Disney’s RFID "Magic Band" arrives on the FCC

[AEfx]

Yet people use their computers and cell phones and have no worries? We are in the digital age where everyone goes online to shop, browse, research, pay bills,etc. Same with our phones. We have phone numbers, contacts, contact info. The phone companies know who we call, when we call, how much we call, who we text, and when and how often. Pictures over the phone? LOL they know about those too. Our credit card and bank companies know where we shop, what we buy, when we buy it. Our libraries know what we read. Our grocery stores know what we buy and how much we buy it. Your kids information is computerized at their schools.

The government has access to this information whenever they want it. And so do foreign governments and companies by now.

If anyone thinks that this information is not available you are joking yourself. Fifteen minutes and a techno thief has your entire life in their hands. What about your trash? A treasure trove of information.

And people are worried about Disney? Come on, get a grip.

It's so true.

It's like when people say, "I don't trust the internet, I won't pay my bills on it. I only write checks to pay my bills." It is far, far safer to do an electronic transaction than to mail a check, which goes through dozens of hands before it gets to the processor. And, the irony is - most places electronically submit checks these days anyway, so it's still going to be an electronic payment, you just decided to go the long way around, risk the postal service losing or mishandling it, and gave all your personal info to someone who opens your envelope and then feeds it into a scanner when you could have just paid the company directly yourself to begin with. And that paper check? It never gets sent to your bank anyway. You hope they destroy it - but you never know. Same with using your credit card - far safer online than handing it to a person at a counter somewhere.

That said, it's one of those things that people get all uppity about because they don't understand the risks they take all day every time they use their phone, computer, write a check, carry their wallet, etc. But suddenly Disney attaches something equivalent to your room key to a device and suddenly people are screaming and crying about privacy on an optional product that will only be for resort guests anyway.

But, you just can't convince some people...if Disney doing this bothers them in terms of personal privacy, they honestly could not comprehend how much they are pointing at one little twig in a huge forest of possibilities for much worse things to happen.

 

[TTA94]

Will be interesting to see if this is for APs or just resort guests.

 

[danlb_2000]

It's so true.

It's like when people say, "I don't trust the internet, I won't pay my bills on it. I only write checks to pay my bills." It is far, far safer to do an electronic transaction than to mail a check, which goes through dozens of hands before it gets to the processor. And, the irony is - most places electronically submit checks these days anyway, so it's still going to be an electronic payment, you just decided to go the long way around, risk the postal service losing or mishandling it, and gave all your personal info to someone who opens your envelope and then feeds it into a scanner when you could have just paid the company directly yourself to begin with. And that paper check? It never gets sent to your bank anyway. You hope they destroy it - but you never know. Same with using your credit card - far safer online than handing it to a person at a counter somewhere.

That said, it's one of those things that people get all uppity about because they don't understand the risks they take all day every time they use their phone, computer, write a check, carry their wallet, etc. But suddenly Disney attaches something equivalent to your room key to a device and suddenly people are screaming and crying about privacy on an optional product that will only be for resort guests anyway.

But, you just can't convince some people...if Disney doing this bothers them in terms of personal privacy, they honestly could not comprehend how much they are pointing at one little twig in a huge forest of possibilities for much worse things to happen.

Yeah, I agree with this. It's funny how a person will be affraid to use a credit card online but will hand it over to a waiter at a resturant without a second thought. I also find it funny that people will cry about companies invaliding thier privary, then turn around and post every details of thier life on Facebook.

 

[sshindel]

I've tried to read through most all of the very detailed and thought out posts on this forum and seen this touched on a little, and wanted to add my 2 cents.
Disney will not be using this technology to watch you and your every move throughout the park. They will be watching everyone at once. Any data that will be mined out of this system will never be brought down to the minute granularity of 1 person and their travels throughout the park. They will be viewed on aggregate. They will be aggregated together to look for trends. They will be used discover patterns and trends that may have never been noticed before, so that they can use these trends to
a) improve guest experience (repeat customers bring more $$$)
b) increase operational efficiency (reduce overhead and waste)
c) increase revenue (find spend patterns unnoticed previously)

