Slashdot Mirror
Pay Dirt in Scanned Driver's Licenses
The New York Times has a good article explaining why handing over your national ID card to be scanned may not be such a good idea.
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
What happens if you don't have a driving license?
Is it some kind of 'drivers only' club?
are my own. Any bar that is scanning my ID and keeping a record or pulling other data is not getting my business. Then again, when I buy beer at the grocery store and put it on my debit card, it is doing the same thing.
We (the collective us) have been rushing at a breakneck speed down the tunnel of complete mediation. Everything about us will be known. Except perhaps to ourselves.
Wow, that was pretty deep for this early in the morning...
I would be more concerned if there is enough info on the stripe to impersonate someone and drain their finances. As for tracking ones movements, I feel that that will become inevitable through a multitude of security devices. That becomes like surfing the net- white noise save all for the most determined voyeurs.
Some of the information collected such as eye color, height and such doesn't bother me to compile, since that information is publicly available.
However, I hold a chauffeur's license. It requires that I furnish my Social Security number, which should not be publicly available.
I feel I should not have to change my license (or profession, if I still was doing such) just to protect my privacy.
One of the points the proponents of these scanning machines said in the article that these machines don't violate privacy because they're just reading out the same information that is on the front of the drivers license. Of course, technically this is true, and it is just the same as if someone was photocopying every license that is shown at the door, but it's also alot different.
Think about this... if you were walking in the park with someone, and you were talking about your girlfriend and some new car that she just bought, and someone walks by and happens to overhear you talking about this, it's not an invasion of privacy. You're in the park, it's a public place. Now think of the same situation, but someone is following you around with a microphone recording everything you say. Technically it's still not an invasion of privacy because you're in a public place, and because you're saying it in public, it's public information, but it's still a Completely Different thing.
-Matt
Free Your Mind
I remember a few years back there was this huge scandal in Canada where people had devised a Palm Pilot add on which could act as a magnetic strip reader.
You could swipe any card and it would extract the information from the magnetic strip and store it in a database.
Rescently we've been working with Card readers here at my company and let me tell you, there is some interesting information on those cards.
Basically, there's two 'tracks' of data. ASCII data of course. I think the limit is 64 Characters per track. It was fun to to go swiping cards to see what information was stored on them. Student IDs, Drivers Liscences, Credit Cards, Health Cards, Hotel Room Keys and even some other strips worked (FastPass anyone ?).
The down side is these readers can cost upwards of $300 to $500 and the Driver Software leaves -little- to be desired (VB anyone ?), but then again, it's OEM hardware so we were lucky to even get software support.
You see the pattern? What's an ID card going to do? All your purchasing data and aggregate information already belong to some shady corporation.
If you don't trust your government, then fine. Why do you trust the corporations then?
And people are going to hate it for the same reason that the RIAA and MPAA hate computers--because collecting data slowly by hand is one thing, but the speed with which you can collect a huge amount of data with a computer is another. Ripping an MP3 is not much different from taping a song for all practical purposes, but the fact that it's digitized and compressed means it's easy to share and copy. Having an attendant furiously writing down names is one thing, getitng it all in a <1 second DL swipe is another.
Same thing with automated face recognition-- putting cops everywhere with mug books is one thing, cameras hooked up to recognition software is quite another.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Most likely old news to many here but state Department of Moter Vehicles used to, as a general practice, sell personal information collected from people's driver's licences to marketing organizations. That was pretty lame, as the DMV has a monopoly on driver's licences, of course.
I say used to, as the US Supreme Court unanimously ruled it to be wrong in early 2000.
If Slashdot is where the spelling-challenged go when they die, I'm in heaven.
You could also move someplace that doesn't use them. Nevada still uses old-school Polaroid-generated licenses, for instance. (I think that might change in the next few years...on the upside, though, they quit issuing licenses with numbers derived from your SSN a few years ago.)
It'd be interesting to see what would happen if you "accidentally" left a license with a magnetic strip sitting on top of a really powerful magnet...assuming that all the stuff anybody needs is also printed on the license, maybe that's a fix for your problem.
20 January 2017: the End of an Error.
dont have to....
