> When a bargoer visits another PatronScan bar and swipes their ID, their previously flagged transgressions will pop up on the kiosk screen. Unless patrons successfully appeal their status to PatronScan or the bar directly, their status can follow them for anywhere from a couple weeks to a few months, to much, much longer.
“Appeal” to a private company to seek what’s effectively forced arbitration only ends one way en masse.
This sounds horrible. I hope there’s some legit privacy regulations passed to ban passive practices like this. Scanning an ID locally to check for duplicates that night sounds reasonable. Auto uploading it without notifying patrons to a central DB is not.
This is the "social credit system" for western nations forming. I only know how this works in the US, so I'm concentrating on it.
Firms like this that succeed will be bought out and rolled in to the existing credit firms as new dimensions. (They already track much more than your credit use - google "experian data services", and substitute the other two in as well.)
It is private, so in the US there is little regulation to worry about. And the third-party doctrine means no warrants are required for LEO access.
No worries. Just don't forget to get your free annual "Drink Establishment Behavior Report" free from Experian/Equifax/TransUnion if you live in New York or California.
Alternatively, just pay a low low price of $1 a month for our "Bar Behavior Report" monitoring service!
R Place in Seattle uses an internet connected ID scanning system. Super sketchy, they do not ask consent to scan or answer any questions about how data is handled.
Programs like this will make it much easier to round up LGBTQ people like myself, enabled by shortsighted management of these spaces implementing mass data collection.
This is the real issue IMO. Any time I see people complain about data breaches or something they seem to be missing the point and diverting away from the true issues
Under political goals of the removal of regulations and privatization, this will increasingly become the norm. Under private interests, you have no fundamental rights because the writers of founding document of the United States didn't not foresee the level of control the rich and corporate would truly have in this modern era. It offers no protection against abuse by powerful private interests that it does against government.
>because the writers of founding document of the United States didn't not foresee the level of control the rich and corporate would truly have in this modern era
They did, that's why they limited the power of the federal government to interstate commerce and defence. It was later generations that decided interstate commerce means activities that take place in a single state[0] and that we should use legal trickery to get around the protections they created.
This happens all the time with people who apply for bank accounts. Chex Systems provides a vetting service for banks. If you ever have a checking account closed by the bank, they report you to Chex Systems who then blacklist you for five years from getting another checking account at the 95% of banks which use Chex. No appealing, no explanation, just blacklisting.
Chex is subject to the FCRA, so at the very least one should be able to appeal (Chex) on the basis of inaccurate information, and to get a report from Chex explaining the information they have on you.
As well, if a bank denies you a checking account due to a Chex report, the bank is under obligation of letting you know why (again, thanks to the FCRA).
Now, this doesn't mean that it's _fair_ (it isn't), but the law does offer you some measure of transparency.
That’s a problem. It’s also a problem that for something that can be a violation or misdemeanor can follow you across state and international boundaries...
On another note, how are 18 - 20 year olds going to get into bars? I guess the wristband/no drinks will be the norm for them.
I don't see the problem here. Bars presumably are free to use this system or not, and no one really needs to go to bars anyway. This isn't like being prevented from shopping at a grocery store or getting to work.
Honestly, if this system ended up causing a bunch of bars to go out of business, I'd be laughing. Maybe people should find a better way to spend their time than getting drunk.
We now have bars where people can drink and fling axes around indoors. If the insurance premiums weren't high enough to stop that from happening, I don't see abstaining from user tracking keeping anybody's pub out of business.
Agreed that social credit systems degrade society.
Did you ever notice that nice restaurants attract nice customers, and that scummy looking places attract scum. we are perfectly adept at governing ourselves already.
I don't comprehend this duplicates thing. If your face and body doesn't match the photo and appearance description on the license, then the bouncer should reject you at that point. Using the machine suggests all they are doing is running the scan, pulling your data, and giving a green or red light to enter. So you can be a 16 yr old boy and come in with the id of his 89 yr old great-grandmother and the machine gives a green light because the id isn't fake. Unless the bouncer is looking at the photo. And now you don't need to scan and store for duplicates because the bouncer will catch that you're not the person on the id. Databases, hand stamping, and other methods are all much more complex and less effective and sensible than the bouncer simply checking the id.
