Disney World Collecting Fingerprints

cvd6262 writes "Disney World is now requiring all visitors to have their index and middle fingers scanned to gain entrance to the park. This started for season pass holders, but is now required for everyone." From the article: "'I think it's a step in the wrong direction,' Civil Liberties Union spokesman George Crossley said. 'I think it is a step toward collection of personal information on people regardless of what Disney says.'"

Wrong.

Way to RTFA:

Disney officials said the finger scans do not take an actual fingerprint

It's a hand geometry scanner, not a finger print scanner, and they have been doing this for YEARS.

With that aside, WHO CARES. You cannot be uniquely identified by your hand geometry, it simply reduces the chance that you are using someone elses pass.

Re:Wrong.

[AstroDrabb]

I live in central Florida and have been getting annual passes for my family for a few years now. My wife and I always have to put our fingers in the little scanners, however our small children (3 and 1) obviously do not.

I personally do not see the device as a finger print scanner. The devices are just a little too crude looking (and don't take very long to do) to actually scan your finger print and compare that to a massive database of other prints in the 2 - 3 seconds it takes. I agree with the GP, they seem to just grab some non-unique hand geometry and compare that to the first record that was created the first time the ticket was used. The device seems only "good enough" to prevent me from giving my annual ticket to my friend so he can get a free day at one of the parks. I am sure that enough people tried my pass, one of them would have similar enough hand geometry to get in.

Last time I was there

[jcnnghm]

They would do the finger scan, and if it didn't work the first time the attendant would usually just manually override the scanner and let you in without much hassle. Also, the person I was with and I have similiar hand sizes, and flip-flopped passes all week. It almost certainly isn't a fingerprint scanner, just a very rough check.

Additionally, it seemed that the biggest issue with the scanner was not getting your fingers all the way into the device. If they weren't pushed all the way in, with the webbing between your index and middle fingers hitting the stopper peg, it didn't register. We kept trying to put our finger tips on the scanner assuming it was a finger print scanner, but it seems its main function is to check finger length. Of course, this is just an observation I made, I have no idea how the thing actually works.

Respond to the poll

[Tetravus]

There's a poll in the original story, a simple yes no maybe box with a submit button.
If every /.'er responded it would be easy to push the poll in the direction of individual liberties and defense of privacy.

Yes, I am aware it's not an official Disney poll but there's still a chance they'd pay attention to the results if they were overwhelmingly negative because the tv channel hosting the poll is neutral.

Re:That's fine.

[Boilermaker84]

Universal Studios and Sea World plan to do the same according to the local news. It's monkey see, monkey do with the three of them.

Re:Mixed Reaction

[MrPerfekt]

This doesn't have anything to do with security. They're not taking your fingerprint at all, and even if they were I don't think they'd be comparing it against fingerprints of known terrorists.

This is just a fuzzy form of authentication. Other people are bound to have the same hand measurements as you but it's unlikely they your friend or family member will have something close.

They've been using this for a while now. The point of it is to prevent other people from using your ticket, even if you're not even using it that particular day. The multi-day tickets have had "Non-transferable" written on them since practically the beginning of time. This is finally a way to enforce it.

I think it's really a shame that it's come to this. Does Disney _really_ need the extra revenue that comes from not allowing people to use other people's ticket? Most people think when they buy the ticket that they're buying X days in the park. You're not, you're buying X days in the park for you. Now, they're really driving the point home.

To put it another way, it costs Disney the same for a 3-day ticket whether or not you personally use all 3 days or if you lend/give it to another person. The difference now is that they're forcing the other person to buy another ticket instead of using unused days of another ticket.

Anyway, I was there in February this year. I had a ticket left over from the end of 2001. I still had a few days left on it. I only had one ticket though so my friend had to buy a new ticket. His ticket forced him to do the finger thing. Mine did not. So to answer your last statement, pre-authentication tickets do not force you to authenticate and in practice (not legitimately) are transferable.

It's nice though that these false statements in the summary really do show who RTFAs. :)

Re:lost ticket sales?

[sigma]

Actually, reselling most multiday amusement park tickets is not legal in Florida.

See for yourself:
http://199.44.254.194/statutes/index.cfm?mode=View %20Statutes&SubMenu=1&App_mode=Display_Statute&Sea rch_String=817.361&URL=CH0817/Sec361.HTM

Notes from someone who knows the system VERY well.

