I appreciate the security concerns of MSG, but I don't see how we can make an informed decision without knowing its false positive and false negative rates, and what happens on false positives. Then obviously there is the question of where they are acquiring the facial data from, and with whom they share it.
Also, haven't casinos done this for years to keep out banned gamblers?
The critical difference here is that this is done with the consumer's knowledge and consent (as another user noted, you can opt out) - thankfully, we do not yet have the technology to fingerprint someone without them knowing.
To me, the idea that my image and personal details, along with a history of payments and locations, might be stored in any public corporation's database without my awareness is terrifying - especially considering there's nothing preventing the sale or transfer of such data, and the security (or lack thereof) of many companies. While I'm undoubtedly in the minority here, I would be surprised if many people are unconcerned about unaccountable, silent large-scale surveillance by corporate entities.
I live in one of the largest cities in Canada, which doesn't compare at all to New York. I've never been through an intensive security protocol (haven't even been to Disneyland, and our airport is just a matter of a simple metal detector) and this prospect doesn't really bother me. I would like to know about it when it's being done, but otherwise I believe that any data obtained from my person is ultimately inconsequential to the way I live my life.
Correct me if I'm wrong, but it seems the most anyone can do with such data at the moment is ad profiling, and I don't pay attention to ads. I don't really buy things. I am in control of my own actions, and to know that somebody has information on me doesn't change that. The goal is to be as authentic as possible. Is there a reason to care?
You're wrong. We already see systems in the wild that gather this data to make financial decisions regarding you (whether or not to extend credit, etc), to track you (particularly useful in litigation), to perform open-source investigations of you without your knowledge, to make decisions regarding your eligibility for various services and insurance, to determine your access to information, etc.
Regulation of companies that collect personal information already exists, and already exists for well defined reasons.
Since you're Canadian, feel free to look up PIPEDA and your local provincial equivalents. Largely, the substantive portions of the legislation are directly lifted from the following OECD report: http://www.oecd.org/internet/ieconomy/oecdguidelinesonthepro...
In particular, look at Part Two, which is the basis for the overarching privacy framework in Canada: http://laws-lois.justice.gc.ca/eng/acts/P-8.6/page-11.html#h...
- that you are mistaken for someone who committed a crime and have to deal with the bureaucracy that ensues. See for example false positives on the no-fly list. https://en.wikipedia.org/wiki/No_Fly_List#False_positives
- that you commit a crime without even knowing it and end up paying for it at the whim of the government. http://www.telegraph.co.uk/news/uknews/law-and-order/3044794...
More generally, I’d like to point you to this piece addressing the “nothing to hide” mentality:
Edit: that piece is paywalled. Here’s Glenn Greenwald on the topic:
Cory Doctorow has also written extensively about privacy.
Wow, I hadn't heard about this and was genuinely surprised it's actually a thing. Fortunately, apparently it's opt-out:
> Are all guests required to use Ticket Tag?
> If you don't want to use Ticket Tag, you can simply carry and show a photo ID that matches the name identified with your ticket.
I suspect this was inevitable given Disney's obsession with removing friction. It seems like they at least take the implications fairly seriously, which is nice to see.
Yeah, I would say it's this 100%. Disney wants people to leave their wallets at their hotel. The RFID band they give you can be used for everything from entering your hotel room to getting into the park and your rides (including Fastpass) to even paying for things if you link a credit card.
Obviously, it's easy to take the band off and give it to someone else, so they needed some other way to check if you're the person who originally used the ticket. Hashes based on fingerprints are unique enough to be the replacement to traditional IDs.
What you want to do with fingerprints is compare them to fingerprints found. Hashes let you do that. THAT's what we want to prevent from happening in order to have privacy.
It's basically to stop reselling/re-using multi-day, annual passes, etc.
I also don't think 3 years will pass until their whole fingerprint database will be hacked (in a way we'd find out about, it may have already been hacked).
It just seems like both a terrible as well as a completely unnecessary idea.
“In order to use Ticket Tag, you simply place your finger on a reader. The system, which utilizes the technology of biometrics, takes an image of your finger, converts the image into a unique numerical value and immediately discards the image. The numerical value is recalled when you use Ticket Tag with the same ticket to re-enter or visit another Park. Ticket Tag does not store fingerprints.”
That's SO reassuring.
So nothing prevents them from taking the packages of their fries stand, get fingerprint images from them, figure out who it is, and send you an offer for 50% off the weight loss holiday package ?
What exactly does privacy for fingerprints imply, except that people are not able to do exactly that ? And I don't mean that they won't. Privacy means they CAN'T. Not even if the next Disney CEO is Vladimir Putin.
This is what gets me about most arguments around privacy maximal-ism the end result especially for a company like Disney is ridiculously circuitous and could be easily achieved with much lower costs. Why in the world would they go through all that trouble when everyone is either on camera or paying with credit card/the Disney wristband.
Sure, it may be hypothetically possible. But is it realistically going to happen? Of course not.
BigInt x = 0;
for (int r=0;r<pic.w;r++)
for (int c=0;c<pic.h;c++)
x = (x*265)+pic.pixel(r,c);
Perfect for storing a quantity of high resolution “unique numbers” which you might need to recall at some point, when you want to match them up with other oddly similar (but not precisely equal) high resolution unique numbers.
I hear that you can convert images to “unique numbers” using a technique known as “lossless compression” but that stuff’s all way above my pay grade.
In my opinion, the problem is not that folks are giving up fingerprints or that fingerprints is used for low security authentication. We all leave fingerprints every time we touch something. So the problem is trying to use fingerprints for high level security or assuming fingerprints are a secret
Right now it only does human detection, but facial recognition is possible as my time allows me to implement it.
Unfortunately this is likely to require legislation, so we won’t see the problem addressed (at least in the USA) until it has become nearly irreversibly oppressive.
tl;dr: I got fired by the system against my manager's will.
Must have been a really stressful experience.
Every one understood that I actually wasn't fired, but they had never encountered this situation before. So they chose to follow the protocol.
This was my wake up call. There is no such thing as a secure job.
Apparently, you can get better info.
> "We've learned the age demographic is more diverse than we thought it would be," Hutchins said. "We're seeing a very balanced male-female [ratio], we're seeing a very balanced adult-young adult [ratio], and we're seeing a bigger crowd than they told us we would see."
> It's not mapping your face as much as just pulling metadata and data points around the structure of the face.
Heh, "metadata and data points." It's depressing to read the same bafflegab over and over.
"None were arrested because the crowd was so large and because the number of matches exceeded the police's expectations.
'We thought we were ready to use it, but getting through the crowd and the architecture of the stadium proved overwhelming,' Detective Todd said."
> A Sept. 20  concert at Tokyo Dome by popular band Babymetal featured facial recognition systems at some of the gates. The system required guests to pre-register a photo of themselves, which the system used to confirm that the concertgoer was indeed the original purchaser of the ticket.
(Facebook link as the original source appears to be down) https://www.facebook.com/babymetalnewswire/posts/80628173280...
the original purchaser of the ticket
So this would actually help stop scalping quite a bit (or at least make it a lot more expensive). The potential scalper needs to organise a huge mass of people to buy tickets, many of whom will not get them. Then they need to organise meetings for the purchasers of the scalped tickets with the people bought the tickets. It's not impossible, but it's going to make it much more difficult.
I had a friend who used to go to many concerts and I wondered how she managed it. She met people at the concerts who were essentially crowd sourcing tickets. They would coordinate which concerts they wanted to go to and each of them would try to get tickets. Then they would meet at the concert and hand them all out. I think this is pretty common, so it under cuts the scalpers.