You could conceivably have a situation where a 21-year-old exits the bar, slips his ID to his similar looking 19-year-old brother or cousin, and gets him into the bar.
I'm sure this happens, but I doubt it's really a major problem.
Ultimately, it is up to the bar to decide whether or not they want to use this system. Their bar, their rules.
I show my ID to bouncers, in my hand, to avoid the common practice these days of putting it into a scanner and logging my data. If that’s not good enough for them, I go somewhere else.
> How long will it be before company behind it are lobbying cities to make it a license requirement for every bar to use their system?
According to the article, it's zero minutes, because it specifically says they are already doing that lobbying.
This won't be just for bars, it'll be for restaurants that serve beer, liquor stores, gas stations, and supermarkets. Any place selling alcohol, cigarettes, spray paint, knives, guns, etc., anything that requires id.
This system is going to be a nightmare to maintain long term due to bad data (GIGO). Imagine a large number of bar employees able to determine who get's a global bar ban. What prevents an employee from inputting all the people they dislike? Seems like a recipe for failure.
This is a case where you hope it flames out in a big, obvious fashion, with lots and lots of false positives, as opposed to being merely kinda bad with a few unlucky saps being barred (or dis-barred, in this case) but the badness never being serious enough to discredit the concept.
Oh great, a private company promising to store my home address and other sensitive personal details in a database. That surely won't get breached at all, ever, in any way, due to terrible malfeasance of even the most basic security principles.
Oh, and combined with lobbying cities to force adoption?
Realistically, how do we prevent every blockhead with an unsecured database from hoovering up personal information? Can we start instituting major fines and the requirement to carry liability insurance or something?
I do think liability insurance is a good idea in theory; in practice, it will shut down "little people" projects and will likely only effect the worst of the worst. (Which is not nothing, but not enough.)
Mroe generally, the answer is "everything you can think of". People are trying to pull the world in a direction you don't like, so pull it in a different direction. Poison their data. Explain why they're awful to everyone you can. Talk to your local ABC authority before these jerks get there and explain why this is terrible. Try to solve the whatever actualy "problem" there is here in a less intrusive way. Whatever else you can think of that is legal.
You don't have to ask for permission to fight back.
For my part, I will not go to establishments that scan my ID. I'll show it to you for legal compliance reasons, but you don't get to record it. If your house rules say otherwise, that's fine, I'll spend my money in some other house.
Even if you are a social butterfly, use your head. That place has decided that they need ID scanners. Just imagine the things that have happened that made that necessary.
We can't, which is why stopping people from collecting information is the wrong place to prevent bad actors.
Your address is not a secret. If you own a home, it is necessarily a matter of public record. If you ever want to have anything delivered to you, you necessarily have to share it. If having your address in a database is a problem for you, you're going to have to learn subsistence farming and move completely off the grid, because you're not really going to be able to function in modern society.
How would you feel about having your name, address, and photograph in a database of people who frequently visit bars catering to the gay community? Would you change your answer if you lived in Alabama, or on a military base?
For me the bigger issue here is how one night at a bar might follow me around for the rest of my life. I get into an altercation at a bar and kicked out.. now I have a "record" that everyone can see? There is no due process here. No investigation. Nothing.. just a record that a future employer might be interested in taking a look at.
It's the Chinese social credit system but worse because it's privatized.
I agree, I just think that trying to prevent people from collecting publicly available information is the wrong way to stop it. The bar has a legitimate reason to look at your ID.
Instead how about we just make a law that bars can only ban people for incidents that occurred in that bar. That seems reasonable to me and would hold them to a similar standard as the justice system (no hearsay).
