Schneier on Security

Reading the full article requires a susbscription I don't have, so I didn't read it. That said, from what is posted here, I don't see any problem, in fact it's a great idea.

Let's face it, Disney can only identify IP addresses of downloaders. So short of suing some John Doe and issuing a civil subpoena, what can they do? Partnering with the ISP allows them to give notice to *suspected* pirates easily.

Once put on notice, Verizon customers will either 1.) cut it out, 2.) have a talk with their teenage kid(s) to about cutting it out, 3.) determine their computer is an open proxy through which all manner of Internet miscreants funnel traffic, or 4.) start using a proxy when pirating so somebody else gets the next "knock it off" notice.

What's wrong with that? Most parents have no idea what their kids are doing online. Perhaps this would alert them. Same for compromised proxies computers.

Which leaves the people who are actually downloaded content illegally. What's the harm in giving them fair warning? At least then, when they are sued or arrested, they won't have the pathetic "I had no idea" excuse...

"This seems like a really bad idea."

Attempting to draw out some further explanation at risk of flames galore.

What, exactly, is the problem?

Presumably "pirates" do not download the illegal "content" from Disney. So how does Disney know the offender's IP?

I actually think this is a good idea too. I was worried from the title of the article that Verizon would be trying to do some kind of real-time packet monitoring, which would be a very bad idea. But adding a second step between being detected by a third party and being subpoenaed is a great idea. The only addition I would add would be a "Do Not Warn" list kept by verizon, for those crazy enough to wait for the court notice.

"Reading the full article requires a susbscription I don't have..."

That's odd. I have no subscription to anything, and I can read it.

The problem is that the media companies target anyone who might possibly be violating their copyright instead of trying to make sure, and tend to intimidate first and ask questions later.

I want data carriers to be just that: carriers of data. I don't want them to be monitoring content. And I think there should be penalties if Disney threatens legal action against innocent people.

Search Results:
Past 7 days: Available only to Online Journal Subscribers. Log In for access.

9/22/05 WSJ Entertainment: Verizon to Police Web Customers To Protect Disney From Piracy

:-(

As it's written, this seems mostly like a really bad deal for Disney: they don't get the identities of people they believe are violating the law, and the law-breakers get warnings that allow them to change tactics so as not to get caught.

Of course, the devil is in the details: if you don't have to ask for a subpoena (which costs money and exposes you to at least a little liability if you screw up completely), you're going to be issuing a lot more warnings. And of course there's the question of what happens when multiple warning get issued on the same IP. And ultimately, loss of service for appearing on Disney's list becomes part of the terms of service and you're done...

The monitoring approach itself has significant flaws regardless of who does it. I want to see the company who in plain English, periodically throughout their service notifies its customers that all their communications are being monitored just in case they might do something that somebody else – not even necessarily the law – thinks is wrong.

In this case, it's not hard to download via another person’s computer, and I don't have to be consistent about the address, even if I'm using the same computer. Hell, I can use many computers simultaneously for different pieces of the same content and if I really want to get tricky I can encrypt and reroute so content analysis via a single point is nigh impossible.

Even presuming this would work in some fashion, somebody has to get in the business of continual monitoring and analysis of all traffic to identify some traffic. That's a little too much like a stranger coming into everyone’s house and camping out in their living room -- it's invasive and feels like "guilty until proven innocent".

Secondly, employing Verizon to act as a vehicle to alarm, threaten, or warn on behalf of another company is also invasive, and I think is a dangerous precedent. I don't recall any of the Bells actually involving themselves in the business of wiretapping, and I certainly don't recall random or consistent monitoring of communications being allowed without significant indication it was required for a specific case. That the communications have become more powerful and flexible doesn’t excuse the change in treatment – in my view they are still private (although poorly protected) communications.

US citizen freedoms aside (that happens a lot these days); this also potentially damages the reputation of those receiving the communications, when they likely have done nothing wrong. It's not as if the primary vehicles of electronic communications are bastions of privacy. Can I sue Disney and Verizon if a piece of forwarded mail puts my boss at the bank on edge because he thinks I’m stealing something from Disney? And if I’m a clerk, where do I get the resources to sue such behemoths?

If you suspect I am breaking the law, the proper action is to involve law enforcement. If you are not certain enough to involve law enforcement and the courts, stay out of my business. And if there are so many people suspected of not playing by your rules that you can’t afford to sue them all -- it's probably time to consider playing a different game. The game you are playing is a long-term loosing proposition.

