News Fingerprint ID and tracking retail sales

[Ivan Seeking]

...gotta work on my taxes. More later.

 

[Grogs]

Yah but Ivan, the company could do that any day of the week with credit cards. This fingerprint thing is no different then a credit card. They both reveal your identity and from there, the company can track your purchases. It doesn't matter hwo they know who you are, as long as they do; this finger print thing doesn't change a thing.

Well, it does put you at the scene of the crime, so to speak. With credit cards, there's at least the possibility someone stole the card and you'd need a clerk/video surveillance to verify you in fact made the purchase. I consider that minor and probably meaningless in most cases though.

What having all of the purchases in a single database does do (be it from credit cards or fingerprints) is allow one guy with a computer to run a search for a particular type of behavior. LEA could, for example, track everyone who purchases duct tape, rope, and a shovel at the same time and notify officers that they may want to pay those people a visit. With our legal system (in the US) it's unlikely any criminals caught in this manner would be convicted.

The biggest threat (as I see it) would be from unscrupulous individuals or corporations who would give the data to spammers/my boss/doctor/etc. Eventually, I think consumer protection laws will put a stop to the threat, but right now the problem is so new we haven't even discovered all of the problems, much less made laws to protect against them.

 

[Pengwuino]

Yah... i think this is something that we still don't understand all the consequences of it yet.

Funny thing though is that there would be some consequences that we know shouldn't happen but deep down wish they would. Say for example... itd be outrageous if we checked the buying habbits of our children's teachers... but don't we all deep down wish we knew if our children's teachers were alcoholics or porn obsessed or something lik ethat. Meh... oh well... guess we got to live with the 'what if's.

 

[loseyourname]

Well, it does put you at the scene of the crime, so to speak. With credit cards, there's at least the possibility someone stole the card and you'd need a clerk/video surveillance to verify you in fact made the purchase. I consider that minor and probably meaningless in most cases though.

That's actually the whole point of biometrics: consumer protection. It's easy for someone to steal your credit card. It's probably impossible for someone to steal and fraudently use your fingerprint.

 

[Grogs]

That's actually the whole point of biometrics: consumer protection. It's easy for someone to steal your credit card. It's probably impossible for someone to steal and fraudently use your fingerprint.

I was referring to a different crime actually. If the police find a dead body in my back yard tied up with duct tape and checking my credit card records they found out I bought 36 rolls of duct tape yesterday, I could claim my roommate stole my credit card and thus he's the murderer. Unlikely in the extreme, but it's that one last bit of doubt the police would have to do away with for an iron-tight case.

As for the security of the biometrics, it seems that whatever type of data, be it the 16 digits of a credit card or a finger print scan ultimately gets digitized and sent off for comparison against the bits in a database somewhere. If a person can get hold of the digitized fingerprint (a local copy stored at the grocery store for example) then it can be spoofed. Maybe some of the math genuises could come up with a way to prevent this, but AFAIK we don't have anything like that right now.

 

[loseyourname]

I was referring to a different crime actually. If the police find a dead body in my back yard tied up with duct tape and checking my credit card records they found out I bought 36 rolls of duct tape yesterday, I could claim my roommate stole my credit card and thus he's the murderer. Unlikely in the extreme, but it's that one last bit of doubt the police would have to do away with for an iron-tight case.

That's another part of the whole point. This makes it far less likely that the police are going to nab the wrong guy.

As for the security of the biometrics, it seems that whatever type of data, be it the 16 digits of a credit card or a finger print scan ultimately gets digitized and sent off for comparison against the bits in a database somewhere. If a person can get hold of the digitized fingerprint (a local copy stored at the grocery store for example) then it can be spoofed. Maybe some of the math genuises could come up with a way to prevent this, but AFAIK we don't have anything like that right now.

I really don't see how this can possibly be done for an in-store purchase. Presumably you need to actually touch something that will scan your fingerprint and approve you for purchase. How is someone going to use your digitized fingerprint image to fake this system? They would have to touch the scanner to make a purchase, and nothing they do can make their fingerprint look like yours short of cutting off your finger and surgically attaching it to their own hand.

 

[Pengwuino]

You probably could somehow fake it... but man, that is complex. ID theft and consumer fraud would plummet but even if the entire retail and financial systems of the world/whatever country uses it switched to fingerprint, thered be a handful of people who would attempt it. But man, that would suck for the people who get their ID's stolen that way! Because you can't just reorder a thumb print like you can re-order a credit card. Retinal scan would probably be absolutely impossible though unless your just ... ugh, the realm of possibility... Maybe total facial scan would finally bring security.