Looking at your id is not the same thing as scanning and storing it. They clearly don't have a legitimate use for that data just a pretext. Having spent time in bars I definitely don't want bartenders and bar owners to know where I live.
No, it's really not any worse. Under both systems, the social credit system is run by some organization that has no real accountability to the people it's keeping track of. China's government is, in a way, "privatized", since it only works for an elite group of people who control it, which if you think about it sounds very much like a corporation.
If you don't like lots and lots of noise, then you have no business patronizing a bar or restaurant in America. The same is becoming more and more true of workplaces too. Americans love noisy places, and they love to talk really, really loudly.
> How would you feel about having your name, address, and photograph in a database of people who frequently visit bars catering to the gay community? Would you change your answer if you lived in Alabama
Isn't this already the case if you visit a gay bathhouse anywhere in the south?
I wouldn't care. Straight people go to gay bars. I've gone to several on a few different occasions, despite being straight.
I doubt I would want to associate with anyone who would care. I'm confident that I could find people who wouldn't even think to check such a database even in gasp Alabama or on a military base. Just because someone doesn't live in one of the five approved liberal cities doesn't mean they're automatically a bigoted jerk.
That's fine for you, but not for everyone. Would you really feel comfortable if this database leaked, a la Ashley Madison, and you knew people could search your name on some PasteBin and see all the bars you've been to?
Gay bars, biker bars, strip clubs, bars hosting political rallies, bars hosting events mocking religion. Bars where convicted felons are present, bars where alleged gang members are present, bars where prostitutes are present, bars known for drug use, bars known for cheap liquor and heavy drinking. Going to see a concert you're not that familiar with and it turns out to be racist/sexist/atheist/pro-abortion/anti-abortion...
Accidentally ending up in the same bar as your coworkers during a union organizing drive, intentionally going to the bar with your coworkers during a union drive... Five bars in one night, one bar after 3am...
I can honestly say that I would not want anything to do with anybody who would search my name on pastebin to find out if I was at a bar that did something that offended them so they can hold that against me. That person sounds absolutely insufferable. If they are going to go to that much trouble to find something to dislike about me, we were never going to get along in the first place.
Are you at least vaguely aware that people get assaulted or killed or blackmailed or discriminated against because of who they are and who they associate with?
It's not much consolation that you "find them insufferable" when they tie you to a fence or drag you behind a truck because of who you are.
This isn't that complicated. Many of us consider it a right to keep parts our our life private including who we choose to socialize with. You have every right to not agree with that point of view, but you should quit the charade of pretending not to understand it.
Do you honestly believe that the people tying people to fence posts or dragging people behind a truck are going to go search for names on pastebin to find their victims? That doesn't make a lot of sense. If that's really what they want to do, they'll just wait outside the bar and grab whoever comes out.
I agree it's a problem that people do things like that. I don't think that worrying about a name in a database has anything to do with preventing it.
I'm really struggling to find any credibility in this scenario:
Mr. Bigot thinks Jeff is gay. Mr. Bigot then goes to search on pastebin to see if there's any evidence of Jeff going to gay bars before beating him up.
In my experience people like Mr. Bigot are not real big on fact checking.
How about this. Mr. Bigot employs Jeff, or is his client.
Ukrainian Bob hacks a database and finds out Jeff goes to gay bars. Bob contacts Jeff and says pay me or I tell Mr. Bigot.
Or maybe Jeff is a schoolteacher, and the bar is a BDSM themed bar. And Bob the hacker is a student.
Or maybe Jeff still goes to a bar in his old neighborhood, which is an ethic neighborhood. And maybe a black box unaccountable AI algorithm used by an insurance company flags him as higher risk because of that data point in his larger profile they've queried from a data broker.
Or whatever scenario you can think of. As long as certain things in society are legal and OK but taboo in some contexts, people are going to want privacy around them. Once you keep records like this that privacy is threatened, given that the probability of lists such as this leaking is basically 100% in the current environment.
Many of us want that privacy safeguarded. You are clearly not arguing in good faith by pretending not to understand why someone might have this opinion.
