Hacker News new | comments | ask | show | jobs | submit login
Madison Square Garden Has Used Face-Scanning Technology on Customers (nytimes.com)
119 points by hvo 10 months ago | hide | past | web | favorite | 55 comments

I think people who find this concerning are very likely in the minorty. Folks are pretty willing to give up their fingerprint for access to Disney parks.

I appreciate the security concerns of MSG, but I don't see how we can make an informed decision without knowing its false positive and false negative rates, and what happens on false positives. Then obviously there is the question of where they are acquiring the facial data from, and with whom they share it.

Also, haven't casinos done this for years to keep out banned gamblers?

> Folks are pretty willing to give up their fingerprint for access to Disney parks.

The critical difference here is that this is done with the consumer's knowledge and consent (as another user noted, you can opt out) - thankfully, we do not yet have the technology to fingerprint someone without them knowing.

To me, the idea that my image and personal details, along with a history of payments and locations, might be stored in any public corporation's database without my awareness is terrifying - especially considering there's nothing preventing the sale or transfer of such data, and the security (or lack thereof) of many companies. While I'm undoubtedly in the minority here, I would be surprised if many people are unconcerned about unaccountable, silent large-scale surveillance by corporate entities.

What are you worried about, exactly? If there is some other reason besides that this data has the potential to be sold, I would like to know so I can be worried too.

I live in one of the largest cities in Canada, which doesn't compare at all to New York. I've never been through an intensive security protocol (haven't even been to Disneyland, and our airport is just a matter of a simple metal detector) and this prospect doesn't really bother me. I would like to know about it when it's being done, but otherwise I believe that any data obtained from my person is ultimately inconsequential to the way I live my life.

Correct me if I'm wrong, but it seems the most anyone can do with such data at the moment is ad profiling, and I don't pay attention to ads. I don't really buy things. I am in control of my own actions, and to know that somebody has information on me doesn't change that. The goal is to be as authentic as possible. Is there a reason to care?

>Correct me if I'm wrong, but it seems the most anyone can do with such data at the moment is ad profiling

You're wrong. We already see systems in the wild that gather this data to make financial decisions regarding you (whether or not to extend credit, etc), to track you (particularly useful in litigation), to perform open-source investigations of you without your knowledge, to make decisions regarding your eligibility for various services and insurance, to determine your access to information, etc.

Regulation of companies that collect personal information already exists, and already exists for well defined reasons.

Since you're Canadian, feel free to look up PIPEDA and your local provincial equivalents. Largely, the substantive portions of the legislation are directly lifted from the following OECD report: http://www.oecd.org/internet/ieconomy/oecdguidelinesonthepro...

In particular, look at Part Two, which is the basis for the overarching privacy framework in Canada: http://laws-lois.justice.gc.ca/eng/acts/P-8.6/page-11.html#h...

Yes, privacy matters. Have you ever seen the movie Brazil? Some reasons you ought be concerned:

- that you are mistaken for someone who committed a crime and have to deal with the bureaucracy that ensues. See for example false positives on the no-fly list. https://en.wikipedia.org/wiki/No_Fly_List#False_positives

- that you commit a crime without even knowing it and end up paying for it at the whim of the government. http://www.telegraph.co.uk/news/uknews/law-and-order/3044794...

More generally, I’d like to point you to this piece addressing the “nothing to hide” mentality:


Edit: that piece is paywalled. Here’s Glenn Greenwald on the topic:


Cory Doctorow has also written extensively about privacy.

> Folks are pretty willing to give up their fingerprint for access to Disney parks.

Wow, I hadn't heard about this and was genuinely surprised it's actually a thing. Fortunately, apparently it's opt-out:

> Are all guests required to use Ticket Tag?

> If you don't want to use Ticket Tag, you can simply carry and show a photo ID that matches the name identified with your ticket.

From their Privacy Policy: https://disneyworld.disney.go.com/en_CA/faq/my-disney-experi...

