Schneier on Security
A blog covering security and security technology.
« A 24/7 Wireless Tracking Network |
| Microsoft Calls for National Privacy Law »
November 7, 2005
Instantaneous Data Grabbing
I think this is a harbinger of the future:
A high roller walks into the casino, ever so mindful of the constant surveillance cameras. Wanting to avoid sales pitches and other unwanted attention, he pays cash at each table and anonymously moves around frequently to discourage people who are trying to track his movements.
After a few hours of losses, he goes to the cashier and asks for a cash advance off of his credit card. The card tells the casino his name, but not much else. As is required by card issuers, the cashier asks for some other identification, such as a driver's license. That license offers the casino a ton of CRM identification goodies, but the cashier is only supposed to glance at the picture and the name to verify identity and hand the license--and its info treasure trove--back to the gambler.
Not any more, at least if a Minneapolis company called Cash Systems Inc. has anything to say about it. The firm was recently awarded a U.S. patent for a device that can grab all of the data of almost any U.S. driver's license in seconds and instantly dump it into a casino's CRM system.
On the one hand, the technology isn't very interesting; it's probably just a camera and some OCR software optimized for driver's licenses. But what is interesting is that the technology is available as a mass-market product.
Where else do you routinely show your ID? Who else might want all that information for marketing purposes?
Posted on November 7, 2005 at 7:45 AM
• 35 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The idea is not to give your driver's license to anyone, except an authorized law enforcement officer. If they want to see your license, show it but don't let it out of your hand.
I expect you wouldn't even have to surrender the card. The camera with OCR technology would pick up the CRM data. Casinos have the science of camera surveillance down pat. Even security camera technology at your neighbourhood store is getting good enough to use OCR.
What, you mean the casinos don't instantly ID everyone entering with face-recognition software? No, no; they wouldn't show it on Alias if it weren't true.
Although you may be right, kashmarek, you'll get about as far in life refusing to show your driver's license to anyone but police (and then only when operating a vehicle) as you would refusing to reveal your Social Security number to anyone but the Social Security Administration.
In Spain, you must show an ID document when you check in at a hotel, whose clerk will take your data and send them over to the police (and yes, we're a democracy, at least last time I checked it). The problem is, some hotel clerks are too lazy to do it on the spot, so they take your ID and photocopy it! A lot of bad things can be done with even a photocopied ID (cancel my power and water contract, for instance).
The problem is about just how you must show your ID. This is a bad example of your the obligation to show identification can be misused. On the other hand, when I use my credit card at the grocery store, all they want is make sure that I'm not using somebody else's Visa so they take a quick look at my ID card and that's the end of the story.
My suggestion: show it without letting it go from your hand (or the table). Simple concept, but a bit hard to follow if you arrive at the hotel at 2:00 am after a whole day traveling and you are too sleepy to remember what city you're in.
I've seen some bars using magstripe scanners to "verify age" but my suspicions are they're collecting marketing data as well. At least on my PA license, the magstripe contains my full name and address.
I've also seen cigarette distributors out in bars scanning licenses and handing out free smokes. This case is clearly just for gathering marketing data. While Bruce's post deals with presumably optical scanning technologies, magstripe readers are far cheaper, and more likely to be exploited for marketing purposes in this manner.
While I cannot tell if the magstripe scans of your PA licence were to read only the birth date but the practice of snarfing up all the digital data has been reported elsewhere. Several years ago, the New York Times did an interesting article about such full data snarfing by some bars & nightclubs. Mainly for marketing. (E.g.; mail out postcards for Ladies Night specials, etc. to patrons matching the right profiles.)
The NYT article noted one side effect of the practice: as some police departments became aware of the data collection, they'd occasionally call to see if a particular name or a Social Security Number had shown up in a scan.
Now, bars do have an "agenda" to would encourage them to cooperate with such requests even though they could refuse. Relations with the local police can significantly affect a bar in various ways. Sometimes, the bar needs the police to deal with security and unruly customers. Sometimes, the bar itself (via its patrons' behaviour) may the be the object of complaints investigated by the police.
One could try using a passport of the current non-RFID vintage as a proof-of-age document. It reveals less than a DL. The downside is that many US businesses aren't used to a US national using a passport instead of a DL or state-issued ID card. Maybe it's time to get them acquainted with the passports. (wink)
I never give my social security number to any business when making purchases. Many used to ask for it and write it on checks, but not anymore. They often ask to see my drivers license and I show it to them, but do not hand it over. The OCR data is on the back and can't be accessed while I still hold the card. The real danger is coming up when the National ID card (state certified drivers license compliant with Federal regulations) is required, since that will have RFID encoded data, which can be read without handing over the card.
