The balance between information and physical security

Publication YearIssue Date 

Alberta Privacy Commissioner Frank Works did the right thing in a Feb. 20 ruling when he ordered the Tantra Nightclub and its parent company, Penny Lane Entertainment, to stop scanning driver licences and to destroy any patrons' information that has been collected on a database. In an age of information theft and privacy assault, it is refreshing to see an official drawing a line in the sand for privacy rights. However, even getting rid of id scanning programs will still not answer the important issue of information security in bars and nightclubs.

The first problem with the SecureBar and BarLink id scanning programs is that they scan too much information. By scanning the card, the software collects all of the information on a patron's driver licence, even the patron's driver licence number and his/her weight, for an example. Is it necessary to collect all of the information on the card, even the patron's home address? Does the security really need to know about if a bar patron is a tall, thin man or a rotund dwarf, beyond initial identification? Finally, even with reasonable data encryption, limited access, and other security measures in place, identity theft can still happen. There are vital questions about SecureBar and BarLink's security, such as their ability to prevent a third party from hacking into their systems, or if SecureBar keep copies of information obtained from the database, or whether a determined criminal (or indeed a group of determined criminals) can access the id scanner and the database physically. Criminals can get jobs as bouncers at a bar and access the personal data there too. Heavy security measures cannot stop a determined criminal if he is intent on stealing the information.

Identity theft is a big business, with over $50 billion lost by consumers and businesses in the United States of America since 2002 and with many people losing control of their finances. Many of these thefts were due to criminals using stolen information to impersonate someone else and then drain their accounts. In other cases, a loan is taken out in the victim's name and the victim is left bankrupt. Worse yet is identity cloning, where a criminal acquires a victim's identity and impersonates the victim to perform a crime or avoid detection. That can result in the police issuing an arrest warrant for the victim, even if that person is completely innocent. Damage can be still done even if the offender does not use a victim's personal information for identity theft, such as when a stalker uses the database to track down a woman by looking up her address. Many people's naïvety about giving out private information in public space could lead to such situations.

The Privacy Commissioner's ruling has a broad implication on the bar business such as the Students' Union and its Den/Black Lounge pub business. How would the Students' Union reacts to this ruling? One can imagine the situation SU VP Operations and Finance, Fraser Stuart is in. The SU can keep the SecureBar id scanning program and risk the Privacy Commissioner's wrath (and a possible large fine), or get rid of it, potentially making the Campus Security and Den security unhappy. Campus Security and the Den/Black Lounge security are very confident in the usefulness of SecureBar in keeping the numbers of alcoholic incidents on campus down. Plus there are the initial implementation costs of the system which, according to Penny Lane president Paul Vickers, are not unsubstantial. In short, the SU finds itself between a hard rock and a frying pan.

Identity theft considerations aside, the ruling does not solve the thorny question of security at bars and nightclubs. The first problem is based in the nature of the bar and nightclub business. Serving alcohol and other intoxicating drinks to hundreds of buzzed, horny young adults during late nights and early mornings is simultaneously a genius idea with possible millions of dollars in profit and a mad business proposal with heavy security risks. These risks can be bigger when wasted patrons decide to start a riot, requiring a prompt police response. Even better, what about gang members and troublemakers with weapons?

Fights and murders at nightclubs always generate bad news in media, and always spoil the days of everybody involved--including the patrons who have nothing to do with the fights, along with the bar staff and bouncers who have to deal with the consequences. Would people still risk their personal safety and health by attending a bar where one person got murdered, even years afterwards? Would a nightclub still be popular if a drive-by shooting took out a whole line? Bouncers, for all their preventative work still have to break up fights, while bartenders and bargirls have to deal with harassment from drunk customers who don't take kindly to being cut off.

The question about security is why nightclub owners such as the Vickers will appeal against Frank Work's ruling as hard as possible. It is also why he plans to turn all of his bars into private clubs, where people would have to fill out forms for membership and show a copy of their driver's licence before being allowed in, and would see a reduction of customers, thanks to all the potential workload. This concern for the safety of patrons and staff is strong enough to overrule privacy worries about the use of an ID-scanning system, with all the privacy and information theft issues associated with them.

However, what bar owners like Paul Vickers fail to recognize is that information security is as important as physical security. Concerns about identity theft are valid and by not addressing these, the owners are doing their own customers a disservice. There are other acceptable security measures, such as metal detectors, scanners, hiring more bouncers and off-duty cops who have more training in dealing with the unruly. Even Tequila Bar & Nightclub manager Jeff Beddoes noted in a Dec. FFWD article that more bouncers at the front door are as effective as an ID scanning program.

