The gas station beer data racket

Anyone who really knows me knows that the exfiltration of my personal data by organizations that have no business having it is a massive pet peeve of mine. It is an exhausting quirk to have in the world today. Our access to data has grown too fast for our laws to protect it, and the net result is that instead of having to fear one ‘big brother’ vacuuming up all of our data, we have to deal with several ‘little brothers’ in the corporations we associate with that are desperate for marketing data. On top of that standard big brothers still exist, the major governments, who gladly allow it all to happen because it means they can simply extort all that data from the companies you do business with. So to summarize we have every company under the sun sucking up all the data they can get. Who then distribute it to governments (through intimidation), and for that matter everyone else too (through hacks and leaks).

So it is in this world that my story begins. Inevitably I wind up buying things that require ID, typically beer, but this also occasionally tobacco products, pseudoephedrine, canned air, lottery tickets, mature-rated video games or any other consumer good with an applicable law attached. This always leads to an ID check. Now from the beginning of time until very recently, this involved a clerk looking at the ID, checking the details written on it, checking the picture for a match with the face standing in front of them, and probably checking some anti-counterfeiting measures on the ID itself. I accept and fully support this process. If you want to buy something that requires a valid ID you should have to present it. The problem though is that somewhere along the line someone decided to take all the data contained in the document and digitize it into a scannable code on the back. The retailers have, one by one, taken to scanning this data under the guise of ‘verifying’ the license. The logic (if they can be believed) is this, If the system requires a cashier to require a license scan on every purchase with an age requirement, and if they have that scan on record. Then the ABC will have no recourse to come after the retailer for policy violations. That does make a lot of sense for the retailer, and if there was any sort of guarantee that the data wouldn’t be abused then I would support the practice. But far beyond simply not having a guarantee, there is a long list of corporate data breaches that proves these companies have no respect for the security of this data. And why should they? It’s not their data. Ask yourself what do they stand to lose by having it breached? Sure companies have lost consumer trust through data breaches but let’s be honest, there have been so many in recent months that they are hard to keep track of, and even if they can protect it from external actors that data is just too juicy not to be used by the company itself for marketing purposes.

Ok, so solutions. Well, I have taken to using my passport card or passport itself as my primary ID. Both of which can be scanned but only by the TSA. Passports also do not contain your address or any other identifying characteristics than what is absolutely necessary for a foreign government to determine if your status is sufficient to allow access to their country. Real passports work better in this vein than the passport card since most people have not seen it before. The only reason I mention it at all is that I have noticed my real passport is getting frayed from daily use. If you do not have a passport any kind of military or federal ID works in a similar fashion. You want something that is obscure but still clearly valid.

This is not always a workable solution. Some retailers have taken to the habit of only accepting drivers licenses. I’m not sure of the specific legality here but I’m pretty sure it violates some kind of laws. Specifically calling a federal ID invalid only on the basis of it not being scannable. If there are any paralegals or similar that can prove or disprove this statement please comment. The retailers must feel the same way because several of them now tell me that it is simply ‘company policy’ this sidestepping the legal issue. If this is the case The only other protection is to physically cover your scan code with tape or better yet a label that specifically states that you do not consent to uploads of your personal data to private servers and that if that is a problem you will gladly shop elsewhere. That whole concept might be hard to fit onto a piece of tape but you get the idea. Put up a physical barrier and be clear about your intentions.

That, of course, leads me to the final recourse available. Vote with your feet. If there is a retailer that really gives you that much of a hard time about scanning your identification after you have clearly proven it, then there is not much else you can do. Besides launching a massive class-action lawsuit, in which case sign me up too!