They also quite explicitly state it does not store the actual fingerprint, which might be (is? logic follows) notable. It 'converts to a numerical value' instead. That can't just be hashing (how do you check that when validating later? images won't be exact) but instead would be some form of parsing to a subset of data which is 'unique enough' for their purposes. Their purpose is something like identification across current visitors with statistical significance, preventing ticket sharing. I'd expect that that has the side effect of the data NOT being unique enough for other purposes where the ticket isn't present.

I suspect this was inevitable given Disney's obsession with removing friction. It seems like they at least take the implications fairly seriously, which is nice to see.

> I suspect this was inevitable given Disney's obsession with removing friction.

Yeah, I would say it's this 100%. Disney wants people to leave their wallets at their hotel. The RFID band they give you can be used for everything from entering your hotel room to getting into the park and your rides (including Fastpass) to even paying for things if you link a credit card.

Obviously, it's easy to take the band off and give it to someone else, so they needed some other way to check if you're the person who originally used the ticket. Hashes based on fingerprints are unique enough to be the replacement to traditional IDs.

Which is about as reassuring as saying "we don't store your criminal record, just the bytes that make it up".

What you want to do with fingerprints is compare them to fingerprints found. Hashes let you do that. THAT's what we want to prevent from happening in order to have privacy.

Disney is one of the few companies I'd sorta-kinda trust with this sort of thing, given their extraordinary attention to detail and laser focus on long-term customer happiness with everything park-related and the attention to data security that would also imply.

But that's not who you're trusting. The issue now is that any "business record" is available to be requested by law enforcement without a warrant. The case law around third party doctrine is a huge friction point in establishing corporate trust.

It's useful to remember the words of the prescient Privacy Protection Study Commission, from 1977: "The real danger is the gradual erosion of individual liberties through the automation, integration, and interconnection of many small, separate recordkeeping systems, each of which alone may seem innocuous, even benevolent, and wholly justifiable."

They require a photo ID to visit their parks? This immediately would drop them from the places I wish to visit.

Not if you give them your fingerprint instead! :)

It's basically to stop reselling/re-using multi-day, annual passes, etc.

I was surprised to learn Disney is doing this, too. It almost seems like a "Get their biometrics while they're young" type of indoctrination program.

I also don't think 3 years will pass until their whole fingerprint database will be hacked (in a way we'd find out about, it may have already been hacked).

It just seems like both a terrible as well as a completely unnecessary idea.

Please spend the time to read the link before spreading FUD.

“In order to use Ticket Tag, you simply place your finger on a reader. The system, which utilizes the technology of biometrics, takes an image of your finger, converts the image into a unique numerical value and immediately discards the image. The numerical value is recalled when you use Ticket Tag with the same ticket to re-enter or visit another Park. Ticket Tag does not store fingerprints.”

Unless it fails. Then the teenager operating it needs to call over a manager, who looks up your previous park entrances on an iPad to make sure it is the same person. So, they've got your fingerprint and video of your face.

(Personal experience)

So they store it in a way that they can compare any fingerprint they find/take an image of to your fingerprint ...

That's SO reassuring.

So nothing prevents them from taking the packages of their fries stand, get fingerprint images from them, figure out who it is, and send you an offer for 50% off the weight loss holiday package ?

What exactly does privacy for fingerprints imply, except that people are not able to do exactly that ? And I don't mean that they won't. Privacy means they CAN'T. Not even if the next Disney CEO is Vladimir Putin.

> So nothing prevents them from taking the packages of their fries stand, get fingerprint images from them, figure out who it is, and send you an offer for 50% off the weight loss holiday package ?

This is what gets me about most arguments around privacy maximal-ism the end result especially for a company like Disney is ridiculously circuitous and could be easily achieved with much lower costs. Why in the world would they go through all that trouble when everyone is either on camera or paying with credit card/the Disney wristband.

You could commit any number of criminal acts in a more efficient manner, it does not make them any less criminal.

