--- From: "Keith Anderson" <keith@private> To: "'Declan McCullagh'" <declan@private> Subject: RE: [Politech] John Gilmore's proposal: Test hotel card keys for personal info [priv] Date: Fri, 31 Oct 2003 11:01:14 -0700 Organization: Anderson Research / BackFence Network My company, under contract and nondisclosure, designed and implemented the software behind many card-key security systems, including systems now used by three major hotel chains. In every case, by design requirement, the cards are encoded at check-in with a very large, randomly generated code that is associated on the main database with the guest record and the room(s) to which they are assigned. No information about the customer is placed on the card. The code on the card is only a component of the information needed to open the door, and cannot be used to obtain customer information even by the top-level employees. At checkout, the code is abandoned and becomes obsolete. Each code may be used only for one guest stay throughout the entire chain of hotels, and that code can never be used again to open any door in any location. >From a design standpoint, there is no reason to encode personal data on a card like this. Such data is useless to the purpose of the card-- the card is simply a key that expires once the guest has checked out. All of the systems with which we have associated keep personal guest information in the database. This gives the hotel chain the benefit of not worrying about the card when it's not under their control. They never have to pay to re-key a door, they don't worry if the guest forgets to return his or her key, and cards cost pennies to replace. There might be a few security systems out there that put personal information on cards, but we have not run across one in the last 15 years, and we've seen a lot of card-key security systems of all kinds. I think whoever was quoted in the previous message claiming that "name, room number and length of stay" are found on the card are speaking of a very unique (and frankly low-end) system, but more likely they are ignorantly guessing what is really stored on the card. People should be more concerned about how hotels protect, share and use the guest data they accumulate. In the systems we've worked on, guest-service employees are only allowed access to basic guest data if their job requires such access, but there are undoubtedly systems out there that allow any employee access to any former guest's data, and this is not a problem limited to hotels. Keith Anderson Anderson Research _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Fri Oct 31 2003 - 13:33:59 PST