Recent Posts

November 28, 2009

Please don't add me to your creepy database?


Mr. A and I have a houseguest from Boston staying with us for the Thanksgiving weekend. The short version of how I met her: Craigslist. The medium version: One of us needed something translated in order to contact a long lost grandma in a distant country and turned to cyberspace for help, and the other did the translating. The long version: Well, come over, plop into an armchair, pick your poison and I'll tell you all about it.

Since she's young and wowable and in love with all living creatures, we took her to Sea World today. (Also, Mr. A has never been, and the last time I went was around 1990.) I had a spectacular time, crowned by the discovery that otters are my new favorite animals. How adorable are they? Seriously!!

Before this day o' maritime bliss, however, something creepy transpired.

Every park goer waiting to pass through the turnstile at the entrance was being instructed by a smiling employee to place his or her hand inside a small plastic machine for one second. They all did it, then passed through. I didn't think much of it -- figured it was a stamp or maybe the ticket processor or something -- until I got closer and read the instructions: "Place fingertip on pad for scan." (Not an exact quote. Should have photographed it, but I was too busy being appalled.)

Sea World, it turns out, is collecting the fingerprints of all their visitors. That must be millions of most intimate records, tied to ticket barcodes (who cares), but also, for anyone who purchased a ticket, credit card and/or address info. What Sea World is doing with that material, how long and how securely it is being stored, is something only Sea World knows.

I told Mr. A what the machine was for, and he agreed: Creeporama.

Our turn.

"Please scan your ticket here, then place your finger on the glass." Smile.

"Here's my ticket, but I don't want to be scanned," Mr. A said, handing over his ticket.

"It's for your fingerprint." Smile.

"We are not comfortable with that," I said.

"You need to put your finger there so you can get in. It's to make sure you don't use your ticket twice." Smile drooping...

"I'm sorry, but I'm not okay with that. Is that necessary, or is there an alternative?" I asked. "You can look at my ID, or call over a manager so we can work this out. Sorry if I seem paranoid, but I have no idea what you're doing with that information and there's no reason for me to trust Sea World's employees."

(Maybe it was an overreaction. What could they do with my print, really? It's an admittedly abstract threat, and infantescimal chance of it materializing at that. Yet the idea gets me. And ideas matter. A print here, a scan there, and eventually you stop being vigilant and "they" know everything, Sea World didn't ask -- they instructed, and assumed compliance. Perhaps that's what bothers me most.)

"We're not going to do anything with it! It's just for Sea World's database!" she stammered. (And there you go. Their database? That was her exact word. I'm not making this up!!! I wish I were.)

Mr. A spoke up again.

"Do you have a congressional electronic non-disclosure form? You are required to present it to anybody who is required to provide a fingerprint."

She looked incredibly pained. Who were these idiots? It's just a fingerprint! Meanwhile, the line was getting longer and I got one glare (that I noticed). Just think -- hundreds or thousands of people passing through her creepy turnstile... did no one else care? were we the first to speak up or give her attitude?

"I don't understand what your problem is," she sighed. "I'm just trying to make sure that you don't give your pass to someone else."

"That's perfectly reasonable. I'm happy to help you make sure that doesn't happen. Would you like to write my name or driver's license number on it?" I offered.

"Ok, that's fine. Then can I please see your IDs"? She wrote our names on our passes and let us go.

Inside, I turned to Mr. A and gave him a victory hug. "Congressional electronic non-disclosure form? Where did you pull that out from? I had no idea about that!"

"I made it up," he confessed.

Don't worry, Mr. A, no one ever has to know... ;)

UPDATE: I had to find out what was up with that policy. Here are a few angles, if you want to take a look.

"How stupid":
http://www.stupidsecurity.com/comments.pl?sid=349&cid=876

"Who owns your fingerprint"?
http://laslo-blog.blogspot.com/2008/03/who-owns-your-fingerprint.html

Some background on themeparks and biometric record keeping:
http://epic.org/privacy/themepark/

I haven't found any sites defending this specific practice, but I also haven't looked very hard. Here's an alternate view about fingerprints in general:

http://thinkprogress.org/2008/04/16/chertoff-fingerprints/

[image via Fine Art America.]
blog comments powered by Disqus