Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pay Dirt in Scanned Driver's Licenses

Posted by michael on from the sutter's-mill dept.

The New York Times has a good article explaining why handing over your national ID card to be scanned may not be such a good idea.

24 of 559 comments (clear)

  1. My drinking habits... by crumbz · · Score: 5, Interesting

    are my own. Any bar that is scanning my ID and keeping a record or pulling other data is not getting my business. Then again, when I buy beer at the grocery store and put it on my debit card, it is doing the same thing.

    We (the collective us) have been rushing at a breakneck speed down the tunnel of complete mediation. Everything about us will be known. Except perhaps to ourselves.

    Wow, that was pretty deep for this early in the morning...

  2. identity theft versus tracking by peter303 · · Score: 4, Insightful

    I would be more concerned if there is enough info on the stripe to impersonate someone and drain their finances. As for tracking ones movements, I feel that that will become inevitable through a multitude of security devices. That becomes like surfing the net- white noise save all for the most determined voyeurs.

  3. Defacto Privacy by rev_icon · · Score: 5, Insightful

    One of the points the proponents of these scanning machines said in the article that these machines don't violate privacy because they're just reading out the same information that is on the front of the drivers license. Of course, technically this is true, and it is just the same as if someone was photocopying every license that is shown at the door, but it's also alot different.

    Think about this... if you were walking in the park with someone, and you were talking about your girlfriend and some new car that she just bought, and someone walks by and happens to overhear you talking about this, it's not an invasion of privacy. You're in the park, it's a public place. Now think of the same situation, but someone is following you around with a microphone recording everything you say. Technically it's still not an invasion of privacy because you're in a public place, and because you're saying it in public, it's public information, but it's still a Completely Different thing.

    -Matt
    Free Your Mind

    1. Re:Defacto Privacy by electroniceric · · Score: 4, Funny

      Well put.

      The irony is that what causes the info-tracking technology to cross the line between helpful and invasive is the efforts of clever software engineers in making information impossible easy to store and follow.

      The crux of your analogy is following people around. But what if you could record every conversation within a mile as easily as overhearing it? Even people with the most innoccuous intentions could run roughshod over privacy. That seems to me to be exactly what this bar owner is saying: "Well, I bought this doodad to reduce the hassles that go along with checking IDs properly (or checking them improperly and get browbeaten by local liquor control boards), but as long as it says click here to build Customer-Experience Enhancement Profiles, I figure I'll give this a shot." And then, "Wow, this is really useful to me. I can make my bar do much better business."

      Information seems more and more to want to be free. The problem is setting it free without letting run around without its pants on.

  4. Remembering by WndrBr3d · · Score: 4, Interesting

    I remember a few years back there was this huge scandal in Canada where people had devised a Palm Pilot add on which could act as a magnetic strip reader.

    You could swipe any card and it would extract the information from the magnetic strip and store it in a database.

    Rescently we've been working with Card readers here at my company and let me tell you, there is some interesting information on those cards.

    Basically, there's two 'tracks' of data. ASCII data of course. I think the limit is 64 Characters per track. It was fun to to go swiping cards to see what information was stored on them. Student IDs, Drivers Liscences, Credit Cards, Health Cards, Hotel Room Keys and even some other strips worked (FastPass anyone ?).

    The down side is these readers can cost upwards of $300 to $500 and the Driver Software leaves -little- to be desired (VB anyone ?), but then again, it's OEM hardware so we were lucky to even get software support.

  5. From the nation who... by Anonymous Coward · · Score: 5, Insightful

    • pays their phone bills with credit cards
    • buys food with credit cards
    • buys gas with credit card
    • buys bus/train/airplane tickets with credit cards

    You see the pattern? What's an ID card going to do? All your purchasing data and aggregate information already belong to some shady corporation.

    If you don't trust your government, then fine. Why do you trust the corporations then?

    1. Re:From the nation who... by daoine · · Score: 4, Insightful
      The interesting thing is that it's a choice to purchase things with credit/debit cards. Granted, I'll generally have a paper trail with my bills, but if I'm in the supermarket or the drugstore buying stuff I don't want the world to know I have - I skip the little saver card thing and I pay cash.

      The reason this is a little sketchy (and maybe different) is that I _don't_ know where scanned license information is going.

