Posted on 01/10/2008 6:37:05 PM PST by Eyes Unclouded
The frustration of proving one's age to buy things like alcohol and tobacco does not end when you reach the appropriate legal age. Those of us who are fortunate enough to have a youthful appearance are forever burdened with having to carry a state-issued ID card to every place where we might want to buy alcohol or tobacco. Over the past few years, we've been gradually subjected to another, more intrusive ID-related hassle -- that of electronic drivers license scanning. It's one thing when a government representative scans your driver's license; it's another thing entirely when a restaurant does it, and records your personal information in the process. Is this legal? Ethical? Secure? In order to find out, I contacted an electronic security and privacy expert, and the American Civil Liberties Union. The incident at Houstons
It was August of 2006, and I decided to take my girlfriend out to a nice dinner. She's particularly fond of the veggie burger at Houstons, a regional restaurant chain owned and operated by the Los Angeles-based Hillstone Restaurant Group, which also controls the Gulfstream, Bandera, Rutherford Grill, Palm Beach Grill, Cherry Creek Grill, Los Altos Grill, and Cafe R&D restaurants.
We sat down and ordered drinks. I was, of course, asked for my driver's license, which I presented to the waitress. My girlfriend was not asked for her ID, which she found somewhat insulting, being that she is of an age to be insulted by the assumption that she looks over 30. The waitress thanked me for handing over my Florida driver's license, then hurried away before I could both recognize the fact that she'd walked off with my ID, and organize some kind of protest. She returned a few minutes later with our drinks, and handed me my ID card. "Why did you need to take my license?" I asked. "Oh, we had to verify it," she replied. "Out of curiosity, what do you do to verify it?" "We scan it through a machine that makes sure it's real," she said cheerfully.
I was totally shocked and really upset that my driver's license was just scanned without my consent, so I asked the speak with the manager. Not only was he clueless as to the license scanner's method of operation -- he insisted that it was for my own protection, which is as bizarre a statement as I can imagine -- but during the course of our heated and repetitive conversation he tried to flirt with my girlfriend to get her on his side, against me. I wrote a letter to an executive at Hillstone to complain about the situation on both levels, and a few days later I got a call from Robert Hardie, a regional vice president at Hillstone. The first thing he did was apologize for the manager's behavior; I responded by thanking him for the effort, but that the only appropriate apology for the situation would come in writing from the manager I dealt with, not a proxy. This was the only remedy I was interested in, because I felt more insulted at the manager's behavior than I did about anything else -- I already wasn't going to eat at Houstons ever again because of the license scanning issue, but I wanted the situation to be made right. I was told that a written apology from the restaurant manager was not an option available to me. The second thing Hardie told me was that serving alcohol was a privilege, not a right, and that Hillstone implemented the license scanning procedure to protect customers from false IDs. I told him outright that what he'd just said was ridiculous because my safety and security were not at risk until my license was confiscated and scanned by the waitress, effectively putting me at risk instead of removing some imaginary risk. I asked him to explain how I could possibly benefit from his license scanning scheme. The answer was that it protects people under the age of 21 from drinking alcohol, which has benefits that are supposed to be obvious to me, and as a side effect it protects the restaurant from underage drinking sting operations. "Aha," I said, "So it does not protect me, it protects you." He agreed reluctantly. Hardie further stated that he would make sure the manager I dealt with was reprimanded accordingly, but he was more concerned that the manager did not know all of the appropriate technical details of the scanning machine than he was about the man's behavior toward my girlfriend. Before our conversation was over, Hardie provided me with the exact make and model of the license scanning machine Hillstone-controlled restaurants used -- an IntelliCheck IDC1400. This model is no longer in production, but there are many like it showcased on the IntelliCheck home page.