If bad news about violent fights at a bar weren't bad enough, news about patrons' personal information being hacked off a bar's security database would be a media bombshell. What is needed is a new dialogue on what makes an acceptable replacement for id scanning programs and a debate on how much personal information is fine to give out to strangers. If you can't trust your best friend with your intimate information, why should you hand it over to a random bouncer at a nightclub?

At least, if Penny Lane's appeal got rejected, he can always make a visit to Israel or Bali to see how they can make metal detector scanners a fashionable nightclub accessory.




As girls, our number one priority when going out these days is security - we consider how we will get home , the likely customers in a bar or club and the reputation of the venue - when a venue scans Id we consider this a definate plus point as we know our safety is being taken seriously -

who ever it is, who has banned this use, is certainly out of touch with th reality of today -

Society as a whole has taken a step back not a step forward over the past decade, we live in far more violent times.

Indentity theft may be an issue, but it is a non violent one that does not murder,harm, disable and destroy lives for ever, unlike the violence that is a fabric of the night culture across this country.

It seems to me this "information Commissioner" is motivated by Financial loss of corporations rather than the real loss of lives -

Jolanta's comments are so off base, I just don't know where to start. After all, a co-worker once told me "don't try to reason with stupid people", but her comments are so stupid, maybe it's a double negative?

Can someone please show me proof that the collection of a gross amount of personal information has made a venue safer? I'm yet to see the evidence, although we see no shortage of Jolantas who have been watching Oz and Adventures in Babysitting a bit too much.

Of course, like any public safety campaign in this country, Jolanta mentions anecdotes and the obligatory line of how murder and harm "disable and destroy lives for ever (sic)", without being able to cite any sort of statistics. After all, with anything public safety, emotion and ëwhat ifí come way ahead of ëwhat isí.

The rest of the noise coming out of her mouth is nothing more than on broad generalizations ("we know our safety is being taken seriously"), social constructs ("we live in far more violent times"), emotional arguments that have little to do with the topic ("this 'information commissioner' is motivated by financial loss of corporations"), and best of all, sheer ignorance ("indentity (sic) theft may be an issue, but it is a non violent one...."). It sounds like someone has been watching a bit too much Global News. I know, I also cry every time a corporation who sole purpose is to collect private information gets a hit to their share value.

In Jolanta's bizzaro-world of SecureBar, if I go into a bar, drink ten beers, get upset at someone, this weird vortex known as SecureBar which stores all of my information in the hands of a private corporation will somehow stop me from stabbing that person. Oh, did I mention that this private organization is Calgary's outstanding model citizen, Paul Vickers?

If you do not see any issue with your information being stored by a corporation (or paul Vickers) without your knowledge of how it is used, you are the one in need a reality check. No, identity theft is not like murder (very good Jolanta!), but invasive data collection is not at all worth completely unproven safety benefits. If you believe a perceived increase safety by law abiding sheep is worth a corporation using your information as they please, then obviously you are stupid enough to willingly attend one of paul vickers' night clubs.

And what the hell is 'night culture'? violence that is the fabric of the night culture? Does Jolanta actually go far from the suburbs that often? Has she ever WALKED somewhere or taken a train at night before? Has she ever been in a city outside of this country at night time? We live in more violent times? What the bloody hell are you talking about? We obviously live in a much more complacent time. At least the EFF and ACLU are strong in the USA.

Just one point to make: Paul Vickers and the SecureBar/BarLink organizations are two different organizations. There are no relations or any connections between Vickers and SecureBar, apart from SecureBar/BarLink being used at the Penny Lane Entertainment Group bars.

If there are any information or links that demonstrate a definite relationship between Vickers and SecureBar, can we see them?

I just have to make that notice. Apart from it, I agree with Dwight. We all are too complacent with our private data and it scares me.

dwight never intended to say that vickers and securebar are linked. but i have little doubt vickers wouldn't have access to the information that securebar stores. after all, vickers is the customer in this relationship.

SecureBar and BarLink use a camera connected to what I believe is a Windows XP box. As such, it is quite likely all the information is stored internally at the bars instead of on a centralized server as is being implied. Regardless of Vickers, this is worrisome due to the potential for physical data theft.

It's an old IT saying:
"The only secure computer is turned off, unplugged from any networks, put in a safe, and buried under six feet of concrete in the middle of a jungle containing trained mercenaries who shoot to kill... and even then I wouldn't put money on it."