      I know exactly what happens to my information when I buy something on a credit/debit card with a little saver thing(it gets sold to anyone who might give a rats ass) and I can judge accordingly.

      But the article pointed out itself -- that the information for that particular system was stored locally. It's a little scarier (maybe it's just a girl thing) to think that the sketchy bartender now has access to stuff without my noticing. All he's gotta do now is remember my name, instead of name, address, and everything else on my license.

      /mildly paranoid

  6. Re:it seems.. by ncc74656 · · Score: 4, Interesting
    it seems there should be an option to say no to having the magnetic strip on a license.

    You could also move someplace that doesn't use them. Nevada still uses old-school Polaroid-generated licenses, for instance. (I think that might change in the next few years...on the upside, though, they quit issuing licenses with numbers derived from your SSN a few years ago.)

    It'd be interesting to see what would happen if you "accidentally" left a license with a magnetic strip sitting on top of a really powerful magnet...assuming that all the stuff anybody needs is also printed on the license, maybe that's a fix for your problem.

    --
    20 January 2017: the End of an Error.
  7. Re:it seems.. by Lumpy · · Score: 5, Informative

    dont have to....

    Go home, take a nice fridge magnet... that pizza place magnet will do..
    set the magnet on the strip, rub a few times... Voila

    Then they have to type it in.

    --
    Do not look at laser with remaining good eye.
  8. Here's why it's so nefarious... by Squirrel+Killer · · Score: 5, Insightful
    From the story:
    "It's the same information as the front of the license," said Frank Mandelbaum, chairman and chief executive of Intelli- Check, a manufacturer of license-scanning equipment based in Woodbury, N.Y. "If I were to go into a bar and they had a photocopier, they could photocopy the license or they could write it down. They are not giving us any information that violates privacy."
    If I went to a bar that tried to photocopy my driver's license, I'd damn sure turn around and go elsewhere. By making the privacy invasion so subtle, they've muted reasonable objections.

    -sk

    1. Re:Here's why it's so nefarious... by Jordy · · Score: 5, Insightful

      The debate against National ID cards still confuses me. It seems to me that if they built a national ID card where everything was contained electronically and there was little to no information on the front, you could do *more* to protect privacy than the current standard of relying on driver's licenses.

      The real trick would be developing a method whereby only the information you want to give out is accessible.

      My first thought would be to encrypt each peice of information with a different key, but then the government would need to distribute private keys to each business which takes the control out of your hands. On the other hand, if done correctly, they could give access to a liquor store to only be able to decrypt a photograph and if a person is over 21 or not (not even age.)

      A better solution of course would be a method of allowing each person to control what information a particular vendor retrieves, but practically speaking, is much more difficult than the above solution.

      If the above described card was issued as a national ID card, we'd all be a lot better off. Of course then every club would need a little scanner to read the information instead of being able to just look at the front... but that's not my problem now is it? :)

      --
      The world is neither black nor white nor good nor evil, only many shades of CowboyNeal.
  9. reply to AC by Srin+Tuar · · Score: 4, Insightful
    Nice idea, but the club uses the strip as a counterfeit-prevention device, and likely would refuse service to anyone with a mangled bar code because they couldn't be sure it wasn't a fake id.


    Maybe if youre the only one with a blanked license they could single you out, but its not uncommon for a licence a few years old to be unreadable. I worked as a grocery clerk for several years, and I can tell you that about 5%-10% of all credit cards are unreadable, and they are replaced much more frequently that driver's licenses. (probably because they are used that much more often)


    Also there is the fact that they are in business to make money- they wont woo many customers by turning away obvious adults with valid licenses.


    And cmon- The hologram, micro print, state seal, and all that other stuff have to count for something...

  10. Re:it seems.. by studerby · · Score: 4, Insightful

    I suspect that some places, particularly bars and banks, will assume that the license is forged and treat you/it differently...

    --

    .sig generation error:468(3)

  11. How Jennifer 8. Lee got her middle initial (true) by Artifice_Eternity · · Score: 4, Interesting

    She is of Chinese background. Eight is a lucky number in Chinese culture, and her parents wanted to give her a lucky middle name. If I recall correctly, this would not be so exotic in Chinese, where ideograms and sounds have multiple meanings (in fact, I think lucky numbers often get their "lucky" quality from the fact that the characters and/or sounds for such numbers resemble other words which have positive meanings).

