Slashdot Mirror
Supermarket Loyalty Cards Vs National ID Cards
john.wingfield writes "The BBC is running a story on a speech David Blunkett, the British Home Secretary, has given on ID cards and supermarket loyalty cards. He criticises the data protection arrangements for the loyalty cards whilst simultaneously (hypocritically?) promoting his own national ID card scheme, which is exempt from the Data Protection Act 1998. See also the UK Information Commissioner's (data protection and freedom of information watchdog) concerns about the ID card scheme."
The cards were not a panacea for everything but could help stop terrorists using multiple identities Because everyone KNOWS that terrorists can't fake ID cards! Hell, that's probably why GB is the terrorist haven that it is now, because they don't have a national ID card!
Geez, I thought that only America had to deal with this kind of insane rationalization. And no, I don't have and never will have a "loyalty" (i.e. "We want to track you") card.
The National ID Card issue is way overblown. Almost everyone has driver's licenses. There should be some standard other than interstate communications that establishes identity through government issued IDs (to close up conterfeit holes). Put a smartchip on the driver's license, for example. But there should not be any requirement to carry the card unless you are doing something such as driving, buying beer, or passing through customs (each of which the gov't has a valid reason for wanting to know your identity).
I avoid those grocery store cards. I will go out of my way to find the stores that don't use them. Luckily the little mom&pop store down the street doesn't use them, so that's where I usually go.
Guess what? While their small size means their selection is limited, the overall prices are about the same as the larger stores that use the nasty little cards.
Even if the prices were higher, I'd still go there. Everyone in the store knows the location of every item. Can't find something? Ask the next kid in an apron, and they'll take you right to it.
sigs, as if you care.
as for the supermarket loyalty cards, they give the card, no one says you have to give them your address, they call me Mr Goatse at one store, one clerk figured it out and started laughing at my name. You can easily grab a handful of them, use one for every day of the week.
"Do you have a Kiroger card?"
'Nope'
"well...here's the card and the application" She swiped it, and gave me the blank app, to be filled out later.
The card works, and I just shredded the application.
So..just take the blank application, and say "I'll fill it out later".
The best part is, EVERY TIME I've ever gone to a Bi-Lo store and told them I didn't have a card, they'd just key in the override code (444400000000) and I get all the "discounts" anyway.
I reluctantly applied for one a few years ago, since the discounts meant I'd save over $100/year. In reality, I was off by a factor of two, saving close to $200/yr. off of the store's artificially inflated prices.
There are actually two types of discount cards: the first requires a real name and address and proof of identity. This one affords the user check cashing privileges. Since I do my banking business at an actual bank, I opted for the second, which doesn't require a real identity. Being a properly paranoid Slashbot who doesn't want The Powers That Be to track my aluminum foil purchasing habits (for the hats, you see), I gave my name as John Doe, 1234 Main St., Anytown, USA.
I'd been using the card for over five years before I realized that the cashier sees your name come up on her terminal when you use the card. About a month ago, the cashier asked me if my name was really "John Doe".
"Yeah, and it's a real bitch when I check into a hotel," I replied.
About a year after I got the card, the supermarket (Stop and Shop in Massachusetts) launched a web site that integrated your purchasing data. You'd log in by entering the serial number on the card and get a history of your purchases and discounts, along with "healthy" alternatives (which was pretty brain dead, offering mayonnaise as a "healthy" alternative to mustard).
The beauty part was that after you logged in you were presented with the option of password protecting your data. However, that meant that anyone who hadn't logged in had their purchase data unprotected (albeit with no identity attached). I tested this by entering numbers at random and viewing the purchase histories of random strangers ("Grape soda and rice cakes? What were you thinking?" "Oooh! KY Warming Jelly! Party on, dude!"). I was tempted to enter passwords for some of these but I didn't.
The store pulled the web site after a couple of weeks, citing "security concerns".
Gotta go. I have a craving for grape soda and rice cakes.
