All of a sudden last week, based on some first-hand reports, there was reason to suspect that the Disney MagicBands do, after all, contain the capability to be read at a distance. The assumption until now was that Disney would only be able to track its visitors when they took the step of placing their MagicBands (MB) within millimeters of the readers to pay for purchases or join the FASTPASS+ line, and that customers were therefore in charge of deciding when Disney would know where they were. But if Disney can read MagicBands from a distance, they will be able to track users much more closely, and without their knowledge or minute-by-minute consent. Visitors may feel their privacy is at its lowest ebb when on a Disney World vacation.

fastpass+ 2013-11-23-2179

There are several online reports in the past week or so of people returning from a Disney World vacation and discovering that in their online MyDisneyExperience account (the front end of the MyMagic+ system), there are not only those PhotoPass pictures they took when they scanned their bands, but also photos of them while on the rides — Space Mountain, Splash Mountain, Expedition Everest, and so on. This was at first perplexing for them, since they never “swiped” their MBs at the rides. Given the belief that Disney needed to swipe a band to know you were there, it didn’t seem possible for Disney to connect the right pictures to the right people. And yet there they were.

The implication is that the bands CAN be read at a distance, without needing the customer to hold it less than an inch from the reader. That seems counter-intuitive. If the bands are capable of that all along, why bother having them need to touch the scanners directly for FASTPASS+ and for room charges? One answer: it seems more prudent to require actual contact (touching) to pay for things, to avoid fraud and accidental payments.

When the news broke a few years ago that Disney World was moving to a system involving RFID chips, there was a lot of speculation about privacy. Many of those who fretted the most about being tracked were pooh-poohed as the “tinfoil hat” types, sensing conspiracies when none were present. RFID-capable keycards and annual pass cards – sized and shaped just like credit cards – did not seem to present any opportunity for Disney to track users unless they actively swiped their cards. The RFID chip was just too passive; it couldn’t transmit. The debate about privacy then seemed to just die out many months ago, as if the matter were decided: Disney could only track you if you swiped.

Guess what? The MagicBands (which I reviewed positively last week) *do* have batteries in them. Disney has recently said the MBs should last 1-2 years and mentioned the battery as one reason for the shelf life. Johnathen Hopkins, one of the podcasters from WDWFanBoys, cut open his MB to find out what was inside, and the battery was easy to find.

IMG_2108

There are many different types of RFID setups and the “read range” varies due to several factors (how large are the antennas, what frequency they are using, how much power is in the reader, is there a battery with the RFID chip, etc). It looks like current hotel keycards and annual pass cards use a more passive RFID chip with no battery, but MagicBands include a battery and thus could be read from further distances.

Confusingly, the plot thickens still more. Let’s dig a little deeper, as Mama Odie might say. Disney’s 2012 letter to the FCC (and other related documents here) specifies that the device, though it contains a battery, uses *PASSIVE* RFID, not active, and that at first glance might seem to limit the distance at which it can be read. But the science isn’t as linear as that (where passive=short distance, active=long). There are innovations in chip design and reader-power architecture that can still read from far distances of even a couple hundred feet. Based on similar devices, it looks like the MagicBand might be readable from 10 meters away, despite being passive. We know Disney is using a battery-assisted 2.4Gz RFID tag, and there exists a similar one on the market that can be read from 30 feet away.

There is even a technical explanation for the fact that MagicBands seem to work in two ways: up close for purchases and FASTPASS+, but long distances for ride photos and to-be-unveiled interactivity on attractions. Namely, the MagicBand FCC specs point out that it has two antennae–presumably, HF (short range) RFID for the restaurant, stores, and FP+ scanners; and UHF (longer range) RFID for the MyMagic enhancements on the rides.

The clues seem to be stacking up. Disney has a battery-operated RFID tag that matches those on the market which CAN be read from long distances, we’ve got first-hand reports by some travelers that on-ride photos are being added to their accounts, and we know of many spots in rides where videoscreens await their first power-up to offer customized greetings to tourists wearing MagicBands. It looks like long-distance RFID scanners are in the cards from these arguments alone.

fastpass+ 2013-09-08-9225

To make absolutely certain, we could turn to Disney’s own privacy policy on Magic Bands, which states (in part):

The MagicBands can also be read by long-range readers placed in select locations throughout the Resort used to deliver personalized experiences and photos, as well as provide information that helps us improve the overall experience in our parks. Guests can participate in MyMagic+ and visit the Resort without using the MagicBand by choosing a card, which cannot be detected by the long-range readers; however, certain features of MyMagic+ are dependent upon long-range readers, including automatic delivery of certain attraction photos and some personalized offerings are only available to guests using a MagicBand.

Well, there’s no doubt left now. I wonder if that explanation of long-range readers was there months ago, when this topic was more hotly debated online. I’m guessing it’s a more recent addition. In any event, we’ve got our answer: Disney is installing long-range readers, at least on the rides.

