Tactical Information Systems
Biometric Identification Software
SERVER.png

Tactical Information Systems Blog

Identity & Technology

Mindless ID Scanning

mclovin.jpg

A recent article on BoingBoing talks about a new policy for some grocery stores in PA where people buying alcohol have to have their ID scanned. The store uses a scanner that records all the information from the ID into a database. It is important to note that this is a store policy, and not a government policy. The store says that it is doing this for liability reasons, which may or may not be the whole truth; as the author points out, this is valuable marketing data.

I have always been opposed to the store loyalty programs for two reasons 1) they take up time at the checkout and 2) I don’t like the thought of my purchases being tracked. However, I do realize I am pretty inconsistent about this. I buy a lot of things on Amazon, and they have a database of my purchases going back four years. (this was actually really handy for a recent insurance claim) So I suspect in my own life it is more a question of convenience than real privacy concerns. That’s probably true for the majority of the population. Privacy advocates are not as numerous as their voice suggests.

I do believe that once someone else has your data, you can’t even really trust that it will be protected. If you truly want to protect your purchasing data, you need to pay cash. Of course, in the case of the PA liquor store, paying cash won’t protect your privacy because they are scanning your ID. However, there is an important element here — the store is a private store. The store won’t let you “opt-out” of the ID scanning process. But you can choose not to shop at the store, and let them know you won’t be shopping there. That makes it OK in my book. I’m a strong believer in privacy, but I am also a strong believer in giving companies the freedom to run their businesses the way they want.

There are many possible outcomes from this. Maybe the data the store gathers will help them in a lawsuit. Maybe the marketing data will let them better tune their products to the customer needs. Maybe they will offer great deals to loyal customers. Or maybe people will stay away in droves. All those things are possible, and it is up to the store to make decisions and ultimately drive the outcome.

The schools in my region use a similar ID scanner to check for child predators. They scan the ID, then look up the name against a registry of sex offenders. If the person is clear, then the system prints out a badge for them with their picture. If not, presumably they get an escort. This system has problems — it just uses first name, last name, and birthday, which are not really distinct enough. But it is probably a step in the right direction compared to the old methods which let pretty much anyone wander into a school.

One of the things about this article that bothers me is that it makes the knee-jerk reaction that anything that records data is dangerous, Orwellian, and makes the user subject to identity theft. Just those things is not enough to steal someone’s identity; that information is easily found from other sources.

We need to look at each technology-problem pair as a unique thing. Not all database technology is evil. Not all merchant transactions need strong identity. Not everyone has the same privacy concerns.