You are either deliberately misrepresenting my argument or I haven't made myself clear. Yes. Those things are problems. I don't disagree they could happen. I disagree on what the appropriate solutions to those problems are.
If there is anything the digital age has demonstrated beyond a doubt, it is that attempting to control information is futile. Go ask the music and movie industries how successful they have been in controlling the flow of the digital information representing their IP.
Jeff's employer wants to fire him because of his sexuality? Jeff's employer is wrong and we should not allow that. Jeff should have cause to sue his employer and win.
A schoolteacher is into BDSM and someone thinks this is a problem for some reason? They are wrong and we should prevent them from taking any action against the schoolteacher.
An AI increases someone's insurance premium because of occasional visits to one bar? This AI sucks and its data model is probably severely broken. A better insurance company with a smarter data model should offer a better deal to that customer.
For anything that is legal but "taboo" without clear evidence that it actually results in a real problem, we need to aggressively prevent people from interfering with other people's lives because of ill-defined feelings they might have about things that in reality don't matter at all. THAT is what is going to solve this problem. Trying to unpour the jug of water that is digital information is destined to fail and a waste of time.
Telling people with unusual but harmless lifestyles that they need to hide and hope that nobody finds out instead taking steps to protect them is wrong.
> For anything that is legal but "taboo" without clear evidence that it actually results in a real problem, we need to aggressively prevent people from interfering with other people's lives because of ill-defined feelings they might have about things that in reality don't matter at all.
Indeed. I do in fact fully support your impassioned argument that we should eradicate the legacy of centuries of bigotry and ignorance and bias that underpin nearly all human interactions.
In the meantime, while you're working on that, I'd like some fucking data privacy laws.
Mr. Jones gets in a dispute with Mr. Smith. Mr. Jones, in a huff, searches the leaked bar database to see what he finds.
He goes around the neighborhood telling everyone Mr. Smith used to hang out at gay bars, or that Mr. Smith habitually bar hops on weekends, or that Mrs. Smith emasculates her husband by going to the bar with her friends while he stays home with Smith Jr. Mr. Smith loses some business opportunities, or gets in hot water with his religious relatives, or just notices people laughing at him behind his back at the block party. If Mr. Violent Bigot is his next door neighbor, maybe this is how he learns Mr. Smith is gay, or hangs out at bars frequented by other races, or whatever.
Also, stalkers could easily use this to track their victims and people who they associate with.
Yes, there are also bar owners reporting incidents that happened in their bar. Are you going to propose that bar owners are not allowed to write down things that happened to them? Are you going to propose that they are not allowed to tell other people about things they witnessed? How do you reconcile that with free speech?
For me the point at which this becomes a problem is where other bars that were not a party to the incident ban people based on unverified information. That is the actual problem and what I would propose restricting
The company will be logging every single card that gets scanned. You will be in their database even if you are never written up for any infraction, and that running history of every bar you ever scanned in at will be information that could become public through incompetence or greed.
You know this. I know that you know what data brokers are, that companies obsessively log everything by default, and that cyber-security is frequently abysmal. You're not dumb, you're just pretending to be. That's a nasty habit.
Ok, they will have a partial [1] list of bars I visited. This will allow them to do what specific nefarious acts, exactly? I'm not pretending anything. Maybe I really am dumb or just unimaginative. I don't see what harm is going to come to me from someone having this information or even why anyone would care to look at it.
[1] partial because not every bar is going to implement this
I don't have to. Commercial speech isn't by definition free.
The bar owner is certainly permitted to tell their friends about something that happened, or write a book about what an asshole customer you are. That doesn't mean every for-profit database of information, no matter how personal or how obtained, is legal.
As, of course, you most certainly already know. There aren't any consumer credit reporting agencies, for example, making legal claims that the FCRA is a first amendment violation.
The possibility of fines, even large ones, is ultimately just considered a cost of doing business. If you really want to stop this sort of behavior we'll need a streamlined process for piercing the veil and criminally prosecuting both executives and engineers, with very serious (but fully deserved) setencing guidelines.
