Fighting Misuse of the Patriot Act

I like this idea:

I had to sign a tedious business contract the other day. They wanted my corporation number—fair enough—plus my Social Security number—well, if you insist—and also my driver’s license number—hang on, what’s the deal with that?

Well, we e-mailed over a query and they e-mailed back that it was a requirement of the Patriot Act. So we asked where exactly in the Patriot Act could this particular requirement be found and, after a bit of a delay, we got an answer.

And on discovering that there was no mention of driver’s licenses in that particular subsection, I wrote back that we have a policy of reporting all erroneous invocations of the Patriot Act to the Department of Homeland Security on the grounds that such invocations weaken the rationale for the act, and thereby undermine public support for genuine anti-terrorism measures and thus constitute a threat to America’s national security.

And about 10 minutes after that the guy sent back an e-mail saying he didn’t need the driver’s license number after all.

Tags: , , , ,

Posted on March 8, 2006 at 7:17 AM36 Comments

Comments

Clive Robinson March 8, 2006 7:47 AM

I bet you the guy neither knows nor cares what’s in the Patriot Act, he’s just using a document that somebody else cut-n-paste something into.

He’s had a few enquires, given a knee jerk response, and you called his bluff.

My advise definatly follow through and report the organisation, and also send a copy to your local representitive.

As parents know “pester power” works, it’s time politicians started to feel the same way 😉

ex_temp_worker March 8, 2006 7:56 AM

I did a temp job at a bank, and they used to require driver’s license numbers on just the same rationale. When I pressed my boss about it, she told me out and out to lie to the local bank representatives, telling them that we couldn’t grant a loan without the driver’s license numbers. In many cases, the customers had to go back to the bank just to get their license photocopied.

JakeS March 8, 2006 8:35 AM

Surely what’s happening is that these guys want driver’s license number for practical reasons, but use the Patriot Act as an easier reason than the real one.  Most likely, they just want to know that you have a driver’s license, the number is irrelevant.

In the case of the contract, maybe it was just a way of ensuring that the signatory is who he says he is (identity verification).  In the case of the bank loan, maybe banks feel differently about lending to someone who doesn’t have a drivers license (unreasonable, perhaps, but banks are like that).  If the Patriot Act wasn’t there as a convenient smokescreen, they’d think of another one.

Rich March 8, 2006 9:15 AM

See how much better it will be with RealID? Then you’ll only have to give them ONE number!

Saqib Ali March 8, 2006 9:31 AM

Mark Steyn does not mention what kind of a Business Contract it was. But that does not matter. My question is:

What can Patriot Act do to prevent itself from being mis-used? If somebody abuses it, the Act is not at fault by itself.

It is like saying Money should be held accountable for Money Laundering.

lizard March 8, 2006 9:39 AM

“Most likely, they just want to know that you have a driver’s license, the number is irrelevant.”

Another retort in this situation could be “Sorry, I didn’t know it was required that I drive a vehicle to do business with you. For all you know, I am disabled and require others to help with my transportation.”

I’m sure whomever oversees ADA compliance would like to hear about these requirements.

Emery Jeffreys March 8, 2006 9:54 AM

When in doubt over an ID, hand over your passport. Anyone requiring ID for anything is required by federal law to consider a U.S. passport a more valid form of identification than anything — other than a U.S. military ID. A passport is ID, a driver’s license is a license even though it can be used as an ID.

Another good way to circumvent the problem is to ask for chapter and verse when some one cites a regulation requiring a form or something. If you are dealing with a non federal government agency in Florida and they cite some sort of regulation, you can ask to see a copy under the Florida Open Records law, and they are required by law to comply. Of course that doesn’t cover banks, but many government organization often ask for different ID.

Under certain federal privacy laws, if you are required to hand over financial data along with that ID. you can ask that they not share it with an outside organization. They are required to comply, but I don’t know if there is a stipulation about it in the Homeland Security Act.

In these days of tight security, it is important to know how the law impacts us so we can govern ourselves accordingly.

Andy Dingley March 8, 2006 9:59 AM

Why would they want your SSN, let alone your driver’s licence?