None of these actions address the real problem for Disney and the rest of the entertainment industry. The model that made them large and wealthy has lost a good deal of validity in the face of technological change. The behavior they rail against is a natural extension of existing practice. They will be chasing their tails and bleeding money trying to catch and enforce potentially millions of ‘violators’, (many of which may be engaging in fair use once examined) and still do nothing to resolve the root cause.

The business model itself, and the technology employed to support it has to change and adapt.

I hate to say it, but there is not any legal way that I know of which Disney or any other company could get the IP address of somebody downloading something from some site other than their own without some sort of subpoena power against the individual running the site providing the download.
Also, DSL address are almost all DHCP--so what about the time the access was made? Oh, and what about an audit trail, and accountability? A Cease and Desist order at least requires that the evidence used be decently supported and pass the "fruits of a poision tree" test.
Verizon and Disney are just setting themselves up to be sued out of existence with this one.

@RvnPhnx:

"Verizon and Disney are just setting themselves up to be sued out of existence with this one."

You've convinced me. Maybe this isn't such a bad idea after all. :^)

When will Verizon start alerting customers that they may have had an illegal conversation over a voice line about Disney intellectual property?

@rvnPhnx:

They're talking about things like P2P, or if they have shut down a site through other legal means and have access to the logs. They are not doing anything other than providing a warning, and don't seem to be asking for any identifying information in return. This allows them to attempt to limit things without getting a lot of bad press about suing people, and perhaps even get some good press for going about it in a less-intrusive way.

I wonder what's in it for the ISP. When a DSL or Cable provider advertises a 512bps upload bandwidth, but blocks things like port 80, so you can't use the service as a 'server', what do they think you're going to do with that bandwidth? Ok, sure, sending those 10Megapixel Disney vacation photos will be faster...

They know full well that a lot of their customers are sharing stuff, and a lot of it is probably copyright infringement. I don't think they could care less about fair use. The ISPs see customers willing to pay for a service, few questions asked, and are willing to provide it, for a fee.

So, if Disney wants Verizon to scare customers, what's in it for Verizon?

Actually Verizon wouldn't have to monitor the traffic to identify the IPs. Using BitTorrent, which most pirates use now, I suspect that some IT person at Disney would just identify an illegal disney torrent and join the swarm. Once you join you get a list of all the IP's in the swarm from the torrent tracker service. It would be very easy to automate all of this. Once you have an IP in the Verizon class range you simply ask Verizon to issue a warning.

@peter "Using BitTorrent, which most pirates use now"

I used to work with a grandmother who had a subscription to Netflix and made copies for the grandkids. She wasn't particularily computer savy, but she could make her way through the point&click DVD copy software she had.

I also do not access to the article. I can only speculate that the content relates to P2P content and the DMCA.

Is this the first time any company has targeting downloading? So far it has only been uploading AFAIK. Of course it could just be sloppy writing, as is usually the case in newspapers.

@ Bruce

"I have no subscription to anything, and I can read it."

That's odd. I'm getting the same error as everyone else. I had to get a subscription to the WSJ to read the article.

The thing that stood out to me is that Verizon appears to be so desperate for Disney content, that they willingly agreed to a monitoring practice as part of the deal.

"The provision was announced as part of a content deal that will provide Verizon with Disney and ESPN programming and broadband services. New York-based Verizon, one of several telephone carriers launching video services to compete against cable companies, also secured 12 Disney channels, including ESPN, ABC News Now and the Disney Channel for its new television service, Fios TV, which will start rolling out today in Texas."

The story is brief, but the rest of it is bascially about how Verizon once stood up to the DMCA and they will "still respect the privacy of our customers".

Disney execs were quoted as saying "Woo-hoo! We won! We got Verizon to go along with it! Yeah baby! High five! if you want our content, you're going to have to give up some privacy! Mickey don't come for free! If you want to play with the big dogs, you're going to have to pay!"

Ok, just kidding. But the "CEO-elect" is quoted as saying "the rest of the industry should pay heed".

Here are some related links for those who don't want to pay to view:

Verizon Catches the Mouse
http://biz.yahoo.com/fool/050922/112740993212.html?.v=2

Verizon and The Walt Disney Company Sign Long-Term Programming Agreement
http://investor.verizon.com/news/view.aspx?NewsID=672

Fios TV Subscriber Privacy Notice
http://www22.verizon.com/about/privacy/fiosprivacy/

Agreement Includes Cooperative Plan to Help Curb Internet Piracy of Disney's Copyrighted Material
http://corporate.disney.go.com/news/corporate/2005/2005_0921_verizon.html

Verizon's FiOS TV Signs Disney, Woos Fox
http://news.designtechnica.com/article8358.html

etc.

I don't know about the US but in the UK ISP's try to get and maintain "Common Carrier Status" in this way they reduce their legal liability.

ie you don't sue the telco for the heavy breathing caller. You contact the telco to tell them you have a problem and they (usually) help you and the police catch the breather, they do not in any way warn off the breather.

If an ISP started monitoring, they would open themselves up to all sorts of liability, as they would then become open to the legal argument that they where a "publisher" and therefore responsable for anything any of their customers sent out (ie a nice juciey liable, this has allready been tried in the UK and it unfortunatly went to an out of court setalment).

Likewise if the ISP are informed that one of their customers is doing something somebody else does not like they need to take minimal involvment least they inherit liability.

I think if Verizon tried this in the UK they might well discover that they would spend a lot of time in the civil courts unless they where very very carefull...

The key here is "might be vialating the law", which means they will violate your right for privacy on merely suspicion. The idea here is, as Bruce pointed out, to "intimidate first and ask questions later".

But again, people vote with their money. If you don't like your ISP then don't support their actions by giving them your money.

@Ari Heikkinen
You forget that in the USA the telecommunications infrastructure itself is primarily owned by a small group of private companies, and that infrastructure is--by law in most places--monopolized (at least at the consumer telco level).
For instance, say you live in New York. You can hate Verizon as much as you want--refuse to use their cell phones or to buy local service from them, but in the end they still get your money because they own the infrastructure.
So tell me now, if voting in the booth doesn't fix this and both voting with my feet and voting with my wallet do no better, what can I do?

I could not read the WSJ article, but google news found the info for me elsewhere:
Try:
http://www.worldscreen.com/newscurrent.php?filename=disney921.htm
I don't imagine the wording is the same, but the quotes might me.

Without being able to read the article, I'd say offhand that it's a bad idea because there's just no way to do this monitoring effectively; it will inevitably catch, intimidate and cause problems for innocent people, just like the automated C&D letters some of the record labels have taken to sending out based purely on filenames.

This seems like a focus on 'receiving stolen goods' instead of addressing security concerns at the point of theft, whether it be someone in the distribution chain or a person with a minicam at a theater.

That is, if one person provides the content and 1000 other people receive copies, and they spawn additional copies ... it still traces back to the original.

Now, there's probably always going to be someone willing to take the risk of copying/hosting the data, but Disney's focus should be on making that risk untenable, rather than busting someone further downstream who had nothing to do with the 'original' theft.

Sweet deal, imho. Verizon can slack all day want, and if Disney asks "has anyone downloaded any of our fine, copyrighted content?", they just say "no, sir". How is Disney going to argue ?
Otherwise, Verizon has to inspect gajillion bytes of data (since we're also downloading copyrighted content by Paramount, etc.), keep up with the latest protocols, identify the movie beyond the codec, and issue a warning. Best of luck with that.

"So tell me now, if voting in the booth doesn't fix this and both voting with my feet and voting with my wallet do no better, what can I do?"

If a big corporation owns everything where you live and the law is behind them then you're probably SOL (Shit Out of Luck), unless either the law gets changed or that big corporation is losing money.

@Ari Heikkinen
Indeed. You have now grasped what most people these days believe is what has become of the great USA. Things like this Disney/Verizon deal are part of the reason why people just don't bother to take part in civic life anymore in this country--you're screwed if you do and damned if you don't.
Sounds a lot like why the Islamic Fundamentalists started turning to violence against civilians in the 1950's.

Well, there's still class action lawsuits if you're in the US, but I'd imagine they only work if that big corporation is doing something that might be illegal.

I still think there is a lot of misunderstanding of the system. As far as I understand, *Verizon* ISN'T monitoring, filtering, wiretapping, or doing anything. *Disney* is doing all the monitoring and wiretapping. Verizon has just provided a way for Disney to contact the owner of an IP address without resorting to legal action.

I don't understand what the big deal is here. Domains already have publicly available contact information in case something is wrong. Why shouldn't Verizon provide a service to notify users based on an IP address? I agree there should be an opt out option...

Sounds like just another mickey-mouse plan if you ask me.

Suppose I am a Verizon customer and have a programmed function regularly updating NOAA weather predictions, Verizon's algorithm -- mistakenly -- decides to suspect me of illegally downloading content and then sends me a warning. Since I'm not personally online, I don't get the warnings. Then Disney goes after me.

Or worse, my machine gets hijacked by some outfit stealing Disney product.

Since I cannot prove my innocence, Disney is free to clobber me in the courtroom based on the presumption that whatever records a huge corporation and heavyweight campaign contributor chooses to make, edit, and present are the truth, the whole truth, and nothing but the truth. I pay the fines, do the time, and have my life ruined.

It sounds to me that Disney is awarding itself police powers on the federal, state, and local level. Which makes Verizon what, contract stoolies?

If the scheme works, then when it works as intended it makes sense. But it will fail, and when it does, the innocent are going to get screwed, because when the courts find it is a question of whose money matters, Disney's and Verizon's, or Joe Nobody's, judges didn't get to where they were without learning where to curry favor.

My hope is that Verizon is scamming Disney, taking their millions and reporting wonderful news, including a large number of first warnings, a tiny number of second warnings, and zero third warnings -- proof positive that Disney's billions are being successfully surreptitiously protected. The Disney board will be black and blue slapping each other on the back, and Verizon's stock will go up.

Here's the wording from the official Disney/Verizon announcement:

http://investor.verizon.com/news/view.aspx?NewsID=672
http://corporate.disney.go.com/news/corporate/2005/2005_0921_verizon.html

"Under the agreement, Verizon would forward and track notices to its subscribers allegedly engaged in the unauthorized distribution of Disney's copyrighted works, without identifying the subscribers to Disney, and either provide subscriber identifying information pursuant to lawfully served subpoenas or terminate Verizon Internet service provided to subscribers who have infringed Disney copyrights and received multiple notices."

As a compromise from Verizon's point of view, I'm not sure whether I think it's good or bad. One thing it could do is undermine Verizon's ability to say that for privacy and security reasons, they don't keep a log of such mapping over time. But has this already been compromised by recent legislation? I mostly don't keep up because it's too depressing.

For all I know they already maintain an accurate mapping and it's history, so this changes nothing.

I have this vague feeling that there's a difference between a law on the books and having it already coded up and hooked up to a nice simple database to tantalize enforcement agencies into needing full access "for the war on X" and so forth. It doesn't even matter whether X is piracy, the effect could be the same as not having Verizon as middle-entity. Well, that's crazy. The American peole would never stand for that.

"I hate to say it, but there is not any legal way that I know of which Disney or any other company could get the IP address of somebody downloading something from some site other than their own without some sort of subpoena power against the individual running the site providing the download."

They could ask nicely. They could threaten.

Those are two ways; I'm sure there are more.

I was just starting to count sheep when I suddenly remembered that Disney managed to "influence" the US Govt to extend the Copyright Term. And that got me thinking that, as far as clever legal teams go, Disney has the US market wrapped up. I mean on the one hand they are telling Congress that they will wither and die if their 50-year old material ends up in the public domain or redistributed without penalties, and on the other hand (as Chris Sprigman notes) a great deal of their material is a rehash of 19th Century work that was in the public domain (e.g. Snow White, Cinderella, Pinocchio, Hunchback, Alice in Wonderland...even the Sorcerer's Apprentice, I might add). And if that isn't enough to make you wonder, Disney released the Jungle Book exactly one year after the author's copyrights expired.

http://writ.news.findlaw.com/commentary/20020305_sprigman.html

Disney sounds like the kind of company that thrives from taking others' ideas and then finding a way to criminalize the very process of open invention that made them so successful.

The Register has a particularly pointed argument of how/why Disney can do this, and how they manipulate the market:

http://www.theregister.co.uk/2002/03/27/operation_enduring_valenti/

"the goal of [the Senator from Disney] and his Senate supporters is simple. Under the guise of 'preserving America's intellectual capital' and supported by the funding of the entertainment industry cartels, they seek to sustain the entertainment industry's Industrial Age business model (and monopolies) in the modern Information Age - where such models are rendered obsolete by emerging technology. By doing so, these elected puppets of Hollywood will continue earning campaign contributions and ensure their job security."

And perhaps most chilling, the Register also suggests that

"In essence, they pre-emptively criminalize what MIGHT happen, as opposed to what DOES happen"

@Bruce

"I want data carriers to be just that: carriers of data. I don't want them to be monitoring content."

I couldn't agree more. Especially now that we are sincerely trying to move towards a super-highway based on SOA.

I believe first, that our data carriers should be looked at as trains, train stations should be looked at as routers/CA figures/etc.. and that interface cards should still act as conductors.

Having said that, SOA is such a long way away as long as we continue to use "back of woods PC's" built and run by anyone who thinks they can do it and vulnerable to anyone who is even mildly interested in cracking and sniffing. (all puns intended).

Before I seemingly ramble off topic or re-write history all over again, I shall now pull my finger out of proverbial hornet's nest. But yes, I couldn't agree more with your statement, as usual.

"I hate to say it, but there is not any legal way that I know of which Disney or any other company could get the IP address of somebody downloading something from some site other than their own without some sort of subpoena power against the individual running the site providing the download."

"They could ask nicely. They could threaten.

Or they could do it the Microsoft Way!

Steal identity information first, lie your ass off later!

All MS products installed have been (at least since 1997/98 when the first truely powerful programmable network sniffing software came about), recording Internal IP and MAC addresses (even on subnets with super-high security(!)), and sending these IP and MAC's BACK to Redmond, in Plain Text.

They are by FAR not the only culprits. I just happen to be able to point to that as a "fact, Jack!".

The entire industry is disgustingly invasive and full of trickery and theiving that makes it almost impossible to bear without medication.

Thanks for the theraputic ranting sections on your blog, Bruce.

@RvnPhnx

"So tell me now, if voting in the booth doesn't fix this and both voting with my feet and voting with my wallet do no better, what can I do?"

Should be.. So tell me now, if voting in the booth, voting with my feet, voting with my wallet, my teeth, my eyes, do no better, what can I do?

I say we use our voices and turn technology into something we can all watch, rewind, and replay all day long until the cows come home to ensure that every step of the way our laws, rules, and regulations match, meet, and/or exceed the pulse of our expectations by providing exactly what we need when we need it and re-calibrating it exactly when it's needed.

I think that the email bit of this would actually be a good idea, especially if it was generally available. I keep getting spam viruses from one particular machine. I've identified the ISP from whois and emailed their abuse@. No response, no effect.

It would be really useful to go to a web page, enter the IP address and time from the email, and some text telling the subscriber what the problem is.

Thanks.

Good comments!!!

As a university student residing on-campus, my ISP for most of the year is my university. Granted, the university only "resells"/provides a connection that they get from three "actual" providers, but the university serves for all practical, technical, and legal purposes as the ISP, at least from the perspective of both on campus users, and the RIAA & MPAA.

As such, both above named organizations contact the university whenever they track the download of copyrighted material to university IPs, ITS LTS disconnects the machine in question from the network, and requests that the user delete the files named by the contacting organization. After the user states that they have deleted the content in question from their machines, they are allowed back on the network. This is different from the procedure followed when users are uploading copyrighted material - then the RIAA or MPAA sues.

There doesn't seem to be a hell of a lot of difference between that relationship and the one Bruce describers (I have not read the article). Granted, the legal status of the university vs. that of a "true" ISP is somewhat different in this case, but the procedure and idea behind it seem to be the same.

@Alex Krupp:

"Is this the first time any company has targeting downloading?"

No, The RI & MP AA pursue downloaders at my university, see my above comment for more detail.

A lot of Grandmothers do this, it seems.

I haven't read the WSJ article, only Bruce's summary, but from that it looks like Disney have to supply an IP address and a date and time, to get Verizon to forward the note from Disney to the customer. Which, presumably, they get by infiltrating P2P services to see who is copying Disney content.

This is enough cause to get a warrant to find out who the customer is, anyway.

It seems to me that this is a much better policy than suing grandmothers without any kind of warning.

To K:

"If you suspect I am breaking the law, the proper action is to involve law enforcement."

Really? Why can't I just tell you to knock it off? Why do I have to hassle police officers about what is after all a minor infarction? In any case isn't casual piracy a civil offence in which the police have no interest?