The databases that must have been built here are going to be massive, and are going to be designed with 2 thoughts in mind. Store the transmitted information quickly and aggregate the data together in ways to allow analysis (likely 2 different databases right there). Your personal information will (nearly guaranteed) not be stored in the same database (and likely in a different database technology all together, potentially in a different physical location) than the data stored in this system. In terms of the data stored in this system, you will be a number, guest 1234567. Could someone trace down into the data and find who guest 1234567 is? Of course, if they have access to all of the systems required to get that information, which will be securely locked down and only given access to those functions that would require access to that personal information. Not knowing the absolute ins and outs of the Disney corporate IT systems, but having quite a bit of experience in large companies and their data, I can give a pretty good guess that the ability to match an ID code from the RFID tracking system and gather personal information about the guest would not be a simple task, and that is for people who operate within the same company. Hackers are very smart, and good at what they do, but likely in this case, all a hacker could get out of tapping into this system would be to find out that you've ridden the Teacups 35 times and have a soft spot for dining at The Friar's Nook.

Maybe it's the fact that my livelyhood depends on people wanting to slice-and-dice data that makes me as open to this technology as I am, but I'm not worried in the slightest bit about this.

 

[flynnibus]

I've tried to read through most all of the very detailed and thought out posts on this forum and seen this touched on a little, and wanted to add my 2 cents.
Disney will not be using this technology to watch you and your every move throughout the park. They will be watching everyone at once. Any data that will be mined out of this system will never be brought down to the minute granularity of 1 person and their travels throughout the park

I don't agree. Given a large part of this initiative (and past Disney efforts) are about PERSONALIZATION - I very much think they will analyze the individual, and not just drive analytic with anonymized info. Its far far far too valuable not to and also provides opportunities that the guests can actually see and appreciate. Disney has very little incentive to scrub the personalization out of the data they collect except security (and the related public relations risk). And even security can not be ultimately gauranteed, so the 'pros' will outweigh the cons.

The data can't be anonymized and give you the personalized interactive experiences or personalized entitlement features they are planning to do. You will at least have to have cross referencing - and that link is the inherent security risk that can be exploited or possibly leak itself through side channels. The bands themselves should never store sensitive data, but the backend will have inherent risks. Add on top of that Disney has wifi now plastered where people are free to walk around on their own.. it's a door in plain sight that will constantly be attacked. Imagine when they expand their wifi coverage in DTD.. and potential hackers will be free to try to penetrate the network at their leisure. Proxies, back to back agents.. everything to try to create air gaps in the network still carry risks as long as legit data is needed to traverse the link.

One design theory would be to split the data collection. While the same network may pickup a reference point, it may be saved differently to two separate systems that have different expectations of performance granularity. One system could be purely doing capture for crowd behavior/analytics... while a second system could be the personalized history of guests. Policy controls could help create some data security, but the applications are constantly going to be pushing for greater data access.

They will be viewed on aggregate. They will be aggregated together to look for trends. They will be used discover patterns and trends that may have never been noticed before, so that they can use these trends to
a) improve guest experience (repeat customers bring more $$$)
b) increase operational efficiency (reduce overhead and waste)
c) increase revenue (find spend patterns unnoticed previously)

While I have no doubt data will be used to fuel business analytic studies like you mention, that is only one aspect.. and Disney as fueled by food and merch as they are.. are not going to simply turn their back on the potential of increasing per guest spending.

The rest you mention is just regular best practices.. but even when one follows best practices, exploitation of the software or people can still violate security. I mean come on.. the most widespread risk of escalation of privledges is still possible if you follow the practice of separate roles with least privileges.

 

[njDizFan]

They already know how many people are in the park - so there is no need to monitor the park as a whole.. the turnstiles do that within reason. But they could improve upon the existing system by improving the count on people exiting using the RFID system. They would get better counts and know if a particular person is in the park or not.

What they would monitor is areas of interest. You only have to wire up as much as you are interested in. And since the bands have a radio transmitter, the range may be sufficient to not require a heavy overlay of monitoring stations.