(Here in the UK at least), I sign “corporate” agreements as the agent of a mystic corporation that exists independently of me. When I’m doing this, I no longer exist as a person (in this sense). I can be asked for my SSN (NI number) if it’s personal, or I can be asked for the Ltd. Co. number if I’m acting on behalf of the company, but never both together.

kashmarek March 8, 2006 10:01 AM

Well, if someone wants your driver’s license information in order to accept you as the signer of a contract, ask them for the same information. To be balanced, all parties to the contract should provide same information. Did I say balanced? That’s the rub.

Sounds like phishing to me.

Michael Ash March 8, 2006 10:12 AM

“What can Patriot Act do to prevent itself from being mis-used? If somebody abuses it, the Act is not at fault by itself.”

Easy: the Patriot Act could be a clear, understandable, direct law with obvious goals and actions taken to accomplish those goals. By effectively saying “all your base are belong to us”, trampling all over people’s rights without being clear on exactly what powers are and are not being given to the government, it makes it easy for people to think that it does far more than it really does.

Frederick Heckel March 8, 2006 10:20 AM

“Anyone requiring ID for anything is required by federal law to consider a U.S. passport a more valid form of identification than anything — other than a U.S. military ID.”

I’ve been surprised by the number of places that don’t actually accept military IDs. I was a dependent, and it’s been some time since my ID expired, but I got many funny looks and requests for drivers licenses when trying to use military IDs (I was once questioned by an employee at an airline counter because of my long hair + military ID; I should have retorted by asking her to read out the “retired deceased” indicating the status of my father). It’s apparent that many people who are required to check IDs for whatever reason are in no way trained in what to look for, making it a totally useless gesture.

And that’s somewhat disturbing.

Probitas March 8, 2006 10:35 AM

“In the case of the contract, maybe it was just a way of ensuring that the signatory is who he says he is (identity verification). ”

This was a number of e-mails being passed back and forth in their exchange, indicating that this was not a face to face exchange. At that point, how does a DL number verify the person’s identity? If you cannot confirm the info wirtten on the paper as matching the info on the DL, it is worthless as identification. I am inclined to agree with those who say that this is phishing.

RvnPhnx March 8, 2006 10:43 AM

@Frederick Heckel
The University where I did my undergrad will no longer allow access to their buildings and facilities on the basis of a military ID (you need to be able to provide a student/staff ID and a non-military photo ID now, they claim that combination is easier to verify) as somebody got into one of the dorms using one and was later found to be involved in some inapropriate activities (which I will leave unspecified–as I do not have all of the details).

As for the main area of discussion here:
This sounds like collecting data for the sake of collecting data–always a bad idea.

Bob March 8, 2006 10:54 AM

About a month ago I was saying in a Best Western motel while my car was being repaired. The shop was about a half mile down the road and wasn’t going to be ready till 4pm.

At checkout time we brought our bags down to the lobby, explained our situation, and asked to store them somewhere till our car was ready and we could pick them up.

The guy behind the the desk said that they were not to do this due to provisions of the patriot act. My girlfriend went ballistic. I just asked for the phone number of the manager of the motel, owner of the hotel, and the Best Western corporate customer complaint division. The guy immediatly “bent the law” and let us put our bags in the office for a few hours.

Mike Sherwood March 8, 2006 11:01 AM

I expect that there are two motives behind collecting extra identifiers like DL#. The quasi legitimate one is that it allows your data to be matched to data that is only keyed on the DL#. This can help the bank build a more complete risk model for you.

The other is to sell your data with all of these valuable keys. Once they’ve collected the data, they own it. As much as most banks will claim they don’t do this, my wife gets a lot of mail to a specific misspelling of her name that occurred on a credit card.

Andrew March 8, 2006 12:33 PM

“When in doubt over an ID, hand over your passport. Anyone requiring ID for anything is required by federal law to consider a U.S. passport a more valid form of identification than anything — other than a U.S. military ID. A passport is ID, a driver’s license is a license even though it can be used as an ID.”

Does anyone know which federal law requires this? It would be a nice thing to print out a copy and keep it with the passport, as eventually you’ll run into someone checking ID who is not familiar with this particular law.