Last week we decided to see if the restaurant had changed its policies, and reserved a table at Houstons. Again, the waitress tried to walk away with my license, but this time I stopped her and told her that under no circumstances was it to be scanned. "Look at it, test it with a blacklight, call the motor vehicles bureau, whatever -- you are not allowed to record that card electronically," I insisted. I then provided her with a second form of government issued photo ID that did not have a bar code or magnetic strip -- a concealed weapons permit. "That's two forms of government-issued photo ID -- that should be enough," I told her. She said she'd have to talk to the manager about it. It was a different manager this time, but instead of being condescending like the previous one, this manager was confrontational and aggressive. He asked what the problem was with license scanning. I told him what I've related here for the most part, adding that I'd researched the machine he was using and discovered that it was designed to record drivers license data. I would not permit this. "Then we don't serve you," he said indignantly. I told him that I was the only person at a table of 4 people who was asked for ID, and that this was not only insulting and belittling towards me, but that because of the waitress' inability to approximate my age, I had to forfeit the privacy of my driver's license information. This caused a rather explosive confrontation that prompted us to leave and relocate to a different restaurant. Was I right to disagree with this policy? Was I being paranoid, or was I just upset that at 29 I was still being asked for my license by some waitress who was not only substantially younger than me, but might actually not have been of legal age to serve me alcohol? The security of license scanners
My first concern was the security of the data being collected from my driver's license. To better understand the risk in this situation, I contacted security expert Bruce Schneier. In addition to his blog, Schneier is also the author of 8 security-oriented books, including Beyond Fear, and many essays on cryptography, and security and privacy in the information age. The first thing I wanted to know was, of course, if civilians scanning state-issued drivers licenses constituted a dangerous and insecure situation. "The situation with hackers -- can the data be intercepted, can the database be hacked -- is scary, but it's not really a realistic threat when you consider the other information available to them, like credit card numbers and social security numbers," he replied. "This is just yet another database of information on you."
There isn't a lot someone can do with your driver's license number -- it's not nearly as important as a social security number, unless you live in a state like Arizona which uses your SSN as your driver's license number. SSNs are important to identity thieves, so electronic scanning of driver's licenses puts bar and restaurant customers at a hightened risk for identity theft. But if you have a non-SSN driver's license number, the data is not particularly important to thieves and other people with nefarious intent. What other threats would collecting this information pose? "Would you like a list of every bar you've visited to be posted on the Internet? How about marketing -- would you like to receive more of that? This data is sold to ChoicePoint and combined with other data about you and sold to a wide variety of companies for marketing." He went on to explore the idea of how this might be used in the future: "Let's say I had a bar -- I could offer a drink special for 10% off if you agree to let me sell your drinking data to Bacardi. There's nothing wrong with that because as the bar owner, I'd be telling you about it upfront and you'd have to agree to it. But to do this without notifying people, by collecting data through age verification, is kind of sleazy."
Indeed it is. I was not told that my license would be scanned, that my data would be collected and transmitted over a public network to some unknown corporation that has access to information that I thought was private between the state of Florida and me. The waitress took my license, walked away with it, and came back with my drink and the license. It wasn't until I questioned her that I found out that it was scanned. I told her that I did not give her permission to scan my license, but she thought I was joking with her. So now somebody somewhere has a record of my buying alcohol -- or more specifically, being carded for attempting or intending to buy it -- along with my name, address, height, eye and hair color, driver's license number, date of birth, the status of my eyesight, the classes of vehicles I am authorized to drive, and possibly also my photo and a copy of my signature.
"The record of your drinking habits could be used in court as evidence -- for instance, in a divorce case if your wife accuses you of being an alcoholic. A record like this could be used, but this kind of thing happens all the time in our society. Do you have some kind of toll booth pass, like EZ-Pass? Data from EZ-Pass usage has been used in divorce cases.. Every time you use a credit card, there's a record of the purchase and where it occurred. Your cell phone's whereabouts can also be tracked. All of this information is being collected, organized, and used for all kinds of purposes, good and bad."
So how do we as consumers fight this? Schneier says that we're of course free to boycott establishments that use scanners, and that someday we may even see some bars advertised as offering anonymous drinking, as an alternative to places that collect and record information about your drinking habits. "You're basically screwed, because if you don't let them scan your license, they make you leave, or won't serve you. The courts and the ballot box are a better way to fight this matter. Talking to the employees won't make a difference because, as you said, it's company policy. They're going to do it because it's company policy, and since the decision about scanning is made far away from the point where it happens, you're not going to get anywhere."
