Patronscan is the leading provider of ID-scanning/verification services to bars and restaurants, and one of its selling points is that it allows its customers to create shared blacklists of undesirable customers who can then be denied services at every other establishment that uses its services.
Susie Cagle (previously) delves into Patronscan's practices and the risks the company presents to privacy and fairness. For example, Patronscan's database contains the names, addresses and other details of people who patronize LGBTQ bars, or fundraisers for political causes. What's more, Patronscan allows law enforcement to access its records without warrants.
More disturbing is the creation of shared blacklists of undesirable customers: bar staff can block anyone for any reason, and while Patronscan's product allows staff to list a reason ("Assault," "disturbance," "drug possession," "drug trafficking," "fake ID," "fighting," "gang violence," "public intoxication," "sexual assault," "theft") there is no need to provide evidence for these claims, and your due process or right of appeal are based on the company's terms of service, not your constitutional rights. Once you're added to Patronscan's blacklist, you are barred from any participating establishment.
But even if there was some system of private justice you could appeal to, it might not matter: bar staff can also add people to the blacklist and give the reason as "other" or "private" — 60% of the people blacklisted in Sacramento were blocked for "private" reasons.
This opens up the door to widespread, illegal discrimination by racist, sexist, homophobic or transphobic bar staff, whose blacklistings will ripple out to many other establishments (Patronscan has captured scans from 200,000,000 people in sixty countries).
Patronscan has an aggressive lobbying arm, which has successfully lobbied cities like Pomona and Sacramento to adopt mandatory scanning laws for licensed establishments. Patronscan also deployed its lobbyists to attempt to scuttle a California privacy law that limits the retention and sharing of its data — the law passed, and Patronscan is currently in violation of it.
Once scanning is in place in a city, it doesn't take long for the databases it creates to swell to terrifying size: in the first five months of 2018, Patronscan scanned 561,087 people in Sacramento — the latest numbers put Sacramento's population at only 501,901 (!).
There's many reasons to worry about this kind of unaccountable private blacklisting, especially when it deputizes itself to serve as an arm of the state and law-enforcement, the sort of thing that causes real anxiety when it's tried in China. In an environment where immigration status and other basic facts of peoples' lives puts them at risk of loss of liberty, family separation and arbitrary detention, collecting, retaining and sharing data about our everyday activities represents a kind of depraved indifference to the human consequences of the pursuit of profit.
There's also the risk of a breach or leak, or of unethical employees using the company's stored data in unethical ways, from stalking to identity theft. This might be the easiest leverage point for curbing the company's worst practices: simply by creating a breach law that entitled victims to statutory damages from data leaks, states or the feds could make businesses like Patronscan uninsurable unless they drastically curtailed their data collection and retention. With New York and California attempting wide-ranging privacy protections, and with Europe already there, companies like Patronscan might have numbered days: one good lawsuit or enforcement action could trigger insurance audits of their business practices that would force them to enact deep product changes, or forge ahead with no insurance, something that would scare off any investor or shareholder, and pose real hazards for anyone who joins the company's Board of Directors.
There are already businesses that could fill the void if this were to come to pass: Patronscan competitor Idscan.net lets bars verify IDs and keep records on which patrons have been barred from their premises, without sharing or retaining that data (regrettably, Idscan.net is also operating a facial recognition database as part of its product offerings).
In California, PatronScan now only retains individual data for 30 days instead of the default 90 days. Patrons in California can no longer receive "private" or "other" bans, and there's a new online process for filing and resolving disputes more quickly than in other jurisdictions.
But those changes weren't required by law, and they don't satisfy privacy advocates. "The rule is don't retain and don't share," says Joe Mullin, policy analyst for the Electronic Frontier Foundation, which supported the California law. Mullin says that despite its new policies, PatronScan may be violating the legislation, and not being regulated accordingly. "There is sometimes a real enforcement problem with privacy laws. [If the system is] ok with the bars, it's certainly ok with the service provider that's making a lot of money, and if it's ok with the police, who's there to stop it?"
According to PatronScan's own marketing material and bars that use the system, the company continues to maintain a centralized database and banned patron list in California. Establishments in Sacramento that use PatronScan said the reforms hadn't noticeably changed their use of the devices. "Basically it's just a robot checking an ID to make sure you're cool — and then something that we can keep track of for future reference," says Martinez of Coin-Op. "It helps wean out the kinds of patrons we don't want in our bar."
This ID Scanner Company is Collecting Sensitive Data on Millions of Bargoers [Susie Cagle/Onezero]
(via Naked Capitalism)