Go home, take a nice fridge magnet... that pizza place magnet will do..
set the magnet on the strip, rub a few times... Voila
Then they have to type it in.
Do not look at laser with remaining good eye.
-sk
Maybe if youre the only one with a blanked license they could single you out, but its not uncommon for a licence a few years old to be unreadable. I worked as a grocery clerk for several years, and I can tell you that about 5%-10% of all credit cards are unreadable, and they are replaced much more frequently that driver's licenses. (probably because they are used that much more often)
Also there is the fact that they are in business to make money- they wont woo many customers by turning away obvious adults with valid licenses.
And cmon- The hologram, micro print, state seal, and all that other stuff have to count for something...
I suspect that some places, particularly bars and banks, will assume that the license is forged and treat you/it differently...
She is of Chinese background. Eight is a lucky number in Chinese culture, and her parents wanted to give her a lucky middle name. If I recall correctly, this would not be so exotic in Chinese, where ideograms and sounds have multiple meanings (in fact, I think lucky numbers often get their "lucky" quality from the fact that the characters and/or sounds for such numbers resemble other words which have positive meanings).
It has apparently caused her some grief when dealing with computerized systems which flag "8." as a typo in the middle initial field, but she has stuck with it.
For another weird numerical name, do a Google search for guy that works for Microsoft whose first name is "M3." It's really bizarre...I don't know the story behind that one.
I think this raises an interesting question. What information about me is legitimately private, and what isn't?
The knee-jerk reaction, of course, is to say that everything is private unless I choose to release it. But that approach doesn't work in practice. There are too many instances in which information about me needs to be publicly available. To pick a silly example, it's important that it be public knowledge that somebody lives in my home, because if the building catches on fire I want people to let me know and help me get out.
So some information really should be explicitly public knowledge, and it's important that everybody accept that, especially privacy advocates. We can then have a reasoned discourse about where to draw that line.
Think about your phone number. The phone company publishes your name and phone number in their directory unless you pay an additional fee for an unlisted number. This has been the status quo for my entire life-- 30 years-- and certainly much longer. So it's got a pretty good precedent going. So is my phone number private information by default? Not really. Should it be? Hmm... maybe. If I express no preference at all, should the phone company publish my name, address, and phone number or not?
The other end of the spectrum is information that's clearly private, and protected by law. My medical records and the contents of my communications with my lawyer are explicitly private. If a court wanted to know what my doctor said to me last week, they couldn't ask. It's private.
Everything else is in the middle. Is my street address private? No, by the phone book argument. What about the number of people who live in my house? Maybe. How about their ages, genders, and sexual preferences? Hmm.
I guess what I'm trying to say is this: our society seems to accept as a given that we should each have the right to keep stuff private. The slippery slope argument, though often specious at best, implies that the right to keep stuff private must only be abridged when there's no alternative. But everywhere you look there's ambiguity about this principle. Go back to the phone book example; the phone company assumes you want to publish your name, address, and phone number unless you explicitly tell them-- and pay them!-- not to. Likewise, the bar mentioned in the article assumes that it's okay for them to collect demographic information from you.
Where is the line between stuff that is assumed to be private unless explicitly waived, and stuff that's assumed to be public unless explicitly withheld? Like I said before, in principle the line is all the way over to one side: everything is private unless waived. But in the real world, that line will have to be moved a little bit so that some things are public information by default.
I don't have any answers. Just questions.
...is a magnet.
While I'm not defending the practice, I'm reminded what I felt when two of the three big chain grocery stores went to a frequent user card.
I went defiantly to the third. NOBODY needs to know when I buy my Milk and Eggs!
When somebody pointed out that Costco, the Chain I love and frequent, and am frankly a cult member of, does the SAME THING, and has done so for YEARS before the Grocery Stores did it really brought me up short.
This is unfortunately a sign of the times. And without turning unibomber and living in a shack in Wyoming, there's not really much you can do about it. It's similar to the emissions and seat belt laws in the 70's. TONS of people didn't like it, but now it's commonplace.
I doubt it's going to turn into the 1984 that the alarmists paint it as, but It's also going to make more than a few people more than a little upset when it's abused. (IT WILL BE ABUSED. And when it does, the public outcry will make it financially unadvisable to abuse it further.)