    It has apparently caused her some grief when dealing with computerized systems which flag "8." as a typo in the middle initial field, but she has stuck with it.

    For another weird numerical name, do a Google search for guy that works for Microsoft whose first name is "M3." It's really bizarre...I don't know the story behind that one.

  12. What's private and what's not? by foobar104 · · Score: 4, Insightful

    I think this raises an interesting question. What information about me is legitimately private, and what isn't?

    The knee-jerk reaction, of course, is to say that everything is private unless I choose to release it. But that approach doesn't work in practice. There are too many instances in which information about me needs to be publicly available. To pick a silly example, it's important that it be public knowledge that somebody lives in my home, because if the building catches on fire I want people to let me know and help me get out.

    So some information really should be explicitly public knowledge, and it's important that everybody accept that, especially privacy advocates. We can then have a reasoned discourse about where to draw that line.

    Think about your phone number. The phone company publishes your name and phone number in their directory unless you pay an additional fee for an unlisted number. This has been the status quo for my entire life-- 30 years-- and certainly much longer. So it's got a pretty good precedent going. So is my phone number private information by default? Not really. Should it be? Hmm... maybe. If I express no preference at all, should the phone company publish my name, address, and phone number or not?

    The other end of the spectrum is information that's clearly private, and protected by law. My medical records and the contents of my communications with my lawyer are explicitly private. If a court wanted to know what my doctor said to me last week, they couldn't ask. It's private.

    Everything else is in the middle. Is my street address private? No, by the phone book argument. What about the number of people who live in my house? Maybe. How about their ages, genders, and sexual preferences? Hmm.

    I guess what I'm trying to say is this: our society seems to accept as a given that we should each have the right to keep stuff private. The slippery slope argument, though often specious at best, implies that the right to keep stuff private must only be abridged when there's no alternative. But everywhere you look there's ambiguity about this principle. Go back to the phone book example; the phone company assumes you want to publish your name, address, and phone number unless you explicitly tell them-- and pay them!-- not to. Likewise, the bar mentioned in the article assumes that it's okay for them to collect demographic information from you.

    Where is the line between stuff that is assumed to be private unless explicitly waived, and stuff that's assumed to be public unless explicitly withheld? Like I said before, in principle the line is all the way over to one side: everything is private unless waived. But in the real world, that line will have to be moved a little bit so that some things are public information by default.

    I don't have any answers. Just questions.

    1. Re:What's private and what's not? by anthony_dipierro · · Score: 4, Interesting

      It will never be illegal to purchase things with cash or barter.

      It already sort of is.

  13. It's already worse than you think. by Matey-O · · Score: 5, Insightful

    While I'm not defending the practice, I'm reminded what I felt when two of the three big chain grocery stores went to a frequent user card.

    I went defiantly to the third. NOBODY needs to know when I buy my Milk and Eggs!

    When somebody pointed out that Costco, the Chain I love and frequent, and am frankly a cult member of, does the SAME THING, and has done so for YEARS before the Grocery Stores did it really brought me up short.

    This is unfortunately a sign of the times. And without turning unibomber and living in a shack in Wyoming, there's not really much you can do about it. It's similar to the emissions and seat belt laws in the 70's. TONS of people didn't like it, but now it's commonplace.

    I doubt it's going to turn into the 1984 that the alarmists paint it as, but It's also going to make more than a few people more than a little upset when it's abused. (IT WILL BE ABUSED. And when it does, the public outcry will make it financially unadvisable to abuse it further.)

    --
    "Draco dormiens nunquam titillandus."
    1. Re:It's already worse than you think. by CoreyG · · Score: 5, Insightful

      The only real reason grocery stores have food cards is to make more money. They use various combinations of data mining tools and predictive analytics to figure out what people like to buy, who the best(read most profitable) customers are, and who are the cherry pickers(read most costly). Then they market to their best customers and not the cherry pickers. Or they devise promotions to sell a well-selling item with a poor-selling item. Or a well-selling item with a high-profit item. The list goes on and on. The only reason they do it though, is to make money. The only way the analyses are at all accurate is because of the aggregate amount of data they collect. Performing an analysis on 1 person's data would be useless. Most retail-specific applications don't even provide tools to look at specific customers, only categories of customers that satisfy specific criteria. Retailers don't make money by looking at your purchasing habits. They do it by looking at everyone's purchasing habits together. You alone are not valuable to them.
      Now, could all this be abused by selling your information to others? Possibly. Except retailers are most likely making money directly off your information themselves, and prefer to keep it that way. Grocers are usually quite territorial with their shoppers and generally would not risk anyone else getting hold of their customers; they make too much money compared to the amount they'd make by simply selling a list.

