Our ID cards are being scanned at an increasingly alarming rate. Marisa over at Errata Security has posted about having her driver’s license scanned at a doctor’s office (including more links to other reports).
I don’t see why this is necessary. Is identity theft at a doctor’s office *that* big of a deal? What is the gain, free health care at someone else’s expense? Hijacked prescriptions? I can’t imagine healthscare theft is widespread as those seem like ballsy, planning-intensive forms of crime. Then again, maybe all it takes is one check-up and that information for someone else is entered into your record (positive for herpes? allergic to penicillin? DNA on file that isn’t yours?) which can have disasterous effects on your health later on. But that seems to be more a failure of relying so heavily on what is stored on a computer somewhere. We see movies that make these wild scenarios (The Net, Hackers, and many others) where a computer says you’re evil so everyone treats you as evil without a question…
Shit, maybe I’m convincing myself of something here!
Still, what if we go further down the RFID route, or any type of embedded ID system? RFID could be gathered without your being able to stop it once you walk in the door to an office (or god forbid walk *near* it and away!). An embedded ID chip (like pets are getting these days) pretty much has the requirement to be scanned, and let’s just hope that’s not being saved and is just being validated (yeah right). These kneejerk reactions to having our ID scan may be a joke in 20 years from now.
If you read the “Red Flags” Rule from the FTC, you’ll get the distinct impression this is not to protect consumers, but to protect healthcare providers. It also doesn’t even make a hint that providers should scan and store ID card information. It sounds very much like being carded at a bar where a visual glance at the card will be enough. (What I “like” about the Reg Flags Rule is just how vague they are…and we thought PCI was vague! This basically says you need to spot “red flags” and good luck with that!).
It was just last week that I mused on Twitter that I might have to look into a tight sleeve for my driver’s license; a sleeve that keeps the front visible but obscures the back so that I can stop a merchant/receptionist from scanning it while they slip the card out of the sleeve, yet still slip it into the slot in my wallet.