repstein at chello.at
Tue Oct 24 10:03:36 UTC 2006
> From what I've seen, there's a complete lack of awareness of the
>risks associated with retention of identification or information. I
>even had a long argument with the local US Post Office, who wanted to
>record numbers from two forms of ID in order for me to retain my PO
>Box. Their claim was that postal inspection service requires it. I
>objected due to my local postoffice storing this information on index
>cards which all employees of the post office can access. While I
>understand the postal inspection service's interest in being able to
>track down box holders, I asked the postmaster if he'd sign a
>document accepting personal responsibility if the information was
>released or used by any of his employees.
.. and how did that go?
>I think it's time to show up with such a statemant of acceptance of
>liability whenever asked for such information. I have to wonder if
>company lawyers would then give it some thought.
Being recently on a large, well known military station, the opposite
happened to me. While yes, when originally being vetted I had to supply
certain information that most would cringe at supplying, when onsite I was
asked for two forms of government issued identification (I chose drivers
license and passport) which was just reviewed (not copied), immediately
handed back to me and then asked to pose for a picture and signed an
electronic pad. A minute later I was handed a new government issued ID.
During my stay, I had the need to access certain restricted areas. As I
entered restricted area buildings, I was handed a restricted area badge to
wear over my new picture ID to let people know immediately what areas I had
access to (the alternative is shoot first, ask questions later; I'll pass,
On the other hand, I've visited many data center, collocation facilities,
and even foreign military bases (both US and others), and since AT&T sparked
this conversation, I've actually been to nearly 40 of their facilities
throughout the US. In recent memory, I can think of two large collocation
centers that retain your ID. One is in Miami and one in New York (I don't
think I need to name names, most of you know to which I refer). All others
(including AT&T) have never asked to retain my ID.
I'm not exactly sure why these sites want to retain ID, but I think it
goes along with the big weight that is connected to the gas station bathroom
key. They want to make sure you return your cabinet keys (if any),
temporary pass (if any), etc. Legal risk or not, can you think of a better
way to get someone to return to the security desk to sign out? Until then,
these sites will continue this practice.
More information about the NANOG