And what i don't get is why there is this supposed inverse relationship where the more secure you are, the less privacy and rights you have.

 

[russ_watters]

And that's the whole point - I find Ivan's position terribly ironic: he's worried about a loss of privacy when in fact there is no loss in privacy - just a gain in security.

 

[Jimmy Snyder]

Although no different in principle that credit card use, or a private card account, this (using fingerprints) is getting a bit big brotherish

In my opinion, you are using some guilt-by-association argument based on the fact that fingerprints have a "bad" odor.

The system you described sounds like a voluntary system in which the 'victim' gives the store their name, address, phone number, credit card number, etc., all of which could be easily used to track the person, AND their fingerprint, which would be orders of magnitude more difficult to use.

 

[Moonbear]

I really don't see how this can possibly be done for an in-store purchase. Presumably you need to actually touch something that will scan your fingerprint and approve you for purchase. How is someone going to use your digitized fingerprint image to fake this system? They would have to touch the scanner to make a purchase, and nothing they do can make their fingerprint look like yours short of cutting off your finger and surgically attaching it to their own hand.

What? Don't you watch all those spy shows on TV? They do it all the time by making some sort of latex or silicone imprint of the fingerprint and slipping it on over their own fingertip. I'm not sure if the clerks in some of the stores I shop in would even notice if you walked in with a severed finger and scanned it.

I still don't think it's possible to replace credit cards with fingerprints, since fingerprints don't give you multiple account options, but to use a fingerprint to sign for your purchase instead of a signature seems like a better use. The other reason the credit card would still need to accompany a finger print is the volume of data that would need to be searched if a data base was just trying to match finger print data with nothing to accompany it. If you first swipe a credit card, the computers know where to look for the fingerprint that's supposed to match it and can just confirm the match rather than hunt for a match.

 

[loseyourname]

I still don't think it's possible to replace credit cards with fingerprints, since fingerprints don't give you multiple account options, but to use a fingerprint to sign for your purchase instead of a signature seems like a better use.

They'd probably set it up the way you make online purchases from sites you have an account on. They save your bank account or credit card information, and to charge it, you simply enter a username or password. In this case, the store would have your charge information on record, and all you would have to do is touch a scanner. You could also store multiple accounts and choose between which one to use after your information is called up.

 

[Ivan Seeking]

The loss of privacy to the extent that's coming, and already here, is a new phenomenon made possible by the information age. Many people here seem to feel that we should just yield to the system and let IT run amok. Why not allow 7-11 to set the standards for how your personal information is used? Why not allow your employer to track your purchases to see if you personal behavior conforms to their standards? [For example and just in the news, already we see companies refusing to hire smokers.] The difference between a democracy and a corporation is that the people set the rules; not the CEOs. So it seems to me that you can all do what you're told by your favorite corporations, and your boss, and Uncle Sam, and your insurance company, or you can choose to take control of your private information by first recognizing how its being used, and then acting to protect your rights; or to make new ones if needed. "Nope, ain't nothin to do but roll over and die" is the code of sheep.

 

[Pengwuino]

But Ivan, you do realize everything being done in the 'big brother dominates' world you think of is fully capable of happening right now. The thing is, corporations in most cases don't want to do this because there afraid of a lawsuit or people boycotting their industry. The people make their choice not by refusing information, but by boycotting an industry/company that demands this sort of information from people. If say, McDonalds made it policy to forbid the hirings of black people or asians or some group of people... people would stop going to mcdonalds and since its a corporation, it kills the bottom line which means its something they don't want to do.

 

[Kerrie]

i was in Albertson's last night doing my shopping and saw the fingerprint scanner...the checkout clerk told me the biggest problem they had with it so far is when there was a power surge, you couldn't use it, and many like the idea of not carrying their wallet or check book...thus they go shopping, and can't pay for their groceries when the machine fails

i think ultimately, simpler is better

 

[Pengwuino]

Not in America kerrie lol. I am not walking around with 3 $100 because i need to buy a stereo. People would probably be lining up outside of circuit city or saks 5th avenue waiting to mug people if we all went back to the simple paper money and coins :D

 

[Hurkyl]

You would likely get more discussion on your points if you stopped stubbornly calling it a violation of your right to privacy. As russ has pointed out, you don't have a right to privacy, and as I've pointed out, there is nothing private at stake anyways. When you insist on calling it a privacy rights issue, you distract people from the points you seem to want to be making.

