“Magical” Data Collection (part 3 of 3)

MagicBands(cont’d from part 2)

One of the initial praises for this smart technology was the ability for it to collect and assess data through algorithms by assigning a pseudonym to the user—collecting data anonymously. This is not the case with the Disney Magic Band. The Magic Band is just one tool in the entire My Disney Experience vacation management platform. Once a user receives his or her Magic Band (whether a “tourist” or a local annual passholder), he or she has to go online and customize the band with names, select a profile picture (from a list of Disney characters), and other contact information. This, in and of itself, takes the pseudonym (anonymity) out of the equation. For now, not only can information and data be gathered, but it is attached to a specific person whose identity is not a secret. Unlike your smartphone or other mobile devices (e.g. tablet), in which the user can turn off the location sharing features (either for the whole device or app-specific), the location sharing and smart technology in the Magic Band (RFID and GPS) cannot be turned off. The inability for the user to not turn off the location sharing features can be viewed as an encroachment upon personal privacy. However, Disney World does not require park guests to wear/use the Magic Bands. Therefore, if a part guest chooses to wear/use the Magic Band, then he or she accepts the fact that prolific amounts of information are being shared, including but not limited to: location, dining preferences, FastPasses, etc).

Although conspiracy theorists can tout the whole “big brother—or in this case Big Mickey—is watching,” it is more likely that issues of database privacy should be explored (Mokbel, 2006). The treasure trove of information gathered and processed by the My Disney Experience system provides the media giant with unparalleled data that can be integrated into the park operations and, by extension, can be presumed to be integrated into other decisions. Still, the program is too new in order to know for sure where the data is going. Looking at other models of smart data, we can certainly explore the possibilities. The goal in database privacy is to provide access to the gathered information without risk of breaching privacy (attributing numbers instead of names to the sources of information).

The GPS technology built into the Magic Band builds upon decades of GIS  (global information system) research and integration in order to factor location into the database. Location provides a way to link information on a user (or subject) from one database into another. This method of data collection and organization is referred to as data matching (Curry, 2015). Without location, then the information would not be as valuable because it would be more difficult to find links between what the park guests want to experience, and in which order, during a vacation or visit to the Walt Disney World Resort. Since data matching requires the use of a figurative data map anyway, actually using a map of Disney World adds to the effectiveness of the data when factoring it into an algorithm. Integrating GIS technology into how the Magic Bands are monitored and used, allows Disney to create hyper-sensitive remote surveillance technologies (Curry, 2015). This is the basis for the character meet and greet feature referred to earlier in this series of articles.

By designing the Magic Bands to work with GPS, GIS, RFID, and POS (point of sale) technologies, Disney can take data matching to the next level and create data profiles based on the smart data collected (Curry, 2015). Whether in name or anonymously, this degree of smart data is highly effective because once a profile archetype is formed, Disney can reflect upon that profile type’s history and forecast what that particular archetype is going to do in the future and could target ads, characters, purchases, etc to that person.

But what about invasion of personal privacy while at Disney World? How should Disney respond if accused of invading the privacy of its guests? “One traditional response, here, has been that just because the data in a profiling system are not “real facts,” there can be no invasion of a person’s privacy, at least in the traditional informational sense…just as the development of GIS has been associated with the devaluation of the local, where attributes of the local come to  be seen merely as contingent features of a Euclidean set of spatial coordinates, so too has it been associated with a devaluation-or at least revaluation-of the individual and of the nature of identity” (Curry, P258, 2015). Although Curry is not referring to the Magic Bands, his research can be applied to them by extension since little is actually known about the digital data collected and all the ways that the media giant uses it.

The information collected through MyDisneyExperience (and the Magic Bands) aid in creating digital people, places, and lives. Just like an individual is responsible for one’s financial identity (credit score), then should not a Disney park guest be responsible for and how their digital self is used? But because of the aforementioned reasoning, the data collected may not be legally treated as “real facts,” this splitting of the proverbial hair gives Disney carte blanche to use the data however it chooses. It may be that the data is simply used to make park visit logistics more efficient and convenient for park guests, but it is clear that the collected data could be used in figuratively infinite ways without any due compensation for the park guest or details notification of how the data is used or interpreted.