"Draco dormiens nunquam titillandus."
For full access to our site, please complete this simple registration form.
Does anyone else find that hilarious?
I wonder if the SSN gets encoded on the magnetic stripe if you request it not be on the face of the license?
Then, buried way down at the end is this little gem...
Any sane person would point out that the bouncer "could" record the information by photocopying, yes, but he couldn't do so without being detected.
Also, because one use of the technology (license) would allow overt data collection doesn't necessarily mean that you SHOULD have the god-given right to collect data surreptitiously with the same technology.
Who did what now?
Now think of the same situation, but someone is following you around with a microphone recording everything you say.
Or let's stick with out doorman checking your ID. Suppose when he did, he took out a book and started writing down everything on it. How many people would demand their ID back and complain to managment that it was none of the doorman's damn business?
Nope, no sig
Throw off the chains of Mad Deadly Worldwide Gangster Communist Frankenstein Radio Earphone Slavery and depolarize your driver's licence stripe! Buy an ell-skin wallet. Abrade the back with sandpaper. Better yet, re-encode the stripe with the word VOID for each piece of information you don't want to be public.
I didn't see anything obvious in the barcode that did not already appear on the front. I asked that my SSN not appear on the front, and I also did not see it in the barcoded data.
There were around 20 bytes of extra binary data which I didn't put much effort into further decoding. I compared the data on my license with the data from the license of friends and family, some bytes matched, some did not.
No special equipment is needed, any good scanner will work, you do need to make sure that the ID card is aligned at right angles to the scanner, and turn off any anti-speckle features in your software.
Most of the barcode data extraction software for Windows will accept a TIFF file, I haven't found any good free software that directly supports a TWAIN or other scanner plug-in.
The free demo software I found will also generate 2-D barcodes as TIFF files...
I do not deploy Linux. Ever.
This only reads the front, but rigging a similar shelf arrangement to scan the backside would not be difficult.
I checked out the 2-D barcode on the back of the Illinois license, and on mine, which does not have the SSN on the front, there is no SSN in the barcode.There does not appear to be any magstripe on the new Illinois licenses.
I do not deploy Linux. Ever.
IIRC the method for deriving you SSN from your nevada DL was (dl#+26)/2
might have another step... cant quite remember...
I have been doing this to my licenses ever since
the advent of the stupid magnetic strip.
This way, people who need the info (e.g. police)
can still get it, but dickheads that like to track
the clientele in their bars dont.
It's not like they're not going to let someone old
enough pay the establishment 300% profit on alcohol
just because their license got demagnetized.
A year spent in artificial intelligence is enough to make one believe in God.
While it is opt out rather than the Right Way to do it, you can stop junk (snail) mail in the U.S.
Some places can be dealt with by a simple phone call. Why send a catalog or such to someone who asks not to get it? It's just wasteful. Other places aren't as clueful, but if they are trying to sell soemthing, you can use USPS Form 1500 on them.
Form 1500 needs to be filled out, the offending mailed item opened (so that USPS personel don't break the 'never open anything' rule. Yes, they do take it seriously) and given to a clerk, though there it may help to see the postmaster, since s/he might be a bit more clueful. The form says it's about 'offensive' or 'adult' material, but it has been ruled (Supreme court case, late 1960s) that the recipient has "sole discretion" in deciding what is considered offensive. Don't like ads for socks? Fine, fill in the form. Once submitted, that party should no longer send any mail to you. If they do, they can explain why they broke the law... to someone who will be very interested, and unimpressed.
I don't subscribe to RMS's GNUtopian vision.
I think this is the final evidence that the libertarians have had it wrong for decades. They're always bugging out about the government this, government that. Turns out the CIA was uploading cookies and even they didn't know about it, for Christ's sake. I've worked in government, and I'm not going out on a limb when I say that the government is too damn incompetent to get anything useful out of tracking our M&M consumption habits, as it were.
It's the private sector that poses real risks to privacy. Uncle Sam is not about to track your damned underwear size so they can focus-group test when the ideal time to offer you a rebate on the 10-48 diet drink.
