I needed some good news today!
The Illinois Supreme Court on Friday ruled a family's lawsuit that claims downmarket-Disneyland Six Flags broke the US state's Biometric Privacy Act can proceed. The decision reverses an earlier appellate court ruling that threw out the legal action on the basis the plaintiffs did not allege any specific harm. The supreme …
I've scanned the docs linked, at it appears the park's crime was neglecting to get consent and not providing info on how the fingerprint would be handled. So going forward, companies will need to perform that much more paperwork to be in compliance, but only in the State of Illinois.
How about they just have some text that says anyone, by the act of providing a fingerprint, is thereby consenting. Then they can just add their policy boilerplate text and they're done. Or, won't that be enough? Will anyone underage have to be excluded from programs that use fingerprinting for securely identifying someone? Is fingerprinting itself a bad idea, and if it is, what can be done instead? Photos? Won't there be people who object to that too?
This all seems to be opening a can of worms that didn't really need opening.
For the life of me, I can't imagine why an amusement park needs your fingerprints or facial recognition unless it some sort of ticketing thing which like many other places, one price and you can ride as many rides as you want... food and souvenirs are extra of course. It's not like they don't have security cams and employees everywhere. So what do really need this for?????
Some such parks will require extra ID when a person presents a season pass. I've never read the T&C for such a pass, but its safe to say they have a clause that prevents sharing the pass with friends, nobody goes to an amusement park every day, or even every weekend, all season long, so there's temptation to go in with a buddy and alternate weekends or something, and split the cost. The park can claim they then lose money due to the high usage rate of the pass.. Since many visitors are underage for a driver's license or other state-issued ID, they needed something everyone has with them, regardless of age. The choices are fingerprints or facial recognition, and privacy advocates will (rightly) protest either.
Is there a solution? They could eliminate the unlimited season pass, I suppose, and instead just push the multi-visit passes with, say, 20, 30, 40 visits per season, they really have no reason to care if people share those, though they probably will still prohibit it. just because they can.
@ The IT Ghost
Maybe the term season pass is antiquated in this day and age of PROFIT, call it a membership and you get all the lock-in you can cram into your membership agreement.
I disagree with your view on season pass usage, and companies loosing their ass. They can claim all they want... The sun is green the sky is orange, but if it wasn't an extremely lucrative model they wouldn't touch it even with the "losses" attributed to pass sharing.
"Since many visitors are underage for a driver's license or other state-issued ID, they needed something everyone has with them, regardless of age. The choices are fingerprints or facial recognition, and privacy advocates will (rightly) protest either."
How about going all retro and using a signature - like we did before photo's, fingerprint recognition, chip & pin etc. etc.. It meets the requirements in that the pass holds the data not the company and the passholder can irrevocably destroy the data (signature) when the pass expires.
Just a thought.
"The choices are fingerprints or facial recognition, and privacy advocates will (rightly) protest either."
Err, what? They can do facial recognition without privacy concerns quite easily. It's been done on ID cards for longer than even computers have been processing such data.
Here's how it works - the pass has the holder's photo, the human uses "facial recognition" to check the holder matches the photo on the season pass.
It's been a few years but when my son and I had season passes to area amusement parks, one of which was a Six Flags location, the pass included a somewhat grainy B&W photo of the person for whom the card was issued. At entry, said pass was scanned by the Mark I eyeball of a teenager manning the gate. Within the context of amusement park entry, there is NO good reason for ID confirmation more complex or intrusive than this. Just because you CAN use shiny tech to achieve a thing doesn't always mean you SHOULD.
Not just season passes. Most overseas visitors to Florida** will have a two week pass for Disney or Universal as it's around the same cost as 3-4 days of entry. So the park owners use biometrics to avoid sharing the passes as you're clearly not going to be mad enough to go every day, especially when there's a rocket base up the road. I do recall it's also linked to a photo at first time of entry as it gives them a method for manual validation when the fingerprint thing goes Bzzzt. No idea what they do with all this data at the end of your stay (other than maybe to see how well they monitized you with the wristband thingy) but the Homeland mob have it all anyway for overseas visitors.
** sizeable percentage of guests.
"We fear that today’s decision will open the floodgates for future litigation at the expense of Illinois’ commercial health."
Look at Marshall, Texas. This is patent troll "territory". Marshal is a town "built" by patent troll.
I'm just sayin': This is the US of A and, law degree or not, anyone can get rich (quick).
