By Mike Warren
While visiting The Den recently, I was quite disturbed and upset to see an unexplained computer system sucking up a vast quantity of personal information. The staff were generally unhelpful and didn’t seem to know anything about the system. Their negative attitude didn’t help much either.
The manager of The Den and someone claiming to be the creator of the system assured me that none of my information would ever
be sent to anyone else aside from The Den. According to the information found at SecureClub.ca, this cannot be true.
The manager and creator invited me to visit SecureClub.ca, promising more details. There isn’t much detail, but one section of the site says, "The most unique advantage of this security service is the fact that it has a communal security quality. With this service establishments are interlinked in what we call the universal doorman that never forgets a face or event and can work everywhere."
Quite clearly, such interlinking means that my private information is in fact being sent to places besides the computer systems employed by The Den. The Web site is comically short on details as to what security measures are employed to limit access to the data collected. I can only assume the "interlinking” takes place over the available Internet infrastructure. Some questions:
1. How does SecureClub ensure that no outside party can access the data on machines connected to the "interlinking” facility?
2. How exactly is the "interlinking” achieved?
3. How does SecureClub ensure no party can listen in on connections to other clubs’ systems?
4. For what possible reason are full names collected?
5. For what possible reason are pictures of people’s driver’s licences scanned?
6. Does SecureClub keep copies of the information obtained from those using the service? If so, why?
7. What measures are in place to guard against theft of the data?
The Web site further claims, "SecureClub have taken many measures to prevent any false information and misuse of this service.”
This is not true. The aims of the system (preventing trouble-makers from re-entering drinking establishments) can easily be achieved without storing anyone’s name, picture or driver’s licence number.
Taking pictures of government-issued identification cards makes SecureClub an ideal target for many of the people who would be interested in obtaining identity information. Not only do they get names, addresses and birth dates, they get a picture of the person’s driver’s license, the ID number and even a picture of the bar code.
The only target which might be better is the central driver’s licence registry or a police station. I know which one I would bet is the least secure of the three. Which one do you suppose a potential identity thief would rather attempt to break into?
Mike Warren