[mulmen]

That’s just a bad design though. When I go to a bar they don’t store a record of my ID for future review by the government. They look at my ID, see I am of age, and then our interaction is complete. No further record exists, nor should it.

The government can try accessing porn sites themselves to see if the sites are in compliance. The same way we do, well, everything.

That it isn’t designed this way shows the incompetence of the regulators and their disregard for public safety and free society.

And hopefully it doesn’t need to be pointed out but none of this actually protects children. This is abuse of power for the purpose of puritanical guilt tripping.

[dragonwriter]

> That’s just a bad design though. When I go to a bar they don’t store a record of my ID for future review by the government.

Banking KYC isn't about making sure people are authorized to bank, its about making sure the government is able to track them down if they are (determined by the government to be) associated with bad things.

The purpose is not the same as checking ID at a bar.

(Now, there's an argument that, for porn consumption, the purpose of any ID requirements should be like a bar and not like banking KYC, even if for porn production or distribution, there is more of an argument for a banking KYC-like regime.)

[hn_throwaway_99]

> Banking KYC isn't about making sure people are authorized to bank, its about making sure the government is able to track them down if they are (determined by the government to be) associated with bad things.

That's simply not true. E.g a huge part of KYC is ensuring people aren't sanctioned for banking purposes (i.e. OFAC checks are mandatory).

Yes, a record of a user's identity is important, but it's still bad design that every little company, many of which have dubious security practices where they squeaked through figuring out all the right boxes to check to "pass" a SOC 2 audit, have to store this information indefinitely. Some sort of federated system where a business could delegate KYC responsibilities to a respected provider (which is exactly analogous to how Stripe-like credit card processing works) would make a lot more sense.

[mulmen]

For porn production you need KYC. For porn consumption you need a bouncer. That the regulators miss this is either incompetence or malice and maybe both but that doesn’t make this a good idea. Real harms will come from this when the databases are breached. The kids will still be able to find porn and alcohol. To make matters worse when they grow up they will live in a surveillance state.

[AnthonyMouse]

> Banking KYC isn't about making sure people are authorized to bank, its about making sure the government is able to track them down if they are (determined by the government to be) associated with bad things.

The problem with this is that it doesn't really work. Serious criminals use shell corporations, fake or stolen identities, hire patsies, use precious metals or physical cash, foreign banking systems, cryptocurrencies, Hawala, etc. The effectiveness of KYC rules is abysmal, to the point that we could abolish them and hardly notice any effect on crime. And yet we continue to pay all of the costs, which fall on innocent people.

[mulmen]

Given the fundamental truth that "everything is tax fraud" would it actually make it easier to identify crime by making it easier for criminals to open bank accounts?

[AnthonyMouse]

This is a great point. A numbered account at a US financial institution would presumably be much easier for the US government to execute a warrant against and get the transactions than some adversarial international Hawala network or privacy coin which would be equally in the dark about the target's social security number (if any).

[peyton]

> Banking KYC isn't about making sure people are authorized to bank, its about making sure the government is able to track them down if they are (determined by the government to be) associated with bad things.

Have you implemented an AML compliance program? That’s not really how it works…

[mcculley]

> When I go to a bar they don’t store a record of my ID

Many bars are storing a record of ID. e.g. PatronScan (https://web.archive.org/web/20190604193217/https://onezero.m...)

https://www.patronscan.com

[mulmen]

That’s also a bad design. I still normally get my ID checked by a bartender or bouncer’s eyes.

[mcculley]

In my neighborhood, there is a new law requiring use of such scanners.

[mulmen]

Are they required to store the scans for some period of time?

[mcculley]

The requirement [0] is “Must reject entry to anyone using a fake or duplicate ID.” I gather that the bars have determined that the easiest way to detect duplicate IDs is to outsource to these services that capture IDs and can be queried at time of entry. I have no idea how long they keep them, but it seems safe to assume they would value the data forever.

0: https://www.orlando.gov/Our-Government/Departments-Offices/E...

[mulmen]

I’m sure it depends on the bar if they care about retention or derived insights but I fully expect the service providers to retain these records indefinitely for the purpose of monetization.

Presumably using these services alleviates some legal liability for the business.

I do wonder if there’s a legal requirement for retention and what access the government has to the data.

[op00to]

The places that scan your ID often do save your info. Not supposed to, but it’s common.

[mulmen]

If they use a scanner absolutely. That’s the only safe assumption. But at least that’s engineering incompetence instead of government overreach. Most of the times my ID gets checked the only tool used is the human eyeball.

[hn_throwaway_99]

> But at least that’s engineering incompetence instead of government overreach.

This is incorrect. Many states have laws specifically encouraging ID scanning: https://idscan.net/us-id-scanning-laws/

[mulmen]

Is there a requirement to make this scan history available to the government?