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
The number is checked against their database. At least for Safeway stores... But if you have a friend with a supermarket card just use their phone number (it's probably already in your mobile phone. uhhh.. ask your friend of course before running it.)
Heil Sig! -Rob
As far as I'm concerned, it's not a privacy issue unless they fuck it up. They can already track you by SSN, state ID, or whatever. It would only really be a privacy issue if they put RFID stuff in your card, and this enabled unintended people to scan the thing and get useful information. That would open the system up to abuse by criminals and stores alike.
But the real problem with national ID cards is that they have negative security value. They will be trusted more than ID cards and social security numbers, and they will be only one piece of information to forge or steal. The government databases connected with the ID cards will be vulnerable and unreliable, and more so than the SSN databases because of their size (i.e., more chances to create a privacy problem by fucking it up). They'll be a bigger pain in the neck for people who lose them, and the risks of identity theft will be monstrous.
It would be very difficult to get something on this scale right, and it would be worse than the current system of state IDs, kludgy as that is. On top of that, the project would be horrendously expensive.
There would also certainly be ways for an insider to ruin someone's life, even more than there are today, by fiddling with these databases.
If there were national ID cards from the beginning, the system might be better than what we see today (I personally think it would be simpler but probably more vulnerable to abuse). But I think that instituting them now would be a mistake.
Schneier has a good essay on this here.
I hereby place the above post in the public domain.
at Cal Poly Pomona, we used to use the campus switch board number as the phone number for a card that one of us started. that way whoever you were, you'd just use that to get the discount (because sometimes it was nutty the discouts you get...$14, with your Ralph's card, only $7.99!).
I can see the guy compiling the stats:
"Wow, this guy drinks a lot"
JediLuke
-Do or Do Not, There is no Try
While everyone gives you there theoretical analysis of the situation, I'll give you my tiny little practical anecdote of privacy and how it affects me.
About fifteen years ago my car was broken into. Among other things, they stole three library books. In the confusion I didn't realize this until a few months later on my next trip to the public library. EIGHTY DOLLAR FINE! Well actually, most of that was replacement fee. The fee was outrageous, and at the time I was quite poor so I couldn't pay for it.
To this day I cannot get a public library card without paying this fine. It's probably increased since then, but even if it hasn't, eighty bucks is an awful lot for a library card. This isn't just in the county where the books were due. Thanks to the state driver's license number (eg. ID card), I can't get a library card anywhere in the state. I did try five years later in a different county to no avail.
Yeah that's trivial. But imagine it on a national scale for more serious problems.
Don't blame me, I didn't vote for either of them!
Like most slashdotters, I gave fake information when signing up for my supermarket loyalty card. But I started thinking how many other places I signed up for things with my real info - especially places that required an ID, for example: The Hollywood Video account I just opened. Is it illegal to present a fake ID in such a situation?
"What kind of music do pirates listen to?" -Paul Maud'dib
"Yeeeaaarrrrr n' Bee!!" -Stilgar, Leader of Sietch Tabr
Whenever I go grocery shopping at Genuardi's or Acme, when I get to the checkout and the clerk asks if I have my super-fantastic discount card, I pat my pockets, give my wallet a cursory once over, and check my key ring, then shrug sheepishly and tell them I must've left it at home. At this point the clerk just runs her own. Granted, I go to the lines with the cutest chicks and say it with a great deal of charm...
Founder, Americans Allied Against Alliteration
I also live in the UK. Full disclosure: I'm rationalising a knee-jerk "don't like it" response. This is going to be a bit one-sided. :)
The British government has never got an IT system in either on time or on budget. In this particular case, they're talking about spending £3bn, with no track record of being able to implement a working system. There will be cost overruns, so expect the figure to rise. One analysis I read (I forget where, sorry) suggested that £3bn was about right for cards+database, but didn't include money for readers, which would then presumably come out of the budgets of the Post Offices/hospitals/etc that needed to install them.