It may be cold, but at least it's clear.
I don't generally have a problem with companies that store data about the transactions that I have with them. It's when they start correlating that data with other sources that I start to get concerned.
In this example data gathered by the Registry of Motor Vehicles (or whatever your state calls them) is being correlated with services and purchases at a Bar.
The article mentioned the scenario of how a fictitious bouncer could use that data to stalk women.
There are many scenrios of abuse that this could be used for. Basically the technology allows for your movments and habits to be monitored very easily. That information could be used by others to your harm and detriment. It could be used by governements, businesses, or individuals.
In todays society it is alomst unthinkable to live without a drivers license. That makes it very difficult to opt out. Sure you can stop going out to clubs and restaurants. Perhaps you can use only public transportation. You could even pay cash for everything so theres no need to provide your license when presenting a credit card. It seems that giving up your privacy is becoming the price you must pay to participate in the beinfits of todays society.
The use of these devices is bound to increase as business look to reduce risks and increase profits. It's a very slippery slope. Think about where it's all likely to lead.
I used to think that George Orwell wrote Science Fiction.
found my Kroger card in a parking lot somewhere. I think it was the walmart parking lot.>:) So someone, somewhere, has a bout 14 pounds of cheese, 6 pounds of tofu, 6 cans of beans, and 4 industrial sized cans of Tomato sauce per month showing up on his purchasing record. MUAHAHAHAHHA!!
You forgot the twelve dozen rolls of TP you are going to need.
The statement that "the information is already on the front of the card therefore there are no privacy issues" totally misses the point. Think about the alternative. Instead of scanning the license, the bar has to write all of the info down or type it into a computer, just so you can go into the bar. No customer is going to sit there in the cold and wait for some bouncer that types 5 word per minute to fumble the info into a terminal. There are data entry errors to consider and in the first example below the data, though perhaps not all of it, has to be entered in repeatedly during a visit. Remember that technology serves to make menial, tedious tasks easier and orders of magnitude faster. In the time it takes for Bubba to transcribe the face of your drivers license, this scanner has taken 10 more IDs and updated a hundred databases around the world. The second that information becomes digital, it can be traded, sold, exploited a million times in a second totally unregulated. People who try to apply traditional reasoning to societal issues and technology truly don't understand. Sadly these people are the same ones who make your laws.
When you have a problem and you arrive at a possible solution you have to ask does this solution really solve my problem? Is this scanning solution to the underage drinking/smoking problem really even solving the problem? Ask the RIAA or the MPAA about their efforts to thwart piracy. Long story short, if you can come up with a way to prevent theft, or in this case fraud, someone can come up with a way to defeat it and come up with it faster than it took for you to devise it.
Lets take this scanning system a small step further. Now in this bar, you must show your ID to make your alcohol purchase. Your consumption is tracked and based upon the number of drinks, the strength of those drinks and your weight from your drivers license, it roughly calculates your blood alcohol level. Persons having too good a time tracked and the cops are waiting outside for you to get into your car. So, you might say that this would have a dramatic effect on the drinking and driving fatalities in this country. I reluctantly agree that in this small context that the end justifies the means. Less dead people is good right? Perhaps another example where it does not is necessary.
Now lets say that you are a responsible adult and when you do have too good a time at the pub you foot it home or call a cab. No cops, no night in the tombs (yeah, my Law & Order affection gives me away again) so things are good. Wrong. Remember this information is digital, anyone can buy it. What about your employer? You show up at the office after a weekend of partying only to find your stuff packed and your pink slip on your desk because you booze a little to much in you _off_ time. Or perhaps your auto insurance company buys the same info and considers you a higher risk, higher auto premiums. Same goes for cigarette purchases. Health insurance companies buy up the info and increase your premiums or cancel your policy when they see your addiction is getting out of hand.
Remember there are so many bad uses that this can be put to.
The FBI was tracking Martin Luther King Jr., trying to find somthing embarassing on him.
Clinton was looking at his opponents FBI files.
Bush was head of the CIA, for crying out loud, and his family is thick into politics.