Areas I could see them monitoring...
- seating areas in a QS restaurant
- parade viewing areas
- open performance areas
- congestion problem areas
- monitoring key performance corridors
- instantaneous capacity monitoring in key stores (would drive metrics like knowing how long people stay in a shop, watch how they move through a shop, get better metrics on how browsing leads to purchases or not, could see if a particular display actually lead to a purchase, etc)
- etc

As much as the bathroom joke gets thrown around.. its a good example of 'its not worth it'. Simple doorway clicks would be a better monitor of usage in simple places like that. But a shop, because there are so many performance metrics and variables they can tweak... that is an area that is very enticing to wire up so that behavior can be monitored and changes can be evaluated.

I agree, and these are actually good uses of the system. But to actually impliment this they would have to install the receivers around the park, and as of now I haven't heard of that happening.

 

[flynnibus]

I agree, and these are actually good uses of the system. But to actually impliment this they would have to install the receivers around the park, and as of now I haven't heard of that happening.

well I don't see this happening overnight... this is a toolset... a toolset that can be applied in many different ways. For scaling and reliability purposes Disney may only start with a handful of applications, and then add later as the system stabilizes, etc. This is about the future.. not a single day at release

 

[sshindel]

I don't agree. Given a large part of this initiative (and past Disney efforts) are about PERSONALIZATION - I very much think they will analyze the individual, and not just drive analytic with anonymized info. Its far far far too valuable not to and also provides opportunities that the guests can actually see and appreciate. Disney has very little incentive to scrub the personalization out of the data they collect except security (and the related public relations risk). And even security can not be ultimately gauranteed, so the 'pros' will outweigh the cons.

The data can't be anonymized and give you the personalized interactive experiences or personalized entitlement features they are planning to do. You will at least have to have cross referencing - and that link is the inherent security risk that can be exploited or possibly leak itself through side channels. The bands themselves should never store sensitive data, but the backend will have inherent risks. Add on top of that Disney has wifi now plastered where people are free to walk around on their own.. it's a door in plain sight that will constantly be attacked. Imagine when they expand their wifi coverage in DTD.. and potential hackers will be free to try to penetrate the network at their leisure. Proxies, back to back agents.. everything to try to create air gaps in the network still carry risks as long as legit data is needed to traverse the link.

But, from what we can tell, the personalization pieces that will be implemented here, at least what has so far been discussed, will be very limited. They will be storing preferences, tidbits of info. Guest 1234567 purchased the pirate package, has a nickname "Jimmy", etc. It wont be tied to your full name, address, social security number, etc. It will have no relation to who you are, but to the trigger event / response combination. Based on the level of personalization, likely each trigger event (say we are talking about the supposed Wanted posters that pop up with your name on it), will have an RFID key and a key to the one piece of personalized information that relates to this trigger event. It will need to be a very small and discreet set of information to read the bracelet, make the call, traverse a LARGE set of data, and pull back the one piece of information needed specifically to that event, and do so quickly enough to look as if it is done instantaneously.

These systems that store the personalized information will most likely be removed completely from systems that either store the rest of your personal information, or that aggregate the information for analytics. They will have to be in order to make the system perform in any matter of "real time" and seem transparent to the guest.

While I have no doubt data will be used to fuel business analytic studies like you mention, that is only one aspect.. and Disney as fueled by food and merch as they are.. are not going to simply turn their back on the potential of increasing per guest spending.

That was my point c) and I totally agree with you. This is all about money. Yes, it's about money in ensuring guests have a good enough trip that they return, and they tell their friends. It's also about maximizing the amount of money that the guests spend on the trip. Giving strong data to how much time people spend in restaurants and stores, what they look at, heck, they could even go to what they linger at and what they walk right by. But this wont be the detailed, personal information either, this will be on aggregate.
The personal things they could do would be all captured based on Point of Sale, which would be again, a different database all together. They could follow up the trip with emails saying "Hey, we see you like Vinylmation, here are some cool ones", but that would be based on past purchase trends.

I mean, if they really wanted to go crazy, I could envision someone saying "We see you rode Space Mountain 12 times, have you seen the cool Space Mountain T-shirts we have?", but a LOT would have to be in place for that. And again, even there, everything from the analytics down to the the point of actually preparing the info to send that mail/email would be done on a large population, not at an individual level. They would add that last piece of personalized information (name / email address) at the very last minute of send. Those kinds of targeted sends would be done and developed based on aggregated information, trying to focus on large trends, and would basically be mass mail sends just like any other mass mail analytics that are done today. They'd be done by merging info from multiple systems.

