The gym a block north of the 18th and U street intersection in Adams Morgan also requires fingerprints. It's probably pretty common. Previous Politech message: http://www.politechbot.com/2005/04/28/arkansas-salon-requires/ -Declan -------- Original Message -------- Subject: Re: [Politech] Arkansas salon requires thumbprint to get a tan [priv] Date: Thu, 28 Apr 2005 12:20:00 -0400 From: ed <bernies@private> To: Declan McCullagh <declan@private> declan, i just called Premiere Tans to schedule a tanning appointment (apparently they don't take appointments) and was quoted $7.00 for a 20min tan. then i asked the woman if i have to get fingerprinted for this, and she went ballistic--accusing me of calling her about this all night and day (this was my one and only call.) then she said she was calling the police to report me for harassment (which would be difficult, since i block my Caller ID.) anyway, apparently they've been getting *lots* of calls about this. -bernieS -------- Original Message -------- Subject: biometric tanning salon --> gyms, too Date: Thu, 28 Apr 2005 08:16:30 -0700 From: Xeni Jardin <xeni@private> To: 'Declan McCullagh' <declan@private> ________________________________ From: Bob Thomas Sent: Thursday, April 28, 2005 4:14 AM To: xeni@private Subject: update to tanning salon story requiring biometric data collection I'm disgusted to say the regional fitness center I belong to has started doing this as well. www.fitworks.com 19607 Detroit Rd. Rocky River, OH 44116 440.333.4141 440.333.4630 (fax) 1.877.FEEL.FIT (toll free) I went to the gym yesterday and there was a huge line of people at the counter. When I went to the counter to swipe my membership card, I noticed they were training people in the use of their new security system that requires the input of your thumb print. I'm going to call them later today and see what type of security they have on their network and what sort of non-disclosure policies they have, but it looks like I'll probably have to change the gym I go to. I guess we can look forward to a future where all of these sorts of personal services clubs require the submission of biometric data. Cheers, Bob -------- Original Message -------- Subject: RE: [Politech] Arkansas salon requires thumbprint to get a tan [priv] Date: Thu, 28 Apr 2005 08:32:50 -0400 From: Jim Harper <jharper@private> To: Declan McCullagh <declan@private> CC: <xeni@private> Brilliant! Until the very end . . . Yes, go to the media. This is dumb and it should be held out for derision. But, please oh please, don't go to the ACLU or the state Attorney General. There is no law against making dumb, privacy-invasive requests and there's no civil right violated when a private business does so - even if it conditions its service on a dumb privacy invasion. Open and above-board stupidity is legal. And we should all thank heaven for that! I have a little bit of confidence in the ACLU, but the state Attorney General will be all too happy to cobble together some bizarre notion that consumer protection law covers this. The power to cobble together new legal authority is one very likely to come around later and bite us in the proverbial ass. No, the solution is that consumers should refuse this bad deal. They shouldn't run to the authorities pleading to be cared for. Good job exposing this silliness Wayne, Xeni, and Declan. Jim Harper Director of Information Policy Studies The Cato Institute -------- Original Message -------- Subject: RE: [Politech] Arkansas salon requires thumbprint to get a tan [p riv] Date: Thu, 28 Apr 2005 08:14:17 -0400 From: Singleton, Norman <Norman.Singleton@private> To: 'Declan McCullagh' <declan@private> uh, it is a PRIVATE business and can set any conditions on dealing with someone it wants. that said, I would hope the people of Little Rock would boycott this establishment and some bright entrepreneur would open a thumb-print free tanning solon. Norman Kirk Singleton Legislative Director Congressman Ron Paul 203 Cannon Washington, DC 20515 202-225-2831 -------- Original Message -------- Subject: more on thumbprint tan Date: Thu, 28 Apr 2005 08:07:00 -0700 From: Xeni Jardin <xeni@private> To: 'Declan McCullagh' <declan@private> -----Original Message----- From: Ethan Holland [mailto:Ethan@private] Sent: Thursday, April 28, 2005 5:20 AM To: xeni@private Subject: re: thumbprint tan If Wayne wants to stick it to the man, why didn't he get