Fingerprints to rent a car?

| Comments (1) |
Bruce Schneier posts about a plan to require everyone who rents a car to provide fingerprints:
Getting your fingerprints taken would once have meant only one thing. You were helping the police with their inquiries. Now such "biometric" identification is entering the mainstream of every day life.

If you want to hire a car at Stansted Airport, you now need to give a fingerprint.

The scheme being tested by Essex police and car hire firms, is not voluntary. Every car rental customer must take part.

These are stored by the hire firms - and will be handed over to the police if the car is stolen or used for another crime.

Detective Sergeant Vic Murphy, from the CID team at Stansted Airport, says it's a response to criminal gangs targeting airport car hire firms - where cars are driven away using false passports, false licences and false credit cards.

"It's not intrusive really. It's different - and people need to adjust to it. It's not Big Brother, it's about protecting people's identities. The police will never see these thumbprints unless a crime is committed."

Note the penultimate paragraph: They're using false IDs and credit cards. If you're a car rental company, what you really want from your customers is an ironclad assertion that if anything (loss, theft, damage), you won't be out the value. As a practical matter, the information they typically collect doesn't guarantee that:

  • The credit card provides an indication of the ability to pay and a direct way for the rental car company to recoup some of their expenses (though not all, if for no other reason than that credit card limits are typically smaller than the price of the car).
  • The driver's license provides (1) an indication that you're able to drive and thus presumably somewhat less likely to crash the car (2) a way to tie you to your credit card and (3) your name so that they can hunt you down if you don't come back.
  • A passport provides (2) and (3).

So, it's perfectly possible for you to to rent a car, even with completely valid credentials and then steal or damage it and have the company be unable to recoup the value of the car. Indeed, short of you handing them a warrant for the value of the car when you rent it, it's hard to see how this could happen. However, they at least know who you are and can investigate and potentially sue or prosecute you, which is better than nothing.

So, where does capturing fingerprints fit into the picture? They can be used in two ways. The first is forensic: they use them to try to figure out who you are and to prosecute you. The second is that you could use them to build a blacklist of people who you didn't want to rent to, with the idea that it would massively increase the overhead of running a theft ring since you'd need to keep finding new patsies to rent the cars.

If you had unforgeable ID--which we know how to do--this would take you most of the way there. You'd still be able to run a blacklist, though it would be slightly easier to evade since the attacker could steal the ID of someone who looked like them rather than get a new thumb. It would provide a better basis for initial forensic investigation since you'd actually have someone's name (even if their ID had been stolen) rather than a fingerprint that might or might not have been registered (assume that people who already have their fingerprints in the system aren't going to let you fingerprint them before they steal your car). It would be slightly less useful for prosecution since you'd have to rely on the agent's testimony that they checked your ID rather than a direct fingerprint match.

One further note: a lot of modern drivers licenses are bound to some non-face biometric. California, for instance, requires the collection of a thumbprint, though it's not on the magstripe). One possible alternative to capturing your fingerprint would be to compare it to the stored one (which hopefully would be masked in some way) and then throw away the capture. Would that be worse or better? Discuss.

1 Comments

[Posted for Hal Finney]

We used to fantasize about all kinds of privacy-protecting technologies back on the old cypherpunks mailing list. You wouldn't even show an ID when renting a car. Rather, you'd show various credentials that had no ID but proved that you were a licensed driver, had insurance, good credit risk, and whatever else was relevant. And then, in case you were going to commit a crime, you'd provide a blinded identifying token linked to some credentialed identity-escrow agency. Only the escrow agency would know your name and address and would reveal it under a court order. The car rental company or the police would be able to get your ID and pursue legal action if they have a lawful reason to do so. (In some more anarchic variants the "escrow agency" promised to break your kneecaps if you violated the rules.) This protects everyone's interests while providing even better privacy than we have today.

Well, it was a nice dream. Instead, what do we get? Thumbprints for routine transactions. Pretty soon it'll be DNA samples like in Gattaca. So much for privacy.

Leave a comment