As Some Are Requiring People To Give Up Their Info To Dine, Stories Of Creeps Abusing That Info Come Out

from the the-privacy-conundrum dept

I think many of us are going to avoid eating at sit-down restaurants for the foreseeable future, even if governments deem them to be “safe.” However, I find it at least somewhat unnerving to see Governor Jay Inslee in Washington say that in order for a restaurant to offer dine-in services, it will need to keep a log of all diners for 30 days, including their telephone and email contact info.

Under Gov. Jay Inslee’s new statewide orders, Washington restaurants that offer sit-down service will be required to create a daily log of all customers.

The restaurants must maintain that log for 30 days, including telephone and email contact information and the time they were in the restaurant. The state wants this information to facilitate any contact tracing that might need to occur.

I fully understand why this requirement is there. Since contact tracing is so important, it’s much more difficult to do contact tracing in situations like these where there’s no way to tell who else was in the same small space where a COVID-positive person dined. But… at the same time, it seems to raise a number of privacy questions.

When I tweeted about this, some pushed back and said it wasn’t much different from ordering online or from an app (or even, potentially, paying with a credit card). All of those give up some level of privacy. Yet, as I’ve been saying for years, privacy is about trade-offs and a big part of that is understanding the benefits and the risks. And when we’re ordering with an app or using a credit card, there are reasonable systems in place that make it unlikely that your info will be abused. These are not perfect, and there are some cases where there are risks. But, for most people, the “threat model” suggests it’s not that risky.

Yet, it’s unclear if that’s the case with something like a “restaurant log,” like the one that Washington State is requiring. As an example of why that might be problematic, we can just head down to New Zealand (which appears to have almost entirely contained COVID-19) to hear of a story about a restaurant worker using the contact tracing info a customer left to hit on her:

“I had to put my details on their contact tracing form which I didn’t think anything of. It asked for my name, home address, email address and phone number so I put all those details down,” she tells Newshub.

Except in Jess’s case she didn’t just take away a sandwich from the Subway restaurant she was at. She also got a Facebook request, Instagram request, Facebook messenger approach and a text from the guy who served her, using her contact tracing details.

“I felt pretty gross, he made me feel really uncomfortable,” she says.

“He’s contacting me, I didn’t ask him to do that, I don’t want that.

“I’m lucky that I live with quite a few people because if that was me by myself at home – he knows my address you know – I’d feel really, really scared. Even now I feel a bit creeped out and vulnerable.”

The article does note that the Subway employee who did that digital stalking “has now been suspended” (is that New Zealand for fired?), but it can’t make anyone very comfortable.

And that’s a much bigger issue than just for that woman. If people are afraid that their private info can be misused, they’re less likely to give it. In other words, the nature of the privacy trade-offs are vastly different than they might otherwise be. Not understanding that leads to bad results, and yet that seems to be what’s happening in Washington.

After receiving some pushback, Inslee is now saying that the logs should only be kept for 14 days and that privacy “protocols” are developed. But that’s the kind of thing that need to be built up initially, not after such a plan is announced:

?This is something that we have to make sure that we build protocols around privacy so that any of this information can only be used for this purpose, can be expunged after 14 days so that this is only a minor inconvenience. No one is looking to make this a federal crime. We?re trying to save some lives here,? Inslee added.

Again, he means well, and there’s obvious value in contact tracing done correctly. But you can’t ignore the privacy issues, and you can’t tack them on after things are already messed up. Any system needs to develop the concept with privacy built in from the very start — and there’s no indication that Washington state has done so.

Update: Late this evening Governor Inslee announced that this would no longer be a requirement, though suggested that restaurants set up a voluntary system. It appears he listened to some of the criticism.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “As Some Are Requiring People To Give Up Their Info To Dine, Stories Of Creeps Abusing That Info Come Out”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: use phony personal info

good point. That’s the proper response to this phony, illegal "government requirement"

Note carefully that this is government politicians demanding restaurant patrons "register" their personal identity to eat — it ain’t the restaurant owners forcing this.

Under American constitutional law, nobody in government has authority to order anybody to "register" themselves just to conduct routine retail transactions — under any circumstances.

This is a fundamental, formal legal issue — not some casual personal privacy issue.

Anonymous Coward says:

Re: Re: use phony personal info

Under American constitutional law, nobody in government has authority to order anybody to "register" themselves just to conduct routine retail transactions — under any circumstances.

Right. Just like sales of cars and guns, to pick just two examples.

Anonymous Coward says:

Re: Re: Re: use phony personal info

Exactly. You can buy a car without registering it. However, the circumstances under which you can legally operate it without registering it are so narrow as to preclude most practical purposes.

