A SCANNER IN THE WORKS
BarWatch says its security system
By CHAD HUCULAK
It's Saturday night at the club. As you arrive, you give the doorman your driver’s license and he scans it into their BarWatch security system. The computer screen says you’re not an offender of any sort—good news: you’re allowed in. But as you’re handed back your card and you walk away, perhaps it occurs to you: wait a minute. I just handed over all my personal information to a computer program, and I don’t even know where it goes from here. Maybe that’s fine with you and maybe it’s not, but it’s something that’s happening with increasing frequency in Edmonton’s posher clubs. And while security systems like BarWatch may be making our bars slightly safer, they’ve left some people feeling that their right to personal privacy is being trampled with every swipe of their card.
Meet CybØrg/ASM, a member of an Edmonton computer hacker group whose website, Hack Canada, is renowned for its coverage of global computer-related news and articles providing tips on how to exploit cellphones and expounding on the discriminatory policies of 7-11. Recently, however, Hack Canada set its sights on BarWatch, lambasting the system’s scanning procedures as a blatant example of privacy rights violations. Hack Canada claims that once the BarWatch system has recorded your information, that info could possibly be used for... well, most anything from surveillance to marketing. They also argue that by scanning and storing your entire ID card (with your photo, signature and home address intact) without your given consent, BarWatch is in defiance of the Canadian Personal Information Protection and Electronic Documents Act.
“It seems most people are ignorant of why their personal privacy is important until they become a victim of privacy abuse,” CybØrg/ASM says via e-mail, explaining why he chose to publicly attack BarWatch. “Most people seem to feel that they have nothing to hide, but the fact is that having personal privacy means the difference between a life of freedom and dignity, and a frightening existence under a constant cloud of dismal inhuman surveillance.”
BarWatch, basically, is an ID scanning system that verifies whether you’re a threat to the club. If you’ve never been scanned into BarWatch before, then the system will assume you are okay and allow you to enter; if you’re a known member of a gang or have exercised threatening behaviour in a club that’s used BarWatch in the past, you won’t make it past the front door. Successful versions of the program have been established in Vancouver and the U.K.; Edmonton has had a BarWatch committee for six years now, run in conjunction with Edmonton Police Service, Emergency Response Department, Alberta Gaming and Liquor Commission, City of Edmonton Licensing Departments, West Edmonton Mall Security and others. Membership is voluntary, with establishments such as Cowboys, Diamonds Gentleman’s Club and the clubs in West Edmonton Mall having signed on.
The problem is that, according to the Act with the long, cumbersome name I mentioned a couple of paragraphs ago, individuals have the right to know why an organization collects, uses or discloses your personal information. It also requires organizations to obtain consent when they collect, use or disclose personal information, and to supply a product or a service even if you refuse consent for the collection, use or disclosure of your personal information unless that information is essential to the transaction. Of course, since a bar is a private business, they also have the right to deny somebody access if they refuse to have their ID scanned.
Hack Canada contains cached webpages from an older version of a BarWatch webpage that proclaims the BarWatch system is a great tool for gathering customer information that could be used for marketing and promotional purposes. After the Hack Canada article appeared, the BarWatch website was drastically redesigned to remove most of those references and now states that they do not sell customer lists or information to others.
CybØrg/ASM, however, feels the basic issue remains unchanged and argues that BarWatch still poses a threat to people’s privacy. “People need to be aware of this system,” he says, “because it is illegal and yet it is still supported by the Edmonton City Police.”
Jeff Christie, president of the ironically-named Panacea Data Management Corp, is the man behind the BarWatch scanning system used in Edmonton. Christie, an award-winning data analyst, was approached by Sgt. Gary McCartney of the Edmonton City Police two years ago, and despite not having any background in nightclubs, he worked with the Summerlea Police Station (the one situated inside West Edmonton Mall and which serves the west end of the city and the Mall) to develop an identification system to be used at the mall’s high-traffic nightclubs.
“It’s more of a public service than anything else,” Christie says of his BarWatch system, adding that he wishes the author had called him first to get the true story about his business. “What [Hack Canada] did was pretty immature and uncalled for.”
But Christie’s laissez-faire attitude sure doesn’t sit well with irate bar patrons like Lisa. (Her last name is withheld by request—boy, this really is someone who’s determined to protect her privacy.) “I don’t appreciate having my identity stolen from me and that’s exactly what I feel happened here,” Lisa says. “It is in direct violation of Canada’s Privacy Act. Unlike those suckers in the U.S., I am not prepared to allow my rights to be squashed to help protect some business. I felt violated when it happened.”
Here’s the incident that’s got Lisa so upset. After setting out to celebrate a friend’s birthday at Diamonds Gentlemen’s Club, Lisa had her ID scanned by the bouncer at the front door and saw her data appear on a computer. The whole experience raised a host of suspicious questions in her mind, and later she gathered information on BarWatch through Hack Canada and contacted Jeff Christie, asking him to remove her data from the BarWatch database. She demanded that he log in and remove her scanned data himself. It was a hassle, but Lisa’s personal info was out of the system.
Christie says people who feel the same way as Lisa can employ the same process to get their names removed from the BarWatch files. “They can phone me or e-mail me saying who they are, along with their MVID number and I’ll have them taken out of the system,” he explains. “The police station will do it too.” (Christie cautions, however, that e-mailing personal information across the Internet is usually not a good idea.)
Perhaps Lisa’s problems could have been avoided had the club posted some information about the BarWatch system and what the scanned information would be used for by the entrance. In fact, few clubs have a visible set of BarWatch regulations posted anywhere. At the very least, according to Christie, there is supposed to be someone on the bar premises able to answer any BarWatch-related questions.
While the sentiment is nice, such assurances do little to settle the concerns of people who value their privacy; the only thing that would do that, says CybØrg/ASM, would be the abolition of systems like BarWatch. “Systems like this set a very dangerous precedent and serve to inoculate the populace to further loss of privacy,” he concludes. “Witness what is happening in the United States right now—David Hume put it best when he said, ‘It is seldom that liberty of any kind is lost all at once.’”
Vue Weekly, No. 465, July 15-21, 2004, Page 5, http://www.vueweekly.com/articles/default.aspx?i=470