Although privacy conspiracy theorists and some legalistic Christian fundamentalists may see this smart data technology as a gateway to the apocalypse, the truth is, this technology has been part of our lives for a long time—at least the basics of the hard technology. This is really no different than the introduction of the printed barcode back in the 1970s (Laugheinrich, 2007). RFID/GPS technology (as a means of location and payment) is found in every automated toll stickers and units in cars in order to use the express-thru lanes on the turnpikes and expressways without having to stop at the booth. Similar technology can be found in keyless electronic ignition in many contemporary cars that responds to a particular key fob instead of metal key—takes the RFID chip to the next level. That technology does not seem to fall under scrutiny or appear to be frocked with privacy concerns.

Laugheinrich highlights that RFID [and by extension RFID-GPS technologies for purposes of this paper] has three distinct advantages over more traditional means of collecting or processing data: (1)Automation—the scanners/receivers provide the company with nearly unsupervised readouts. (2)Identification—RFID offers much more in the way of information density. (3)Integration—embedding the technology in unobtrusive ways thus freeing the product design (2007). Think of RFID technology as the latest version of the now antiquated barcode. Programmed to only work with a specific person allows for RFID to be integrated into token-based authentication based applications because of the size (Laugheinrich, 2007). Token-based authentication (which is essentially the foundation of the Magic Band) provides a means to issue and then collect information that cannot be [easily] duplicated or forged. Sorry, that means you can no longer print your own or hoard past FastPasses to skip the long queue at ToyStory Midway Mania or the Seven Dwarves Mine Train.

Whether the Walt Disney Company has plans beyond park operations and planning for its Magic Bands will have to wait to be seen; however, just because Disney may not be engaging in any illegitimate or unethical uses of the smart data gathered by the Magic Band readers, that does not mean that there do not exist those who use data gathering technologies that can hack into the RFID/GPS system the Magic Bands use and modify or sell that data, or anything else unscrupulous. Potential digital privacy violations may happen if an authorized reader eavesdrops on authorized transactions  or if a rogue sensor tricks the transmitter to divulging personal information since MyDisneyExperience includes all kinds of personal and financial information on a given park guest. (Laugheinrich, 2007). Echoing the three benefits to RFID/GPS technologies, there are principally three privacy concerns as well: (1)Clandestine scanning—simply stated, the RFID is scanned or read without the user/owner’s consent. (2)Eavesdropping scanning—“listening” in on authorized or authenticated transactions between a transmitter and reader. (3)Data leakage—reading out more information from a transaction than is necessary to carry out the task (Laugheinrich, 2007).

A fairly innocent invasion of privacy in the Disney Parks could be something like this: you stop by the Brown Derby at Hollywood Studios to look at the menu. There are readers all over the place anyway, and having on in the menu board at the Derby is no different. You receive a text message or email from WDPR (Walt Disney Parks and Resorts) that asks why you did not dine at the restaurant or offers you a coupon or something along those lines. Another scenario is a little more sinister. An unauthorized individual has developed a reader that as he or she walks past park guests, picks up on the personal, park, or financial information on an individual’s Magic Band. As far as business development or pushing products, Disney could examine the attractions or characters you visit most and target merchandise at you through your mobile phone or email. Since RFID/GPS technology-driven devices are extremely small and can be integrated into almost any item, it would be very difficult for WDPR security to monitor the entrances for said devices. At the end of the day, the biggest privacy concern with the Magic Bands is the unauthorized automatic data collection that is not explicitly stated in the terms of use or user agreement that comes with the Magic Band—where WDPR finds indirect loopholes to monitor your movements in financial information while visiting the parks.

Although RFID/GPS technologies have come a long way and security company and user security measures have better developed over time, clearly more research needs to be done in order to truly understand the ramifications of the implementation of the Magic Bands into the daily operation of the Disney parks. Literature has shown us how the technology works and how it could be used. Most of what has been written about in these articles requires looking at past research on either privacy or wearable technology and apply it to how it may affect the manner in which Magic Bands are used. Furthermore, it is not always one of the two parties in the RFID relationship (i.e. WDPR and the park guest), but it can be other park guests with intrusive technologies that breach the relationship that can pose a privacy or security threat.

Click HERE for part 1

Click HERE for part 2

 

Bibliography

Ball, R., et al (2015). The Future of Luxury: Capital of Creation, Fashion Institute of Technology, Capstone Research Project, Master’s Degree Program.

Curry, M.R. (2015), Digital People, Digital Places: Rethinking Privacy in a World of Geographic Information, University of California Los Angeles, Ethics and Behavior 7:3, P253-263

Dockterman, E. (2014). Now Disney Can Track Your Every Move with NSA-Style Wristbands, Time.Com, 1.

Kuang, C. (2015, March 15). Disney’s $1 Billion Bet on a Magical Wristband. Retrieved May13, 2015, from http://www.wired.com: http://www.wired.com/2015/03/disney-magicband

Laugheinrich, M. (2007), RFID and Privacy, Security, Privacy, and Trust in Modern Data Management, Part V, P433-450.

Mokbel, M.F. (2006). Towards Privacy-Aware Location-Based Data Servers, Department of Computer Science and Engineering, University of Minnesota, Twin Cities.

Palmeri, C., & Faries, B. (2014). Big Mickey Is Watching. Business Week, (4370), 22-23.

Panetta, K. (2014). Why I’m A-OK with Disney tracking me “NSA-style.” ECN: Electronic Component News, 58(2), 10.

Schnell, E. (2013). Near Field Communications: Features and Considerations, Journal of Electronic Resources in Medical Libraries, Vol.10, No.2.

Thierer, A. (2014). Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom, George Mason University, Mercatus Center.

Thierer, A. (2015). The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation, George Mason University, Mercatus Center.

Winsor, R.M. (2015). The Magic of the Mouse: An Exploration of Brand Personality in the Walt Disney Company, University of New Hampshire, Senior Honor’s Thesis.

“Magical” Data Collection (part 1 of 3)

MagicBandsFrom watches to shoes, wearable technology is slowly but steadily making its way into the everyday life of consumers. Building upon traditional data collection methods while integrating wearable technology trends, Disney introduced the Magic Band® [from here on out referred to as Magic Band(s) or Bands] in beta testing in 2012 and more widely beginning in 2013. Park guests can use the Bands as their room keys at Disney resorts, book FastPasses®, and as admission into the parks. Connecting your Magic Band to the My Disney Experience mobile application and website allows for the park guest or passholder to do much of what a telephone representative used to do. Even while in the car, a park guest can book FastPasses and once in the park, the Magic Band can be used to access (or validate) the booked FastPasses. The Magic Band is the Disney guest’s key to the kingdom, so to speak. But, beyond the more superficial functionality of the Magic Band, what other data is collected by the media giant? And furthermore, how and does the data affect business decisions in the other investments Disney has in media, technology, and entertainment?

Looking into the data collection methods of the Magic Bands requires looking into a relatively new breed of data and collection methods referred to as smart data. Smart Data can be described as simply as big data with the addition of emotion behind it (Ball, et al, 2015). Smart Data allows companies to understand consumer behavior beyond just a set of numbers or algorithms. Smart Data provides realtime information to the company in order for the company to be preemptive and predictive, knowing where the consumer has been, is currently or will be going by reflecting present decisions on past decisions. This data opens a window into the mind and soul of the customer by tracking behaviors from online buying to peer-to-peer conversations (Ball, et al, 2015).

The brilliance behind the design in the Magic Band is the ability for the Walt Disney Company use smart data as a way to put smiles on the faces of its customers—well, most of the time anyway. But does this brilliant design come at a cost of privacy? Prior to investigating the privacy issues with this smart form of data collection, it is important to look at the design and implementation itself. The goal in the creation of the Magic Band system was to mitigate, with the eventual goal of elimination, the fiddling around with admission tickets/passes, forms of payment, room keys, FastPasses, and dining reservations all the while increasing personal/interpersonal interaction and time with family and friends without the hassle of the aforementioned (Kuang, 2015). All the tasks and elements of a typical Walt Disney World Resort® vacation can be handled and processed by the Magic Bands. Disney Magic Bands look like an unassuming rubber bracelet, and that is part of the magic. “The most remarkable thing about the Magic Bands is the fact that they don’t feel remarkable” (Kuang, 2015). Behind the colorized or photo-covered rubberized band is an RFID (radio frequency identification) chip and GPS tracking system. The bands are constantly connected to a vast system of sensors and transmitters within the boundaries of the park.

Although presently concentrated in parks and resorts, the idea of combining the convenience of a wearable accessory with the efficiency of a mobile application, is a trend that will most likely go beyond the borders of Walt Disney World and spread to other parks, resorts, or even academia. Think of the Magic Band as Disney’s answer to the Apple Watch®. It really is a beautiful concept that has many positive affects. The beauty behind the otherwise nondescript bracelet is the combination of a logical approach to business needs and the creation of a more efficient trip to the “happiest place on earth.” Instead of spending time in lines, behind the computer, at Guest Relations, or at FastPass kiosks, the park guest can spend more time with family and friends while customizing nearly every element of a trip to Disney World.

The Walt Disney Company may seem like its leading the pack with integrating wearable technology that serves as a massive way to collect, organize, and attribute data—and in may respects it is—but for many years now, retailers have recognized this trend for what the customer is looking for—a more experiential and participatory relationship with the vendor or brand. In a published study conducted at the Fashion Institute of Technology (FIT) in New York, researchers uncovered some mega trends that are directly impacting the customer’s experience in brick-and-mortar stores as well as online retailers. Both traditional and non-traditional retailers are recognizing the need for the customer to be digitally linked to the brand or store just as they are digitally linked to social media and other media outlets. Between now and 2020, the digital world is estimated to double in size every year between now and then. And, it is projected that the number of smartphones will surpass 2 billion (US) dollars by 2016 (Bell, et al, 2015). Retailers cannot ignore this, and legacy retailers will have to restructure and adapt to the growing digital media trend or be left behind and face the inevitable.

By retailers and other providers of goods, services, or experiences embracing new media and digital connections via mobile technology, an additional layer in the retail landscape is constructed to further engage the consumer in multiple ways. On the plus side, everyone benefits. Consumers have a quicker and customized access to the goods and services they buy on a regular basis anyway, retailers are able to grow sales at an exponential rate, customers receive items in a fraction of the time it once took, information on both the customer and retailer are just a click away, and you can simply shop on the go—those impulsive buys continue way past the end caps at the supermarket or department store. However, there is a darker side to this symbiotic relationship: loss of privacy. This is not always a malicious action, but by integrating digital media and mobile technology into the retail and hospitality landscape, companies have a copious amount of data that can aid in decision making and provide the company with another revenue source by selling data to the highest bidder, so to speak (Ball, et al, 2015).

In respect to the Disney Magic Bands, which are currently an option in the newly launched MyMagic+® program of vacation/visit management, all the conveniences of the bracelet-like device come with NSA style monitoring by The Mouse (Dockterman, 2014). The constant monitoring and data collection comes in a shiny package. What parent wouldn’t want to set up a child’s visit with a “surprise” visit from his or her favorite Disney character? By signing up for (or you could think of it as signing away of privacy) certain features in MyMagic+, character performers (those employees that are dressed as a face or fur character) in the park can see that a particular child (or even adult for the matter) want to meet them. And by accessing the MagicBand’s GPS tracking system, the character knows where the park guest is and perhaps even where they are heading based upon dining, hotel, or attractions reservations. With the ability for the MagicBand able to track location and serve as a form of payment, post-Snowden, there are worries that a clever hacker can access the band and be able to steal the payment information or be able to be a stalker (Dockterman, 2014).

In the Journal of Electronic Resources in Medical Libraries researcher Eric Schnell explores information sharing and exchanging technologies. One cannot discuss the technology and implications of the Disney Magic Bands without investigating the technology that allows the MyMagic+ system to function. Although his research was conducted to better understand this new technology in how it relates to medical research and libraries of information sharing, this same understanding can, by extension, be applied to the Magic Bands. As RFID, GPS, and Bluetooth technologies continually innovate and develop into smaller, faster methods of communicating over short distances, companies and organizations will integrate, adapt, and change to meet the needs and desires of consumers to have more participatory experiences with favorite brands and these same companies will have a prolific amount of date on each consumer that can be used to target particular goods and services and will have data that can be sold off to other companies

(Continue to Part 2)