"Or, businesses in Illinois will be trusted more as they subject to higher regulatory standards regarding people's biometric data."
Only if they follow the law. Making determined attempts not to are counter-productive. The fetish of acquiring as much data as possible seems to override mere self-interest.
The fingerprint was so the season passes can't be shared by his friends, which seems like a reasonable precaution. I guess Six Flags needs to make it clear that if you buy a season pass you'll have to submit your fingerprint, because that's how they can tell it is the buyer using it, and not someone else. If they refuse that, then presumably there are other alternatives like a 10 visit pass or something which would have no reason for a fingerprint.
The other gotcha is what are they doing with the information. If they treated it like Apple does fingerprints for Touch ID, where it generates what amounts to a 'hash' of your fingerprint, so it can compare A to B to see if they match, but would be unable to produce a copy of your fingerprint for e.g. law enforcement, then people would probably feel more secure about it. Most likely their system works the same way, if so they need to make that clear. One gotcha is they'd have to keep that info in their system, to allow for entry at multiple entrances and maybe multiple parks, while Apple keeps it in one phone, so it is inherently less secure. It isn't clear what the risk of that would be, since you can't reconstruct the actual fingerprint from that data, but the type who will sue over this would not find that reassuring.
"If they treated it like Apple does fingerprints for Touch ID, where it generates what amounts to a 'hash' of your fingerprint, so it can compare A to B to see if they match, but would be unable to produce a copy of your fingerprint"
That's how 99% of all fingerprint scanners work (and is a big part of why it's easy to spoof them). To do otherwise rapidly becomes prohibitively expensive. So I would be very surprised if this one worked any other way.
A photo on the season pass will be far simpler, six flags don't need to keep a copy and to use it you need to have a matching face. They do have people at the park entry gates don't they.
I could provide a disaster movie plot involving bioweapons and 20,000 people touching the same device if that would help change the park owners minds. (don't worry, the dog survives)
> A photo on the season pass will be far simpler
Indeed. A photo is how all the other places handle similar cases, and they haven't gone out of business. I mean, how many cheating identical twins do you need to feel the financial impact?
But it's always cool to go for the extremes. I'm pretty sure they would use genetic fingerprinting if they had a way to do it fast & quickly at the gates... This nonsense needs to be nipped in the bud.
The fingerprint is probably so you can go through a special automated entrance without having to wait in line with the rest of the plebs, as another benefit for season pass holders. If you use a photo, someone has to squint at the person holding the pass to see if they match the picture.
But then they have your photo, which is private biometric data and right there on the pass is proof they saved that data. And how do they apply it to prevent cheating? Have an actual human earn minimum wage looking at each pass and comparing it to a face? That costs money! Facial recognition camera to compare the person at the entry gate with the photo on the pass? Again, biometric data, though this time they could claim (and not be believed) they didn't save the data.
And there is the ticklish problem if getting the photo on the pass. The parks want to sell them online so they staff fewer ticket offices, as that's an expense. A probable virtual pass that someone brings up on their phone (even airlines have gotten that far with boarding passes). You can trust someone to paste their own selfie on it...but a clever person will find a way to overlay any photo on it. Say person A buys the pass, and goes into the park with A's photo on the pass. B then alters it with B's photo, and goes to the park later. If the park detects the photo change, they admit they're...wait for it...storing biometric data, since they still had A's photo stored to compare to the one on the pass.
Photos are simpler, but don't get around the "biometric" hurdle.
Photos are simpler and can get round the biometric hurdle. If, for example, they asked you to bring a passport-sized photo of yourself when you buy the pass, which they laminate to the pass, that's absolutely clean. Your photo, your pass. They don't have a copy.
Take it a stage further, they provide an instant photo booth so you can get the photo. Again fine, so long as they don't keep a copy (and they don't need to anyway).
The technology to take your photo and print it on a pass card has existed for decades, and I've even had theme park season passes that used just such a process. There is no need for them to save your photo, just take it, print it and delete it.
They already have people checking you when you enter the park anyway to keep out evil contraband like a bottle of water, so having them look at your face and pass while they do that isn't going to slow things down.
"But then they have your photo, which is private biometric data and right there on the pass is proof they saved that data."
As you say, "right there on the pass". The pass which is under the control of the customer not the vendor. The pass which the customer can destroy when it expires.