the name of the POS system which needed a finger print? Obviously a bunch of workers at a tanning salon care less about the backend system, and much like the maligned phone number debacle (wherein some people are very rude to workers who request a phone number to buy something at Radio Shack).... it seems that the problem lies with the POS system provider (some geek who thought it was cool to install a thumbprint scanner). I am sure that after the salon gets 1,000,000 calls from internet readers, they will back off. <note snipped> Ethan -------- Original Message -------- Subject: Re: [Politech] Arkansas salon requires thumbprint to get a tan [priv] Date: Thu, 28 Apr 2005 08:11:54 -0400 From: J.D. Abolins <jabolins@private> Reply-To: jabolins@private Organization: Meyda Online To: Declan McCullagh <declan@private> References: <42706AA7.5090506@private> Reading the "it's for our computer system" brought back to my memory a term from about 30 years ago: cybercrud. Cybercrud is claiming that one "must" do something, usually a silly or objectionable action, because the computer "requires" it. This claim deflect attention away from the human decisions, policies, and systems design involved. Ted Nelson, of the Xandu Project fame, coined the term about 30 years ago. J.D. Abolins > http://www.boingboing.net/2005/04/27/arkansas_salon_requi.html > > Arkansas salon requires thumbprint to get a tan [...] > When she refused, the woman was offended, saying "it's for our > computer system" and when neither would budge, Breanna had no other > choice but to leave. -------- Original Message -------- Subject: [Politech] Arkansas salon requires thumbprint to get a tan [priv] Date: Thu, 28 Apr 2005 03:01:45 -0400 From: Richard W. DeVaul <rich@private> To: declan@private CC: Richard W. DeVaul Ph.D. <rich@private> References: <42706AA7.5090506@private> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >The person asked to take an electronic scan of her thumbprint in order for >her to be allowed to get her spray tan. Breanna, sensitive about her privacy >being voilated (rightly so) refused to allow them to make and permanently >store an electronic scan of her thumbprint -- she isn't "joining a program" >she simply wanted to purcahse a single tan and have it applied at that time. > >When she refused, the woman was offended, saying "it's for our computer >system" and when neither would budge, Breanna had no other choice but to >leave. ... Declan, Just a quick comment. I doubt that a private business requesting a thumb print, or requiring one, is against state law in Arkansas or anywhere else in the US; I'll leave the legality up to the lawyers to comment on. Stupid, yes. Illegal? It almost doesn't matter. The bigger issue here is "biometrics creep," one aspect of our post 9/11 pseudosecurity craze. Like pseudoscience, pseudosecurity is about the trappings of security without the substance. It may give people the feeling that they are safe, but in reality makes us all significantly less safe and secure. When tanning salons (and supermarkets, etc.,) start amassing fingerprint databases, it becomes that much easier for identity thieves to steal this information. "Spoofing" fingerprints turns out to be relatively easy once you have an image of the print[1]. I don't seriously believe that Buffy will use fingerprint spoofing to get a free tan, but Biff the terrorist would love to get his hands on those prints so he can make use of a biometric-authenticated passport -- and how good do you think the tanning salon's computer security is? I believe that identify theft may emerge as the single greatest threat to our security in the 21st century -- both personal and national. The judicious and careful use of biometrics, as one part of a comprehensive authentication system, could provide substantial security benefits. Unfortunately, the haphazard use biometrics is threatening to undermine any security benefits they might have offered. [1] Fingerprint Spoofing: http://www.schneier.com/crypto-gram-0205.html#5 Sincerely, Rich Richard W. DeVaul Ph.D., CTO AWare Technologies http://www.AWareTechs.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.6 <http://mailcrypt.sourceforge.net/> iD8DBQFCcIoycEzhTv/Qc9oRAqPbAJ4w/x2EoWnLtUMRBFp5tR7ZGgumBACglySE WriVwj5XmfblnxFFQKc2YJw= =ylH3 -----END PGP SIGNATURE----- _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Thu Apr 28 2005 - 09:58:20 PDT