A few notes/corrections

-Even though this has been said before... IT IS NOT FINGERPRINTS! The system takes a few measurements at points around your finger - basically to take a rough measurement on how big your fingers are and the span between them.
-This is NOT a new system - This has been in place for annual passes for almost 10 years now and has been in place for all tickets since January.
-The information is not tied to your personal information at ALL. It is simply tied to the ticket information - the system is NOT THAT SMART. It is not pulling your demographic information from some other source to see if you personally have fat fingers. There is no conspiracy here - Don't give the system that much credit...
-The system uses a VERY ROUGH ESTIMATE... why? Because otherwise in the florida weather where you swell up due to heat or if you gained/lost weight it would be a nightmare with tickets being rejected every 2 seconds.. If you are close - it lets you in!
-Why use this instead of photos? Human error - after you look at photos all day everyone starts to look the same and you stop caring enough to pay attention and stop people unless it is very obvious.. plus the time factor.
-What is this used to prevent? - People reselling tickets... Not to stop use of a ticket 2 minutes later.. the turnstiles are already smart enough to stop that.

And one more time

[Sycraft-fu]

Seems like I go through this every time a biometric security thing comes up on /.

There are three fundimental ways to identify yourself for access:

Something you have.
Something you know.
Something you are.

Something you have would be a physical token that can't be copied, at least not easily. A smartcard would be a good example. Someone has to physically steal it from you to use it, and you are likely to notice it's absence and alert the proper people. However the problem is that it can be stolen, or lost and thus used.

Something you know would be a password or PIN code. It's an ID stored in your head. The advantage is you don't have to carry it around and can't lose it. The problem is if someone finds it out, they can use it without you ever knowing it's been compramised.

Something you are is of course a physical trait. The good thing is that can't be stolen or anything. Problem is what you are changes, and can't be measured precisely anyhow and thus can be spoofed.

Now, real security comes from using 2 or three of these. Since their problems are different, moving to more than one makes it much harder to compramise security. If all that is required to get on a system is a password, all an intruder needs to do is find out the password and they are in. If, however, it takes a password, smart card, and fingerprint they have to find out the password, steal the card, and obtain and make a fake finger, all before any of this is noticed and access can be revoked.

So, in the case of Disneyland, they are maoving from 1-factor (somthing you have) to 2 (something you have and something you are). Even if someone steals your card, they have to build a fake hand (it's checking hand geometry, not fingerprints) and use it unnoticed. However the real aim is to prevent peopel from shaing their cards. It's easy to give away a token, much harder to make a convincing fake hand and not get caught.

So biometrics are NOT worthless unless they are the only security. When used as an augmentation to one or both of the other methods of security they make it that much harder for someone unauthorized to gain access.

Re:And one more time

[Tim+C]

So, in the case of Disneyland, they are maoving from 1-factor (somthing you have) to 2 (something you have and something you are). Even if someone steals your card, they have to build a fake hand (it's checking hand geometry, not fingerprints) and use it unnoticed. However the real aim is to prevent peopel from shaing their cards. It's easy to give away a token, much harder to make a convincing fake hand and not get caught.

That doesn't answer the question - if your biometric identifier is compromised and revoked, how do you authenticate yourself in such a two-factor scheme? You still have the card, but you no longer have the biometric aspect.

How do you prove that you've not just borrowed someone else's card?

Likewise for an ATM, if it uses a fingerprint and PIN. Without the fingerprint, how do you gain access? (Just like today - no card, no access)

Sure, n-factor authentication makes it harder for someone to impersonate you. However, if for whatever reason one of htose factors is rendered unusable to you, you must replace it. That, as the OP points out, is impossible in the case of a biometric identifier.

From out at the turnstiles...

Have to post anonymously, here... I've got a lot of first-hand knowledge of the Disney admission control (turnstile) system, including the biometric readers that are the subject of this article. I'm basically going to make one longer post instead of trying to respond to misinformation throughout the comments.

