July 2007
Beer and Privacy (3 July 2007)
Belgian Court Rules ISPs Must Stop File-Sharing (5 July 2007)
The Greek Cellphone Tapping Scandal (6 July 2007)
Pen Registers and the Internet (7 July 2007)
Security and Usability: Windows Vista (13 July 2007)
Fidget Toys (13 July 2007)
Checkers: Solved (19 July 2007)
Secondary Uses and Privacy (20 July 2007)
Security Flaw in the iPhone (23 July 2007)
Hacking Forensic Software (26 July 2007)
Insider Attacks (28 July 2007)

Beer and Privacy

3 July 2007

Tennessee has a new law requiring age verification on all purchases of beer. Nominally, this is an attempt to prevent underage drinking. I’ll leave to others to discuss whether or not it’s likely to be effective, or why the law applies only to beer and not to wine or hard liquor. (I was tempted to muse on the effects of generalizing this idea on a famous local product — Jack Daniels Tennessee whisky — but to do that properly I’d have to link to their web site, and that is allegedly difficult. It seems that Jack Daniels’ has a "Linking Agreement". Is that enforceable? I may comment on that another time.)

There is, however, a privacy issue. Note this portion of the cited article:

Richard Rollins, who owns a convenience store in Nashville, is already using a computerized scanner to check everyones drivers licenses when they buy beer. "We just say were trying to keep our beer permit, and this is the safest way," Rollins said.

But it has stopped Jeff Campbell from shopping at Rollins market.

"I dont mind them asking for my ID, but they dont need my drivers license number," said Campbell, 43. "Im just buying a six-pack. All they need to know is how old I am."

Rollins said scanning licenses has proved beneficial in other ways, such as catching criminals.

When one customer tried to make a purchase using a counterfeit bill, Rollins said police were able to track him down because the receipt from the scanner showed his name and license number _ and his address.

That’s right — stores and bars can and do record various personal details from your driver’s license. The purpose of the check is to prove your age; the alleged purpose of the scanner is to detect counterfeit licenses. The trouble is that it does more, and most people don’t realize that.

Privacy has been defined as "the right of an entity (normally a person), acting in its own behalf, to determine the degree to which it will interact with its environment, including the degree to which the entity is willing to share information about itself with others." Many uses of the scanners are intended to collect customer information; see, for example, CardVisor II, IdVisor, and more that I didn’t find in two minutes of searching the net.

The privacy threat isn’t new. However, this new law is likely to increase the usage of such scanners, and with that the threat to privacy will increase.

Tags: privacy