  14. hypocrisy by anthony_dipierro · · Score: 4, Funny
    The electronic trails created by scanning driver's licenses are raising concerns among privacy advocates. Standards and scanning, they say, are a dangerous combination that essentially creates a de facto national identity card or internal passport that can be registered in many databases.

    For full access to our site, please complete this simple registration form.

    Does anyone else find that hilarious?

  15. Re:No License? by Delirium+Tremens · · Score: 5, Interesting

    Ah, it happened to me once, but the other way around. I was at a grocery store in California buying beer. The cashier asks for my ID and I show her my U.S. Georgia driver license. She then tells me that she is sorry but she is not allowed to sell alcohol to out-of-State resident.
    WTF?
    I eventually walked out of there with the beer because I happened to also have my Belgian passport with me. That was ok.
    Go figure. It has probably to do with rural superstition or something. Don't deprive Belgians of their beers!
    Could get dangerous. The world might stop spinning . An asteroid might hit the Earth.

  16. Bouncers copying your personal data off IDs. by Nonesuch · · Score: 4, Interesting
    sane person would point out that the bouncer "could" record the information by photocopying, yes, but he couldn't do so without being detected.
    Some of the clubs I go to, the bouncer will put your ID on a shelf under a little halogen lamp so he can read the front... at least one place, I noticed that just to one side of the lamp was a little CCD camera focused on the shelf.

    This only reads the front, but rigging a similar shelf arrangement to scan the backside would not be difficult.

    ..By law, you have the right to not put your Social Security Number on your driver's license.

    I wonder if the SSN gets encoded on the magnetic stripe if you request it not be on the face of the license?

    I checked out the 2-D barcode on the back of the Illinois license, and on mine, which does not have the SSN on the front, there is no SSN in the barcode.

    There does not appear to be any magstripe on the new Illinois licenses.

    --

    I do not deploy Linux. Ever.
  17. so... DEmagentize the freakin card! by CrudPuppy · · Score: 5, Insightful

    I have been doing this to my licenses ever since
    the advent of the stupid magnetic strip.

    This way, people who need the info (e.g. police)
    can still get it, but dickheads that like to track
    the clientele in their bars dont.

    It's not like they're not going to let someone old
    enough pay the establishment 300% profit on alcohol
    just because their license got demagnetized.

    --
    A year spent in artificial intelligence is enough to make one believe in God.
  18. It's the correlated data that scares me... by bihoy · · Score: 4, Interesting

    I don't generally have a problem with companies that store data about the transactions that I have with them. It's when they start correlating that data with other sources that I start to get concerned.

    In this example data gathered by the Registry of Motor Vehicles (or whatever your state calls them) is being correlated with services and purchases at a Bar.

    The article mentioned the scenario of how a fictitious bouncer could use that data to stalk women.

    There are many scenrios of abuse that this could be used for. Basically the technology allows for your movments and habits to be monitored very easily. That information could be used by others to your harm and detriment. It could be used by governements, businesses, or individuals.

    In todays society it is alomst unthinkable to live without a drivers license. That makes it very difficult to opt out. Sure you can stop going out to clubs and restaurants. Perhaps you can use only public transportation. You could even pay cash for everything so theres no need to provide your license when presenting a credit card. It seems that giving up your privacy is becoming the price you must pay to participate in the beinfits of todays society.

    The use of these devices is bound to increase as business look to reduce risks and increase profits. It's a very slippery slope. Think about where it's all likely to lead.

    I used to think that George Orwell wrote Science Fiction.

  19. Re:Junk Mail by spike+hay · · Score: 4, Funny

    Jeez. Sounds bad. Giving your personal information away every time your credit card is scanned.

    About as bad as giving your personal information away for a nytimes.com account.

    --
    If you don't understand any of my sayings, come to me in private and I shall take you in my German mouth.