 

[Pengwuino]

We have a lot of laws protecting specific aspects of our privacy but there is no actual "right to privacy". Those laws could be taken off teh books at any time and people can't say anything because its not in the Constitution and very few justices think there is that follow the wording of the Constitution.

 

[russ_watters]

We have a lot of laws protecting specific aspects of our privacy but there is no actual "right to privacy".

And pretty much all those laws do (as applied to here) is require that the company disclose how they intend to use information they collect from you.

 

[Kerrie]

You would likely get more discussion on your points if you stopped stubbornly calling it a violation of your right to privacy. As russ has pointed out, you don't have a right to privacy, and as I've pointed out, there is nothing private at stake anyways. When you insist on calling it a privacy rights issue, you distract people from the points you seem to want to be making.

According to the 9th amendment of the US Constitution, it was established that privacy is a basic human right. In this case, we do have one great freedom-we have the freedom to choose whether we would use this system or not based on our own personal preferences. We have the freedom to choose to shop at places such as these too. After some thought of it however, it occurred to me that the fingerprinting ID is no more invasive then shopping at a store with cameras everywhere, as long as the fact that cameras were filming you were clearly posted, which I believe is mandatory (maybe not?).

Perhaps if the fingerprinting ID was a mandatory thing, it would be more of an invasion of privacy. At least in our world today, who knows what it will be like in 50 years.

Ivan here is just expressing his opinion on this method. Bottom line is, we can choose to use it or not, which is a good thing.

 

[russ_watters]

According to the 9th amendment of the US Constitution, it was established that privacy is a basic human right.

9th? You sure you don't mean the 4th? The 4th is unreasonable search and siezure (which is often mistaken for privacy). The 9th is "The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.", which I personally don't find all that useful.

In this case, we do have one great freedom-we have the freedom to choose whether we would use this system or not based on our own personal preferences. We have the freedom to choose to shop at places such as these too.

Well, that's really the rub of it - the if you really want it, the "right to privacy" ends at your bedroom door. I guess if one really wants to assert it, they can, but its not a useable right - once you start interacting with other people, anything you say or do can be monitored with your tacit consent.

After some thought of it however, it occurred to me that the fingerprinting ID is no more invasive then shopping at a store with cameras everywhere, as long as the fact that cameras were filming you were clearly posted, which I believe is mandatory (maybe not?).

I think they do need your consent, but just having a visible camera is enough.

 

[Pengwuino]

I don't think you have to know cameras are posted. I don't remember seeing signs in casinos...

 

[russ_watters]

I don't think you have to know cameras are posted. I don't remember seeing signs in casinos...

You can see the cameras in a casino. And no, I've never seen signs either, but I haven't exactly looked - if they're there, they probably don't need to be too conspicuous.

 

[loseyourname]

It generally says on the door of an establishment, or on a window, that you'll be monitored by closed circuit cameras. There's a little red sticker.

 

[hypatia]

The reason people put up notices about cameras, is to scare theifs away. I know several places who have security notices all over the place, yet have no cameras.

 

[Ivan Seeking]

You would likely get more discussion on your points if you stopped stubbornly calling it a violation of your right to privacy. As russ has pointed out, you don't have a right to privacy, and as I've pointed out, there is nothing private at stake anyways. When you insist on calling it a privacy rights issue, you distract people from the points you seem to want to be making.

First of all, we do have a right to privacy.

Distinct from the right of publicity protected by state common or statutory law, a broader right of privacy has been inferred in the Constitution. Although not explicity stated in the text of the Constitution, in 1890 then to be Justice Louis Brandeis extolled 'a right to be left alone.' This right has developed into a liberty of personal autonomy protected by the 14th amendment. The 1st, 4th, and 5th Amendments also provide some protection of privacy, although in all cases the right is narrowly defined. The Constitutional right of privacy has developed alongside a statutory right of privacy which limits access to personal information. The Federal Trade Commission overwhelmingly enforces this statutory right of privacy, and the rise of privacy policies and privacy statements are evidence of its work. In all of its forms, however, the right of privacy must be balanced against the state's compelling interests. Such compelling interests include the promotion of public morality, protection of the individual's psychological health, and improving the quality of life. These distinct rights of privacy are examined separately on the following pages:[continued]

http://www.law.cornell.edu/topics/privacy.html

Next, there are a plethora of laws protecting privacy; for one, the Privacy Act of 1974; which acts to protect the privacy of individuals. Laws like this set precedence for related legal arguments.

