[Politech] ACLU's Barry Steinhardt on showing ID and "building privacy" [priv]

From: Declan McCullagh (declan@private)
Date: Mon Sep 29 2003 - 07:01:41 PDT

  • Next message: Declan McCullagh: "[Politech] National Review's Rich Lowry: "Kill all the librarians" [fs]"

    Date: Mon, 29 Sep 2003 09:42:25 -0400
    To: Declan McCullagh <declan@private>
    From: Barry Steinhardt <BSteinhardt@private>
    Subject: Re: [Politech] Privacy questions about entering buildings,
       showing ID [priv]
    The short answer to this question is "No!". There are no laws or 
    regulations governing the requirement that you show an ID to get into a 
    building or what is done with data that is collected. The data can be held 
    indefinitely and can combined with other data.
    This is only one example illustrating the creeping surveillance society 
    where our every action and utterance is being collected and catalogued. It 
    is not too late to put some chains on this monster by enacting common sense 
    privacy laws that govern when data can be collected and how it can be use.
    Barry Steinhardt
    Date: Mon, 29 Sep 2003 05:11:10 -0400
    To: Declan McCullagh <declan@private>
    From: James Moyer <james@private>
    Subject: Re: [Politech] Privacy questions about entering buildings,
       showing ID [priv]
    Partially in regards to your note to this, I would like to mention that I'm 
    working on allowing Ohio ID/license card holders the ability to not have 
    their address printed on their ID cards. The address on the card is an 
    anachronism from the time that the cards were cardboard and were sent 
    through the mail with a stamp on them. There simply isn't a need for an 
    address there now, and I hope to get the legislation introduced by the end 
    of the year. (The only thing that comes close to this, in North America, is 
    North Carolina allowing domestic violence victims to redact their address 
    from their license.)
    James Moyer
    From: "J.D. Abolins" <jda-ir@private>
    Reply-To: jda-ir@private
    To: Declan McCullagh <declan@private>
    Subject: Re: [Politech] Privacy questions about entering buildings, showing 
    ID [priv]
    Date: Mon, 29 Sep 2003 09:04:03 -0400
    On Monday 29 September 2003 01:46, Declan McCullagh wrote:
     > [Remember that a U.S. passport does not show your home address... --Declan]
    That's one of the great reasons for using a passport. It gives the basics to
    show you are more or less the bearer of the document, your citizenship
    status, and your age. The only downside is that many checkers are not
    accustomed to having US nationals showing a US passport instead of the
    customary drivers license. I guess some have questioned the validity of the
    passport while just give a glance at the DLs. Such are the rituals of ID
     > Subject: Privacy Policy - Buildings
     > Date: Sun, 28 Sep 2003 21:06:44 -0400
     > From: "Trotter, Frank" <Frank.Trotter@private>
     > To: "Declan McCullagh" <declan@private>
     > Content-Transfer-Encoding: 8bit
     > =>	Is there any current regulation for the collection of this
     > information (I certainly don't lean toward regulation but it would be
     > nice to know)?
    To my knowledge and I am not an attorney, there is no specific law or regs
    that apply to the ID requests. But the type of facility and who's asking for
    the ID can make a difference.
    If it's governmental, an issue that can arise is the status of the info under
    the applicable public access laws. Can the info be requested in a public
    records request? Often, the record might get exempted under the "security"
    If the governmental requests also want a Social Security Number, the Privacy
    Act might be of help. But realize that convincing a guard might take some
    effort and not work. It may mean even having to leave the building to avoid
    arrest for "trespassing" and picking up the legal wrangling via other
    With private entities, there is far less of a legal leverage. But appeals and
    making a fuss can work. (For a bad ID request situation, take a look at this
    account of what was done by a hotel where a privacy & freedom conference was
    held earlier this year: http://www.privacyrights.org/ar/NYRamada.htm )
    Most of the places asking for the IDs seem to have done it out of habit and
    "everybody else's doing it and if we don't, we might be held liable" notions.
    It is usually far less about security than about perceptions and symbols. The
    checks send the message "we are watching, so you better have legitimate
    business here" to potential wanders and, morseo, to the people working in the
    building. Many people seem to assume that security is a guard hassling people
    and the tougher, the more secure. (And that is why prisons are the safest
    places on earth, right? <g>)
    Therefore, I believe that getting people to really think about what security
    is and what it isn't is so important. A big challenge currently is the
    climate of fear whereby one has to express educational observations with some
    care. For example; it might not be a good idea to tell a petty guard in a New
    York city building about the fact that the IDs themselves tell nothing about
    the person's intentions, baggage, etc. by saying, "Yeah, you saw my ID and it
    was OK but what if I was carrying a bomb?" Then comes the alarms, the pepper
    spray and the boot on the back of the neck. <grin> At least, possible
    criminal charges for mentioning the "B-word."
    By the way, in NYC area this year, there was a murder of a city councilman
    that was committed by another politician, one who passed the ID checkers in a
    city building moments before the murder.
    Finding the people who can sway the implementation of security and encourage
    fitting security can help. For example, a good security approach would be
    more integrated, going beyond the "who" question and asking "why is the
    person here," what is the person's context here, etc. Calling up to the
    office where a meeting is supposed to take place or having a list of the
    attendees with some verifying questions & answers, etc. are better than the
    usual quickie ID check and recording the ID info.
    Getting more people to question the check would be great. Difficult in some
    areas, like NYC and NJ, where everybody is too rushed to take the time to
    challenge, and if one does, others will jump on the person for holding up the
    line. But if we have 28 million people saying "Hold on a moment!", it can
    make a difference.
    Do realize, however, this is not going to come easily and many will choose, at
    best, to show the least problematic ID, like the passport, than to have a
    guard throw an authority fit and yelling, "Damn it! We're in a war! Show the
    ID or we'll have the anti-terrorism unit here." (Remember, the ID checkers
    are usually at the bottom of the ranks and have very little official
    discretion and they don't like being reminded of that fact.) Still, the more
    it can be chipped away, the better.
    J.D. Abolins
    Politech mailing list
    Archived at http://www.politechbot.com/
    Moderated by Declan McCullagh (http://www.mccullagh.org/)

    This archive was generated by hypermail 2b30 : Mon Sep 29 2003 - 07:20:52 PDT