It's patent 6,951,302. It seems that the system would just read the AAMVA barcode on the driver's license.
North Carolina licenses have huge PDF417 barcodes that even include your photo.
I recently sold a few of my cd's back at my local music store and to my surprise, they asked for my license (I don't know why!) and tried getting information such as my birthdate, address and a few other things. All I was doing is selling 6 cd's back.
I realize now that I will never have to "let the license" out of my hand.
Hmm..maybe a new "wallet system" that shows only the picture, name and state logo on a license will be useful.
Well that's comforting; the 2D barcode was the first thing to wear off from my license. Security through wear-and-tear, anyone?
"The firm was recently awarded a U.S. patent for a device that can grab all of the data of almost any U.S. driver's license in seconds and instantly dump it into a casino's CRM system"
Like Stripe Snoop?
"Stripe Snoop is a suite of research tools that captures, modifies, validates, generates, analyzes, and shares data from magstripe cards. The data is captured through different hardware interfaces (or stdin), the contents decoded into the correct character set, and then a CDDB-like database attempts to figure out what the contents mean.
Originally a proof of concept for an interfacing project, and then a spin off from a research project, Stripe Snoop has matured in the definitive software for accessing and understanding magstripes.
Strip[sic] Snoop is released under the GNU General Public License"
I thought this was an extremely tenuous shift in the article:
"After a few hours of losses, he goes to the cashier and asks for a cash advance off of his credit card."
If you were actually mindful of surveillance and unwanted attention (or even identity theft, for that matter), you would not be likely to get a cash advance on your credit card in a casino with or without this new card reader.
But to answer your question, I never let my ID leave its protective sleeve (except for law enforcement) and I don't let the sleeve out of my hand. It came in an ID case/wallet I found in Spain that makes it hard for anyone but the person looking directly at the card to see details. It also cuts off some of the edges of the card from view, so an "instant" grab would be lacking some key details. To be honest, I bought it because I thought it well-made and convenient to carry but I expected people to demand I remove the card. So far no-one has complained, not even the TSA.
In terms of who wants marketing information...any entity that is big enough to need repositories of "data" (as opposed to a true bi-directional relationship) is going to be after your information. See my comments yesterday on wifi tracking. The bigger question is who has a "right" to information about you and how do you imply/express consent or provide classification (private, confidential, public).
As a non-US citizen it can be very interesting trying to use something other than a drivers licence as proof of ID. I used to use my passport before I got a drivers licence and it always confused the heck out of people. They just didn't know which number to write down and even worse, their automated system was only set up for drivers licences...
Now I tend to use my green card. It's government issued, has lots of data on it, including a photo and a signature (although the signature is reduced in size)... But it's not in a standard drivers licence format, and most of the "machine readable" bits are not barcodes...
That's why I've enjoyed the "student" status for as long as I have. You get a photo ID that holds only the school name, your photo, and name. Granted not all places like it as a substitute but if you claim not to have your license on you [which I honestly don't usually have on me due to public transportation] most businesses will be happy with this photo ID.
The marketing research side of it is mostly voided because there is no info to gleam from the card other than my face and my name. The way it SHOULD be.
you are exactly right- I received a birthday card last year from a bar I had visited in Scottsdale and it turns out they had snagged my age & address info when they scanned the magstripe on my driver's license to verify my age.
The real question is not what data they do gather with the system but what data can be gathered with a similar system.
Just imagine if you would that it also contains an RFID scanner as well that reads all those little tags that are starting to appear in your cloathing...
Once a couple of those little tags have been linked to your personal details (in whatever way) you are then dead in the water with regard to personal privacy, in shopping and other similar areas.
There are already experimental systems that pretend to be GSM style base stations (due to licence changes), that are being developed for very localised use. If these also contain a geographic element and data network (which some of them do) you really will be living in a gold fish bowl.
The issue is not if it can be done just when, engineers often think doing this sort of thing is "neat", the marketing people see it as a major pluss sales point and bingo you have a new product that has security implications you have not thought of in your current nightmares.
"Where else do you routinely show your ID? Who else might want all that information for marketing purposes?"
As I mentioned on here once before, my wife was required to show ID to return an item (the Gap). That is listed in the store return policy, but in the fine print. She had the receipt, and had paid for the item with cash. She doesn't have a DL, and her passport was at home, so I let them scan mine.
