Disney's finger scanners worry privacy advocates - AP, 9/1/06

[Darkbeer]

http://www.dfw.com/mld/dfw/news/nation/15415885.htm

QuikQuote: But Raul Diaz, Lumidigm's vice president of sales and marketing, said it is "easy" to change a system from capturing numerical information to storing an entire fingerprint image. "It's a software option," Diaz said. "It's changing just one command."
Coney fears Disney could share the fingerprint information, saying, "If they maintain that data, it can be used for anything." Disney's privacy policy says that it may disclose personal information when doing so can help "protect your safety or security."

[bradk]

so don't commit federal crimes and you won't get busted by going to Disney ?

I thought the reality is (and I only read that one comment, not the whole article) is that they're working on systems that can use any bodypart consistently, mostly for those who can't use a finger scan and that it's very promising at this stage.

[GusMan]

so don't commit federal crimes and you won't get busted by going to Disney ?

Thank you! Im glad someone said it.
I understand that people want their privacy to be protected. Im all for that. As long as any company who uses biometrics keeps that data secure and uses it for the inteded purpose, I dont have any problem with it.

[bradk]

well they don't even know who you are anyway, except for APs and maybe tickets on resort IDs.

but if you use a paper ticket you just purchased at the window, or had the resort transfer your ticket to, there's nothing to link it to a particular individual. what would they be tracking really?

[BertDSweep]

they're working on systems that can use any bodypart

I'm ashamed of myself for having a really dirty mind...

[bradk]

usually when i talk about the new system, i say VIRTUALLY any body part. shame on me!

[GusMan]

well they don't even know who you are anyway, except for APs and maybe tickets on resort IDs.

Thats still quite a few people that fall into that category.
But your point is very, very valid... its not like this is a method to track the names of each and every person that comes through the gates.

[Darkbeer]

^But guess what, most folks order their tickets thru the internet, in a vacation package, or with a credit card at the Main Gate.... And the ticket numbers issued are linked to the transaction which has a name.

[GusMan]

Good point as well...
So, in essence, unless you pay cash, at a ticket window, there is almost always going to be a person-ticket relationship. There may be some exceptions, though...

[Darkbeer]

Let me state that I don't think Disney is trying to get your personal info, just trying to get folks to not trade tickets with others, and they think this new way will make the lines go faster.

But it is also important to have this discussion, because someone inside of Disney could find a way to match things up, and there needs to be some type of security to make sure that doesn't happen.

[mom22gls]

Disney's legitimate interest in storing the biometric information ends with the end of the pass validity, which, except in the case of a AP, is usually at the end of the package, unless you go with the non-expiry option. They should be able to erase your information from the system, once the pass expires. This presents a possible disincentive to getting an AP or non-expiring pass, if privacy is a concern. As a matter of principle, I would not want government or law enforcement agencies tracking my whereabouts, based on my business with a private company, especially because there are other ways to insure that nobody else uses my pass. They should offer the option of using photo ID, as many other membership-based institutions, and amusment parks do. My local zoo membership card is non-transferable, and I just show my driver's license when we go.

[bradk]

my point is something that's effective 99% of the time is not effective 100% of the time, so it's of very limited use to make a system that could keep track of information when you're never certain when you'll actually get it. as long as you can get IDless tickets (for example, at the disney store), it wouldn't be a fruitful system.

[dcreinken]

Disney's legitimate interest in storing the biometric information ends with the end of the pass validity, which, except in the case of a AP, is usually at the end of the package, unless you go with the non-expiry option. They should be able to erase your information from the system, once the pass expires. This presents a possible disincentive to getting an AP or non-expiring pass, if privacy is a concern. As a matter of principle, I would not want government or law enforcement agencies tracking my whereabouts, based on my business with a private company, especially because there are other ways to insure that nobody else uses my pass. They should offer the option of using photo ID, as many other membership-based institutions, and amusment parks do. My local zoo membership card is non-transferable, and I just show my driver's license when we go.