RSaunders March 8, 2006 12:58 PM

I’ve used this strategy for years when folks ask for SSNs. I’ve even made copies of the statute on SSNs for them. I’m mostly saying I don’t trust them or the legitimate businesses that need SSNs (like banks) to do enough to prevent the use of SSNs for identity theft. Five years ago, I was a nut, when I asked to speak to a manager about it they had no idea where I was coming from. In the past year, I’ve hardly come across a customer service person without a canned response. It’s having some effect, if only to teach folks one more thing in customer service class. Since we have a fake DL problem in Virginia, I ask folks who want my number to give me theirs. You’d be surprised who will give you their DL#.

another_bruce March 8, 2006 1:18 PM

sometimes, to avoid argument, i just scramble some of the digits in the number they’re asking for. garbage in, garbage out.

Glauber Ribeiro March 8, 2006 1:42 PM

I’ve done this for years, especially when people ask me for phone number and i don’t think they need one. It’s interesting now when i run my credit report, to see several of these variations, for example, it lists several versions of my ssn. Somehow, the reporting services still manage to connect the dots even when some of the information is bogus.

Joseph March 8, 2006 5:37 PM

“sometimes, to avoid argument, i just scramble some of the digits in the number they’re asking for. garbage in, garbage out.”

It’s surprising how well this works, especially for cases like when the video rental store wants your zip code for profiling. A lot of times the clerk also knows you are lying, but they care even less than you do.

When I used to work for Radio Shack back in the day, customers would give me bogus addresses all the time. It made them happy, and it made me happy (My “address collection” numbers looked good), and it struck a blow against the overall value of the collected data.

hitlesswonder March 8, 2006 9:22 PM

So, I’m curious. Don’t the “Know Your Customer” requirements in the Patriot Act that require a SSN conflict with the existing statute about not using a SSN for ID?

Does anyone know?

NotGeorge March 9, 2006 2:22 AM

I always give them 1600 Pennsylvania Ave NW, Washington DC, 20500 whenever they ask for my address at places like Radio Shack or when signing up for online access to a newspaper.

Matti Kinnunen March 9, 2006 5:39 AM

I wanted to withdraw $4000 from my bank account in the Wainwright Bank in Boston in August.

They asked for my ID. I handed over my Finnish passport. It was not enough, they asked for another. I handed over my Finnish driver’s license. It was not enough, they asked for another. I handed over my MIT-student ID. It was enough.

Later, I got my Massachusetts ID. It is a powerfull ID indeed, for it beats the MIT-ID, not to speak of my passport (which, of course, was a requirement for getting the Mass ID)

Laura July 23, 2009 12:10 PM

Hi there, thanks for all the comments. I am very concerned about the lack of privacy in our current world. Another perspective though: I was a professional medical office manager as well as a work comp claims collector in California. The driver’s license number is extremely helpful when we were trying to track down someone who owes money….this is why medical offices collected them, and made copies of the DL along with insurance cards. We had to verify identity before we could bill on someone’s insurance company. I’m not sure what a medical office does today, that practice may now be illegal.

Bob Trent April 29, 2011 11:10 AM

“Most likely, they just want to know that you have a driver’s license, the number is irrelevant.

“Another retort in this situation could be ‘Sorry, I didn’t know it was required that I drive a vehicle to do business with you. For all you know, I am disabled and require others to help with my transportation.'”

“I’m sure whomever oversees ADA compliance would like to hear about these requirements.”

I’m sure a DMV-issued nondriver’s ID card will do. A passport, military ID, any other US or USA government-issued photo ID card, too. Maybe ID issued by other nations’ governments.

Freeman1776 July 28, 2011 11:28 PM

it is amazing to read all the dialog written here since 2006 regarding the use of ID’s.

Everyone must understand that since the Patriot Act, data is being accumulated not only via drivers licenses but also via a passport with a RFID implanted in each passport. Passport RFID’s are only the beginning, there is serious talk about RFID implants under our skin, and they will be mandatory.

Also, consider the new Census questionnaire, it no longer is a simple count of members of household, but rather a lengthy inquiry about your job, location, phone number, email address, etc, etc. When you realize the original purpose of the national census was to give a “count” of population in given areas for federal benefits, than you will now notice that is no longer today’s census goal.

Simply put, the government has begun tracking its citizens in earnest under the guise of weeding out terrorists. Our liberties are being usurped in the name of security and we need to be cognizant of this fact each time we are asked for information.

Anytime you can avoid aiding this corrupt practice by the government to reduce your liberties and to track you, by all means, be deceptive. Its your freedom that you are protecting.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.