--- To: cryptography@private, gnu@private cc: declan@private Subject: [Politech] Hoax debunked: Hotel card keys store sensitive personal info Date: Wed, 29 Oct 2003 23:21:33 -0800 From: John Gilmore <gnu@private> I think Declan missed the story here, by calling this an urban legend. We now have denials that "sensitive" personal information is stored in hotel card-keys. The question is what "non-sensitive" personal information is stored in them, and why. The stories referenced below quote one hotel chain that "only" your name, room number, arrival and departure dates are on their cards. Oh, and that there are other fields that might have contained home addresses and/or credit card numbers "in years past", but now clerks are instructed not to fill them in on the screen any more. Surely this factoid makes us feel much more comfortable. Hmm. If I rewrote a card with someone else's room number, or a later departure date, would the door open for me when it's supposed to lock? And what, if any, records are kept whenever you enter or exit your hotel room? E.g. is every coming and going recorded on a PC somewhere in the hotel? Or stored in flash memory in the door itself, and periodically dumped to somewhere? Can the hotel tell my key from my roommate's key? What happens to these records? Are any of them on the Internet? Can the police look at them without a warrant, the way they look over hotel checkin/out registers (and hotel-xeroxed copies of their guests's ID cards)? When, if ever, are they destroyed? Or are they kept forever for market research (e.g. "12% of hotel guests never left the room except to check out, and 37% of those guests phoned their home area code from the room")? If there's central validation of the cards, then there's no need to put anything but a random number on the card. The PC that decides whether to open the door would only need to know which card number had been issued to the current guest in that room, and whether that guest has already checked out. Putting names and dates on the card *is* a useless privacy leak, and would be particularly egregious if that info gets logged with each use. And putting room numbers (with or without departure dates) on the card means that someone who finds a card can easily know which door to try it in. This is particularly bad if you dropped the card somewhere, and your luggage is still in the room -- or if you yourself are in the room when your attacker returns and comes in using your lost card. The only supposed advantage FOR GUESTS of card-keys over ordinary keys is that lost keys don't lead the finder to your vulnerable room. (I am presuming that any "encryption" on these cards (mentioned in the web pages referenced below) is snake oil -- but that would be useful to verify as well.) Cypherpunks/cryptography-ers must visit a fair number of hotels over time; anybody got a good cheap source for USB barcode readers and free interface software? Do we have a volunteer to read a few hundred such cards from various people who'd stayed in various hotels? That would put the cat of facts among the pigeons of rumor and spin. John _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Fri Oct 31 2003 - 06:51:08 PST