[Politech] John Gilmore's proposal: Test hotel card keys for personal info [priv]

From: Declan McCullagh (declan@private)
Date: Fri Oct 31 2003 - 06:21:30 PST

  • Next message: Declan McCullagh: "[Politech] Clinton Fein on DOJ, CDA, and Annoy.com [fs]"

    To: cryptography@private, gnu@private
    cc: declan@private
    Subject: [Politech] Hoax debunked: Hotel card keys store sensitive personal
    Date: Wed, 29 Oct 2003 23:21:33 -0800
    From: John Gilmore <gnu@private>
    I think Declan missed the story here, by calling this an urban legend.
    We now have denials that "sensitive" personal information is stored in
    hotel card-keys.  The question is what "non-sensitive" personal
    information is stored in them, and why.  The stories referenced below
    quote one hotel chain that "only" your name, room number, arrival and
    departure dates are on their cards.  Oh, and that there are other
    fields that might have contained home addresses and/or credit card
    numbers "in years past", but now clerks are instructed not to fill
    them in on the screen any more.  Surely this factoid makes us feel
    much more comfortable.
    Hmm.  If I rewrote a card with someone else's room number, or a later
    departure date, would the door open for me when it's supposed to lock?
    And what, if any, records are kept whenever you enter or exit your
    hotel room?  E.g. is every coming and going recorded on a PC somewhere
    in the hotel?  Or stored in flash memory in the door itself, and
    periodically dumped to somewhere?  Can the hotel tell my key from my
    roommate's key?  What happens to these records?  Are any of them on
    the Internet?  Can the police look at them without a warrant, the way
    they look over hotel checkin/out registers (and hotel-xeroxed copies
    of their guests's ID cards)?  When, if ever, are they destroyed?  Or
    are they kept forever for market research (e.g. "12% of hotel guests
    never left the room except to check out, and 37% of those guests
    phoned their home area code from the room")?
    If there's central validation of the cards, then there's no need to
    put anything but a random number on the card.  The PC that decides
    whether to open the door would only need to know which card number had
    been issued to the current guest in that room, and whether that guest
    has already checked out.  Putting names and dates on the card *is* a
    useless privacy leak, and would be particularly egregious if that info
    gets logged with each use.  And putting room numbers (with or without
    departure dates) on the card means that someone who finds a card can
    easily know which door to try it in.  This is particularly bad if you
    dropped the card somewhere, and your luggage is still in the room --
    or if you yourself are in the room when your attacker returns
    and comes in using your lost card.  The only supposed advantage
    FOR GUESTS of card-keys over ordinary keys is that lost keys don't
    lead the finder to your vulnerable room.
    (I am presuming that any "encryption" on these cards (mentioned in the
    web pages referenced below) is snake oil -- but that would be useful
    to verify as well.)
    Cypherpunks/cryptography-ers must visit a fair number of hotels over time;
    anybody got a good cheap source for USB barcode readers and free
    interface software?  Do we have a volunteer to read a few hundred such
    cards from various people who'd stayed in various hotels?  That would
    put the cat of facts among the pigeons of rumor and spin.
    Politech mailing list
    Archived at http://www.politechbot.com/
    Moderated by Declan McCullagh (http://www.mccullagh.org/)

    This archive was generated by hypermail 2b30 : Fri Oct 31 2003 - 06:51:08 PST