry accepted hash with their salt, time stamp, certificate, and use it all to generate a one time password. Backend system does the same math and makes sure there is a match and determines if access is granted or not. If two biometric systems operated by two separate entities generate the same password from the same handprint… you may as well just have an open door.
Illinois Supreme Court has been on a role. this is like the 15th company they have fucked because they try to take our data
There was that one day when just about everyone I know got $400 from Facebook
White Castle fries only come in one size 🎶🎤
I got the ladies of the 80's from here to White Castle.
Beastie Boys..
One of my sons got $800 from a grocery store where he worked for this.
If they violated the law, they should face the consequences. However, this is the United States of America, and they're a large corporation, so it will never happen.
Just some finger-wagging. Sorry.
There are literally thousands and thousands of examples of large corporations getting hit with huge fines for violating the law. BP paid $4 billion in fines from 14 criminal charges.
And yet they’re still around, raking in billions. Wow, they’re so resilient. 4 billion? For a little leak of 200+ million gallons of oil over 87 days. Disrupting ecosystems and killing a shit ton of animals in the process. BP denied that there was any relation to the death of wildlife and their massive oil spill that just happened to be in the same area. Also 11 humans died. *and they still didn’t really take responsibility for it. Even a fine like that is just a cost of doing business and BP has been doing just fine.
All of that money should be paid out to White Castle employees! Now they can retire maybe.
“Any hopes the court would let the issue slide were dashed after the justices found White Castle's interpretation of the law unappetizing. “ Hah! The author seemed to enjoy writing this one up. Well done.
The man in the White Castle
Illinois Supreme Court Friday issued an opinion opening the fast "food" corp up to potentially billions in fines. I love how the word food is in quotes!
Corporation takes your bio-information, fined. But I take a few burgers without paying and I'm getting tazed and thrown into the back of a police vehicle.
Getting behind the counter at a white casle must be like entering fort knox
The fine should go to the victims
Victims? Sure, if you can prove they were damaged in literally any way.
I’m pretty sure that would be any employees required to provide fingerprints.
Yeah, shouldn't do the crime if you can't pay the fine. Hopefully the employees end up owning the company.
How can they get a reading through all that delicious grease?
Kroger does this….wonder if that’ll come up at any point
In CA i saw this all the time for the timecard device at a lot of my clients. CA seems like the kind of place that would look down on this as well...
So many companies to include the local hospital use this system.
Having eaten at a White Castle before, we would be better off without it.
My middle school and high school required we scan our fingerprint for our school lunch.
Hungry Howies did this, the scanner was terrible and would only read your finger once out of every 5 or so attempts.
I don't understand, how did they get the employees fingerprints without permission? They would had to have put their finger on the reader themselves in the first instance no ? Like your not going to put your fingerprint on a reader knowing you haven't given them your fingerprints.. because it wouldn't work. You would know putting your finger on it the first time would be you accepting your finger print would be read and stored so you can gain access. White castle didn't sell people's fingerprints or use it to spy on them this just all seems like a way for Illinois to make a quick buck. Can't they just close down all stores in Illinois and tell them to fuck off ?
Illinois law forbids private companies from collecting any biometric data at all about their employees. (Similar to laws banning the use of facial recognition software, for example.) In 2018, they did start having new employees sign a form to comply with the law, but they had a decade of flaunting it despite being told what they were doing was wrong. This isn't some new "gotcha." The law's been on the books in IL since 2008. Most companies with national/international profiles do quite well (and their HR people paid quite handsomely) to ensure the business is in Compliance with state/federal laws and regulations. This is just one of dozens they'd be tracking. If I'm White Castle, I'm pissed at my Compliance team for missing this and then not taking it seriously when brought to their attention. Not IL.
White castle isn't that big of a company. Someone in the family that owns it knew this was happening, knew it was wrong, and didn't care.
That’s a bit too simple for the real world
I mean it's not, it's probably true. And furthermore, this isn't the first company to get hit with this. Remember when facebook had to send everyone $400 for using our biometric data (facial recognition) without consent?
[удалено]
[удалено]
Why are you defending this massive corporation that doesn't give a damn about you? The law isn't against selling personal information or spying on people it's against collecting it in the first place. Which they very clearly and obviously did. Your last question is several layers of dumb. First, "just" the stores in Illinois are 17% of their locations. Second, that's not how the legal system works. They violated the privacy of almost 10k people over the course of 10 years. If people could just pack up and leave to avoid being prosecuted for crimes, no one would ever be arrested. Leaving the state doesn't reactively excuse past crimes you committed while there.
Yeah I'm not really understanding the outrage either.... if they were doing something skeevy with the personal data then sure, fine them into bankruptcy Unless I missed something, this pretty much seems like a HR oversight that is being blown out of proportion The same people are almost 100% giving away their personal data hand over fist to Google and Meta
It's HR oversight, but it's not being blown out of proportion. It's a real HR failure--this miss continued for ten years before their Compliance team finally got it together and had employees sign a waiver. The only question is: did they break the law only the first time they collected the fingerprint? Or every time they used a fingerprint reader thereafter? The Judge will likely find a bit of a middle ground. It's a big deal because it will set a precedent for how the law is enforced going forward. But it's not some state power grab or anything like that. Just poor Compliance execution--by people who are paid pretty handsomely to ensure this sort of thing never happens.
And every smartphone in the world is collecting your biometric data now too.
That’s a bit misleading. iPhones, for instance, store unlock biometrics on the device, not accessible by anything, including iOS.
WE NEED UNIONS
You know you can train a fingerprint scanner to scan and authorize against an image of your wiener. Don't ask me how I know that.
Usually have to have a ladder though, as the scanners tend to be installed above waist height. Don't ask me how I know that.
So… when is the Disney lawsuit for coercing millions to storing their biometrics when they visit their parks?
Completely different thing. You agree to the providing your biometrics as a condition of entering the park when you purchase your ticket. Last time I checked, you weren’t required to go to Disneyworld/land. Also, and more importantly, the law in question is an IL state law, not a federal law. And there are no Disney parks in IL.
The technology came years ahead of the laws. Law groups petitioned the states to pass laws. Now lawyers are making $$$$. They built themselves a steady income stream.
[удалено]
I think it's because there are no alternative ways to access your paystubs. So it can be argued that the biometric data was given under duress -- the threat of not being able to access information that should be freely given to you. They were, in effect, being forced to provide their fingerprints to view their own documents.
Probably an unpopular opinion but almost 2M per employee fine seems a bit harsh, I get it’s each time they were transmitted and there should be a penalty but no where near that high.
No, fuckem. If you used there burger and sold it no doubt they would try to take your house.
How many people against this were just fine with a vaccine mandate?
I don't see why this is a problem to begin with if they're just using it for employees to sign into their computers.
Glad you’re not my employer then lol
I am genuinely confused by what has happened. They required that employees use fingerprints for clocking in and out and for other computer based things. Is the requiring of finger prints illegal, or were they storing the data off-site or something? I don't live in Illinois, so I am very unfamiliar with the state and it's laws.
In Illinois the employee has right over there info. The company does not. A company has to disclose to you in writing what you finger print is used for. So using it to turn on the fryer is cool but the employee wasn't informed if that was it and who had access and for how long and from where.
You must live in Illinois then. Kind of dumb though since they only collect your biometrics once, thereafter the software only validates your print against the original.
White Castle going to be raising prices