Agency requirements

Each agency that maintains a system of records shall--

(1) maintain in its records only such information about an individual as is relevant and necessary to accomplish a purpose of the agency required to be accomplished by statute or by Executive order of the President;

(2) collect information to the greatest extent practicable directly from the subject individual when the information may result in adverse determinations about an individual's rights, benefits, and privileges under Federal programs;

(3) inform each individual whom it asks to supply information, on the form which it uses to collect the information or on a separate form that can be retained by the individual--

http://www.usdoj.gov/04foia/privstat.htm

Also, there is no end to the legal issues of privacy in the workplace, at school, at home, as it pertains to medical records, and even DNA information. Such as:

The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) - a Federal law that protects the privacy of student education records.

Not to mention the tremendous discussion about medical information privacy; a continually growing and hot topic among legal scholars. In fact, to tell you the truth, IMO, the very notion that this is not a concern is naivety taken to absurd limits. Information is power, and power corrupts. Never, never, never trust a system to give you rights; or to protect the rights that you already have. You can be sure that at every turn, if it benefits someone else, someone is going to try and take your rights away.

BUT, the most glaring offense of all here, IMO: Even if we had no right to privacy we can define new rights. We can if we say so. We don't need anyone's permission. Why do you suppose it is that some people never want to consider this fact?

Finally, there is one unique feature of a fingerprint over any other forms of legal identification: It is the first application of a universal ID. It was a condition of the SS# that they would never be used as a form of ID. So even though its not significant in and of itself, it is a landmark on the road to Big Brother.

Some related reading:

Can We Protect Our Privacy Through Legal Solutions? Or Is Technology Now Beyond Our Control?
http://writ.corporate.findlaw.com/commentary/20050415_barr.html

"The true danger is when liberty is nibbled away, for expedients, and by parts."

Edmund Burke

 

[Hurkyl]

Case in point. This last post doesn't inspire me to rally behind a cause, nor to engage in a discussion about, say, the way medical information is used.

What it does do is irritate me into writing a reply chastising you for putting words in people's mouths. You know, sometimes the reason people don't talk about something is because they're talking about something else.

 

[Moonbear]

It generally says on the door of an establishment, or on a window, that you'll be monitored by closed circuit cameras. There's a little red sticker.

There seem to be tiny little signs most people would overlook entirely, hidden among the stickers for the credit cards they accept and the hours of business. On the other hand, I noticed a number of buildings in NYC when I was there over the holidays with HUGE signs stating things like, "Notice: This building uses video surveillance, you will be monitored by as many as 14 cameras." I don't know if they have city regulations about visibility of the signs or if those signs were just put up as a deterrent to theft and break-ins. The buildings I noticed it on were all office buildings with card key entries.

 

[loseyourname]

Buildings like that want you to know that you're being monitored, heavily, to deter you from doing anything you shouldn't be doing. Casinos probably don't bother because they already have 300 pound men in sunglasses standing all over the place with earpieces acting as deterrents, plus you know you're being monitored heavily anyway.

 

[Kerrie]

Case in point. This last post doesn't inspire me to rally behind a cause, nor to engage in a discussion about, say, the way medical information is used.

What it does do is irritate me into writing a reply chastising you for putting words in people's mouths. You know, sometimes the reason people don't talk about something is because they're talking about something else.

can you elaborate a little more? i guess i am a little confused by your reply to Ivan's post. i think he did a great job at establishing why he is expressing his opinion about the situation. not everyone may agree with his opinion, but at least his opinion is an informed one, which i respect. he does bring up a good point about how the social security number was never "intended" to be used as a means of ID, however, it sure seems that way. :shy:

i still think that by using our choices as wisely as we can instead of being sheeple (people + sheep), we are excercising our rights as best as we can.

 

[Hurkyl]

I'm looking at quotes like these:

In fact, to tell you the truth, IMO, the very notion that this is not a concern is naivety taken to absurd limits.

BUT, the most glaring offense of all here, IMO: Even if we had no right to privacy we can define new rights. We can if we say so. We don't need anyone's permission. Why do you suppose it is that some people never want to consider this fact?

Ivan is making what appears to me to be obvious implication that those involved in the discussion have no conerns about medical information privacy, and entirely neglect that laws can be enacted that grant additional rights.

I'm presuming this is because there has been a distinct lack of discussion on these points. I find it very irritating when people assume that because I don't say one thing that I believe its opposite.

Or, to reinterpret my irritation, it seems he's accusing us of not having any worries or concern about something because we haven't bothered to talk about that thing, and instead are talking about another thing.

Maybe, because it is a pet peeve of mine, I am reading too much into these comments. *shrug*