[Politech] Fingerprints, thumbprints, and all-around biometric silliness [priv]

From: Declan McCullagh (declan@private)
Date: Tue May 03 2005 - 22:18:55 PDT

Previous Politech messages:

-------- Original Message --------
Subject: Re: [Politech] More on businesses requiring fingerprints for 
gym, tanning salon memberships
Date: Thu, 28 Apr 2005 13:44:13 -0700
From: Tom Collins <tom@private>
To: Declan McCullagh <declan@private>
References: <42710FC6.5070206@private>

On Apr 28, 2005, at 9:31 AM, Declan McCullagh wrote:
 > When tanning salons (and supermarkets, etc.,) start amassing
 > fingerprint databases, it becomes that much easier for identity
 > thieves to steal this information.  "Spoofing" fingerprints turns out
 > to be relatively easy once you have an image of the print[1].

One would hope (but shouldn't assume) that these systems actually store
a hash of the actual print instead of the print itself.  This way,
compromising the database wouldn't give you the information you need to
re-create the print itself.

But, the problem for the privacy conscious is that you don't know
what's being done with your print when it's acquired.  For all you
know, it's ultimately going into a massive FBI database that tracks you
any time you use a scanner.

Tom Collins  -  tom@private
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
You don't need a laptop to troubleshoot high-speed Internet:

-------- Original Message --------
Subject: RE: [Politech] Arkansas salon requires thumbprint to get a tan 
Date: Thu, 28 Apr 2005 13:05:07 -0400
From: Ashley Gauthier <agauthier@private>
To: Declan McCullagh <declan@private>

The ACLU should be contacted?  What, exactly, is the "civil rights" or
constitutional violation in this case?

Although many people have a strong sense of "privacy" and wish to protect it
in all circumstances, the incident described is a consensual transaction
between private parties and thus, there is no "invasion of privacy."

There is no federal constitutional "right to privacy" clearly stated in the
constitution.  At best, you have the mushy "privacy" interest as expressed
in Supreme Court decisions (Roe v. Wade, Griswald v. Conn., etc), and a
handful of states offer a limited "privacy" right in the state constitution.
But even to the extent such privacy interests exist, they apply only to
state action.  Citizens are protected against governmental intrusion.  There
is no constitutional or civil rights protection from what people think is
intrusive conduct by fellow citizens (or companies).

To the extent an individual or corporation might invade privacy, it is
illegal or actionable only if it violates a specific law or meets the
elements of a privacy tort.  The question Wayne forgot to ask was "what do
you do with the thumbprint?"  If the company uses it only for internal
purposes to identify clients and doesn't sell it, make it available to the
federal government, or otherwise misuse it, then I doubt it violates any
law.  I must admit I am not familiar with the specifics of Arkansas law, so
I suppose there could be an applicable state statute, but if there is, it is
an abberation.  Companies are generally permitted to gather and store
information about customers, particularly for the purposes of

I also doubt that asking for a thumbprint would be tortious under state law.
Under general common law principles, it doesn't qualify as an "intrusion
into seclusion," because they do not take your thumbprint secretly or
surreptitiously.  They get it only if you voluntarily give it to them.  And,
presuming they use it only for internal purposes, it would not constitute
"publication of private facts," as they do not disclose the information to

This incident is an excellent example of a subjective "invasion of privacy,"
but it does not strike me as illegal, based on the information given.  If
Breanna does  not want to turn over her thumbprint, she doesn't have to.
She is not being coerced.  She can get a tan at another salon.  She could
even buy a can of spray-on tan at the local supermarket.  This is the free
market at work, not a civil rights issue.

Ashley Gauthier

-------- Original Message --------
Subject: Re: [Politech] More on businesses requiring fingerprints for 
gym, tanning salon memberships
Date: Thu, 28 Apr 2005 11:44:40 -0700
From: Justin W. Newton <justin@private>
To: Declan McCullagh <declan@private>
References: <42710FC6.5070206@private>

One difference here, however, was the person in Arkansas was trying to do a
one time purchase.  What the health club was trying to do was prevent
account fraud where more than one person uses the same account.

-------- Original Message --------
Subject: Re: [Politech] Thumbprinting visitors at the Statue of Liberty
Date: Thu, 28 Apr 2005 17:24:52 -0400
From: Shaun <ShaunReport@private>
To: Declan McCullagh <declan@private>, <politech@private>

Do they tell you BEFORE you cross the water about the lockers/
What happens to the print after you leave/
If you pay with a credit card why can't you use the card to unlock the
lockers/ It is individual and keyed to a specific person.
What happens when the returning fingerprint doesn't work/
What happens if you are a double amputee/
I'm sure this gives someone the reason to try the gelatin fingerprint

Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

This archive was generated by hypermail 2.1.3 : Tue May 03 2005 - 22:38:52 PDT