As for showing it to police only when operating a motor vehicle, I've gotten mixed responses on that. As a bicyclist, do I have to show my DL to a police officer? They (police I've asked) claim I do if I commit a 'moving violation' whether in a car or not. It hasn't happened yet (I don't violate many rules when riding), but I wonder what my odds are if I refuse.
> They claim I do if I commit a 'moving violation'
In CA, this includes jaywalking and quite a few bicycle violations:
Anything that counts as an infraction can net you points on your license (page 272 of the following):
Presumably, if you're committing a moving violation (car or otherwise) and you don't have your license on you, the officer can harass you more or less as much as they like. I'd imagine most police officers would ask you for some form of identification, such as your DL number and your address, and then they'd ask the magic computer in their car if the info you gave matched what was in the DMV records. If so, they'd probably write you out a ticket in absence of your license.
"Supreme Court Upholds Constitutionality of Arrest for Refusal to Identify. In a 5-4 vote, the Supreme Court has narrowly upheld a Nevada law allowing law enforcement to arrest an individual when he refuses to identify himself, and reasonable suspicion--though not probable cause--exists that he has committed a crime. (June 21, 2004)"
So yes, there are circumstances where you must identify yourself. "Reasonable suspicion, but not probable cause of a crime" is pretty vague. Simply refusing to identify oneself when asked by a uniformed LEO may be reasonably suspicious behavior.
My home state also puts a big 2-d code panel on the back of the DL. If you use a 3/8 binder clip as a "money clip" to hold your credit cards, cash and ID, the code panel gets abraded and degraded when you pull out and replace the CC... Not the intent, but one of the effects.
@ Arturo Quirantes
If the only reason for checking photo ID when using a credit card is to make sure that you're the legitimate card holder, then the card companies could help by printing your photo on the credit card. In New Zealand the National Bank used to do this some years ago, I'm not sure if they still do. As a credit card holder it gave me some reassurance that there were two forms of authentication on the card (the photo and the signature) and my appearance wouldn't be particularly easy to forge.
I work in a hotel in Spain, and as Arturo Quirantes says we have to ask for ID to all the persons that enter in the hotel, national ID or driving license for spanish people, national id or passport for europeans and passport for the rest of the world We can't accept driving licenses, they're not valid for us now.
We have been offered a program that with a simple scanner you put the document and it will take the data you need for your database and send it to the police, we have to send it everyday with all the customers that checked-in that day.Now we make it by hand, and the program was expensive for my boss, we are a small hotel.
On the other hand our database with all that data isn't protected at all, i'm writing this from the same computer we keep everything, no firewall, nothing, and it's almost the same in all the hotels i know, at least we don't keep credit card information.
All the local pharmacies require one to present "government-issued ID" in order to fill schedule II prescriptions. I don't know if it's Massachusetts law, a federal thing, or if all the pharmacies accessible to public transit changed their policies of their own accord around the same time. You can use a driving license, or those non-driver ID cards states issue to blind people and others who can't drive. I've seen some pharmacies accept a passport or an international driving license. I don't think any of them accept university ID or library cards or insurance cards. I've sometimes seen them turn people away.)
Just letting them see the front of the license isn't good enough. I have the kind of wallet where my license goes behind a clear plastic panel, so I can show it without taking it out. It's a pain to take it out, partly because my hands aren't that good at the requisite pinch/pull motion anymore. I've never seen a pharmacist who was willing to look at my license through the plastic panel. They always insist I take it out and hand it to them so both sides could be examined at leisure, and the pharmacist could keep the license for a few minutes and write down all the information. One wanted to keep it while they filled the prescription. If I were choosing a pharmacy based on their behavior around this, I'd probably go to one where the pharmacist was willing to help pull the license out of my wallet.
With the number of people abusing prescriptions in this country, I think your pharmacist is just trying to verify that your ID isn't fake -- it's easy to print out something on paper and put it under a plastic window in your wallet if forging prescriptions.
worried about the magstripe on your dl? if you subject it to a powerful alternating magnetic field, it will still be valid but the magstripe won't work no more. annoyed when people who aren't entitled ask you for your ss#? do like i do and switch some of the digits. those things are so hard to remember accurately at my age anyway. the supreme court decision requiring a person to identify himself requires only that he state his name, not that he provide independent identification. another supreme court case, kolender v. lawson, struck down a california law requiring people to provide reliable id as vague.
@another_bruce beat me to the punch :)
A very easy way to disable the magstripe is to go get yourself a handful of rare-earth magnets from your local hobby store (or Radio Shack: cat# 64-1895) and sandwich your Drivers License between a pair along the mag strip (about two or three pair spaced evenly along the strip are enough to kill all of the data). Leave the magnets on there for a day or so and that will do it.