 

[flynnibus]

But, from what we can tell, the personalization pieces that will be implemented here, at least what has so far been discussed, will be very limited. They will be storing preferences, tidbits of info. Guest 1234567 purchased the pirate package, has a nickname "Jimmy", etc. It wont be tied to your full name, address, social security number, etc. It will have no relation to who you are, but to the trigger event / response combination.

Don't agree. That 'jimmy' nickname has to be entered at some point, and the easiest way is to populate that data from the reservation system. That means a link between those two. To establish that link means connectivity and permissions. To link those two mean keys that have a meaning shared between the systems. When they setup FP+.. that will come from a reservation system.. also linked to the larger reservation system. The net they are building now will not be an isolated island - it will be part of an integrated platform encompassing reserveration data, operational data, history, and billing. That's the integrated systems platform that will distinquish Disney and why they are attacking so many fronts with so much effort. It will be a nucleus that other parks will not be able to easily replicate.

Listen, I'm not saying the same DB holding your RFID will have all the data from the reservation database in it, but they will be linked and they will be able to make queries or at least batch jobs between them. That means connectivity, that means rights, and that means attack vector.

You keep hinting back at this need for separation due to performance.. that is solved by having caches and specialized offloading of tasks. Proper design segments where necessary to avoid exclusive locks and offloads longer queries/tasks to keep that data open. Add on top of that caching to further avoid locks, partitioning, etc.. and you can scale like crazy. This is big data, but it's not 'world exclusive' size of data.

That was my point c) and I totally agree with you. This is all about money. Yes, it's about money in ensuring guests have a good enough trip that they return, and they tell their friends. It's also about maximizing the amount of money that the guests spend on the trip. Giving strong data to how much time people spend in restaurants and stores, what they look at, heck, they could even go to what they linger at and what they walk right by. But this wont be the detailed, personal information either, this will be on aggregate.
The personal things they could do would be all captured based on Point of Sale, which would be again, a different database all together. They could follow up the trip with emails saying "Hey, we see you like Vinylmation, here are some cool ones", but that would be based on past purchase trends.

But again the risk is the interconnectivity and relations between what used to be isolated systems. And I do believe they will ultimately get to localization services and personalized advertising. I mean come on, if your local grocery store can do it, you know the 600lb gorrila is gonna try to do even more. And no, I don't think they'll be limited to batch processing overnight to send emails. Proximity, personal data, history, and a comm link are all going to be there... that's the value of having something like radio tags instead of just giving every customer a 'frequent flyer card'. It will be a path the company will try to exploit.

Imagine the company notices you've been standing in a part of the store for a long time.. knows your purchase history that you like to buy collectables... and sends you a one-time coupon in real-time to try to close the deal? Stuff like that is entirely possible, and in scale.

 

[righttrack]

This is an interesting intelligent queuing system. Still, baaa baaa, mooo, moo

 

[sshindel]

Don't agree. That 'jimmy' nickname has to be entered at some point, and the easiest way is to populate that data from the reservation system. That means a link between those two. To establish that link means connectivity and permissions. To link those two mean keys that have a meaning shared between the systems. When they setup FP+.. that will come from a reservation system.. also linked to the larger reservation system. The net they are building now will not be an isolated island - it will be part of an integrated platform encompassing reserveration data, operational data, history, and billing. That's the integrated systems platform that will distinquish Disney and why they are attacking so many fronts with so much effort. It will be a nucleus that other parks will not be able to easily replicate.

Listen, I'm not saying the same DB holding your RFID will have all the data from the reservation database in it, but they will be linked and they will be able to make queries or at least batch jobs between them. That means connectivity, that means rights, and that means attack vector.

You keep hinting back at this need for separation due to performance.. that is solved by having caches and specialized offloading of tasks. Proper design segments where necessary to avoid exclusive locks and offloads longer queries/tasks to keep that data open. Add on top of that caching to further avoid locks, partitioning, etc.. and you can scale like crazy. This is big data, but it's not 'world exclusive' size of data.