Schneier recommended his The Future of Privacy essay, and this piece on license plate scanners for further reference in the matters we discussed. An issue of civil liberties
Bruce Schneier suggested I contact that American Civil Liberties Union (ACLU), so I did. I received a response from Jay Stanley, the public education director of the ACLU's technology and liberty program. Here's what he had to say:
"This is certainly a violation of our privacy/civil liberties. It is a violation of the principle that personal information collected for one purpose should not be used for other purposes without an individual's affirmative, fully informed permission. The fact that you provide information to prove you are complying with drinking-age laws should not require you to give up other personal information about yourself, and to be tracked.
Personally when I am asked for a driver's license for various reasons (age-verification being an increasingly rare occurrence for me), I watch carefully to make sure that it is not scanned and am not afraid to challenge, ask sharp questions if I have to.
At the same time, there is only so much the individual can do, for example if such scanning is widespread or if you're not in a position to walk out on a place whose practices you don't like. This is just one of many examples we are seeing today of novel privacy violations due to the growth of technology. Ultimately, our country needs good privacy laws implementing the "use limitation" principle I mentioned above and the other well-established basic principles of privacy, which every other industrialized nation around the world has enacted through overarching privacy legislation. Does it really work?
Currently, the best way to visually identify a valid driver's license is to view the holographic image embedded on the front face of the ID card. If you can't see it well enough by tilting the card at an angle, you can easily see the image with a blacklight. Many bartenders do have a small blacklight behind the bar exactly for this purpose. But the holographic image can be faked -- or more accurately, it can be suitably reproduced on a counterfeit ID. It is not easy to do this, and requires sophisticated printing technology that few civilians have easy access to, but you can buy a fake ID on the Internet or in person that will reproduce the holographic technology.
IntelliCheck offers little information about its technology on its Web site -- probably because it isn't terribly complicated to read a card, verify its data in a database, and print a message. In its "fast facts" PDF, IntelliCheck's only technical point in its list of advantages is, "Our patented technology reads, verifies and parses the information encoded on issued drivers licenses, identification cards and military IDs with magnetic stripes, one- and two-dimensional bar codes and smart chips." So we are to assume that the magic that makes electronic ID verification solutions more secure and accurate is contained in the bar codes and magnetic strip. Since bar codes are optically read, they can easily be visually reproduced, and since they're in standard, documented formats like PDF417 that have freely available encoders and decoders, they can also easily be hacked. You can make a bar code record anything you want -- including that you're of legal drinking age. That means that any electronic scanning solution that provides simple feedback will be defeated by hacked bar codes. Scanning solutions that involve authentication against a remote database can also be easily hacked -- you can simply use someone else's (valid) data in your bar code. Don't think you can defeat this by erasing the strip or drawing a black line through the bar code -- defacing your license is against the law in the state of Florida (and probably everywhere else, too), and you face a $100 fine if a police officer discovers that your license is not in good condition.
The restaurant managers at Houstons and their superiors at Hillstone told me that they had the utmost confidence that the IntelliCheck devices they used were totally safe and effective, but could not tell me who stores the driver's license data, or how it is transferred. All of them also denied that any data is recorded, but the IntelliCheck IDC1400 that they use is designed to permanently record driver's license data. In fact, all of IntelliCheck's current devices except one have the capacity to permanently store ID data, and some are designed solely for this purpose. According to Bruce Schneier, if the device reads and transmits data, it's recording it in some way, even if it's not kept on record. Furthermore, whatever entity is in charge of the driver's license database is likely recording when and where a license is verified because some electronic ID verification companies list the elimination of duplicates (multiple simultaneous or successive verifications, indicating a possible duplicated ID) as a feature.
