Imagine you’ve gone through a multiple week process to purchase an automobile.
You know the drill. Research every feature, pick your color, then, it’s negotiations for purchase price and for trade-in. Everything is done and agreed-apon, and excited, you are ready to hand over the check and collect your new car.
But wait!
You are handed a slip of paper and told to mark your right thumbprint in a box. The paper says clearly that it’s a request, for your protection, and to prevent your identity theft.
When you politely decline, the dealership refuses to sell you the car.
This is precisely what happened to me today when I tried to purchase a new X3 at the South Bay BMW dealer in Torrance, California.
Let me restate: In order to buy a car, with cash, you must authorize the release of your official DMV-recorded thumbprint to the dealership. This is not a law, this is a “dealership policy.” More on that in a minute.
Taken completely by surprise by all this, my husband and I asked many questions about this process. We were told that the data would remain on file at the dealership for seven years. That this policy is in place to protect us. That there are many bad, bad people in the world, who commit fraud, and that by recording everybody’s fingerprints, they would be deterred from committing fraud.
We were unsatisfied with the answers, and we explained that we were not comfortable with this arbitrary demand for biometric data and if this was required, we would not buy the car.
The resident fat cat was phoned, taking our call from his vacation spot in Hawaii. He replied that the collection and storage of biometric data is his policy.
He would not make any exceptions. The sales staff was clearly paralyzed here – they’d spent time making this sale happen too.
“He pays our salary, and that’s his rule,” they said.
“Well, customers pay his salary, and if he keeps treating them like criminals, I can’t imagine he’ll be able to afford many more trips to Hawaii,” I replied.
I might as well have been talking to the carpet.
According to the staff, this is the process at all dealerships owned by the Hitchcock Automotive Resources Company. They’ve had this program in place for over three months, and only other one person has refused to go through with the sale. The implication was clear; policy had singlehandedly stopped a bad guy, right in his tracks.
One criminal, over three months. Hundreds of people hassled. Clearly the deterrent is working. Right?
We walked out of the dealership, but not before learning that none of my personal data which was copied and recorded would be returned to me or destroyed.
It’s going to be kept on file for 7 years. Policy, you see. It goes in the same file where they keep the fingerprints.
So now I’ve lost copies of my driver’s license, credit report (which was also run without my knowledge), and marriage certificate (a copy of which was required in order to process the sale under my new name).
When I looked all this up online, I found… nothing. How is this possible? This is the Internet. Hundreds of people find my website each week from looking for photographs of owl vomit. But somehow this bizarre infraction of personal privacy has gone totally undocumented.
Looking a little bit deeper, I came across SB 504, a bill introduced to the California Senate by San Jose-based Senator Elaine Alquist, on February 18 2005. It was created as an act “to add Section 11713.15 to the Vehicle Code, relating to dealers.”
In one of its earliest incarnations, SB 504 stated:
No dealer issued a license pursuant to this article shall sell
a vehicle without first obtaining the right thumbprint of the
purchaser and a photocopy of his or her valid form of identification.
The bill was ultimately chartered into law, but not before everything related to car dealers was edited out. I’m no legislator, and I won’t pretend to understand this process, but in fact the final chartered version seems not to have anything to do with car dealers at all.
I resent the implication that I am somehow a less worthy customer, a potential criminal due to my refusal to provide my fingerprints to a private, non-government entity. But what I resent even more is that a private business has been somehow “entreated” to enact a bill that failed to make it through the California legislature in the first place. The bill failed, so who is pressuring these dealers to enact it, regardless of the law?
I asked the dealership if I could keep a copy of the fingerprint form. Here’s the text:
“As you are aware, there is a national problem of identity theft. Southern California formed a multi-jursidictional law enforcement group, the Taskforce for Regional Autotheft Protection (“TRAP”).
Car dealers (especially luxury car dealers) are one of the prime targets for identity and auto theft. For your protection from identity fraud, we are now requesting all of our clients who purchase or lease a vehicle, to provide a thumb print, along with a copy of their current Driver’s License.
We have learned from law enforcement officials that the requirement of a thumb print is deterring criminals who engage in identity theft. Law enforcement officials also recommend that the dealer retrieve a DMV Driver License record to verify all information. This information will be kept confidential.
We appreciate your assistance in helping Southern California and South Bay with this very serious problem.
X________________ X_____________
Customer’s Signature Date
_________________
Print Name
By signin (sic) this form, I authorize (insert dealership name) to run a DMV Driver License record to verify all information.
Please place right thumb print in the square.
_____________________
Witnessed by (signature) Print Name
__________
Date
According to Google, there’s no such thing as the “Taskforce for Regional Autotheft Protection“. At least, not that’s been indexed yet.
Digging around in some of the other California police sites only brings up a few flacky ten year old press releases:
But looking a little further, there’s finally some recent and useful information from the LAPD, which leads to the nonprofit group NICB which is, as far as I can tell, an insurance lobbying group. And did they mention they’re not-for-profit? Because they are. Totally not-for-profit. Their report on how auto theft fraud is orchestrated (PDF) is fascinating reading, especially since it doesn’t ever mention a single thing about this kind of fraud, the kind that can be prevented by recording a thumbprint.
The dealership claimed that the fingerprinting was for my protection. To make sure I’m really who I say I am, and haven’t just stolen someone’s social security number.
But I don’t get it. How does that work? No one’s checking to make sure the fingerprint I leave matches the one on file with the DMV. There’s no forensics expert on staff. And I don’t have data on this but I feel pretty certain that any car thief worth his salt probably already has more than one set of prints on file.
My point: If I had wanted to steal a car today, I could have simply popped my thumbprint down, and driven off with the car. I could do that twenty times at twenty different dealerships, if I were so inclined. This system protects nothing. It’s no deterrent.
And what about the legality of all this? Frankly, it doesn’t sound like such a great situation for the car dealerships. Who’s pushing this? Is it coming from the LAPD? Or is it from NICB, that friendly you know, “not for profit, nope-no-profit here” group? Is someone strong-arming the dealers? Is there some financial incentive, cheaper insurance rates maybe? Maybe the participating dealers are just being good homeland citizens.
Dollar Rent-A-Car tried fingerprinting their customers for a while. They gave up after realizing that it had no effect on fraud or theft. Simply, treating your customers like felons is bad for business.
That’s exactly why I will not purchase a car from South Bay BMW & Mini. There’s no legislation that I know of to regulate how this kind of data must be kept or stored.
And while they were nice enough to give me a copy of the thumbprint letter, nobody could provide me with a clear company privacy statement that outlines exactly how this data will be handled.
I already use my fingerprint to unlock my laptop computer. In five years I may be using it to unlock my front door, or access my medical records. Last month, my personal data was stolen during the big UCLA database break-in. So, if this thumbprint thing is really my last remaining way to prove my identity, well, pardon me for not trusting your sales force with it.
In this kind of situation, your only option is to vote with your feet (and your wallet). Calling around to a few other dealers, I felt like a criminal simply by ASKING whether they intended to fingerprint me as part of their sales process. At the very first dealer I called, the receptionist said “We don’t believe in treating our customers like criminals.”
So maybe there’s still hope.
Maybe.
