Monday, 5 April 2010

Data Collection and Loss of Privacy

Agamedes wonders why nightclubs collect customers' personal data. It seems to be pointless and unnecessary.

When you enter a pub or nightclub, you may be asked to provide personal identification details. It would seem that this is done so that management may keep out the riff-raff, the troublemakers. The data may be held securely -- but it would be better if it were not held at all.

Do you need new -- lateral -- thinking for your own problems?
email nick leth at gmail dot com. Need solutions? No worries. Now.

According to The West Australian, there have been "Privacy fears raised over ID scanners" (1 April 2010). There is concern over "identification scanning methods used in many of Perth's pubs and nightclubs".

What data is collected?

One system scans a patron's ID card, takes a photo, records a fingerprint. Another system stores ID card, photograph, fingerprint, full name and date of birth. All of this data is stored. Most of it is both redundant and a very weak basis for identification.

A typical ID card will include photo and full name. It may also have date of birth, address and various other unique identifying details. A typical ID card is easily faked. If there is no photo, you can borrow a friend's ID card. If there is a photo, borrow from a friend who looks just a bit like you. If you have good contacts, you may be able to get the Israeli secret police to knock up a very good -- but fake -- passport.

If the nightclub believes that your ID card is real -- why do they also need an extra photo? Why do they need a fingerprint? Why do they need anything other than a scanned image of the ID card? If today's scan of your card matches the scan held on file -- then you are who you say you are.

Full name? Date of birth? Why does that need to be stored? "I am Jane Smith, born yesterday... are you saying that I'm a liar?!" The extra information adds nothing to the identification value of an ID card. Except, perhaps, to test your memory.

Then there's the fingerprint.

A fingerprint -- according to every police story for the last umpteen years -- is a unique identifier of every person. A fingerprint is attached to a hand which is attached to a person, so the fingerprint uniquely identifies the person. (Unattached hands are easily spotted.) A fingerprint is never forgotten, never accidentally left at home, never lent to a friend.

If you record and store a fingerprint -- there is no need to store any more personal information.

Store the fingerprint. That's all.

A patron arrives at a nightclub.

"Please put your finger here, so that we can scan your fingerprint," says the polite doorkeeper.

The finger is scanned. The fingerprint is recorded and, if that's the way the system works, encoded. The fingerprint is compared to all fingerprints recorded previously.

"I see that your fingerprint has never visited here before," says the polite doorkeeper. "Welcome to our establishment. Have a free drink voucher. Please enjoy yourself."

Or... "I see that your fingerprint has been banned from this establishment. Since you are inextricably attached to your fingerprint, both you and it are not allowed in. Have a nice day, and goodbye."

Or... "Welcome back to our fine establishment! Have a good evening!"

See how it works? All you need on record is the fingerprint. No need to record redundant, possibly fake, information such as ID card image, name, address... Just the fingerprint, with a note to say whether or not the owner of that fingerprint is welcome inside.

Underage? Banned?

Okay, there are other uses for an ID card.

There is a lower age limit for entry to licensed premises. The ID card "proves" that the card owner is old enough to enter. Once the age has been proven -- there is no further need for the card.

"I see that your fingerprint has never visited here before," says the polite doorkeeper. "May I see your proof of age? Thank you... I shall now record 'age is okay' against the fingerprint record. Welcome to our establishment. Have a free drink voucher. Please enjoy yourself."

And then, next time you visit, "Welcome back to our fine establishment! Have a good evening!"

Simple, isn't it!

Similarly, if the police ban a certain person from entering licensed premises, they send a copy of the fingerprint to all licensed premises. No need for the embarrassment of saying, This particular person is banned. If they want to keep quiet about it, they simply avoid licensed premises. No-one is the wiser.

There may be a dispute at the door. You're banned! No I'm not! ... Then ask for an ID card, phone the police, ask if that named person is really banned. Record the correct status (banned or not banned) against the fingerprint. End of story.

Simple, isn't it.

There is no need for privacy fears

There is no need to record personal identification information other than a fingerprint. The fingerprint is a unique, personal identifier -- with the additional benefit that it is, in fact, anonymous. Nightclub records contain an encoded fingerprint, a flag to indicate underage or not, a flag to indicate banned or not. No more, no less.

Steal a fingerprint record and you get -- almost nothing. This fingerprint is banned... Whose fingerprint is it? Don't know... can't tell.

No embarrassment. No loss of privacy. No fear of theft of personal details. No worries.

Independent thinking & independent analysis of your problems by
Agamedes Consulting. Support for your thought:
email nick leth at gmail dot com

No comments: