Computerworld Discovers Hotel Keycard Myth Is, Indeed, A Myth

from the crack-reporting dept

Last September we were quite surprised to see a Computerworld reporter place a story on his blog warning people that hotels were putting personal info on the keycards that let you into rooms. As we pointed out, that story was an extremely well-known urban legend that had been debunked repeatedly by many sources. As such, it seemed odd that anyone would report it again without getting plenty of evidence to back it up. The reporter in question, Robert Mitchell, defended the posting in our comments, but also set out to collect as many of these keycards as he could, while discussing the issue with plenty of industry insiders so he could write an actual article on it. Shocker of all shockers, he discovered that, as everyone expected, it's just a key to your room and stores absolutely no personal data. In other words, exactly what pretty much everyone knew before -- which is why it's a bit amusing to see the Computerworld sub-head claim that it's "exploding the urban myth." Next up: Computerworld will tell us that Bill Gates really isn't paying people to send email. Meanwhile, it's still quite odd that Mitchell's original source, Peter Wallace, IT Director at AAA Reading-Berks in Wyomissing, Pennsylvania, now refuses to comment at all on his original claims that resulted in this wild goose chase. Of course, thanks to the ongoing life of this story, hotels are actively looking at alternatives, because they're sick of explaining to people that there's nothing to worry about.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Jan 14th, 2006 @ 1:30am

    A single point of failure...

    In other words, this reporter wrote the story/article/blog entry based on a single source.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    nils, Jan 14th, 2006 @ 4:08am

    Why would the hotels do so anyway?

    What would the point be of putting personal info on the keycards? You are linked to the room in their DB anyway. What possible benefit would they have from adding personal info to the card?
    Sometimes, if people were to just use their brains even a little bit, they could save themselves a lot of hassle.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous for a Reason, Jan 14th, 2006 @ 7:06am

    Majority of the Stupid...

    I work maintenance at a fairly high-end hotel and I code/re-code cards all the time for housekeeping, guests, etc. The system is for opening doors, that's it, sheesh. There's no place in the firmware for any other info. It is a STATIC system.

    If anybody is so worried about such a thing, stick the card in the same pocket as your cellphone for a minute and see what happens.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    STJ, Jan 14th, 2006 @ 7:56am

    No Subject Given

    Um, I worked in a hotel and I do computers as well, I've always said this is a myth put forth by parinoid oddballs

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    John Doh, Jan 14th, 2006 @ 8:03am

    Re: Majority of the Stupid...

    What makes me laugh is that SO MANY people are gullible enough to believe it!

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Joe Snuffy, Jan 14th, 2006 @ 8:42am

    no id?

    I like to tape my Social Security Card to my room keys, plastic or old school, whereever I stay.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Jan 14th, 2006 @ 11:53am

    No Subject Given

    yeeeeeeeaaaaaah, ok...... do any of u have anything important to say? (this includes Mike, of course, who ALWAYS feels he's got something to say... and ur fukking "department"s are dumb as shit.. who the fuck has the time to manage all those fucking departments? oh wait, nobody gives a shit about techdirt.... which came from techmud, im guessing...)

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    tenpound, Jan 14th, 2006 @ 12:50pm

    Re: No Subject Given

    I work for the CIA, ATF, FBI and BBB and I can assure you all that there is plenty of personal information on those hotel key cards.

    I know because I personally supervise the operation that initiated this program to begin with. LaQuinta and Holiday Inn are actually data warehousing honeypots.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Jan 14th, 2006 @ 12:53pm

    Re: No Subject Given

    flame war anyone?

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Thumper, Jan 14th, 2006 @ 2:27pm

    Re: No Subject Given

    If you can't say anything nice, don't say anything at all.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    CharlesGriswold, Jan 14th, 2006 @ 3:26pm

    Re: No Subject Given

    *puts sunglasses on*

    *FLASH*

    Nothing to see here, people. Hotel key cards just let you into your room. Have a nice day.

    Seriously, though, I've worked as a hotel desk clerk, and the magnetic key cards just let you into your room. I mean really, what would be the point of (for instance) letting the room locks know what the guests' credit card number is? So the locks can do the billing?

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Jim Beam, Jan 14th, 2006 @ 8:17pm

    Re: Why would the hotels do so anyway?

    Ahh... there's the rub. the database. Not the key, but does the computer report each entrance to the room?

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Andrew Strasser, Jan 14th, 2006 @ 11:06pm

    Re: Why would the hotels do so anyway?

    They certainly wouldn't let themselves lose profit for no merit. Unless maybe the Govt. decided to do it I could see no reason or want to lose profits.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    dirk, Jan 15th, 2006 @ 1:15am

    Re: Why would the hotels do so anyway?

    in the system we use where I work, it does. And failed entrances(wrong key etc)

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Jan 15th, 2006 @ 3:30am

    Re: Majority of the Stupid...

    Did you know that the word "gullible" is not in the dictionary? Go ahead - look it up!

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Jan 15th, 2006 @ 8:16am

    Re: Majority of the Stupid...

    The word 'gullible' is in the dictionary asshole.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Just an IT junkie with a monkey, Jan 15th, 2006 @ 10:34am

    Re: Majority of the Stupid...

    I'm not sure I can agree 100% with you guys. I do agree that there probably is no personal information on the card at most hotels but I just recently went to vegas and stayed at Paris' daddy's hotel. The room key can be used to pay for pretty much everything. They have little terminals at the bar to stick your room key into so that you can charge things to your room. And ironically enough (and this is why I think that there is more to this than people are looking at) if you don't put down a credit card for your room, you can't use the room key to pay for crap at the hotel......

    It is probably just charging it to your room number and there could be something as simple as a code in the database whether you have a card or not but I can definitely understand how this thing got started and it will proceed to keep going.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Just some guy, Jan 15th, 2006 @ 3:24pm

    Re: Majority of the Stupid...

    Why is this a problem again? Obviously they are simply charging it to your room based on the card telling them what room you are in.

    People just like to get upset over crap like this. The point is that whatever info is on the card, it's only relevant to the hotel's computer door or billing system. It doesn't have your credit card number or any other generally useful info on it. Even if you could read the info on the card I doubt it would tell you anything without access to the hotel's database.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    sean, Jan 15th, 2006 @ 7:08pm

    umm, not so sure

    have you taken a card reader to a drivers lic, or a credit card??

    Usually has address, sometimes soc. # - I wouldn't be suprised if the coded the hotel cards also.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Not paranoid, Jan 15th, 2006 @ 7:15pm

    Re: umm, not so sure

    but why would they do it? What possible use would it be to encode that on a door card?

    I could see that perhaps once upon a time some hotel's new card software might have defaulted to include more info than necessary but the bottom line is that there is NO PROOF that hotels put any information that anyone need be concerned about, and indeed rarely if ever more than a code that lets you in your room.

    Yet...like most good myths...in the face of facts and lack of proof the supporters of this won't let it die.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Ed, Jan 15th, 2006 @ 8:26pm

    Re: A single point of failure...

    Typical of today's reporters. Sensationalism is all that matters anymore. There are no consequences for yellow journalism. For example - ESPN's article where they assumed everything Maurice Clarett said about Ohio State (et al) was true w/o substantiating ANY of it. Now that Clarett's true colors have been revealed, where is the apology/retraction from ESPN?

    It's getting to the point where you can't trust much through the media. It is a real shame.

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    OBM (profile), Jan 16th, 2006 @ 1:41am

    What's on that key....

    many years back I worked for a major European hotel chain implementing a new door key system in one of their flagship hotels.

    the system was incredibly smart (and yup, expensive) but allowed the guest to provide any 'standard' mag swipe card with a 2-3 track strip and we'd use that rather than issuing a key (less chance of them loosing it!)

    it also allowed us to easily issue several keys for a room, use on key for multiple rooms and put some pretty smart rules in place (eg Mum and Dad could open the mini-bar with their credit card, but junior with a hotel issued key couldn't, the parents could access the rooftop pool after 8pm and junior couldn't).

    we didn't have the actual values flying round the network but an encrypted hash key (quicker for checking and applying rules) and we did basic checks to ensure the same hash wasn't active for more than one guest at a time.

    some guests didn't like it... so we continued to issue our own keys in those cases. some guests loved it. we found the system to be a pleasure because we got less issues with the guests losing or mis-treating the keys (and argued less about auxilliary charges because they where less likely to let the key out of sight). sadly the system was too expensive to justify rolling out outside the one flagship property... I wonder if it's still in use...

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Jan 16th, 2006 @ 7:55am

    Re: Majority of the Stupid...

    Good Job! You fell for it hook, line and sinker. But I am glad your dictionary referencing skills are still intact.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Mousky, Jan 16th, 2006 @ 8:13am

    Re: umm, not so sure

    Oh my god, the magnetic strip on your driver's licence contains your address. Holy shit Batman, that beats reading the address from the front of the card.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous for a Reason, Jan 16th, 2006 @ 4:37pm

    Re: Majority of the Stupid...

    That wasn't me idiot. And get a life.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous for a Reason, Jan 19th, 2006 @ 4:21pm

    You're an idiot and a coward

    Nothing else to say I see.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Gilmartin, Mar 31st, 2007 @ 4:49am

    re; keys having info stored on them.

    How could they store your info,duh, the keys are reswiped and changed in most bigger motels/hotels,
    so your info would be wiped off even if it were on there. Which it isn't, Am more concerned with
    Geisinger that stores computer with "all " your data
    on it and then loses them and said"Maybe the thief
    stealing from a computer record holding storage building does not know what they got," Ha Ha, fat chance. Lots more to worry abought there.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Jain, Sep 3rd, 2007 @ 4:42am

    Hotel key cards no personal data

    All hotels are well networked. Hence there is no need to record all kinds of data on a keycard. Only the room nos is more than adequate. Once the room nos is indexed as a key field then the server can link up all the data required in the database.Hence there is absolutely no need to have any data on the card

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This