> A photo on the season pass will be far simpler
exactly. how were season passes done 20 yrs ago?
nostalgia’s not always a good thing, but is zero need for this kind of police state behavior from corporations who will then guard your private data as fiercely as a horny teenager guards his virginity.
'If they treated it like Apple does fingerprints for Touch ID, where it generates what amounts to a 'hash' of your fingerprint, so it can compare A to B to see if they match, but would be unable to produce a copy of your fingerprint for e.g. law enforcement'
Sure, they (probably) don't store the image of the fingerprint, but if the Laws come along with a warrant for both your database *and* your hashing algorithm, which they then merrily apply to their database of stored fingerprints and compare the hashes, what's the difference?
The hash of the fingerprint might not be 'evidenciary', but, like the Laws trawlage of the hokey Ancestry DNA databases, running their fingerprint image databases through all known commercially used fingerprint reader hashing algorithms and then slurping in as many large databases containing these hashes as they can (I'm thinking in particular about the number of schools who use these devices) and doing the comparisons would help them narrow down their pool of suspects for further investigation..
One for the lawyers to fight over further I suppose, is a 'hash' of PII/personal data still legally the same as PII/personal data ?
If the park licenses the fingerprint technology from someone else, as is probably the case, it would be a very high bar for a court to get the algorithm. Even if they can, a "match" is unlikely to hold up in court, given that there are published ways to defeat these types of fingerprint scanners. They have an error rate of something like 1 in 50,000 - and that's in perfect conditions, I'm sure a defense attorney would eat an argument based on that for lunch so I doubt a prosecutor would attempt it.
I'm with you on this, 10 years ago my children were the only ones in school (of 1500) not allowed to use the library because I wouldn't let them be finger printed. As you say, you only have to run an unknown print through the same algorithm and then compare it to your database, As to your last point, IANAL, but I would say the hash is your personal data, after all it's used to identify you.
My two were also the only ones not allowed into their UK Junior School library.
I explained why the school shouldn't need a 5 year old's finger prints to the school, the Local Education Authority and my Member of Parliament, who all said that I was wilfully damaging my children's education i.e. not answering anything about the privacy issues.
My wife went into school for a "parents meeting" (these used to be "parents evenings" so working people could attend!) and when presented with the threat of the children being excluded from school, (as they were not participating in parts of the curriculum) and despite knowing my objections, told the teacher it was OK to take the fingerprints. My household was not a happy place for a few weeks!
My MP is now Brexit Minister, so on past experience I would say that GDPR will soon be out of the window :-(
Don't panic yet Dave, Brexit ministers seem to have a short shelf life, I doubt Barclay (Current minister) will last the year.
Threats of exclusion being used to coerce parents into acquiescence is disgusting (illegal?) and the replies you received (LEA & MP) sound like a boiler plate fob off.
I'm guessing that the schools position is “we're taking fingerprints unless you object” so it is quite possible there's a fair number of parents who signed the 'library slip' that junior brought home one day without actually reading it. How you can progress this depends on how far you're willing to push.
Written question (to their parliament address1) to Rt. Hon. Damian Hinds (Sec. State Education) & Rt. Hon. Stephen Barclay (Sec. State Exiting EU) asking if they consider refusing to have children fingerprinted at school is an acceptable reason for threatened exclusion from education.
Solicitors letter to LEA demanding your childs right to access statutory education & the legal justification stating that it is necessary and proportional to require the fingerprinting of children to use a library. (GDPR)
Boilerplate non-answers can be forwarded to the press which might enjoy asking a non Br**it question).
1$MPname$ House of Commons, SW1A 0AA.
"It isn't clear what the risk of that would be, since you can't reconstruct the actual fingerprint from that data, but the type who will sue over this would not find that reassuring."
The obvious risk is that the hash can be passed or sold on. It then becomes identifying information if the recipient acquires, surreptitiously or otherwise, a fingerprint.
My chain gym recognizes my fingerprint which any twin brother I don't know about to have a $40 a month membership of his own. More importantly, it avoids a log jam at the entryway if someone's DNA or retina scan test goes amok or someone can't find their billfold in their Walmart-sized handbag.
My Epic Ski pass has more to lose, so they have my photograph for my season pass. At the lift, they scan my RFID and their equipment shows a picture of my face. Off to tumble down a large hill.
Arguably, the only reason to invest in going all the way for a 14 year old is you want to either destroy 6flag's season pass business or you intend to raise a terrorist. I see no reason for six-flags to answer an FBI subpoena when the FBI already has access to this kid's passport application.