But again the risk is the interconnectivity and relations between what used to be isolated systems. And I do believe they will ultimately get to localization services and personalized advertising. I mean come on, if your local grocery store can do it, you know the 600lb gorrila is gonna try to do even more. And no, I don't think they'll be limited to batch processing overnight to send emails. Proximity, personal data, history, and a comm link are all going to be there... that's the value of having something like radio tags instead of just giving every customer a 'frequent flyer card'. It will be a path the company will try to exploit.

Imagine the company notices you've been standing in a part of the store for a long time.. knows your purchase history that you like to buy collectables... and sends you a one-time coupon in real-time to try to close the deal? Stuff like that is entirely possible, and in scale.

I don't mean to imply that the databases will be separated with no interaction, and I also don't mean to imply that these systems might not be vulnerable to security breach. Absolutly they will, and we all hope that Disney has taken the time and put the money into putting tight controls around the services / access points between systems in order to make this as secure as possible.

It's an interesting concept that you bring up, being able to trigger real time events based on analytics and location. Honestly, I like it quite a bit. I know I'll be spending my lunch hour thinking about how that would be implemented, the real time triggers that would need to be in place in order to make this happen. I'd think, based on my first reaction, due to the number of guests we're talking about, it would likely be a bit more simple system built. An event triggered by your entry into a store sends a text message / email to you that gives you a coupon based on your purchase history, if you have one. Or sends you a notice to remind you that your photo was taken at Splash Mountain, and you can purchase it for $$$. I'll be the first to admit that concept had not occurred to me.

 

[Monty]

@sshindel you're missing the conspiracy theorists' point... The logic and reason you bandy about has no bearing. If Disney can use the data for nefarious, evil purposes, they will. The concept that there's no value to the corporation to do so and a massive downside in negative publicity and crashing share prices when [not if] it inevitably leaks that they are is entirely unrelated to their "reality".

 

[danlb_2000]

@sshindel you're missing the conspiracy theorists' point... The logic and reason you bandy about has no bearing. If Disney can use the data for nefarious, evil purposes, they will. The concept that there's no value to to corporation to do so and a massive downside in negative publicity and crashing share prices when [not if] it inevitably leaks that they are is entirely unrelated to their "reality".

Exactly this! The "fear" of this sort of tracking is largely not based in reality. The general public often has a overblown negative reaction to the idea of that they are being tracked. This is one of the things that has held back a greater use of RFID in a lot of areas. Pretty much any time you see a new use for RFID pop up, you will see the privacy concerns come along with it. Check out the article I posted earlier about certain Texas schools using RFID badges to track the students while on campus.

I am not saying RFID can't be abused for nefarious purposes, like any technology it can be used for both good and bad.

 

[flynnibus]

I don't see Disney being evil with the data.. But it could lead to Disney being 'creepy' in a lot of ways.. But that is often in the eye of the beholder.

I for instance don't like employees who by having my name act like they are my best friend from 30 years ago just because they had my name. That is a balancing act that is different per person and not everyone masters.

The risk of evil isn't really by Disney, but other companies being able to exploit Disney and get at the personal and financial info you have entrusted Disney with. This type of integration and expanded access significantly increases the attack surface area of disney's systems.

 

[danlb_2000]

I don't see Disney being evil with the data.. But it could lead to Disney being 'creepy' in a lot of ways.. But that is often in the eye of the beholder.

I for instance don't like employees who by having my name act like they are my best friend from 30 years ago just because they had my name. That is a balancing act that is different per person and not everyone masters.

The risk of evil isn't really by Disney, but other companies being able to exploit Disney and get at the personal and financial info you have entrusted Disney with. This type of integration and expanded access significantly increases the attack surface area of disney's systems.

Your first sentence is the key, evil is in the eye of the beholder.

I agree that Disney isn't likely to do anything really evil with the data and I have no problem with this type of technology in the parks. My sentence about "nefarious purposes" was just to make the point that I don't, and other shouldn't, blindly accept this type of tracking technology anywhere it appears, it is definitely something that could be taken to far.

 

[Victor Kelly]

I think we will see a phased roll out for this band. Think of the possibilities. If the database recognizes your favorite rides, it can tell you in advance what the wait times are. And wait times will become extremely accurate. It would actually help you make decisions about where to go and what to do. Set reminders for things you want to do.