When I get a new DL, I usually wipe it over a weekend when I know I won't be driving.
@Sudden Lee Paranoid
Thanks for the tip about the binder clip. I was wondering how to smoke that guy without seeming too obvious (e.g., blackout with a sharpie or scrape with a razorblade)
A wallet or mask to hide most of the info sounds like a good idea, but what do you show?
- State of issue
- Address (when writing checks?)
- DOB (when carded at a bar/liquor store?)
- Expiration date (?)
- DL # (?)
I agree that the height, eyecolor, weight, requires glasses, etc. info is not necessary for a clerk to know.
@ Your Mom
My reduced license window only shows a part of my picture, my name, license number, expiry date, gender, hair, weight, and height.
Most of the state info is obscured, as is my DOB. You can't see my eye color at all. I consider the hair/weight/height info somewhat meaningless.
I don't know about your state, but mine does not require a current address on the front of the card (you can carry a separate card, so I do).
By using a thin translucent film (it came with the wallet) people can see the card up close, but it's almost impossible to read from more than five or six inches away.
The Privacy Rights Clearinghouse has lists of various privacy-related incidents. In one case, an individual was asked to show their driver's license when paying with a check. This was in a furniture store. The counter had a pre-marked spot where the clerk placed the license. A camera was mounted on the ceiling above. Apparently, it is illegal in California to photograph or copy a driving license if the image can be mistaken for a real license. See http://www.privacyrights.org/cases/case9697.htm and http://www.dmv.ca.gov/pubs/vctop/d06/vc14610.htm
"I've seen some bars using magstripe scanners to "verify age" but my suspicions are they're collecting marketing data as well. At least on my PA license, the magstripe contains my full name and address."
I've seen that, too. This technology is camera-based, which makes it harder to protect against. With the camera facing the right way, even flashing your license so that the clerk can see it might be enough. (And if it isn't yet, just give it a generation or two.)
This is anecdotal to this thread, but I found it amusing nonetheless. I recently moved, let my old license expire, and am waiting on getting the required two utility bills delivered to my new address to prove residence and get a driver's license issued in my new state.
I went to a branch of my bank to have them start sending my statements to the new address. The officeworker asked for ID, and I presented my recently expired license. She began her data entry, noticed the expired date, and told me I'd need a different ID. I explained to her that the date on that card meant that my right to drive had expired, not my face or my name; I tend to like to keep those for as long as possible. She didn't seem to understand this. More infuriating, she accepted my work ID, which shows no expiration date at all.
Good remarks about validity of expired driving licenses. Now imagine the same situation with an ID card or a passport. You go someplace, say to your bank, and the clerk says that your ID is not valid because it's expired. What does it mean? That you are not you anymore? Your identity has vanished, likt in the MIB movie? "Sorry sir, but according to this ID you don't exist anymore." Of course, in that case you can always try to steal the money; after all, you don't exist so you cannot not there...
I use my military ID.
Not only does it work, they usually don't know where to check things, but are unwilling to refuse it.
It has a chip in it, but unless they have the military card-reader, all they get it what's on the front, my name, rank, branch and the end of my contract.
A friend of mine was selling this sort of techology to bars maybe 8 years ago in Austin. I think it handled both the mag stripe and the OCR. This apparently covered all the state drivers' licenses in the country. It was, of course, hooked to a computer. He was selling it as dual use - ostensibly as age verification, but also as a marketing tool. Needless to say, the bars buying it were buying it for the later reason.
As a note to the guy who intentionally demagnetizes the stipe - arguably that could be considered defacing your license, which is a crime in many states. Of course, there would be an intent problem proving that you intended to do such, but....
Does it bother anyone on this blog that this
obsession for enslavement through technology
and data collection is completely un Constitutional
and in violation of The Bill of Rights and The
Constitution both stated and implied ?
I and my identity do not belong to this or any government. This is happening globablly in an
attempt to "harmonize " laws through trade agreements and the NWO.
If everyone stopped driving, cut up their licenses
and sent them back to the DMV, took $ out of the bank and cut up their credit cards and did a reverse economic embargo -
These fas**s*s might rethink their poliicies.
We have been using economic embargo to bring countries to their knees for centuries.
We have laws that protect us from this kind of
extreme intrusion into our lives. Why aren't we
using them. They were written to protect us from exactly these kind of violations ?
I choose to be more than a stream of data
for corporate thugs .
Also, check out a new movie called:
America : From Freedomto Fascism by Aaron
Russo. There is a website of the same name.
You can preview the movie. It is being shown
around the country in preview to standing room
only crowds !
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.