Actually, that's exactly what the article says - they purge the data every 30 days or on the ticket's expiration date. They also provide a photo-ID check option, but don't advertise it. Personally, I think they should be fully transparent and post their policy (photo ID option) as well as exactly what information the biometric scanner is gathering and how it's used.

I don't think a local zoo is a good comparison. If Disney did the same thing, it would take hours to get everyone in after the gates opened. The scale is just too dramatically different.

I'm sympathetic to Disney becuase they are private property, and they must have lost millions of dollars to illegal ticket sales. They have a right to protect their interests in the most cost-efficient way. If a customer is truly concerned - don't buy a package. Pay cash for your ticket at the park.

We all know how image conscious Disney is. If they every partnered with law enforcement of the fed'l government to share fingerprint data, they would take a devastating PR hit. Look at what damage AOL has suffered recently. We just have to get to used to the fact we live in a technological world where it's increasingly difficult, but not impossible, to hide our tracks.

BTW - through our computer usage, credit card usage, EZ Pass (Sunpass, or whatever), traffic camera - any government official can pretty much track us any time they want to. So, if Alberto Gonzales knows I went to Disney, more power to him!! I didn't know I was that important . . .

Dirk

[brazen wench]

I'm sympathetic to Disney becuase they are private property, and they must have lost millions of dollars to illegal ticket sales.

I'm not singling out your post, just highlighting to ask a few general questions .

While I've never had an issue with the biometric system, I also never understood how Disney was losing in ticket sales, so maybe, someone can clarify that for me.

In my mind, a ticket is purchased, therefore, what does it matter who uses it? Disney sets a price and, unless I'm missing something (which obviously, I must be) the actual usage is designated for X amount of days or park visits. What is the reason for linking a ticket to a guest?

Back in the day of attraction tickets, no one cared about usage, so what's the difference now?

[Drince88]

One thing on the 'Disney loosing money' idea is the new MYW tickets. If you had 10 people visiting a park one day, Disney gets 67 * 10 = $670. If you have one person visiting parks on 10 days, it's $216. So one person buys a 10 day ticket and sells one day to 10 people each at $50/person - each person saves $17 and unscrupulous person 'earns' $284 (50*10-216). And Disney looses $454.

I don't think the cost difference was quite as dramatic with the old tickets, but I'm pretty sure Disney had biometrics in place prior to introducing the MYW tickets.

[crrees]

biometrics have been in place since at least 2001

anyway, Disney also losses money when a person transfers their non-transferable AP for someone to use. Theoretically if someone took an AP that wasent theirs and used it without being caught, disney just got lost 50 bucks. Now if they continue to use it throughout the parks they lose even more money

the biometric system is in place to catch as many people who do this (and there must be lots because why would they put this system in if they werent?) and make sure the non-transferable statement is upheld

[brazen wench]

So, it's to prevent the resale-for-profit and sharing markets. I guess the losses were great enough to justify the cost of biometrics.

[Cheshire Figment]

Before the biometrics there were some tour companies that had managed to make handstamps that very closely resembled those used by Disney. If they had more than one busload of people, they would have their first bus go to one park, a person would collect all the tickets, gte their hand stamped and go out. About two hours later the tour company would take another bus to a different park and having seen what stamp had been used would give hand stamps to everyone on the bus and this bus would then go to a second park. It was even found to have been used for a third bus on the same day.

Also, as another person posted, the ticket prices are very front loaded. They want to discourage people from passing on or selling used tickets but also want to keep people at their resorts for longer times.