Fingerprints are not genetically determined. 'Identical' twins don't have the same fingerprint any more often than two people from completely unrelated families do (which is to say, it is more common than script writers, law enforcement and floggers of tech-woo would like to pretend, but being a twin is irrelevant).
Sadly companies can make money on personal data and probably can make more than the cost of a season ticket over time including after the season ticket expires so they want this data because it is guaranteed money whether a person uses the season ticket or not !
Biometric data is the future and governments know this and so do businesses, sadly there is only a few percentage of people who want to protect their biometric data and so the ignorant sheep will lead the rest of us up shit creek whether we wan to go there or not unless we can educate them. What annoys me most is there still seems to me only a small percentage of IT people that understand this which is amazing since you would have thought that their logical thinking and understanding of computer data would help them see the downside in the future !
I personally dont trust any entity with my Biometric data and I dont use facial or fingerprint to unlock my phone, yes the UK Gov has my Photo for my passport because I had no choice if i want to travel and sadly this is how they catch us all, slowly, slowly cookie froggie and eventually they will get us all. Drivers license and Passports and they will try and catch young people in some way like this instance of Theme park season tickets but eventually it will be at birth blood for DNA and fingerprint and footprints, i am not sure when iris scans would be taken. But it does look a bleak future for everyone in western society when your identity is up for grabs by anyone !
This is why we need legislation such as GDPR and this Illinois Act. If selling on data or holding it in excess of immediate functional needs becomes toxic eventually companies will stop doing it. Some will work it out for themselves when the legislation is passed or when first challenged. Some will learn by seeing the mistakes of others. Some will learn the hard way. Six Flags should be applauded for selflessly volunteering to be held up as an example from which others can learn.
So I would love to see how the head of SixFlags reacted if I entered his house without damaging anything, had a wander round before leaving. Do you think he would go, oh there was no damage so I won't bother shooting the guy?
The law is the law, if you break it you should be prosecuted. As for some of the comments about people should not be preventing SixFlags from protecting their season ticket practice, that is a red herring. At issue here is not that SixFlags finger printed the kid, it is that they provided no information about a)why it was done or b) what they planned to do with the data. They can continue to fingerprint so long as they communicate to individuals or their parents what the purpose of the fingerprinting is, and the details of what they plan to do to make sure that the data is secure (you know put in place appropriate technical and organisational measures to protect the data, delete if no later than x months after it has been collected, etc.)
The industry body's position is that their members should not be penalised for breaking the law, that is a stupid argument, they should be saying to their members make sure you comply with the law and you can collect the data you need for your business.
Imagine applying this ridiculous 'logic' to other violations of people's rights. What if rape victims had to demonstrate what 'actual harm' they had suffered as a consequence of being raped in order for the rapist to be prosecuted.
Having your rights violated is harm in itself.
Went to the mouse show in California. They took my picture, and refused to allow me entry unless they could do so. I asked what their intentions were and was told in broken English "No picture, no entry, period". I marched my now unhappy butt over to the Customer Service counter at the Happiest Place on Earth (tm). They gave me the explanation that in case I lost my 5-day pass they could verify it was me and replace it. A reasonable answer.
Frankly I am glad to see this in the news. Our privacy has been blatantly run over for far too long and it is high time big corporations got yanked in to line.
Meanwhile, Todd Maisch, president and CEO of the pro-business Illinois Chamber of Commerce, issued a statement of concern: "We fear that today’s decision will open the floodgates for future litigation at the expense of Illinois’ commercial health."
Yer Goddam right it will, Toddy-boy. Guess you'll have to advise your fatass businesses to follow the fucking law (for a change), and ask if they can plunder their
customers' products' privacy in their never ending glut for profits at any and all costs.
I would have thought that the commercial health of the State of Illinois would not be particularly imperilled by companies knowing that, if you want to use fingerprints on a season pass to an amusement park, then you will have to get a parent's or guardian's consent before selling such a pass to a minor. It's not hard to follow the law, and that's what laws are there for. To be obeyed.
That companies ought to be able to plea "Oh, gee, we forgot" in order for a state to be business-friendly is, on the face of it, a preposterous claim that should receive the ridicule it deserves.
Unfortunately, whatever Illinois does, it looks like instead most other states are taking the complaints of some corporations about this very seriously indeed.
Biting the hand that feeds IT © 1998–2019