There are many ways to work around or defeat this technology, some of them new (hacking the magnetic strip and bar code data), some of them old (having someone else buy the drink for you). There is no evidence to suggest that total reliance on devices like the ones produced by IntelliCheck and other vendors is any more effective than visual verification of IDs, and in theory could actually be much worse. When I was in Philadelphia last year, two bars I visited had a bouncer at the door scanning IDs with a handheld device. Neither of the bouncers were looking at the photos or other information on the licenses they were scanning -- people could have been handing them someone else's ID for all they knew. Neither did the waitresses at Houstons visually compare my photo and my actual appearance -- I could have given the bouncers or the waitress my older brother's ID for all they knew. It would have verified and been recorded, and had I been underage, I would have had a drink illegally and the bar would still have been at fault despite the use of electronic license scanners. So much for being safe -- a license scanner can't defeat the oldest of underage drinking tricks. The long fingers of prohibition
Even if I were underage and used my older brother's ID and the waitress had checked the photo, who would know besides me (and possibly him)? There is enough of a family resemblance, and driver's ID photos are notoriously bad and barely representative of their subjects, that no bartender or even a police officer would be able to truly determine who I really am with an ID alone. When I was a teenager, friends over 18 used to let other people borrow their IDs to buy cigarettes all the time -- no one ever got caught. Security is a process of making easy attacks more difficult; it is not in the business of making things impossible, nor could it ever realistically be. Electronic license scanners will not stop underage drinking, and in effect could make the problem worse as they become more ubiquitous and bartenders and bouncers create logical shortcuts in their habits, scanning cards without looking at them. In situations where alcohol purchases involve little or no human interaction, such as at automated checkout lines in stores like Wal-Mart, the risk of underage alcohol sales through a totally electronic age verification process is greatly increased.
The current methods of license verification that most grocery stores use is to view a license and type its date of birth numbers into the register, which then approves or denies the alcohol sale depending on age. Again, because this is a tedious process, if you look old enough or if the date on your license makes you significantly older than 21, most cashiers just type in 11111 for the date to make it easier. There really is no substitute for proper inspection and scrutiny -- electronic devices may make this process quicker, but they don't make it more accurate or secure. Sometimes technology makes our work easier, and sometimes it makes it easier for us to be lazy.
The heart of the issue here is that prohibition doesn't work. Every little scheme to try to enforce an unreasonable drinking age restriction will be met with a workaround or hack. Someday there may be a fingerprint scheme to try to ensure that you and your ID refer to the same person, and I have no doubt that within six months from the start of that policy, there will be a prosthetic skin device that will allow you to fake your fingerprint. As long as there are laws that people want to break, there will be clever ways to break them. Even if the sale of alcohol were somehow totally prevented to people under 21, the home brewing of alcohol would increase dramatically, just as it did during all-ages prohibition in the early 20th century. But before both the government and private businesses make more of an effort to crack down on under-21 drinking, they will first make it less private for everyone and more profitable for themselves. So like both the ACLU and security expert Bruce Schneier suggested, perhaps the best way to deal with this for now is to avoid places like Houstons that scan driver's licenses, and hope that someday in the future we don't have to actively seek out an establishment that offers anonymous drinking.
Good idea, but in Texas, you can't legally accept a passport as ID for buying alcohol. I'm not kidding.
Have you ever written a check or used a debit card when using it? If so you've been pegged to the card whether you use it or not. I regularly get new cards for those places that want them, and give them bogus data. I've swapped cards with other folks too. The important thing is to make sure that the cards are useless for data collection by making sure the data is fairly worthless.
Houston is all wet. A great deal of Texas is “dry” which means not really dry but that every bar and restaurant is really a private club. State law says they need to get your driver’s license number as a membership requirement if being served alcohol is a benefit of membership. You can forgoe the unicard, but then the take your license every time.
Here’s how it works:
A minor goes into a bar and orders a drink. He gets carded and produces a fake ID that passes the waiter’s check. Later, he leaves the bar and gets stopped. He produces his real ID that shows he is underage. It is better to get busted for being underage than to be busted for being underage AND in possession of a fake ID. The bar is now in trouble for serving alcohol to a minor.
