Australian Pub Owners Using Biometrics
I saw a recent article on Slashdot that discussed Australia’s use of “networked” biometrics in the pubs. The basic idea is that the pubs use biometrics to identify patrons, and if they are thrown out of the pub for violent behavior, they can be easily prevented from coming back for some time period. Furthermore, pubs can share the biometric data, allowing the violent patrons to be banned from a network of pubs. In the original linked article, the results are extraordinary — almost a complete elimination of violent incidences in the pubs that participate.
The Slashdot article shows some pretty predictable reactions to this kind of system. Most people feel it is a blatant violation of privacy rights, and vow to never go to a pub that uses such a system. However, according to the article, most of the pub patrons do not have any problem signing up for the service, and you can be assured that if such a system was really harming sales, the pub owners would drop it in a heartbeat. This kind of system hits an interesting intersection of privacy, business owner’s rights, and identity.
I am a strong advocate of privacy. However, I am also a strong advocate for allowing businesses to operate as they see fit, which puts me on both sides of this debate. First, let’s look at the privacy issues. Does giving your biometrics to a pub owner sacrifice your privacy? Absolutely! You cannot go to a pub anonymously; they know who you are, how often you go, when you go, maybe even what you buy. However, what most of the people who object to this system don’t realize is that you already lose a significant aspect of anonymity when you go to a pub. One of the Slashdot posters responds this way:
And, as someone who’s spent six years in the bar/restaurant business, this is just making electronic a system that has traditionally been word-of-mouth. People who work in the bar/restaurant industry hang out with other people in the business, and they swap war stories. By day two of working at a bar you know the problem people: angry drunks, people who’ve been kicked out of some other place, people who skipped out on a tab from the bar down the street, etc.
The only way to be truly anonymous is to not go to any particular pub with any frequency, so they don’t get to know you. In effect, the biometric aspect of this system allows something that is already going on to work more efficiently.
The second issue is business owner’s rights. I’m not sure about Australia, but in the U.S. it is generally accepted that business owners can refuse service to anyone they like, as long as they are not violating the law (like refusing service because of race). This is basically just a recognition of property rights. If I own the business, I should be able to control how it is run. I will have to suffer the consequences, of course, if I offend my customers, but it is not the job of the government to tell me how to run my business. Many of the Slashdotters say they would never patronize a pub that required biometrics, and that is perfectly fine. If enough people do that, they will stop requiring biometrics. Or maybe a pub will open up specifically to cater to people who don’t want to provide biometrics. That is exactly how the system should work, with no interference from outside government entities. Secondly, I would assume that most of the patrons don’t particularly want to deal with violent drunks, so they get a benefit from the system, as well as the bar owners. Can the system be abused? Sure — there is no real system for appeal, and a pub owner can easily use the system to prevent entry of someone they just don’t like. But of course, all that can happen now, without the biometrics.
Finally, there is the issue of identity. As many of the Slashdotters comment, such a database is not secure. No one knows what the pub owners will do with the biometric data. It might be hacked, or they could sell it, or they could do any number of nefarious things with it. All that is true. However, this view has always confused me. People are worried about identity theft, but identity theft is not prevented by keeping your biometrics secure. In fact, you “broadcast” your face all the time, and you leave fingerprints everywhere you go. If I can steal your identity because I have those tokens, then the cat is already out of the bag. The fact that they are in a database that can be stolen is irrelevant. The problem of identity theft needs to be attacked at the point of verification. Current biometric sensors are very good, and the fact that you have my fingerprint (or template) will not let you masquerade as me. So, I don’t really see the issue here. Your biometrics are you; trying to keep them secure and secret just doesn’t make sense.
So the real question is whether I would go to a pub that required me to register biometrics? Personally, I would not, mainly because I have very strong feelings about privacy. I would tell the owner that I didn’t want to be tracked, and then I would just go somewhere else. However, this is partially because I don’t go to pubs much. If I patronized them a lot, then I might be willing to give up my biometrics, just to be able to go to a place where there isn’t violence. It is all a trade-off, and each individual has to make that decision for themselves.