Evan Schuman's StorefrontBacktalk

So, who sells the alcohol in these jurisdictions? The retailer? The vending-machine manufacturer? Someone else? As previously stated, in Pennsylvania, it is the commonwealth.

Unlike normal retail situations, where the retailer buys (or sometimes leases) the refrigerated unit, owns the inventory (sometimes on consignment) and makes the sale for profit, these kiosks fundamentally change the nature of the sales relationship. In states such as Pennsylvania, where only the state can sell wine, the retailer can increase foot traffic and provide a service to customers (possibly drunk customers) with a kiosk. In other states, the retailer might reduce the regulatory burden on getting a liquor-distribution license if state law considers the kiosk a licensed store in an of itself. Which is it? We don’t know yet.

Virtually every state has what is called a dram shop law that imposes civil and sometimes criminal liability for anyone who sells (and sometimes just distributes) alcohol to a person who is intoxicated. The standards vary widely by state, with some states (like Pennsylvania) allowing any party injured to sue the purveyor of potables. Thus, a drunk who buys liquor from the kiosk and then injures himself in a car accident could actually sue the seller—in this case, probably the Commonwealth of Pennsylvania. That is one of the reasons it is critically important to determine who, as a matter of law, is the seller of the alcohol in the robotic situation.

The machines themselves have mechanisms to prevent sales to intoxicated persons. The machines in use in Pennsylvania require the purchaser to insert a valid driver’s license and a valid and matching credit card, and then to blow into a breathalyzer before a purchase can be made. The machine records the customer’s name and driver’s license information, if the sale goes through. The level of sobriety is set at a very low level—0.02 blood alcohol content (BAC). Thus, buying a Chardonnay after tasting a Chardonnay is probably difficult.

Under the Pennsylvania scheme, a live human being (a state employee) is supposed to view each and every transaction from a remote camera in Harrisburg and determine that the purchaser is, in fact, the person who presented the driver’s license, that he matches the photo and, presumably, that he doesn’t look drunk—at least not on closed-circuit TV.

This scheme requires the collection and transmission of a host of personal information. Although the kiosks themselves are advertised as PCI compliant, the PCI standards do not anticipate the transmission of real-time digital video or the collection, transmission, matching and authentication of driver’s license data. If any of these data streams is hacked, it creates not only privacy but security issues. Again, it is important to determine who has responsibility for securing these data streams.

As you can imagine, if a person buys alcohol from a machine and gets into an accident that kills someone, the family of the deceased will ask the dumbest question you can ask a lawyer. “Can I sue?” Of course you can. But who would you sue under the dram shop acts? Who “sold” the alcohol? Who “served” the intoxicated person? All of these issues must be worked out. Short answer, we don’t know yet.

Related to the issue of liability is the fact that every state has both civil and criminal law prohibiting the sale of alcohol to minors—generally defined as persons under the age of 21. The age verification scheme in the kiosk is similar in many ways to the one employed in most liquor stores: ID (a driver’s license) is asked for (or demanded), and then someone looks at the picture and determines whether the person in the picture is the same as the person in the store.