Felix had an easier time making it to the gym five times a week than the average person, but that was probably because he worked there. It wasn't the ideal job, but it paid well enough for the summer between first and second year of university.

Each day Felix arrived to the familiar scent of sweat and chlorine; the faint smell had permeated throughout the gym, even into the office sections. Most days, when punching in, Felix's boss (who we'll call "Ross") would stop him and bounce off his latest and greatest idea for the gym.

"What if," he said with a dramatic pause, arms outstretched, "you didn't have to punch in your ID number when you came in?" Felix recalled the touchpad near the door. "But wait, before you say that's impossible, I have one word for you... biometrics!"

Ross continued to describe his dream system. "All you have to do is scan your finger and you're in. No more forgetting your ID number and having the receptionist look it up, no more having to carry your wallet in with you for card scans if you just want to go for a swim. Just imagine!" His excitement and ambition were childlike, though that's not to say he was naive. Ross would be running the gym of the future.

But the high-tech sign in wasn't all the system would do; it would run the "store" too. The store was part of the reception area, and was basically a cooler with protein drinks, sports drinks, energy bars, and the like. If members had sufficient prepaid credit, they could simply grab a protein drink, scan their finger, and then pinch their nose and try to down the shake quickly without throwing up protein vomit on the receptionist.

"But the best part is," Ross continued with a toothy smile, "...we're rolling it out this week."

Day One

A few days later, Ross stood proudly in the reception area, hands on his hips. A high-tech fingerprint scanner sat at the reception area near the turnstile and register, as the same scanner would be used for each, though the register system wasn't quite ready for rollout yet. Another scanner sat on the opposite side of the turnstile, for gym members to sign out. The touchscreen was still available, but moved further away so that members would get accustomed to the new system. The receptionist looked almost as pleased as Ross that morning as well, excited that this meant they were working toward a system that necessitated less manual member ID lookups.

The first member of the day showed up, walked to the spot where the sign-in touchscreen usually was, and eyed the fingerprint scanner dubiously. "Hi, we'll have to take your prints," the receptionist greeted. "We've got a new better system." The man was initially skeptical, but agreed to get his index finger scanned and associated with his old member ID after learning that it was an internal system and the prints wouldn't be shared with the CIA, FBI, or UNATCO.

After signing a few people up, the new system was going swimmingly. Some users declined to use the new system, instead walking to the far side of the counter to use the old touchscreen system. Then Johnny tried to leave after his workout.

A One-Way Turnstile

Johnny was what you might call a "gym rat." In incredible shape from almost-daily gym visits, a tight Lycra tank top, iPod strapped to his sizable bicep, underneath which was a large black tribal tattoo. He scanned his finger on his way out, but the turnstile wouldn't budge.

"Uh, just a second," the receptionist furiously typed and clicked, while Johnny removed one of his earbuds out and stared. "I'll just have to manually override it..." but it was useless. There was no manual override option. Somehow, it was never considered that the scanner would malfunction. After several seconds of searching and having Johnny try to scan his finger again, the receptionist instructed him just to jump over the turnstile.

It was later discovered that the system required a "sign in" and a "sign out," and if a member was recognized as someone else when attempting to sign out, the system rejected the input, and the turnstile remained locked in position. This was not good.

The scene repeated itself several times that day. Worse, the fingerprint scanner at the exit was getting kind of disgusting. Dozens of sweaty fingerprints required the scanner to be cleaned hourly, and even after it was freshly cleaned, it sometimes still couldn't read fingerprints right. The latticed patterns on the barbell grips would leave indented patterns temporarily on the members' fingers, there could be small cuts or folds on fingertips just from carrying weights or scrapes on the concrete coming out of the pool, fingers were wrinkly after a long swim, or sometimes the system just misidentified the person for no apparent reason.

Fingerprint Scanning

In much the same way that it's not a good idea to store passwords in plaintext, it's not a good idea to store raw fingerprint data. Instead, it should be hashed, so that the same input will consistently give the same output, but said output can't be used to determine what the input was. In biometry, there are many complex algorithms that can analyze a fingerprint via several points on the finger. This system was set up to record seven points.

After a few hours of rollout, though, it became clear that the real world doesn't conform to how it should've worked in theory. There were simply too many variables, too many activities in the gym that could cause fingerprints to become altered. As such, the installers did what they thought was the reasonable thing to do – reduce the precision from seven points down to something substantially lower.

The updated system was in place for a few days, and it seemed to be working better; no more people being held up trying to leave.

Discovery

Felix wasn't just an employee; the gym was also where he'd work out. He arrived with a friend ("Ray") one evening after work, around 8:30. Curious, the receptionist pulled up the activity log. "Ray, weren't you already here at 6:00 today?"

"No..."

"Well that's not what this says," she said, turning the monitor toward them. It showed Ray as coming in several times that week, often twice on the same day, just hours apart. For each day listed, Ray had only come the later of the two times.

Reducing the precision of the fingerprint scanning resulted in the system identifying two people as one person. Reviewing the log, they saw that some regulars weren't showing up in the system, and many members had two or three people being identified by the scanner as them.

Hopes Dashed

Ross lost his childlike ambition in lieu of adultlike rage. Despite all of the time and energy he'd sank into this system, he swore that he'd personally tear out the scanners if the technicians couldn't get the system working properly. And the very following day, mysteriously, there were no fingerprint scanners to be found in the gym; simply the familiar smell of sweat and chlorine and a turnstile that no longer required a "sign out" for members to leave.

Of course, we're all fortunate that this occurred in an environment where security breaches are of little concern. Can you imagine something similar happening in a very high security environment, like say, a prison? Oh, wait.