I’ve got no information about Disney’s intent with these readers. Maybe they are just there to enable convenient connections to your account, like the example of Space Mountain pictures appearing in your online account after your vacation even though you didn’t seek them out. Or maybe Disney wants to install more readers throughout the park. From a technology point of view, there is no reason Disney couldn’t build a sophisticated “war room” with a giant digital map of the Magic Kingdom, and show people by name moving through the park in real-time. Think of it as the Marauder’s Map from Harry Potter… except this would be real, not fiction.

Now, Disney might not want to engage in that much tracking, especially if coupled to individuals and their names. It would probably be bad for business if the public knew. But the salient point is that the technology exists to do that, and the MagicBands make it possible. So the customer is essentially trusting Disney NOT to do it.

What Disney probably wants is to harness the power of Big Data. If they track people by patterns and amalgamation (rather than bothering with what individuals are up to), they can spot ways to save money (shift workers to and fro) or to make money (open additional shops and restaurants). There’s nothing inherently evil in this, but the national conversation about privacy and Big Data is just beginning. One public school’s use of similar RFID chips faced legal challenges (specifically, against unreasonable search and seizure), but ultimately the school won out in court (and ironically discontinued the RFID program later anyway). Let’s also remember Disney is a private corporation, not the government.

fastpass 2013-11-03-1296

Disney *does* know who each RFID chip belongs to. What’s stored on the chip is just an account number that makes sense only to Disney. But Disney can decipher it and crosswalk that number to its own databases, and thus easily figure out who is doing what in the parks. If they wanted to, they could “drill down” to specific individuals, at least from a technology/data point of view (policy aside).

Some portion of the population won’t be bothered by this. Even if the parks installed enough sensors to know how long it took between your purchase of a burrito to your visit to the bathroom (and how long you stayed there), some folks won’t mind. Reading with the grain, such intrusions into privacy can give Disney valuable information to make the parks a better place. They’d know which bathrooms are the most visited, for instance–maybe this could cause them to take action and build relief facilities nearby? Besides, as they argue in similar discussions around the Web, privacy is already an illusion in today’s society. And they point out (correctly) that we are being tracked already to some extent. Those EZ Pass/Sunpass toll road devices use RFID, and their data is used (in aggregate) to give real-time traffic information.

But I suspect there will also be a portion of the population that will be less charitable if Disney does install sensors everywhere, and these customers discover that Disney knows who they are, where they are, how long they stayed there, and who they were with. One hesitates to invoke Big Brother, as the phrase is so hackneyed by now as to be emptied of almost all meaning, but RFID really and truly might be able to function as a way to track with that much granularity.

Earlier in 2013, Disney was in the headlines when a Congressman (Rep. Markey, D-Mass) asked in a letter if Disney’s new technology could be used to exploit children. Disney CEO Iger responded vigorously, but this was not the kind of national press the company usually seeks out. Will we see a repeat of that scrutiny now?

fastpass+ 2013-11-23-2130

Disney is often a leader not just in theme park rides, but in using technologies in general. I wonder if Disney is risking national exposure–and not in a good way–but being out in front with this level of power to track. Even if Disney elects not to *do* the tracking, it looks like the *potential* is there, and I suspect that alone might be enough to convince some people not to come at all. If that scenario happens, a big chunk of MyMagic+ will have collapsed in on itself. It’s supposed to be a money-maker (and I still think it can be!), not a money loser.

Your opinion on all this is welcome in the comments. Are you OK with being tracked on the rides even when you don’t swipe? Would it make you hesitate to visit Disney World if you knew your movements would be tracked, charted, and recorded for Big Data posterity?

WDW Clicks #6

This week we bring the telephoto lens to Seven Dwarfs Mine Coaster, explore the Norsk Kultur stave church gallery in Norway, tour the new bus loop at the Magic Kingdom entrance, see the Christmas tree in Be Our Guest, look at the new Joffrey’s coffee carts in DHS, see the altered AFI store and Sid Cahuenga’s, gawk at new Disney posters in Magic of Disney Animation, sample some new holiday food items at World Showcase, and glance quickly at Spice Road Table.

Direct link: http://youtu.be/ysX9WxZ31dc

Creepy Cherubs?

I’m a big fan of insider tributes and homages at the theme parks (seeing as I am the author of WDW Hidden History, this is no surprise!), so of course I have long been fascinated with the cherubs in the ceiling of Be Our Guest. These cherubs are representations of the children of the Imagineers who worked on this part of Fantasyland.

Front line Cast Members were told when the restaurant opened that there were also images of the Imagineers themselves mixed in. Looking at the final results, this makes sense. Some of the cherubs appear to have pretty mature features and hairstyles!

!cherub

Does the old-young combination look creepy to you? Have a look at all forty cherubs and let me know what you think!