An ID card is a single point of failure. If I can forge one, or obtain one by bribing or threatening a civil servant, I have a bullet-proof fake identity.
The Home Office doesn't really know what they want an ID card for. When questioned, Blunkett acknowledges that there is no anti-terrorism value in the things, but on occasion pushes them as an anti-terrorist measure. They want it to combat benefit fraud. Department of Work and Pensions reckons ID-related benefit fraud costs them £50m a year. Assuming Blunkett's £3bn is correct, it'll take 60 years to repay itself on that.
They also seem to have an idea that it'll solve illegal immigration. The problem is that as soon as you connect the UK ID database to (say) the Nigerian database, you rely on the accuracy of the Nigerian database to work out whether or not you should issue a UK ID card. Problem unsolved...
As to your "nothing to hide, nothing to fear", that's not quite true. If the Powers That Be trust the card implicitly and it is not actually perfectly unforgeable, you could find yourself in the position of having to prove that it wasn't your ID card used to "aid and abet criminal activity", but another card with exactly the same characteristics. If it turns out to be impossible to acquire a card illegally, I'll eat this computer.
I'd recommend this article on The Register. Their argument is that it's a waste of money that (even if it worked perfectly) wouldn't solve any of the problems the Home Office wants to solve.
Ibix
As long as we are comfortable with the fact that if somebody in the right office wants to pull up our file, they can know EVERYTHING about us on a whim. --This does not just include what we do and when we do it, but all the clever things which can be learned from that data. --Psyche profiles and all the most likely reactions a person will have to any given stimulus at any given time. --Or if the person is the sort who is likely to resist the control system by using one card among nine different people.
It's about fear and control. 'They' are scared of losing control, and so always seek more and more. 'They' want people neatly labeled in their individual boxes, doing exactly what they want us to be doing.
If we never find being labeled or being put in boxes offensive, then we are probably never going to be considered a threat, which should make life easy. --Except it doesn't work that way. Once we have been put in boxes, how do they know we will stay there? What if we wake up one day and decide that we don't like our boxes? This is a fearful thought, which makes the controllers want to apply even more control. The target and memories of what was once normal are always in motion. Fear is never satisfied; when one is pre-disposed to fearing being on the 'wrong' side of the line, then it no longer matters how far the line is moved, the line itself remains and there is always a 'wrong' side which drives the desire for even more control.
'Living' for the average human has become increasingly doing only pre-approved things, thinking only pre-approved thoughts, and generally staying within the pre-set boundaries created by our masters. The world isn't the way it is through random chance. --Just because we were born into slavery doesn't make it natural or okay. There is so much more out there! --But ignorance is bliss. Amazingly, most people are content to flush away all their health and youth into stupid jobs, working too many hours a day, calling 'entertainment' the mind-numbing pap which is most film, television and popular video games.
--And when management decides it's time for us to lose our jobs and seek out of default and desperation positions with the military (carrying rifles through the desert), most of us think, "Oh well. I guess that's just how it is". We unwittingly participate in hundreds of social engineering stress-tests delivered via media, food, medicines and artificially generated sickness. --Much of the misery in our lives has been artificially generated for one reason or another.
Among those who know, there is a subject which is called, "The Topic of Topics". or "The Predator". There are those who 'eat' human misery, who don't want us to look at the UFO's. --There is such thing as spiritual energy, and like any energy, it can bled off and used to feed other things. But these are not thoughts cattle are supposed to have. So we must stay in our boxes, watch our televisions and not talk too much.
How much personal debt do people currently have? How often do they get sick? How much do we really think for ourselves? When was the last time anybody was in a satisfying relationship? How much of You is really You?
For control measures and artificial stimuli to be administered, the system also requires numerous methods of monitoring and gathering information during and after the fact. Information cards which people willingly carry around are just one small, small facet of the whole system. --And I suspect that on the most important levels, these particular facets are more about molding perceptions and training certain thought patterns than they are about actually watching people. About making people think, "What's the big deal about privacy anyway?"
-FL