Actual facts about how hotel keycards work, from K.Anderson [priv]

[Declan McCullagh <declan () well com>]

---

From: "Keith Anderson" <keith () purescience com>
To: "'Declan McCullagh'" <declan () well com>
Subject: RE: [Politech] John Gilmore's proposal: Test hotel card keys for 
personal info [priv]
Date: Fri, 31 Oct 2003 11:01:14 -0700
Organization: Anderson Research / BackFence Network



My company, under contract and nondisclosure, designed and implemented the
software behind many card-key security systems, including systems now used
by three major hotel chains.  In every case, by design requirement, the
cards are encoded at check-in with a very large, randomly generated code
that is associated on the main database with the guest record and the
room(s) to which they are assigned.  No information about the customer is
placed on the card.  The code on the card is only a component of the
information needed to open the door, and cannot be used to obtain customer
information even by the top-level employees.  At checkout, the code is
abandoned and becomes obsolete.  Each code may be used only for one guest
stay throughout the entire chain of hotels, and that code can never be used
again to open any door in any location.

>From a design standpoint, there is no reason to encode personal data on a
card like this.  Such data is useless to the purpose of the card-- the card
is simply a key that expires once the guest has checked out.  All of the
systems with which we have associated keep personal guest information in the
database.  This gives the hotel chain the benefit of not worrying about the
card when it's not under their control.  They never have to pay to re-key a
door, they don't worry if the guest forgets to return his or her key, and
cards cost pennies to replace.

There might be a few security systems out there that put personal
information on cards, but we have not run across one in the last 15 years,
and we've seen a lot of card-key security systems of all kinds.  I think
whoever was quoted in the previous message claiming that "name, room number
and length of stay" are found on the card are speaking of a very unique (and
frankly low-end) system, but more likely they are ignorantly guessing what
is really stored on the card.

People should be more concerned about how hotels protect, share and use the
guest data they accumulate.  In the systems we've worked on, guest-service
employees are only allowed access to basic guest data if their job requires
such access, but there are undoubtedly systems out there that allow any
employee access to any former guest's data, and this is not a problem
limited to hotels.

Keith Anderson
Anderson Research


_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)