Lets say you have reservations at the Crystal palace, you are running late. The system sees this and instead of bumping you it drops you down the list. The system would see you coming and adjust things in advance making the CMs life way easier, people less frustrated, and the ability for Disney to adjust other attractions to take load off over crowded attractions.

I am looking for the positive. It won't be a utopia, but it might just make things easier.

 

[Gringrinngghost]

Anyone have any information on a roll-out?

 

[Disney IT Tracker]

I'm surprised that no one has added any information. There will be a press conference in early January announcing it to the world. The rollout of phase one will be complete by the end of February. And you all really need to read the Magic Band specifications that have been posted on the FCC website. Each Magic Band will have three seperate methods of communication. Two will be passive being UHF and UF. The other one however will transmit via a small battery built into the band. I noticed several postings that people doubted that Disney would install the infastructure to have readers all over the parks. I hate to break it to you but the entire infastructure has already been laid. The final component will be the actual installation of the different readers across property. By the end of February every turnstyle, room lock, fastpass dispenser and photo pass reader will be removed for the new RF enabled devices. Additionally, you will see the installation of new tap to pay devices at every Disney controlled register (Matra terminal) accross property, as well as RF Fast Pass (+) readers at every attraction entrance. Beyond that you will also see new check in readers at character interactions, QSR restaurants, Scheduled Shows and performances as well as reserved seating.

Quite frankly you can choose to believe or not. But the change is happening. RF locks and Touch to Pay readers are active in all Deluxe properties as well as the new Value resort. Portals which will replace turnstiles have been installed in small sections at each of the four park entrances. Disney has invested over a billion dollars in this technology. It will be live in a short time.

 

[Alektronic]

I'm surprised that no one has added any information. There will be a press conference in early January announcing it to the world. The rollout of phase one will be complete by the end of February. And you all really need to read the Magic Band specifications that have been posted on the FCC website. Each Magic Band will have three seperate methods of communication. Two will be passive being UHF and UF. The other one however will transmit via a small battery built into the band. I noticed several postings that people doubted that Disney would install the infastructure to have readers all over the parks. I hate to break it to you but the entire infastructure has already been laid. The final component will be the actual installation of the different readers across property. By the end of February every turnstyle, room lock, fastpass dispenser and photo pass reader will be removed for the new RF enabled devices. Additionally, you will see the installation of new tap to pay devices at every Disney controlled register (Matra terminal) accross property, as well as RF Fast Pass (+) readers at every attraction entrance. Beyond that you will also see new check in readers at character interactions, QSR restaurants, Scheduled Shows and performances as well as reserved seating.

Quite frankly you can choose to believe or not. But the change is happening. RF locks and Touch to Pay readers are active in all Deluxe properties as well as the new Value resort. Portals which will replace turnstiles have been installed in small sections at each of the four park entrances. Disney has invested over a billion dollars in this technology. It will be live in a short time.

Because it was supposed to be a big secret. All the salaried and management people who went to the training was to supposed keep everything a secret and wasn't supposed to tell any hourly workers because they will be all trained in January.

 

[G00fyDad]

I'm surprised that no one has added any information. There will be a press conference in early January announcing it to the world. The rollout of phase one will be complete by the end of February. And you all really need to read the Magic Band specifications that have been posted on the FCC website. Each Magic Band will have three seperate methods of communication. Two will be passive being UHF and UF. The other one however will transmit via a small battery built into the band. I noticed several postings that people doubted that Disney would install the infastructure to have readers all over the parks. I hate to break it to you but the entire infastructure has already been laid. The final component will be the actual installation of the different readers across property. By the end of February every turnstyle, room lock, fastpass dispenser and photo pass reader will be removed for the new RF enabled devices. Additionally, you will see the installation of new tap to pay devices at every Disney controlled register (Matra terminal) accross property, as well as RF Fast Pass (+) readers at every attraction entrance. Beyond that you will also see new check in readers at character interactions, QSR restaurants, Scheduled Shows and performances as well as reserved seating.

Quite frankly you can choose to believe or not. But the change is happening. RF locks and Touch to Pay readers are active in all Deluxe properties as well as the new Value resort. Portals which will replace turnstiles have been installed in small sections at each of the four park entrances. Disney has invested over a billion dollars in this technology. It will be live in a short time.

Thank you for compiling all of the information on everything that has already been discussed.