In some states, you can buy a gun without registering it. The background check process is not a registration, and officially does not contribute to a master list of gun owners. (Whether such a list is unofficially created by excessive retention of records of the background checks is another matter, but the law does not call for the Federal government to create such a list.) In some circumstances, you can lawfully avoid undergoing a background check at the point of sale. For example, a person who possesses a valid Concealed Handgun License can present that in lieu of a background check, since acquiring the CHL requires a successful background check. While this does not avoid being subject to a background check, it does divorce the background check from the purchase of the firearm. For this reason, Federal Firearm License holders generally like CHL holders, because it reduces the amount of bureaucracy that the FFL must handle.

Anonymous Coward says:

Re: Re: use phony personal info

Also have one of these infrared license plate frames that make your plates invisible to any surveillance cameras.

You would have to drive with your headlights on at all times, and keep your parking lights on, when parked, since they share a power sources with your license plate lights, but it would prevent surveillance cameras and/or ALPR cameras from seeing your license number to avoid being traced that way

The light from the concealed infrared LEDs would be invisible to the human eye, so no LEOs would ever know you were using one.

Anonymous Coward says:

Re: Re: Re:2 use phony personal info

Using infra red anti camera devices is not illegal at this time

Because unlike to play my stereo om.the loud side I have used them to avoid camera tickets for loud car stereo

I have been flashed at red light cameras when the light is grewn but have never had a ticket for loud stereo because I have tendered my plates invisible to camera

Unlike most loud car stereos i dont have that annoying bass so am.nowheres near as annoying as other stereos

Agammamon says:

“This is something that we have to make sure that we build protocols around privacy so that any of this information can only be used for this purpose, can be expunged after 14 days so that this is only a minor inconvenience.

But . . . but that doesn’t change anything. You’re still requiring people to give information to other people who have not been vetted for safety. That its destroyed in 14 days doesn’t stop the Subway employee who wrote it down from immediately copying it for their personal use.

Even then – mandating without any means set up to monitor compliance means your mandate is unenforceable.

Anonymous Anonymous Coward (profile) says:

Re: Re:

I wonder how they will handle people who lie? I don’t have a phone, so the number they get will be the same as I give my bank and Amazon and anyone else who ridiculously require a phone number for any reason. 1-800-555-1212, and I have a feeling I am not the only one.

Any email or street address would have the same veracity. Then, what are they gonna do? Wait outside to see if I show up again? Take some LEO’s off a murder or robbery investigation to track me down? Then what, charge me with giving a restaurant false information? I only use cash in restaurants, so there will be no electronic transaction to trace.

The order charges the restaurant with collecting information, it doesn’t say anything about the customers responsibilities.

Now, I should note that I understand and appreciate the purpose of the order the choice remains, either support restaurants that I like and lie to them, or don’t support restaurants that I like. Giving up privacy any more than I have to isn’t in the cards.

Anonymous Coward says:

Re: Re: Re:

You can always use one of these free Internet phone apps. There is one where you get a number free for 30 days, and then it dissappears, then you gotta get a new number from them.

When that number dissappears, they no longer have a way to trace you, if you use a VPN when singing up for your 1 month free disposable number. All they will have is the IP address of the VPN, making you untraceable.

Anonymous Coward says:

Re: Re:

Resturants may or may not a computer system for that so paper may show up. But the real reason is because they can’t organize their way out of a paper bag and it shows in their response to the crisis. They could probably have one person set up an app, program, or website with a login using the resturant’s index numbers from the Health Department or similiar to organize in the months a lockdown was under effect but they didn’t.

Agammamon says:

Re: Re:

How else are you going to implement it?

An electronic system that requires you to write code, obtain hardware, issue the hardware, train people to operate it – that’ll be online somewhere around 2030.

And even then – the guy entering your information into his terminal just needs to remember it long enough to get back to the counter to copy it down.

Anonymous Coward says:

Re: Re:

Writing this on paper? Where employees or anyone with the daring or skill to snag the logs can have it?

Restaurants do have a system for securing small pieces of paper (i.e., cash). Paper cards deposited to a time-locked safe would almost certainly be more secure than whatever rushed low-budget paperless system they might buy.

Christenson says:


Seems to me the correct thing would be to write down the first names of the people dining with whomever paid the bill on the credit card receipt.

Then, contact tracing? Call the credit card company, get the phone number (all that’s needed for most of us). The receipts are already kept for some interval in case a charge is challenged.

This comment has been flagged by the community. Click here to show it.

This comment has been flagged by the community. Click here to show it.

Anonymous Coward says:

The article does note that the Subway employee who did that digital stalking "has now been suspended" (is that New Zealand for fired?)

It’s what happens in areas without at-will employment. A process must be followed. They’ll have to hear the employee’s side, but unless the customer’s story was fabricated, it shouldn’t be hard to fire them for serious misconduct: "The key question to ask is if the misconduct undermines or destroys the trust and confidence an employer has placed in the employee."

Jamie says:

Re: Re: Re:

NZ privacy laws apply to organizations, not individuals. (I believe the same applies to the GDPR and CCPA.)

Let’s assume that the accusations are true, which is probably the case.