But it does mean that the less efficient manner will never be done, which was the parent comment's entire point.

Sure, it may be hypothetically possible. But is it realistically going to happen? Of course not.

   BigInt picToNumber(pic){
     BigInt x = 0;
     for (int r=0;r<pic.w;r++)
       for (int c=0;c<pic.h;c++)
         x = (x*265)+pic.pixel(r,c);

     return x;
Yup...converts to number.. Unless they specify HOW, that means nothing. Anything is a number to a computer.

Yeah, one terabyte is simply an absolutely gigantic octal value, with a trillion place settings.

Perfect for storing a quantity of high resolution “unique numbers” which you might need to recall at some point, when you want to match them up with other oddly similar (but not precisely equal) high resolution unique numbers.

I hear that you can convert images to “unique numbers” using a technique known as “lossless compression” but that stuff’s all way above my pay grade.

So it's okay to have a fingerprint reader as long as you claim to do something to the effect of hashing the fingerprint?

That makes an outstanding difference, thank you for emphasizing that.

>Folks are pretty willing to give up their fingerprint for access to Disney parks

In my opinion, the problem is not that folks are giving up fingerprints or that fingerprints is used for low security authentication. We all leave fingerprints every time we touch something. So the problem is trying to use fingerprints for high level security or assuming fingerprints are a secret

These services are also quite successful among bars to alert them to "problem customers". Very fast growing market, unfortunately.

I cobbled together a very rudimentary system for doing this in my driveway to spot people who check for unlocked cars to steal from.

Right now it only does human detection, but facial recognition is possible as my time allows me to implement it.

There needs to be a way for false positive victims of AI or otherwise automated decision-making to appeal/challenge the decision and have an actual human review. Otherwise the future will be full of dystopian “Sorry, you cannot (or must) do XYZ because the computer said so!”

Unfortunately this is likely to require legislation, so we won’t see the problem addressed (at least in the USA) until it has become nearly irreversibly oppressive.

In 2017, I was fired by the system. I told my manager and she tried to get me reinstated. Instead she received an email to call security to make sure I don't take any company's property. I was escorted out. It took 3 weeks without pay to get me reinstated. Somehow this is the funniest thing that ever happened to me.

tl;dr: I got fired by the system against my manager's will.

Somehow it doesn't feel funny to me. What was the reason anyway?

Must have been a really stressful experience.

The previous manager was laid off, and he never renewed my employment contract in the system. So I had to watch each of my privileges being revoked one by one. My parking access at first, the elevator next, the stairs, jira, my email, then my computer login. When i attempted to log in too many times, security was notified.

Every one understood that I actually wasn't fired, but they had never encountered this situation before. So they chose to follow the protocol.

This was my wake up call. There is no such thing as a secure job.

Sorry- you had stair privileges? How does that work?

Access to the stairs and each floor requires scanning your badge. That access had be revoked

I'd ask what kind of place was that you were working in, but I fear I don't have access to the answer :0

For all the "yeah, but didn't so and so do it already?" responses...why does that make it okay, again?

As someone who works in the industry, using face recognition at sporting events is not new at all. Although admittedly algorithms are a lot better now.

The spokes-droids will clearly just continue to spout meaningless nonsense like this: "MSG continues to test and explore the use of new technologies to ensure we’re employing the most effective security procedures to provide a safe and wonderful experience for our guests." Can you offer any insight into what exactly is meant by "person is considered a problem" and "sometimes used for marketing and promotions." Does that mean "sold to law enforcement and ad targeting companies," or is it a bit less bad?

I would imagine that the at system at MSG is similar to Ingenuity Sun Media's system that's been deployed across NASCAR[0]. (The NYT article doesn't identify the vendor, but how many are there?) ISM's system specifically looks at the number of people in the crowd and how many are looking at the screen. Additionally, it tries to identify demographics in the crowd. Which makes sense, because this is meant for mass advertising. Although, I wonder how much more accurate you're going to get with some geewiz face scanner, than traditional demographic information sources. (Lots of middle aged white men at NASCAR? You don't say!)

