more on Not a requirement - Disney World requiring fingerprint biometrics of all visitors (fwd)

["David J. Farber" <dave () farber net>]

===== Forwarded message from Lee Tien <tien () well com> =====

\From: Lee Tien <tien () well com>
To: David Farber <dave () farber net>
Subject: Re: [IP] more on Not a requirement - Disney World requiring fingerprint biometrics of all visitors
Date: Sun, 17 Jul 2005 21:07:19 -0700

Is it clear that Disney World is actually taking fingerprints?  It's 
my understanding that Disney World has been using finger geometry 
scanners for 6 or 7 years.  If I recall correctly, finger geometry is 
much less distinctive than fingerprints (my recollection is that 
something like 1 in 1000 people have the same hand geometry; I don't 
know the ratio for finger geometry).  So it would seem less dangerous 
to privacy than fingerprinting.

E.g., the National Academies study "Who Goes There" noted:

     * Disney World also uses a system that is designed to prevent a 
single-entry pass from being used by multiple users. Disney World 
issues each passholder a card at the time the pass is purchased. The 
name of the passholder is not recorded on the card, and, in fact, the 
card can be transferred freely from user to user until the first time 
it is used. At the time of first use, information about the 
passholder's finger geometry (not related to the passholder's 
fingerprint) is linked to the card. Any time after the first use of 
the pass, the person presenting the pass must authenticate ownership 
of the pass using a finger geometry verification check (by holding 
his or her hand up to a measuring device). If the check fails, the 
person presenting the pass is denied access to the park.

Finger geometry is not distinctive enough to identify the passholder 
uniquely; therefore, verifying finger geometry does not provide 
sufficient certainty for accountability (see below). However, finger 
geometry varies sufficiently from person to person so that a randomly 
selected individual who is not the passholder is not likely to match 
the finger geometry linked to the card. Therefore, this system works 
well enough to prevent multiple users from using the same pass in 
most cases-an acceptable level of risk, given what the system is 
protecting. This system uses a loose form of biometric authentication 
to protect against fraud (here defined as multiple users) without 
collecting information that identifies the legitimate owner of the 
pass.

"One unique application is at Walt Disney World® in Florida, where 
200,000 annual pass holders are enrolled in a finger geometry 
recognition system." 
http://financialservices.house.gov/banking/52098jd.htm (Statement of 
Jeffrey Dunn, Chairman, Biometric Consortium) [both as of May 1998]


I'd like to point out, however, that whether any such decision is a 
"good business decision" includes more factors than Bill Rogers 
mentions:  at the very least, it's important to ask whether there are 
less intrusive ways of fighting fraud.

It would also be interesting to know how Disney World assesses finger 
geometry as a fraud prevention measure, if I'm correct that this is 
not new.

Lee

-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/