I don't know about the US, but here in England & Wales, you don't have to involve the police. You can file a complaint with the Magistrate's Court yourself.

Everyone has a right to enforce the law with respect to their own property, and we can all arrest those who commit serious crimes. The police have the additional role of doing this on behalf of the public, and so they have -- only a few -- additional powers.

I certainly don't want to create a society where the only route to justice is through the police.

Ben Liddicott

I fail to see what is so bad about this, especially since the phrase "Without divulging names or addresses to Disney" is in there.

Last week when I got home from church last week I found this one IP address trying to log onto my computer via ssh with a different userid+password combination every 1.5 seconds. I used the whois utility on that IP address and got the Duke university abuse contact to which I fired off an email asking why this was happening.

How is Disney's action any different from that?

I don't mind Verizon taking ownership of, and responsibility for, the illegal activities of their customers as long as they take ownership and responsibility for all illegal activity by their customers.

It seems to me that, by voluntarily monitoring and responding to a single class of illegal activity, Verizon could, and should, be held liable for all illegal activity by their customers, including child pornography, viruses, phishing, identity theft, spam, and any other activity that Verizon could have monitored as well.

That sounds like balance. Isn't it said that with every right there is a responsibility?

I haven't read the article either, but I'd bet the subpoenas are a red herring: they would be expensive for Disney, and Verizon has to comply with them anyway, regardless of this agreement. The important change is that Disney can now order Verizon to disconnect any of its customers at will. ISPs already have the right to do that (they write the contracts) but thankfully for free speech, their customers are valuable to them.

As far as I can make out from the press releases, Verizon doesn't have the responsibility, or even the ability, to monitor any of the content. And that, from Disney's point of view, is the beauty of the scheme. The Disney people can include the IP addresses of any number of hostile critics, commercial competitors, or personal enemies among the thousands of pirates, and Verizon will be none the wiser.

Victims may protest their innocence, but when Disney tells Verizon to pull the plug, Verizon will pull it. Terminating the relationship with a customer costs revenue, but much less than their liabilities to one of the world's most litigious corporations for breach of contract and perhaps for contributory copyright infringement. And even if you can somehow prove to Verizon that everything you did was legal, their relationship with Disney is far more important and lucrative.

@Better-than-Nothing

"from what is posted here, I don't see any problem, in fact it's a great idea.

Let's face it, Disney can only identify IP addresses of downloaders. So short of suing some John Doe and issuing a civil subpoena, what can they do? Partnering with the ISP allows them to give notice to *suspected* pirates easily."

If no red-flags go up at this notion, we are in big trouble.
The truth of the matter is that Disney is turning an ISP in a surveilance system.
Your ISP has a contract with you, and you alone to provide a service. It should only respond to a court order in either turning over any data on you or by contacting you.
For the other part, they are the road that you drive your car on, not what you do with that car.

"What's wrong with that? Most parents have no idea what their kids are doing online. Perhaps this would alert them. Same for compromised proxies computers."

What is wrong is that neither the ISP nor Disney are law inforcement agencies and as such, they have no right to send you anything. What's next, blocking of supsected customers?
Ho do you defend yourself against this? How do they prove you actually downloaded something illegal?

"Which leaves the people who are actually downloaded content illegally. What's the harm in giving them fair warning? "

And what if you are identified incorrectly (so you're innocent)? I recommend anyone to who this happens into sueing Verizon for anything you can.

I use Verizon DSL at home, and one hole in the process is that of notifying the customer. Verizon doesn't have my e-mail address, though they did give me an address when I signed up. I've never checked mail at that address, largely because of Verizon's affiliation with MSN. Do they phone the customer or send snail mail? I doubt it. So if I were to be suspected of these sorts of activities, Verizon would probably send the notice to my Verizon.net address, and I'd never see it.

This site - http://allearsnet.com/pl/fingerscan.htm - tries to make it sound like everything is okay. "Don't worry, just go along with the scanners". But it also mentions that if your biometrics don't match or you can't get the scanner to work properly, they will reset your biometric record and take a new reading. It also says that "During times of the day when lines of guests waiting to get into the park are long, some parks will turn off the biometric scanners to allow faster entry for everyone." Both of these seem to defeat the entire point of having the scanners! Disney seems to be sending the message that tracking you is very important, so long as it does not interfere with their profit.

I can't believe people in general and the media in particular aren't more upset by this.