Useful Links
SMBlog
RSS feed RSS icon
About this blog
About me
Archives of Dave Farber's IP list
Archives of RISKS Digest
The Legal Information Institute at Cornell University
Thinking Security
Firewalls and Internet Security: Repelling the Wily Hacker
The Electronic Frontier Foundation
The Tor Project
The Center for Democracy and Technology
Freedom to Tinker blog
Bruce Schneier's blog
Matt Blaze's blog
Matthew Green's A Few Thoughts on Cryptographic Engineering
Krebs on Security
July 2007
Beer and Privacy (3 July 2007)
Belgian Court Rules ISPs Must Stop File-Sharing (5 July 2007)
The Greek Cellphone Tapping Scandal (6 July 2007)
Pen Registers and the Internet (7 July 2007)
Security and Usability: Windows Vista (13 July 2007)
Fidget Toys (13 July 2007)
Checkers: Solved (19 July 2007)
Secondary Uses and Privacy (20 July 2007)
Security Flaw in the iPhone (23 July 2007)
Hacking Forensic Software (26 July 2007)
Insider Attacks (28 July 2007)
Recent Posts
Brief Notes on Computer Word and Byte Sizes (7 March 2023
In Memoriam: Frederick P. Brooks, Jr. --- Personal Recollections (18 November 2022
Attacker Target Selection (5 July 2021
Where Did "Data Shadow" Come From? (26 June 2021
Vaccine Scheduling, APIs, and (Maybe) Vaccination Passports (2 April 2021
Security Priorities (25 February 2021
Covid-19 Vaccinations, Certificates, and Privacy (13 August 2020
Hot Take on the Twitter Hack (15 July 2020
Trust Binding (11 June 2020
Facebook, Abuse, and Metadata (24 May 2020
Archive
2007 (43)
2008 (39)
2009 (21)
2010 (15)
2011 (16)
2012 (14)
2013 (6)
2014 (16)
2015 (14)
2016 (6)
2017 (17)
2018 (16)
2019 (17)
2020 (15)
2021 (4)
2022 (1)
2023 (1)
 
Full Index
Tag Index

Beer and Privacy

3 July 2007

Tennessee has a new law requiring age verification on all purchases of beer. Nominally, this is an attempt to prevent underage drinking. I’ll leave to others to discuss whether or not it’s likely to be effective, or why the law applies only to beer and not to wine or hard liquor. (I was tempted to muse on the effects of generalizing this idea on a famous local product — Jack Daniels Tennessee whisky — but to do that properly I’d have to link to their web site, and that is allegedly difficult. It seems that Jack Daniels’ has a "Linking Agreement". Is that enforceable? I may comment on that another time.)

There is, however, a privacy issue. Note this portion of the cited article:

Richard Rollins, who owns a convenience store in Nashville, is already using a computerized scanner to check everyones drivers licenses when they buy beer. "We just say were trying to keep our beer permit, and this is the safest way," Rollins said.

But it has stopped Jeff Campbell from shopping at Rollins market.

"I dont mind them asking for my ID, but they dont need my drivers license number," said Campbell, 43. "Im just buying a six-pack. All they need to know is how old I am."

Rollins said scanning licenses has proved beneficial in other ways, such as catching criminals.

When one customer tried to make a purchase using a counterfeit bill, Rollins said police were able to track him down because the receipt from the scanner showed his name and license number _ and his address.

That’s right — stores and bars can and do record various personal details from your driver’s license. The purpose of the check is to prove your age; the alleged purpose of the scanner is to detect counterfeit licenses. The trouble is that it does more, and most people don’t realize that.

Privacy has been defined as "the right of an entity (normally a person), acting in its own behalf, to determine the degree to which it will interact with its environment, including the degree to which the entity is willing to share information about itself with others." Many uses of the scanners are intended to collect customer information; see, for example, CardVisor II, IdVisor, and more that I didn’t find in two minutes of searching the net.

The privacy threat isn’t new. However, this new law is likely to increase the usage of such scanners, and with that the threat to privacy will increase.

Tags: privacy
https://www.cs.columbia.edu/~smb/blog/2007-07/2007-07-03.html