Who’s Got Your ID Information? The Bar, For One.
When you go to a bar or club where alcohol is served, you’ve seen the door attendant scanning your driver’s license with a bar code reader, but have you considered that you might be giving up more than just your legal age?
Discussion of the issue of bar code scanning and ID theft has, for now, been largely relegated to the technology world, with the general issue of privacy rights often taken up by civil rights advocates.
But in anticipation of a landmark moment in the United States on May 11, 2008, now is the time to learn about the dangers of encoded personal information on your state driver’s license and who might have access to that information.
The Real ID Act for 2005 and How It May Affect You
Beginning on May 11, 2008, the standards for implementation of the Real ID Act of 2005 will be enforced.
The act provides for national standards for state-issued ID cards, primarily the necessity of proving legal citizenship with social security number and birth certificate in order to be issued an ID card in your state.
The new ID cards will also feature more stringent security features, such as tamperproof backgrounds and bar codes.
It’s the issue of bar codes that contain all of the required information to receive the ID card, as well as the complementary national searchable database of citizenship information, that has many people (and government entities too) up in arms.
As of now, 17 states have passed resolutions opposing the use of these cards, both for the high costs they entail as well as the privacy violations that they foresee.
Who Can See Your License ID Bar Code Information?
The main question is, if a quick bar code scan can make it easier to verify legal citizenship and identity for government agencies, won’t it be as quick and easy for non-government agencies, such as for example retailers and restaurants, to access this information?
Further, if a single searchable database makes it easier for government officials to access personal information, won’t it be easier for a hacker to gather more information, easier?
Instead of protecting identities, couldn’t it be exposing identities?
One motivated consumer, citizen and technology writer named Jem Matzan, decided to pursue the issue of bar code security.
He noticed at a restaurant where he ordered an alcoholic drink, the waitress scanned his ID through a machine.
After an altercation with restaurant management after learning that the ID-scanning machine saves his personal information, Matzan contacted a computer security expert and the ACLU in order to further explore the issue.
To summarize, according to the security expert he questions, the ID scanner that the restaurant uses, made by the company IntelliCheck, stores data, which the restaurant then sells to a marketing company called ChoicePoint.
When Matzan put this issue to the ACLU, he received a concerned response suggesting that yes, using information for a secondary purpose without receiving approval by the person involved is indeed a privacy violation.
Of course, next time you go to a bar or restaurant where such a scanner is used, you’ll have to weigh the consequences of having your information scanned. But sadly, most of America doesn’t know at all that this misuse of personal information scanned from IDs at bars is even a possibility.
But it possibly gets worse. Jem Matzan’s original dispute was before the upcoming implementation of the standards that will take place in May 2008.
Thus, the information Matzan was seeking to protect was limited to the information contained on his driver’s license: as he says in his article,
“So now somebody somewhere has a record of my buying alcohol — or more specifically, being carded for attempting or intending to buy it — along with my name, address, height, eye and hair color, driver’s license number, date of birth, the status of my eyesight, the classes of vehicles I am authorized to drive, and possibly also my photo and a copy of my signature.”
Yes, that’s a lot of information, and some that we might consider too personal for unknown marketing companies to possess (would Rogaine be interested in learning who marked “bald” on their state ID? Or, more likely, some miracle bald cure formula manufacturer that can’t afford NBA star Karl Malone for their TV commercials?).
And that’s not even taking into account the chances for identity theft when an ever increasing pool of companies and individuals can get their hands on your driver’s license information.
The more places it exists, the greater chance that someone will abuse or misuse their privilege to access it.
Yet, in the future, when social security numbers, birth certificate information, and other personal information is available on ID cards and driver’s licenses, when the Real ID begins to take effect in May, the result of potential misuse will be even more disastrous.
Granted, no retailer will likely be able to access that sensitive information on the ID card; it will likely be encrypted in such a way that only federal government employees can access it.
However, history has taught us that if it can be scanned and stored, someone who’s not supposed to will find a way to scan it and store it themselves.