Disney World Collecting Fingerprints

cvd6262 writes "Disney World is now requiring all visitors to have their index and middle fingers scanned to gain entrance to the park. This started for season pass holders, but is now required for everyone." From the article: "'I think it's a step in the wrong direction,' Civil Liberties Union spokesman George Crossley said. 'I think it is a step toward collection of personal information on people regardless of what Disney says.'"

Wrong.

Way to RTFA:

Disney officials said the finger scans do not take an actual fingerprint

It's a hand geometry scanner, not a finger print scanner, and they have been doing this for YEARS.

With that aside, WHO CARES. You cannot be uniquely identified by your hand geometry, it simply reduces the chance that you are using someone elses pass.

Re:Wrong.

[AstroDrabb]

I live in central Florida and have been getting annual passes for my family for a few years now. My wife and I always have to put our fingers in the little scanners, however our small children (3 and 1) obviously do not.

I personally do not see the device as a finger print scanner. The devices are just a little too crude looking (and don't take very long to do) to actually scan your finger print and compare that to a massive database of other prints in the 2 - 3 seconds it takes. I agree with the GP, they seem to just grab some non-unique hand geometry and compare that to the first record that was created the first time the ticket was used. The device seems only "good enough" to prevent me from giving my annual ticket to my friend so he can get a free day at one of the parks. I am sure that enough people tried my pass, one of them would have similar enough hand geometry to get in.

And one more time

[Sycraft-fu]

Seems like I go through this every time a biometric security thing comes up on /.

There are three fundimental ways to identify yourself for access:

Something you have.
Something you know.
Something you are.

Something you have would be a physical token that can't be copied, at least not easily. A smartcard would be a good example. Someone has to physically steal it from you to use it, and you are likely to notice it's absence and alert the proper people. However the problem is that it can be stolen, or lost and thus used.

Something you know would be a password or PIN code. It's an ID stored in your head. The advantage is you don't have to carry it around and can't lose it. The problem is if someone finds it out, they can use it without you ever knowing it's been compramised.

Something you are is of course a physical trait. The good thing is that can't be stolen or anything. Problem is what you are changes, and can't be measured precisely anyhow and thus can be spoofed.

Now, real security comes from using 2 or three of these. Since their problems are different, moving to more than one makes it much harder to compramise security. If all that is required to get on a system is a password, all an intruder needs to do is find out the password and they are in. If, however, it takes a password, smart card, and fingerprint they have to find out the password, steal the card, and obtain and make a fake finger, all before any of this is noticed and access can be revoked.

So, in the case of Disneyland, they are maoving from 1-factor (somthing you have) to 2 (something you have and something you are). Even if someone steals your card, they have to build a fake hand (it's checking hand geometry, not fingerprints) and use it unnoticed. However the real aim is to prevent peopel from shaing their cards. It's easy to give away a token, much harder to make a convincing fake hand and not get caught.

So biometrics are NOT worthless unless they are the only security. When used as an augmentation to one or both of the other methods of security they make it that much harder for someone unauthorized to gain access.

From out at the turnstiles...

Have to post anonymously, here... I've got a lot of first-hand knowledge of the Disney admission control (turnstile) system, including the biometric readers that are the subject of this article. I'm basically going to make one longer post instead of trying to respond to misinformation throughout the comments.

• You have a choice: use the biometrics or don't go to Walt Disney World. This is actually incorrect - you have a third option. Put your name on the pass and show valid identification. You never need to put your fingers in the reader.
• The actual device has a simple reflective bottom surface and there is no way the bottom of the device scans/reads your fingerprints at all. There is a "camera" in the top of the box which images your hand geometry. From above. (it takes several readings and averages them out, from what I'm told)
• The result of the scan is a basically one-way hash and can not be used to reconstruct your hand geometry. It is constructed such that similar hand geometries will result in a similar hash, but it's one-way. Compared to Disney taking a picture of you and storing that, I'd rather have this system.
• Accuracy - in my experience, you have about a 10% chance of false positive recognition, and about a 3% chance of false negative with the tolerances built-in. Particularly with more experienced users (like the Annual/Seasonal passholders were) With the older model of biometric readers, there was an LED array at the side of the device to help align the fingers. That has been removed, to make the system simpler for Guests, but probably to the detriment of consistent placement of fingers.
• How common is abuse?Back when the system was only used for annual/seasonal passholders, it was at least daily that I'd see someone present an annual pass, fail the biometric scan, and then be unable to produce any sort of identification - not a credit card, not a drivers' license, not a hotel key, piece of mail, anything. (Usually, this is despite clearly having a wallet in their pocket, or a carrying a purse). The passes clearly stated that ID is required for entry. Usually these people also had no clue how the biometric readers were to be used, even though they already had used the pass many times. These passes were confiscated (and usually mailed to the owner, with a warning letter, assuming it was the first misuse of the pass). The people who attempted to use them would then go purchase the admission media they should have. This is direct revenue, and clearly Disney's analysis indicates that it is worth it.
• Sales of used tickets - as cited elsewhere, it is illegal to resell partially used tickets in Florida. But perhaps more importantly are the number of people I've seen burned by less than reputable ticket brokers. As the admission media have not actually indicated usage for some time, it is quite impossible to purchase a ticket and be absolutely sure it has value. (Without first presenting it, in person, at a WDW Guest Relations window, or trying it in the turnstile). It could have all the days used up. It could be voided or have been reported as lost or stolen. It could have limitations on validity (certain parks/days) which are not obvious from the descriptive text. Or people just aren't told that their ticket doesn't allow Park-Hopping. I've seen many a police report filed by people who bought what they thought were valid tickets, only to find out they were not. What a way to start a vacation.
• Stolen park tickets are now much less valuable - with a significantly reduced chance of being able to use them to get into the park, the value of a stolen pass drops.
• As to the cost - I think the real cost is simply in increased staffing levels at the turnstiles. As you increase the transaction time (by adding biometric scans), you need a wider gate, or more turnstiles open at a given time. But it is probably dramatically fewer front-line cast memb