[efoxx]

OK two comments I would like to make.
first of all the economics of biometrics were not the only driving force behind moving to biometrics for everyone. one of the biggest PR promblems disney had was people selling used tickets on Ebay and other places. these families get to WDW and find out that there are no days left on their tickets they just spent $500 on. the kids start crying, and despite the families pleading there is little disney can do. do you want to to be the CM to look little Johnny and Cindy in the eye and say I'm sorry but your trip to WDW won't happen because your mom and dad were ripped off by some unscrupulos person.
before the biometrics you could find hundreds of tickets on sale on ebay. most said things like 5 day park hoppers with 4 days left etc. there are a few now, but I noticed that most of them are people who are being brokers. oddly enough it seems people are paying as much and in some cases more for these tickets then buying them at the gate ie 2 five day hoppers for $500

the other thing has to do with biometrics and law enforcment. while the info gathered could be given to the Gov. it would be worthless. it takes far to long to process this data by the time they could realize a criminal was in their park they would realize a criminal WAS in their park days or weeks ago. even if they were able to do real time and respond on the actual day someone was there what would they do? shut down the park and empty the people out one at a time while they checked each face? the danger comes from the ability of gov to force private companies into doing their job and providing information they haven't gathered legitimatly.

[GusMan]

biometrics have been in place since at least 2001

To add to that.... from http://www.allearsnet.com/pl/fingerscan.htm

In early 1996, Disney began a new system to identify users of annual and seasonal passes. Abandoned was the barcoded laminated photo ID pass in favor of a new mylar paper one. This new pass had no photo and only contained minimal visual evidence of ownership - your name and the expiration date of the pass. What was new was the magnetic strip on the back.

This magnetic strip stored all of your pass information that the previous photo one had plus it would reference one new piece of information: your biometric finger scan or as Disney now calls it, your ticket tag.

Disney expanded the use of the ticket tag system in 2005 with the introduction of Magic Your Way tickets and then expanded it to include all tickets no matter when purchased.

The article contains some other good info about the new finger scanner.

I agree with the explanations of the "whys" behind why Disney wants to control who uses the tickets. I mean, they set the terms that the guest is supposed to agree to when they buy the ticket. I am mainly referring to the part about it being non-transferrable. I think Disney wanted to both sell more tickets that were longer with a no-expire option as well as protect guest from ticket scams and the like. After all, when a guest goes up to guest services and finds out their ticket was no good, they did not yell at the jerk that sold them bogus tickets but at the CM at guest services. I am sure that those converstations never ended on a good note. That can really ruin a vacation.

[mommyva]

Drince88, can you buy my park tickets for me? LOL You are good.

[I Are Baboon]

Personally, I have no problem with them taking my finger print scan. The problem I have is that their scanners don't work very well. Last time we were at WDW, I couldn't tell you how many times the machine didn't read my print. It got annoying some time during day TWO of the vacation. By day seven, I was ready to start breaking those readers.

[GusMan]

While a slight derail...
I found through Guest Services that if you have consistant problems with the scanners reading your prints, ask the CM at the gate to do the inital profile scan again on your ticket. It takes only a minute and chances are, you will have better luck in future entrance scans.

We did this for GusDaughter from our last trip for very much the same reason you mentioned - its kinda of a hassle when it does not work. After the rescan, she did not have any problems for the rest of the trip.

Hope that helps...

[I Are Baboon]

Thanks for the tip, GusMan. I will remember that.

[danyoung]

Last time we were at WDW, I couldn't tell you how many times the machine didn't read my print.

Are you talking about the new 1-finger machines or the one 2-finger ones? My understanding is that already the 1-finger machines are working extremely well, and the lines at the MK are moving along noticeably faster.

..most folks order their tickets thru the internet, in a vacation package, or with a credit card at the Main Gate.... And the ticket numbers issued are linked to the transaction which has a name.

While that may be true, the biometric reader does absolutely nothing identity wise that the tickets didn't already do. If my AP or ticket already identifies me as Dan Young, then all the fingerprint reader does is verify that I'm really me. And if my name isn't tied directly to the ticket in any way, then the fingerprint reader does nothing but link me the person to the ticket I purchased. All this worry about Disney doing stuff with the data is ludicrous, as they already have the data even without any fingerprints.