Update: Apparently, you can get better info.

> "We've learned the age demographic is more diverse than we thought it would be," Hutchins said. "We're seeing a very balanced male-female [ratio], we're seeing a very balanced adult-young adult [ratio], and we're seeing a bigger crowd than they told us we would see."[1]

[0] https://jalopnik.com/the-video-boards-at-nascar-races-are-sc...

[1] http://www.espn.com/racing/nascar/story/_/id/20990688/nascar...

It's a bit surprising to see that there's enough money in scanning people's faces at car races to develop that kind of "ingenuity." The fact that people went to the track and stared at a motor oil ad for 2.5 seconds hardly seems worth much, especially if they're "anonymous." Also, from the second article:

> It's not mapping your face as much as just pulling metadata and data points around the structure of the face.

Heh, "metadata and data points." It's depressing to read the same bafflegab over and over.

Yeah, pulling points off my face isn’t metadata. It’s data. Hell, all metadata is data.

They have watch lists of people banned from the stadium.It has been used years ago for hooligans in European soccer stadiums. Demographic info like age and gender can be used. Checking if season seat holders are actually there is something I hadn't heard of, though with the high value of scalped tickets for the Rangers and Knicks, it isn't surprising.

2001 Superbowl (pre 9/11) crowd scanned for "possible terrorists" and "identified 19 people thought to be wanted on outstanding warrants for misdemeanors."


I'm really impressed you had this reference in mind. Did that event personally impact you or did you read it contemporaneously?

"None were arrested because the crowd was so large and because the number of matches exceeded the police's expectations.

'We thought we were ready to use it, but getting through the crowd and the architecture of the stadium proved overwhelming,' Detective Todd said."

They've been doing this at casinos for quite a while to track cheats and decide who to comp.

Do they have a whitelist for the owners?

I don't believe this to be particularly new/unique, e.g.:

> A Sept. 20 [2016] concert at Tokyo Dome by popular band Babymetal featured facial recognition systems at some of the gates. The system required guests to pre-register a photo of themselves, which the system used to confirm that the concertgoer was indeed the original purchaser of the ticket.

(Facebook link as the original source appears to be down) https://www.facebook.com/babymetalnewswire/posts/80628173280...

  the original purchaser of the ticket
Given that the biggest scalping operation in history uses their ultimate clients' own credit cards to finalize the purchases, this would prevent only small scale, casual scalping.

I don't know about BabyMetal, but in Japan the concert ticket buying experience is often pretty different. In order to get tickets, you have to join the fan club. You are then eligible to enter a lottery for tickets. Often you can only buy a few tickets (not sure how many, but less than the number of fingers on your hand).

So this would actually help stop scalping quite a bit (or at least make it a lot more expensive). The potential scalper needs to organise a huge mass of people to buy tickets, many of whom will not get them. Then they need to organise meetings for the purchasers of the scalped tickets with the people bought the tickets. It's not impossible, but it's going to make it much more difficult.

I had a friend who used to go to many concerts and I wondered how she managed it. She met people at the concerts who were essentially crowd sourcing tickets. They would coordinate which concerts they wanted to go to and each of them would try to get tickets. Then they would meet at the concert and hand them all out. I think this is pretty common, so it under cuts the scalpers.

I guess this is a sarcastic reference to TicketMaster? If it is, you are probably unaware of how real scalping looks like - I've seen tickets with face value of $140 go for $1,000 - they would still be around $160 or so on TicketMaster.

Unique and creepy or invasive are two different things.

They do it at most NASCAR races, too. Not only that, but the company that does it bought and renamed one of the tracks!

hrm... I wonder how vast their facial database is. I know gov't has my driver's license and passport photos, but they're pretty crummy quality.


Like some vegans I know, you make a good point, poorly.

The op is flagged, but that is a great line and I am co-opting it.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact