SkiPassDefender updates Archives

Are you being Gamed with RFID?

Games are fun. I enjoy family game night at the Ski Pass Defender household and picking a few of the games which we’ve collected over the years. At the end of the night the member of the family with the most wins gets a medal presented by last week’s winner. Participation is strongly encouraged and sometimes incentivized, but not demanded. If a member of the family wants to opt-out of the games they are allowed to do so.

When a person is strong-armed into participating and given no choice they become resentful. But what if they are being manipulated into play the game? The person incentivizing must offer something of value to the gamer. Playing games can be fun and entertaining. But what if you found out that you are being manipulated, gamed? Would you feel so good about it then? Perhaps, or perhaps NOT. What if you found out that you could not opt-out? What if you found out that all your data was compiled, used, sold or traded? Regardless to whether you had access to it or not. Some people care, some don’t. Either way, I believe it should be the gamer’s choice.

This year there will be more than 1000 Resorts using RFID enabled ski passes to access their lifts. The vast majority are basic systems of lift entry that keep user information anonymous. Some include RFID payment systems, which are not anonymous. There is a growing trend of Harvesting and aggregating (non-anonymous) data. Some areas such as the Vail Resorts have incentive and tracking programs such as EpicMix in which you can win digital “pins” as you reach certain achievements. For some people that enhances the ski and ride experience, for many others it makes no difference, and the vast majority don’t even know about it. Yet, whether you know about it or not ALL skiers and riders are being tracked and cataloged around the mountain. And most areas using RFID have some time type of data storage systems for their “gamers”. When getting your pass with your name and info attached to it, check to see which “Resort Partners” will also gain assess to your information. Pay special attention to resorts with affiliations with Insurance companies and Financial Services companies. Your information WILL be aggregated and compiled into a digital dossier. This is no longer just science fiction.

We at Ski Pass Defender saw this trend starting more than 5 years ago. We wanted to enable the skiers and riders to be able to control how much information and access to their payment information accessible via the unsecured technology that is RFID. Simply sliding your pass into the Ski Pass Defender allows you to open your pass for reading or block it so that others cannot access it. It is simple, lightweight, and effective. You can still participate in incentive programs as you wish. Yet have security from skimming, scamming, and scanning of your information.

So as you watch the above videos the trends are toward more Gaming of the people. Once educated, then make informed decisions and maintain control of your personal information.

Your information is valuable. And even if a company has a “Privacy Policy”, what is actually private? Many people are amazed to discover that a privacy policy just details how a company WILL share your data with its affiliates.

Some enjoy the mountains for the freedom they provide

Some enjoy the mountains for the freedom they provide

Skiers and riders have discretionary income and discretionary leisure time. Those two assets are extremely valuable to marketers. However, many people I have spoken with regard to tracking and data collection seem to have little knowledge about the subject. Many people think, “Who would want to know about me?”, and “I don’t care if they know about me or not. I don’t have anything to hide.”

The fact is there are data mining companies, and departments of corporations who piece together data from a number of different sources so that they can better market to you. They also supply data to those who use it to account for your likes, dislikes, activities, and habits.

The direct marketing may be welcomed by some, but also be a nuisance to many. And it can be costly to some. It is a common practice for corporations who generate this data to “share” it with their affiliates as outlined in their privacy policies. And these affiliates can then share it or sell it to their affiliates or other companies who can aggregate the data. And the sharing continues.

Raw skier usage data to marketing knowledge

Raw skier usage data to marketing knowledge

In fact, there is little that is private about your “private” data. If one of these affiliates happens to be my medical or life insurance company, I would prefer not to have them make judgments about my skiing of black and double black diamond runs all day long. An actuary’s calculations would show that my risk for injury increases, thereby my medical or life insurance could increase. I am sure the insurance company would like to know this information to assist in setting my premiums. This is an unintended, but very real use of data mining on the mountain.
It is only a matter of time until we see RFID or GPS (phone apps) speed zones created on the mountain, there may be other unintended consequences with offering data through affiliate partners. Which company or industry many gain benefit from knowing that I like to go faster than the average skier on the mountain?

I prefer to shield my data with a Ski Pass Defender. I can use my pass as a ski pass when boarding a base lift. I don’t need to share my whereabouts or personal pass information if I choose not to. A number of handheld devices are being created to read RFID from ID cards and passes. And with more than 700 ski areas worldwide using RFID, there will be many different versions of privacy policies, affiliate relationships, and a significant potential for data breach.
Easy Squeeze to Read technology. Allows the pass to read through clothing

Easy Squeeze to Read technology. Allows the pass to read through clothing

ACTUAL PRIVACY POLICY

Here is an actual section of a major resort’s “Privacy Policy” which states how data is shared with 3rd parties.  Did you read this when you bought your pass? This is considered an “Automatic Opt-In”, and it requires you to know that you need to opt-out.

Third-Party Relationships

In order to optimize your experience on our sites, THE RESORT maintains relationships with many corporate partners and service providers throughout the world. If you have any questions about whether certain information, content or services pertain to us, or are provided by one of our partners, please contact us at XYZ.com.

Whenever you provide registration information on certain Web pages or for certain services provided in conjunction with third party partners, we want to be clear that some data you provide is shared with partners. For instance, certain information is shared with ZZZ.com, our provider of online reservation service. You should make every effort to read the privacy policies provided by or in association with such third parties, and make an informed decision on your own whether or not to continue utilizing the services based upon the privacy policies posted on these Web pages, at your own discretion. However, we will make every effort to ensure that you have the ability to opt-out of the sharing of such data with partners.

Security

XYZ company operates secure data networks protected by industry standard firewall and password protection. XYZ corp has security measures in place to attempt to protect against the loss, misuse and alteration of your user data under our control. While we cannot guarantee that loss, misuse or alteration to data will not occur, we make every reasonable effort to prevent such unfortunate occurrences.

With regard to taking time by trying to protect your information by shielding RFID passes, Breckenridge spokeswoman Kristen Petitt says there is little point.

“We’ve been tracking people and collecting information about them anyway for years,” she said with a wry smile. “With EpicMix, we just finally let you see that information.”

My intention with this post is to let the reader know how important it is to understand you right to protect your information that is collected by companies. Information can help companies better serve you, although there is information that you do not need to share. It should be your choice to opt-in or opt-out.

Jonathan Lawson has been an expert in the field of Identity Theft Risk Management since 2005, and a ski professional since 1991.  Mr. Lawson has held dozens of education seminars for minors, adults, seniors, and corporations regarding identity theft and risk mitigation.

RFiD goes far beyond the Ski Industry

RFiD, Radio Frequency Identification. The technology in itself can be helpful, and there are many industries already using it. These industries and new ones will continue to promote it because from their point of view it is incredibly beneficial to their bottom line. And marketed correctly to the consumer it will be accepted readily. This technology is growing, and there are many potential uses for it. As chip pricing continues to drop and companies continue to create uses for the technology look for RFiD to proliferate.

Here is a RFID Privacy Advocate, Dr.Katherine Albrecht. This is part 1 of a 3 part video.  She may seem alarmist at times, however she understands this technology extremely well, and there is nobody better at seeing the consumer-side of the industry. She is the unofficial watch-hawk of the industry. If you have limited time, start watching this video at 6:40.

When considering the rest of this article, one must remember that Passive RFID Technology doesn’t need to be hacked, it was designed to be completely open. A  reading and cloning of the pass information is all it takes.

Regarding some cloning and security concerns Wikipedia states (RFID, Safety Concerns), “Other cryptographic protocols attempt to achieve privacy against unauthorized readers, though these protocols are largely in the research stage. One major challenge in securing RFID tags is a shortage of computational resources within the tag. Standard cryptographic techniques require more resources than are available in most low cost RFID devices.”

Bruce Schneier speaks regarding the open source reading software at RF Dump.org:
“[Grunwald] is doing what RFID is supposed to do,” said security author and Counterpane Internet Security Inc. Chief Technology Officer Bruce Schneier. “This is serious. He didn’t hack anything. RFID technology originally was designed to be completely open; that’s its problem. He went to the spec, read it and followed it. If you query the chip, you will get this info. If there were security countermeasures on the chip that were thwarted, then we could talk about hacking.” Source: Computerworld USA 2004

I will give you a RFID scenario that will seem very beneficial. And indeed in itself it could be.
All the products that you purchase have an RFiD chip placed in the package. And you have a kitchen with shelving and refrigerator which have RFiD readers built-in.

Getting ready to create a grocery list? You use your Kroger/Safeway/Grocery Store Tablet PC app. You simply push a button, and it inventories what you have and generates a shopping list for you. You print it out and take it to the grocery store, and the application prints your discount coupons to take to the store. Or perhaps you make an adjustment to your order push “SEND” and your order is whisked to the grocery store with all applicable discounts. When you arrive, your groceries are packaged and ready for you. You don’t even need your Credit card, because it is already linked to your iPad application. You just say thank you, and off you go. You love it.  Technology at its finest.

I could write several chapters on marketing strategies based off this relatively simple application of RFiD. Topics would include consumer adoption, consumer incentives, tiered shopper pricing, incentive pricing, impulse purchasing, preferred product placement, etc. When a person realizes grocery store margins are extremely thin. Stores make much of their money by selling grocery aisle “real estate” rather than by simply selling the products. And the large grocery stores also sell your buying data to third-party “partners” from purchases that you make on your “value/discount card”.

The “Marketing” Office – Parody –  This is fictional, entirely fictional. In no way possible could this conversation really taken place. Really, seriously, there is no way, really…..

Third-party partners don’t necessarily have to fall within the same industry, in fact many times they do not. For example, an Insurance company (Health, life, auto)… would want to know if you bought a case of cigarettes, beer or liquor every 3 days. Or if you participate in what some would call “risky” activities.  Such as skiing double-black diamond or terrain park runs all day long.

When a person truly understands the scope of the way data can be shared and interpreted I ask, “Can you see how the puzzle of your habits and lifestyle can be put together?” Companies say they are just looking to stratify you into a group, and there is no desire for them to identify you personally. However, the data allows them to if they wish. Your name, email, and social security number are just cells on a spreadsheet.

Ski and Ride free and untracked!

Ski and Ride free and untracked

The industries employing RFiD have incredible financial backing, and financial incentive to have you adopt the technology.

They control a much larger media machine than any individual opponent. Yet as an individual we do have the right (for now) to determine how we share our information. When I ski or ride I prefer to do it UNTRACKED, and leave an anonymous reminder of where I have been.

 Page 1 of 3  1  2  3 »