SFclub Privacy Final Press“>SF Club Privacy
To: The San Francisco Entertainment Commission
From: Privacy Activism, the Electronic Frontier Foundation, the Privacy RightsClearinghouse, IP Justice, Beat the Chip, Center for Financial Privacy and Human Rights, Patient Privacy Rights, and the Bill of Rights Defense Committee
Re: Proposed Adoption of Rules Related to Security at Places of Entertainment and One Time Events
April 12, 2011
Privacy Activism, the Electronic Frontier Foundation, the Privacy Rights Clearinghouse, IP Justice, Beat the Chip, Center for Financial Privacy and Human Rights, Patient Privacy Rights, and the Bill of Rights Defense Committee submit these comments inopposition to the proposed rules. If passed, rules 3 and 4 would pose a grave threat to theConstitutional rights to free speech, freedom of association, and to the privacy rights of all patrons who wish to attend events at venues with Place of Entertainment permits in San Francisco. These proposed rules should be rejected immediately.
3) All occupants of the premises shall be ID Scanned (including patrons, promoters,and performers, etc.). ID scanning data shall be maintained on a data storage systemfor no less than 15 days and shall be made available to local law enforcement uponrequest.
The city of San Francisco has a long history of political activism and cultural diversitywhich would be profoundly threatened by this proposed rule. Events with strong cultural,ideological, and political components are frequently held at venues with Place of Entertainment Permits.
Scanning the ID’s of all attendees at an anti-war rally, a gay night club, or a fundraiser for a civil liberties organization would result in a deeply chilling effect on speech, sinceparticipants could not attend without their attendance being noted, stored, and madeavailable on request to government authorities. This would transform the politically andculturally tolerant environment for which San Francisco is famous into a police state.
These proposed regulations raise several problems: they would violate the rights of patrons, enable systemic abuses by law enforcement authorities, allow for troublingsecondary uses of the data, and invite theft and fraud by identity thieves and hackers.
The proposed regulations state that personal information shall be made available to locallaw enforcement upon request, even without a subpoena, warrant, or court order. This co-opting of private surveillance abuses the rights of attendees and violates due process.
A direct pipeline of personal information to the police also invites systemic abuses. The proposed rule would allow police to make a wholesale request for information every fifteen days, creating their own internal database of which individuals visit whichparticular venues and how often. The last time SFPD created an intelligence unit, a courtdisbanded it to stop multiple documented abuses. The San Francisco EntertainmentCommission should not invite history to repeat itself.
Even if the violation of patrons’ rights freedom of association and due process were notreason enough to discard these proposed rules, there are still serious privacy concernsstemming from the creation of completely unregulated databases full of personal data.Identification documents contain a vast amount of personal information about theindividual, including an address where the individual may be found. Mandating thecreation of databases filled with the identifying information of every person attending avenue with a Place of Entertainment permit in San Francisco without mandating any kindof protection, checks and balances, or auditing for such sensitive data creates thousandsof new opportunities for abuse and data breach. These databases would be tempting targets for ID thieves and stalkers, not to mention dishonest insiders.
Additionally, the proposed rules contain no explicit ban on secondary uses of informationgleaned from scanned driver’s licenses. Without protections for this highly personalinformation, club owners, marketers, and others are free to collect name, address, height,weight, and birth date and use for whatever purposes they wish. Even if the informationis deleted from a data storage system, there is no guarantee that personal information hasnot been copied over to another device to be used at will by others. Any proposed rulesshould have an explicit ban on secondary uses of information.
4) High visibility cameras shall be located at each entrance and exit point of thepremises. Said cameras shall maintain a recorded database for no less than fifteen (15days) and made available to local law enforcement upon request.
Cameras noting when a patron comes and goes are intrusive and oppressive. Becausethey enable a record of not only the time at which patrons arrive, but also how long theystayed, when coupled with the scanned ID’s of patrons, they can enable a record of associations among patrons, eviscerating their constitutionally-guaranteed right toassociation.
Requiring venue owners to hand this sensitive information over to law enforcementwithout a subpoena, warrant, or court order amounts to a breach of patrons’ right to due process.
We are deeply disappointed in the San Francisco Entertainment Commission for considering such troubling, authoritarian, and poorly thought-out rules. The Commissionshould reject this attack on our most basic civil liberties. San Francisco cannot hope toremain a hub of cultural and political activity if we are stripped of our civil liberties the moment we walk through the door of a venue.