I'm sure that information about who is buying condoms, or depends, or a laxitive could be used to embarras someone, at least. And the reason that I'm able to filter out spam now is that it obviously isn't personalized. The ability to gather large amounts of data makes mass mailings of personalized (mail merged) spam a lot more likely. And that is a threat.
On a more malicious note, why couldn't a country do economic espionage, stealing trade secrets from one corporation, possibly in another country, and selling or giving them to companies in their own country. Considering the CIA actually sold cocaine to fund its activities, this wouldn't surprise me.
___
It's the end of my comment as I know it and I feel fine.
Holy shit! That doesn't bother you?
Fortunatley, that's totall bullshit--if you're driving, you have to have a driver's licence, and you have to show it to the police if you are stopped, but aside from that, no, the only thing you need to be out in public legally is clothing. The DMV gives out ID cards as a convienence, so you can prove your identity without needing to get a passport or somesuch.
--
Benjamin Coates
do those magnets screw with TV's that are off?
I mean, there's no cathode gun firing, so it wouldn't mess it up when it's off, would it?
It's all about ease.
Why would the government want to put an FBI surveillance team on someone? It had better be a good reason.
Why would they detail one agent to checking into your library borrowing, your shopping, your phone calls? It'd have to be a suspicion that you were worth it.
Why would the government pull your debit card purchase record and correlate it to "suspicious" profiles? Perhaps because you're in the same city as a suspected criminal with an odd profile.
Why would the government force you to identify yourself in all transactions, making a digital log of your every move and purchase? Because at a negligible cost they get information that *may* be useful.
As the cost goes down, the reasonable ammount of surveilance on someone goes up. At some point the cost is close enough to zero that they can put cameras with face recognition on every corner, monitor all purchases, record all phone calls and automatically transcribe them looking for keywords, etc.
And when they need to "think of the children" to stop "terrorists" who "look just like us" they might decide that perpetual surveillance, "for their own good" would benefit we the people.
I'm not paranoid enough now to think that I stand out enough for anyone to care about me. But if this information starts to be collected who knows what bad uses will be found for it. Hell, maybe I'll piss off a scientologist and be declared "fair game" and they'll get these records and use them against me.
I don't do much that is a "secret", but I'm sure someone could find something embarrasing or that if taken out of context looks bad, and use it to hurt my reputation.
So, why collect that information if it's so easy to abuse?
"There are 6 billion people in the planet, why would the "system" want to spy on you?"
That is not the point.
First: It can without my consent.
Second: The costs to do so are dropping towards zero.
This is troubling.
Jeez. Sounds bad. Giving your personal information away every time your credit card is scanned.
About as bad as giving your personal information away for a nytimes.com account.
If you don't understand any of my sayings, come to me in private and I shall take you in my German mouth.
Every few times I'm at the grocery store I turn to the person behind me in line and offer to trade savings cards. Most often, the appeal of fucking with their big database of who buys what puts a smile on their face and then we trade cards. so when i buy depends, treet lunch meat, and 6 pounds of radishes, they may be recording it, but the data is of no value.
Fsck the millennium, we want it now.
Millennium Crisis Line: 0890 900 2000 [calls cost 50p/min]
I you are not a criminal, chill.
You should just rephrase that as 'if you've got nothing to hide then why are you using encryption, envelopes, etc.'
There are 6 billion people in the planet, why would the "system" want to spy on you?
What system? Did you read the article? This is just a guy who owns a bar and suddenly he's got more information on the people in his neighborhood than the census bureu can legally ask for. That's the main practical problem - where is the accountability? Who protects my SSN. Identify theft and credit card fraud are very, very real and now individuals without any accountability have the information to pull these crimes off.
Less practical, but just as important is the principle of privacy. Everyday we're discovering that business and government are compiling data without any disclosure. Usually government rules force agencies to state what they are collecting and why, but in the realm of business such rules rarely apply. Look at all the people who dropped their jaws when they found out all their Tivo watching was logged after that article about the superbowl.
Accountability is VERY important. It lets us know who is doing what. It helps law enforcement find the bad guys and lets us know what activities compromise privacy. Prviacy is important, its a long held tradition to leave the individual alone unless she has done something wrong. Just because technology has made data collecting cheap doesn't mean its right.