Recently, your NSLF chief blogger visited Sesame Place in Langhorne, Pa. and discovered that hordes of unassuming visitors willfully submitted themselves to fingerprint scanning upon entry to the theme park. Luckily, yours truly did not purchase a season pass that requires giving-up my biometrics data to Big Bird and Co., but it was fascinating to see how many otherwise ‘private’ citizens did so without hesitation or questioning the legality and potential risks associated with the process.
A few short years ago, Disney theme parks became the first to utilize biometrics in the ticketing entrance process, says Janel Pisorchik, the director of business operations at accesso, a Florida-based company that specializes in electronic ticketing and eCommerce solutions for theme parks. He spoke with Chad Emerson, another curious blogger, about how biometrics became a ‘normal’ part of the theme park ticketing process.
Emerson: You were with Disney when biometrics – the use of fingerprint scanning and physiological data – became part of the ticketing process to authenticate the identity of pass holders. Tell us about that implementation.
Pisorchik: Disney was the first theme park to introduce Biometrics to the entrance process. The initial type of technology used was hand geometry. This was an effective deterrent to help decrease the number of tickets from being resold. However, from an operational perspective, explaining the enrollment & verification process to the guests entering the parks was a little challenging.
The team was tasked with finding new technology and then focusing on the entrance process. The key components were speed, accuracy and ergonomics of the unit. During one of the many biometrics related projects, I realized I am what is called a “goat.” I have one finger that does not have a clearly defined fingerprint due to a childhood injury. As you can imagine, I was leveraged for a variety of testing purposes.
It’s amazing to see the progress Disney has made in this field, now leveraging Biometrics for all ticketed media coming through the entrances. Walt Disney World is the largest single site Biometric installation in the world.
While Pisorchik cites the benefits of biometrics in the theme park ticketing process, especially with regards to ensuring those high-priced seasonal or weekly passes don’t get re-sold by patrons seeking to recoup some money for unused portions of their visits, he fails to address the privacy risks associated with biometrics gathering at Disney and other theme parks utilizing the technology.
Luckily, the defenders of privacy and digital freedom at the Electronic Frontier Foundation (EFF) have some useful information on their website for citizens who dare to question why Disney and other theme parks across the U.S. need permanent records of guests’ most vital biometric data versus verifying identities the old-fashioned way with driver’s licenses or passports.
“Biometric identification is often overkill for the task at hand. It is not necessary to identify a person (and to create a record of their presence at a certain place and time) if all you really want to know is whether they’re entitled to do something or be somewhere,” states an EFF fact sheet on biometrics. “When in a bar, customers use IDs to prove they’re old enough to drink, not to prove who they are, or to create a record of their presence.”
Theme parks only need to verify the pass holder’s identity matches that assigned to the pass. They do not need to create or record any data beyond that if making sure the pass has not been re-sold by the original purchaser is truly their goal.
While theme parks claim to be concerned about fraud and whatever ticket crimes they can cite as an excuse to demand pass holders submit to biometric data gathering, visitors to their establishments should be equally concerned about the threat to their personal and financial security posed by criminals and/or terrorists seeking to hack-in to and exploit biometrics databases.
“If you lose a credit card, you can cancel it and get a new one. If you lose a biometric, you’ve lost it for life,” the EFF warns. “Any biometric system must be built to the highest levels of data security, including transmission that prevents interception, storage that prevents theft, and system-wide architecture to prevent both intrusion and compromise by corrupt or deceitful agents within the organization.”
Essentially, when private citizens visit theme parks that utilize biometrics devices, they are asked to place an extraordinary amount of trust in these establishments to keep their most vital information secure from those who could destroy their lives with a click of a button. I did not see a single person at Sesame Place expressing such a concern or requesting to provide an alternate form of identification to avoid this potential nightmare scenario.
Once the visitors’ theme park passes have expired, it can only be assumed that their biometrics data remains contained in the establishments’ databases until they return again, just to make things ‘convenient’ for them, of course. Wake-up sheeple! You’re risking a potential lifetime of misery and hardship by allowing theme parks to store your most vital personal information on their so-called ‘secure’ servers that are just waiting to be hacked by criminals and/or terrorists seeking to exploit your identity for their illegal pursuits.
Imagine this scenario that you’ve probably seen play-out in an episode of ’24’ or espionage flick: A fingerprint scan is stolen from a computer file and magically transformed in to a silicone mold that’s placed on the fingertip of someone seeking to use it for whatever reason, most likely to gain entrance to a secure room or building. Let’s take it one step further and use that fingerprint mold to pull the trigger of a gun. That’s your fingerprint on a gun that’s indistinguishable to a judge and jury seeking to put you behind bars for a very long time, if not execute you.
The possibilities for legal citizens’ fingerprints to be exploited by criminals and/or terrorists is limitless. Do you trust theme parks and their ‘secure’ servers to protect your fingerprints and other biometric data from being stolen and exploited by some very bad people who want you to pay for their crimes?