• You have a choice: use the biometrics or don't go to Walt Disney World. This is actually incorrect - you have a third option. Put your name on the pass and show valid identification. You never need to put your fingers in the reader.
• The actual device has a simple reflective bottom surface and there is no way the bottom of the device scans/reads your fingerprints at all. There is a "camera" in the top of the box which images your hand geometry. From above. (it takes several readings and averages them out, from what I'm told)
• The result of the scan is a basically one-way hash and can not be used to reconstruct your hand geometry. It is constructed such that similar hand geometries will result in a similar hash, but it's one-way. Compared to Disney taking a picture of you and storing that, I'd rather have this system.
• Accuracy - in my experience, you have about a 10% chance of false positive recognition, and about a 3% chance of false negative with the tolerances built-in. Particularly with more experienced users (like the Annual/Seasonal passholders were) With the older model of biometric readers, there was an LED array at the side of the device to help align the fingers. That has been removed, to make the system simpler for Guests, but probably to the detriment of consistent placement of fingers.
• How common is abuse?Back when the system was only used for annual/seasonal passholders, it was at least daily that I'd see someone present an annual pass, fail the biometric scan, and then be unable to produce any sort of identification - not a credit card, not a drivers' license, not a hotel key, piece of mail, anything. (Usually, this is despite clearly having a wallet in their pocket, or a carrying a purse). The passes clearly stated that ID is required for entry. Usually these people also had no clue how the biometric readers were to be used, even though they already had used the pass many times. These passes were confiscated (and usually mailed to the owner, with a warning letter, assuming it was the first misuse of the pass). The people who attempted to use them would then go purchase the admission media they should have. This is direct revenue, and clearly Disney's analysis indicates that it is worth it.
• Sales of used tickets - as cited elsewhere, it is illegal to resell partially used tickets in Florida. But perhaps more importantly are the number of people I've seen burned by less than reputable ticket brokers. As the admission media have not actually indicated usage for some time, it is quite impossible to purchase a ticket and be absolutely sure it has value. (Without first presenting it, in person, at a WDW Guest Relations window, or trying it in the turnstile). It could have all the days used up. It could be voided or have been reported as lost or stolen. It could have limitations on validity (certain parks/days) which are not obvious from the descriptive text. Or people just aren't told that their ticket doesn't allow Park-Hopping. I've seen many a police report filed by people who bought what they thought were valid tickets, only to find out they were not. What a way to start a vacation.
• Stolen park tickets are now much less valuable - with a significantly reduced chance of being able to use them to get into the park, the value of a stolen pass drops.
• As to the cost - I think the real cost is simply in increased staffing levels at the turnstiles. As you increase the transaction time (by adding biometric scans), you need a wider gate, or more turnstiles open at a given time. But it is probably dramatically fewer front-line cast memb

Re:From out at the turnstiles...

You can ask out at the turnstiles at the parks, they'll be glad to answer questions [to the extent that they can, most of the front-line Cast Members don't have a thorough technical understanding of the things. That's what you get for putting a computer science student out there...] (note: it's best to ask when they're not swamped with people coming in - like towards the end of the day).

The long-standing article at AllEarsNet is perhaps the closest I can find to publicly available information on this that will verify what I'm saying.

I forgot one more detail - people often get confused when they realize they switched passes in their group and it still worked. Tickets bought in the same transaction are linked in the system, and if your biometrics match for another ticket in the group, it'll let you through (noting on the Cast-Member's display it's a [Different Person]. I believe the tolerances are a bit tighter for granting access in this manner, but it is what I consider a pretty nice feature.

And the score of 0 is what you get for being at work when the article is posted, so that you're late to the party combined with having to post anonymously because while nothing here is *secret* the Mouse isn't a fan of the internet...

Re:I call bullshit

[AstroDrabb]

Or, rather, is the amount that they make by preventing pass sharing greater than or at least equal to the cost to deploy such a system?

Have you ever worked for a fortune 500 and deployed multi-million dollar systems? I have (three different fortune 500's). When an expensive system is deployed you don't look to make your money back in one year. It might take 5 years or 10 years to see the full potential. If the system lowers the amount of people "stealing" their way into the park without paying by 80%/year, and the system can stay in place for 20 years, that represents a huge return over the life of the system for Disney.

I'm going to put the price tag on a system like this to be well over six figures annually.

Six figures annually is a drop in the bucket for a large enterprise. You can be certain that Disney _had_ to justify this system some way to their share holders. If you are really curious, start googling for the answer. I would guess that it returns many different values to Disney. 1) it helps to dramatically reduce people getting into their park without paying (there are a lot of people in Florida you know, and like me, many purchase season or annual passes which save a family a _ton_ of cash). 2) Better tracking of their customers such as peak park times, how many people go to more than one park in a day, etc. Stats like that can help Disney offer better options to their customers such as the "Park Hopper" passes. 3) Many other benefits that only Disney employees could probably tell you since I am not employed by Disney.

Re:Missing the point

[AstroDrabb]

IANAL but for Disney to hold a customer to such terms I would think they would need to disclose the details at the time of sale especially since its different than I think the average person would expect the terms to be.

They do. I am looking at my annual pass right now and it states:

Nontransferable; must be used by the same person on any and all days

Disney is not responsible for misplaced, lost or stolen tickets

Parks or attractions may change operating hours; close temporarily due to refurbishing, capacity, inclement weather or special events; and may otherwise change or be discountinued without notice and without liability to the owners of the WALT DISNEY WORLD(R) Resort

Ticket and ID required for entry; Ticket, ID and handstamp required for re-entry

Not valid for special events requiring a separate admission charge or for any park commencing operations after May 1, 1998

It is agreed between owners of the WALT DISNEY WORLD(R) Resort and ticket users that all claims for injury or loss arising incident to presence on owners' property shall be litigated in Florida