> Realistically, how do we prevent every blockhead with an unsecured database from hoovering up personal information?
GDPR. You need to take GDPR, translate it to your local language without removing any clauses, maybe add some liability for processors too, and get that implemented as a law.
I can't read TFA because it's paywalled, so I don't know if it talks about the information saved, but they don't need your home address, ID number and issuer is all they need to store as far as PII goes and you don't even have to store those directly - you can encrypt them like a password.
The article states that they store in their database your "name, gender, date of birth, zip code, and photo", but currently they don't store your address or id number.
The information stored though is certainly sufficient to find your street address and a great deal of other information in almost all cases since a full legal name + DoB + zip code match is nearly always a unique identifier.
Storing the id photo is fun and no doubt useful for further tracking of the patron using things such as the cameras on the table kiosks. Also the photo has value for sale to other interested parties.
I think OP was asking: even though there are best practices to follow when storing PII, how can we trust every private entity that stores our PII to be using those best practices?
There seems to be a real business of making "lists" of things and people to accomplish trust related activities. I know a few folks starting / running companies like this based on just scraping facebook profiles or google results.
Most of these seem pretty unscientific / dangerous.
I wonder if this is technically a type of defamation.
I'd think the tracking company would need to have some degree of proof as to the "bad behavior" they're sharing with it's member bars to hold up in court.
Not a lawyer, but I could also see this pretty readily thrown out on discrimination grounds. "Hey, why is it that only people of color get thrown out of your bar?" Or, for the company: "Why is your banned list X% this race vs. the norm and can you prove that you are not aiding in large scale discrimination?"
It absolutely can be. Defamation definitions vary by state, but in general it's something like:
1. A false statement
2. Made to a third party
3. About a specific person
4. That causes damages (eg, to their reputation)
If they repeat something false, it absolutely is defamation. Damages could be hard to prove or show - perhaps a business meeting at a bar would qualify. Likely way to use this is through sending the company a demand letter basically saying "remove these false statements from your database or I will sue you for defamation."
If all they are doing is recording that one was thrown out of a bar, and the reason _the bar_ says it happened, those are all truthful things. They aren't saying you did that, they're saying that _the bar_ said you did that.
It seems rotten, but I'm sure that's the kind of loophole they'd use as defense. :)
It's complicated, but this is explicitly not recognized as a defense by courts. If Alice tells me "Bob says that Charlie started the fire", whether or not that statement is defamatory depends on whether or not Charlie actually started the fire, not on what Bob actually said.
The more likely legal defense is Section 230 of the Communications Decency Act, which shields online service providers for liability for hosting online content from third parties.
Why would it be useful? Most employers don't care about if their employees are also bar patrons and bars are a place to socialize - going to bars doesn't mean you're a heavy drinker. I frequently go to bars without drinking more than maybe a sip of alcohol. Either I'm the DD or I simply don't feel like drinking that day and my friends wanna meet up, or even if I just want some food. Doesn't apply to me but people go to see the band as well.
> Why would it be useful? Most employers don't care about if their employees are also bar patrons and going to bars doesn't mean you're a heavy drinker.
Most don't care about your personal life.
But some care incredibly deeply about it. There are Christian employers in Canada and the United States, who will fire you, if they discover that you, say, had pre-marital sex at some point in your life. Others will fire you for undergoing a medical procedure.
Do you think bosses like that give two shits about an employee splitting hairs as to what exactly constitutes living in sin?
Private Investigators would absolutely love this dataset, since it could include who got ID'd at what bar when. Can definitely piece together places to try to find someone, people they might know, etc.
I mean, laws that regulate data privacy for companies like this could probably help too. I dont think its reasonable to allow storing data from scanned legal ids without explicit, written consent from the ID holder to start.
Unless there is an aggressive public education campaign, most people will likely be ignorant as to the purpose of the card scanning and the privacy risks.