Luckily for most bars, minors are stupid enough to keep the ID’s together so it gets found when they search the wallet. But that is the big deal with fake ID’s.
I am surprised that Mr. Schneier didn't point out that several states include the SSN in the encoded information on the driving licenses that they issue, so any "swiping" of information from those licenses could also be a serious breach of personal information.
When they ask me I say "What! There's a MAXIMUM age now?."
But I give it with a smile.
I JUST watched Watership Down this week on YouTube. When I saw your name it immediately struck me as a name from that movie.
Really enjoyed it. Maybe it’s more accurate to say ‘from that book’ but even though I was a voracious reader as a child (still am) I had never even heard of Watership Down until about 2 years or so ago.
They really don't care all that much about your personal info.
While reporting your grocery purchases to Hillary Clinton might be one of the uses for the State Grocery Usage Registration Database Card, the primary reason that they want you to use it is to:
1) Identify the customers who buy their higher margin products;
2) Research how much these customers will pay for staple items, like milk.
They keep raising the price for milk, say, until these desirable customers stop buying it. Then they back the price off to where they start buying it again.
They're trying to keep the customers who buy the most at the highest margins.
That's what really is behind this VIC card thing.
I was buying beer at the local place yesterday, and the snot-nosed clerk asked me, "What's your birthday?"
After a cold glare and several seconds I replied, "December 30."
That was as far as it went.
I understand that. However, I also think the guy probably used his credit card to pay for the alcohol, and that also tracks his drinking habits.
Unless he was wanting to pay with cash, then it’s just a silly argument.
It’s kind of like going to the grocery store with one of the “club” cards that you use for discounts. Those things track everything you buy so the grocery store knows how things are selling. Well, if the grocery store asked for a driver’s license when you buy liquor, it doesn’t really matter because they already have all the information.
Who says you have to give them your real SSN?
A scan to verify is reasonable. Storing the results is probably actionable, as it exposes the customer to fraud/identity theft.
I’ve had waitstaff ask not only for my card but for my PIN before (they didn’t get either after that blatant effort) so I know that there are scum out there ready to rip you off (Sir, I would recommend against the lobster bisque).
It’s perfectly reasonable to want to not accidentally serve underage patrons, but it’s even more reasonable not to allow unprincipled staff and less principled corporations to walk off with and store personal identification.
Instead of writing a futile and p—sy little column, the author should have filed suit against the restaurant. There is nothing that brings swift and decisive action like the fear of loss.
Indeed. There are a lot of people--intelligent people--that think that email just disappears into the ether when they hit the delete key. At least paper can be shredded. Email is forever.
I am 50 and never offended when asked for my ID. I am not sure what the insult it. Many establishments uniformly ask for ID so that no one can complain when this is done. To allow discretion by some employees is to invite a stupid act of some kind. But, if you don’t like the policy, go somewhere else with your business.
That 3/4 of Texas must not include Houston.
Yeah, it’s from the book... I actually haven’t seen the movie, but I’ve loved the book (and its sequel) since I was about 12 or 13.
The marketers have long traded in personal information and they lobby congress well. They have done so for over 25 years.
There is no law being broken, to be sure. The marketers write the laws just as the MPAA does in that industry.
How is it a “hardship” to be asked to present an ID at the election poll once (maybe twice including primary, and rarely a third or fourth time for primary/actual election runoffs) but no one complains about the “hardship” of not being able to enter a bar or buy a can of beer or a pack of smokes without an ID?
The first breach is the driver’s license bureau requesting your SSN which is NONE of their business.
There are data thieves within the DPS and DMV and there are crooks working there who knowingly sell REAL driver’s licenses (even multiples) to people with false “information”.
They get caught (and some like the lady in Tennessee get murdered) but it happens.
Don’t fear the restaurant or store peeking at your SSN when you don’t need an SSN to drive a car but the State wants to exert power over deadbeat dads (even if you are a woman and/or have never sired kids).
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.