The employee will currently be on administrative leave (likely without wages) while the investigation takes place. They’ll be fired for gross misconduct and will be ineligible for a benefit for up to 3 months. They likely won’t find much work for a while, except maybe some minimum wage manual labour.

The Subway franchise store will be investigated by the NZ Privacy Commissioner. The owner and managers likely gave little or no training on privacy, assuming common sense would prevail, which is insufficient under the law. The business will receive a fine that’s big enough to hurt but not enough to kill it. The owner will probably go after the employee to recover some of this cost.

Even though the employee isn’t liable for criminal charges, they’ll feel the consequences here for some time to come.

This comment has been deemed insightful by the community.
Upstream (profile) says:

Restaurant -> Third Party Doctrine -> Government

If our government had a history of openness, honesty, integrity and respect for the privacy of it’s citizens, then people might accept the idea of contact tracers, or contact tracing in general. Unfortunately, this is not the case. Our government has a nearly unblemished record of obfuscation, dishonesty, corruption, and lack of respect for any of it’s citizens rights. So, naturally, people are quite resistant to the idea of contact tracers, or giving information to restaurants. It is unfortunate that our government has such a track record of untrustworthiness, but it can blame no one but itself. Now, in this pandemic, this unfortunate history is coming back to haunt us all. Contact tracing could be very useful in limiting the spread of the SARSCOV-2 virus, if the government could be trusted to do it right, but it can’t. And, thanks to the misbegotten "third party doctrine" we cannot trust anyone else to do contact tracing either, because any information provided to even an honest third party is available to a dishonest and corrupt government. If some government "cootie cop" asks me anything, I will tell them right where they can get off (and in no uncertain terms).

tom (profile) says:

Giving out an address in a public place where someone can overhear and knows that you are likely to be there for a hour or so is just begging for your house to be robbed while you are enjoying your meal. Could even be one of the employees phoning associates who do the crime.

If the place insists, you could just provide the name, home address and office phone number of the mayor or governor that issued the order. Plus pay with cash.

Agammamon says:

Re: Re:

Giving out an address in a public place where someone can overhear and knows that you are likely to be there for a hour or so is just begging for your house to be robbed while you are enjoying your meal.

You must never leave your house. If you think that a burglar is waiting in a restaurant for someone to come by and let out and address that is close enough by for his compatriots to run over and burgle . . . look, these guys aren’t that organized.

Anonymous Coward says:

Anyone not living in the USA, say USA/Canada dual nationals, would be impossible to contact. The State of Washington has no jurisidiction in Canada

The one exception to border closures would be, say, Canadians entering Canada on a Canadian passport. Canadian citizens have right of entry, which is why Canadians can cross into Canada and Americans can cross into the uSA

USA/Canada duals, and they are a lot of them, would be beyond the reach of the State Of Washington, when they are in Canada.

Ehud Gavron (profile) says:


In the US prior to the magical date of 9-11 the purchase of a weapon from a store required filling out a form. The form stayed at the store. When LEOs wanted to take a weapon recovered from a crime scene and trace it back to owners they’d have to backtrace it based on S/N to the store… then get the store to pull up that paper record.

There was no way to list "weapons owned by Mr. X" only backtrace a specific S/N of a weapon to Mr. X once the S/N was known.

This idea of "keep track of everyone who eats here… when… where… who with…" is anathematic to that. It wouldn’t be harmful, much like an online order, if all diners signed off on a credit card slip and listed other diners. THEN if the LEOs want that… they have to go to the restaurant to get it, not build a magic online database of who ate with whom.

Note: Nothing in the governor’s original orders NOR in his modified orders suggests keeping track of who wore masks, gloves, etc., essentially treating everyone as infection monsters… whether we’re sneezing, coughing, covered, uncovered, gloved, or clear.

Trump is an idiot. So is the governor of Washington. What can you do?


Anonymous Coward says:

  1. No simple method survives contact with the enemy.
  2. The enemy is human stupidity and venality, which is more prevalent (and less easily detectable) than coronavirus.

Your libidinous waiter can simply tear open the envelope, read the stalkee’s information, and seal it into a second envelope. Who’s going to know the signature is employee’s, rather than patron’s, until the waiter goes off shift and on phone?

Anonymous Coward says:

Re: Re:

Your libidinous waiter can simply tear open the envelope, read the stalkee’s information, and seal it into a second envelope.

Doesn’t mean there’s no value to it. A postal worker could do the same, and people build fences that are easily defeatable by ladders or wire cutters; nevertheless, most people have some psychological resistance to breaching an overt security barrier like that.

dr evil says:

dont worry, we are the government and we are here to help

your privacy is important to us. <snicker> <guffaw>
imagine when you have a peaceful, prosperous society, and immigrants come and breed you out and bring in more immigrants. they bring you disease. they disarm you. they make you stay home. maybe give you a little welfare to keep you calm, but you are not in critical jobs so you will never be allowed out. … here, have some alcohol. now, enough about the native americans…

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...