Rental Car - Thumbprint = No Rental Car

An anonymous submitter sends: "Wired is reporting that $$$ Rental Cars is requiring a thumbprint to rent a car... No thumbprint, NO RENTAL CAR FOR YOU!" I thought the rental car business was in trouble with the recent decline in tourism. I guess not.

I like it!

[uslinux.net]

Frankly, I kind of like the idea. I really don't see how Dollar having your finger print poses any personal security threat, and if it will in fact deter thieves, then I'm all for it. Think of it this way, if you're renting they already have your Drivers License info and probably a major credit card. Unless this gets linked into a federal database which the gov't could use to track your whereabouts, I don't see a problem (and frankly, if you're using a drivers license and credit card, they ALREADY have everything they need to track you).

What I DO disagree with is the section in the article that says "One agency, Acme Car Rental in Connecticut, went so far as to surreptitiously install GPS in its fleet. The tracking system was only discovered when a man was fined by Acme for speeding, in violation of the agency's rules." Now that bothers me, simply because I don't believe it's any of their damn business where I go. So long as their car gets returned in good shape, they should butt out.

Fingerprints on license in TX

[renehollan]

Well, in Texas, you must provide a left and right thumbprint in order to get a state drivers' license.

I can understand the desire for companies to know with whom they are doing business, and the ability to find them. It is however, frustrating, that so many different primary "keys" end up being used: SSN, license, prints, etc.

As much as I hate the notion of a National I.D. Card, the arguments for a universal unique personal key are compelling, so long as you could control what data was accessible via said key. IOW, any credit agency could assign you an ID unique to them (though, in practice, they use an SSN), and track your credit record, but only YOU could control linking your universal ID to that data.

This would have several advantages:

1. a unique key per person;

2. control over data accessable via this key;

3. pressure on companies to abandon use of less desirable keys, like SSN's;

4. no need for physical identification, like fingerprints.

Consider if this universal ID were also the public part of a public key cryptosystem keypair: you could prove identity by decrypting a challenge encrypted with the ID. Data maintained about you could be signed by the originator and encrypted with your private key, so it could only be obtained with your assistance. Spoofing of data (by picking new key pairs for a new identity) would be impossible if the data included your public key (i.e. "alias") as part of what was signed.

Clearly, this has advantages: you can provided third-party signed information about yourself to those you chose. People can do business with you without knowing your name, or where you live, increasing your potential for annonymity (of course, getting something shipped to you defeats a large part of this). The big disadvantage is that, armed with a public key, third party collection and correlation of data can begin -- the police may not know who #2600 is, but they could damn well track where he goes. However, accidental disclosure of this data would be more difficult to overlook: why would anyone maintain non-encrypted records? They are only needed in plain text for the brief interval during which you encrypt and return them. And, the undesirable collection of such data happens anyway today, with multiple keys being one more thing to correlate.

Still, the potential for anonymous transactions with identification provided by half a PKS key pair that is one's national ID, not bound to an individual, or address, is desirable.

It's about trust, stupid

[satch89450]

The reason that Dollar Rent-A-Car is asking for thumbprints is because they no longer trust customers to take proper care of their cars and to honor their contracts. How many times have you ridden with a person who is driving aggressively who says, "What do I care, it's a rental"? Not to mention rental cars that are driven to Mexico and sold there.

Trust is a two-way street. I don't know about you, but I am starting to get the idea that the customer is just as likely to be victimized as the vendor. I would be tempted to require exactly the same forms of identification from the clerk helping me that the clerk demands of me. I know why they want a driver's license and credit card: proof that I have passed some state's minimum exam for driving, and proof of payment capability. When they ask for a thumbprint, though, I'd be tempted to whip out my own fingerprint card and request they fill in their full name, current address, and fingerprint. That way, if there is a service problem I can identify the clerk completely. (It could also help to show law enforcement that I am the authorized contract-holder of a rental car by demonstrating that I obtained the contract with a bona-fide agent of the rent-a-car company.)

When the National ID card is instituted, I'm going to ask to see the card of the clerks. Trust is a two-way street.