Consumer boycotts are very often ineffective and shouldn't be relied on. This may distress libertarians, but regulation is the only real answer.
Social filtering is often heralded as a great thing to improve society so that its citizen can learn to behave. Survival of the fittest in its greatness.
Merit is overrated anyway, so all people have left to do with their lives is sorting and filtering people to pretend they can enjoy a better evening.
That's not necessarily the case. A bar that has a bouncer all the time? It might be that they get a shitty crowd, but a lot of times it's just that the bar is too busy for the bartender to remember which patrons they've checked IDs for. The simpler solution is to have someone stand at the door to check IDs so that every one inside has been checked.
I worked at a bar that only had a guy outside on Thursday, Friday and Saturday after 9. The rest of the time it was slow enough that the bartender could just check IDs before the customer was served.
I think the greatest thing about this is the choice. If you don't like this practice, vote with your wallet. If you do, then the same rules apply. I think the biggest issue a lot of people may have is the possibility that the choice aspect is taken away.
I mean I might want to go to a bar that's full of KKK members, because they serve nice beer. I have 2 choices go there for the beer, and perhaps inadvertently support the KKK, or the bars stance on that. Or I could not drink there. That's my choice, I'm not sure I could go to the anti KKK league rally and complain that I want to drink at that bar.
Which is safer-- a municipality where the set of violent patrons is distributed across all its bars, or one that creates a huge incentive to cordon off that set of violent patrons into a few "rough neck" bars?
I'm going to guess the proprietors of this company haven't thought that far ahead, and instead are banking on growing large enough, fast enough, that it won't be their problem.
To those people saying this is no big deal because your address is public record and has to be shared to buy things: how would you feel if online retailers put together a private list of problem customers who sent a suspicious number of returns, failed deliveries or other signals?
Edit because I was too vague: I am saying multiple online retailers collaborating on a list together that bars customers from purchasing/ returning from all of the participating members. I am aware that companies individually fight return fraud using their own private lists and fraud detection software from external companies.
>> “The system may prevent a consumer from returning for a period of time at a particular retailer, but if that consumer reduces his or her return activity, the system then allows the consumer to make returns at that retailer."
So, the individual retailers are blacklisting, much like individual bars blacklist today. But this original article is talking about collecting those lists on a national scale, into one database.
My understanding is that is a practice of individual retailers, much like bars individually blacklisting patrons. The original article has them making a nationwide database with potential legislative backing, which is different from that usatoday story, because in that story they are talking about the individual practices of retailers and not a coordinated list.
everyone must have way more upscale bars than i do. the 8 or so bars in a 5 mile radius from the house dont even have video cameras, let alone care who enters the bar (as long as they are over 21).
I can see where this would be helpful, but i can see most small bars not really caring as long as no one starts a fight.
As long as they're compliant with the credit reporting laws in the USA I don't see a problem with this. Under such laws you may see whats in your file, make corrections to it, and there's a expiration policy for negative behavior.
Will also be useful to keep track of who are good tippers. Also with the little video kiosk things they have at the tables, you can serve them targeted ads. Also, keep track of who they are drinking with, this information is worth good money to someone. Also even if they are polite and never cause problems but drink frequently that's helpful information regarding health risks for setting car and health insurance premiums. As well as evidence to police after a fender bender, will definitely want law enforcement to have access to this info. And maybe they checked a box when applying for life insurance saying they didn't drink, but this proves they did - policy is rescinded after filing the claim. Big savings there. Back to that tipping information, maybe they tip people of certain genders and ethnicities higher than others. This could be useful to prove bias in a discrimination lawsuit if they have hiring authority.
Few parties dealing with people in any capacity wouldn't want to pay something for access to this really great database.
“Appeal” to a private company to seek what’s effectively forced arbitration only ends one way en masse.
This sounds horrible. I hope there’s some legit privacy regulations passed to ban passive practices like this. Scanning an ID locally to check for duplicates that night sounds reasonable. Auto uploading it without notifying patrons to a central DB is not.