Computerworld Discovers Hotel Keycard Myth Is, Indeed, A Myth

from the crack-reporting dept

Last September we were quite surprised to see a Computerworld reporter place a story on his blog warning people that hotels were putting personal info on the keycards that let you into rooms. As we pointed out, that story was an extremely well-known urban legend that had been debunked repeatedly by many sources. As such, it seemed odd that anyone would report it again without getting plenty of evidence to back it up. The reporter in question, Robert Mitchell, defended the posting in our comments, but also set out to collect as many of these keycards as he could, while discussing the issue with plenty of industry insiders so he could write an actual article on it. Shocker of all shockers, he discovered that, as everyone expected, it's just a key to your room and stores absolutely no personal data. In other words, exactly what pretty much everyone knew before -- which is why it's a bit amusing to see the Computerworld sub-head claim that it's "exploding the urban myth." Next up: Computerworld will tell us that Bill Gates really isn't paying people to send email. Meanwhile, it's still quite odd that Mitchell's original source, Peter Wallace, IT Director at AAA Reading-Berks in Wyomissing, Pennsylvania, now refuses to comment at all on his original claims that resulted in this wild goose chase. Of course, thanks to the ongoing life of this story, hotels are actively looking at alternatives, because they're sick of explaining to people that there's nothing to worry about.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 14 Jan 2006 @ 1:30am

    A single point of failure...

    In other words, this reporter wrote the story/article/blog entry based on a single source.

    link to this | view in chronology ]

    • identicon
      Ed, 15 Jan 2006 @ 8:26pm

      Re: A single point of failure...

      Typical of today's reporters. Sensationalism is all that matters anymore. There are no consequences for yellow journalism. For example - ESPN's article where they assumed everything Maurice Clarett said about Ohio State (et al) was true w/o substantiating ANY of it. Now that Clarett's true colors have been revealed, where is the apology/retraction from ESPN?

      It's getting to the point where you can't trust much through the media. It is a real shame.

      link to this | view in chronology ]

  • identicon
    nils, 14 Jan 2006 @ 4:08am

    Why would the hotels do so anyway?

    What would the point be of putting personal info on the keycards? You are linked to the room in their DB anyway. What possible benefit would they have from adding personal info to the card?
    Sometimes, if people were to just use their brains even a little bit, they could save themselves a lot of hassle.

    link to this | view in chronology ]

    • identicon
      Jim Beam, 14 Jan 2006 @ 8:17pm

      Re: Why would the hotels do so anyway?

      Ahh... there's the rub. the database. Not the key, but does the computer report each entrance to the room?

      link to this | view in chronology ]

      • identicon
        Andrew Strasser, 14 Jan 2006 @ 11:06pm

        Re: Why would the hotels do so anyway?

        They certainly wouldn't let themselves lose profit for no merit. Unless maybe the Govt. decided to do it I could see no reason or want to lose profits.

        link to this | view in chronology ]

      • identicon
        dirk, 15 Jan 2006 @ 1:15am

        Re: Why would the hotels do so anyway?

        in the system we use where I work, it does. And failed entrances(wrong key etc)

        link to this | view in chronology ]

  • identicon
    Anonymous for a Reason, 14 Jan 2006 @ 7:06am

    Majority of the Stupid...

    I work maintenance at a fairly high-end hotel and I code/re-code cards all the time for housekeeping, guests, etc. The system is for opening doors, that's it, sheesh. There's no place in the firmware for any other info. It is a STATIC system.

    If anybody is so worried about such a thing, stick the card in the same pocket as your cellphone for a minute and see what happens.

    link to this | view in chronology ]

    • identicon
      John Doh, 14 Jan 2006 @ 8:03am

      Re: Majority of the Stupid...

      What makes me laugh is that SO MANY people are gullible enough to believe it!

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 15 Jan 2006 @ 3:30am

        Re: Majority of the Stupid...

        Did you know that the word "gullible" is not in the dictionary? Go ahead - look it up!

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 15 Jan 2006 @ 8:16am

          Re: Majority of the Stupid...

          The word 'gullible' is in the dictionary asshole.

          link to this | view in chronology ]

          • identicon
            Just an IT junkie with a monkey, 15 Jan 2006 @ 10:34am

            Re: Majority of the Stupid...

            I'm not sure I can agree 100% with you guys. I do agree that there probably is no personal information on the card at most hotels but I just recently went to vegas and stayed at Paris' daddy's hotel. The room key can be used to pay for pretty much everything. They have little terminals at the bar to stick your room key into so that you can charge things to your room. And ironically enough (and this is why I think that there is more to this than people are looking at) if you don't put down a credit card for your room, you can't use the room key to pay for crap at the hotel......

            It is probably just charging it to your room number and there could be something as simple as a code in the database whether you have a card or not but I can definitely understand how this thing got started and it will proceed to keep going.

            link to this | view in chronology ]

            • identicon
              Just some guy, 15 Jan 2006 @ 3:24pm

              Re: Majority of the Stupid...

              Why is this a problem again? Obviously they are simply charging it to your room based on the card telling them what room you are in.

              People just like to get upset over crap like this. The point is that whatever info is on the card, it's only relevant to the hotel's computer door or billing system. It doesn't have your credit card number or any other generally useful info on it. Even if you could read the info on the card I doubt it would tell you anything without access to the hotel's database.

              link to this | view in chronology ]

          • identicon
            Anonymous Coward, 16 Jan 2006 @ 7:55am

            Re: Majority of the Stupid...

            Good Job! You fell for it hook, line and sinker. But I am glad your dictionary referencing skills are still intact.

            link to this | view in chronology ]

  • identicon
    STJ, 14 Jan 2006 @ 7:56am

    No Subject Given

    Um, I worked in a hotel and I do computers as well, I've always said this is a myth put forth by parinoid oddballs

    link to this | view in chronology ]

  • identicon
    Joe Snuffy, 14 Jan 2006 @ 8:42am

    no id?

    I like to tape my Social Security Card to my room keys, plastic or old school, whereever I stay.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Jan 2006 @ 11:53am

      No Subject Given

      yeeeeeeeaaaaaah, ok...... do any of u have anything important to say? (this includes Mike, of course, who ALWAYS feels he's got something to say... and ur fukking "department"s are dumb as shit.. who the fuck has the time to manage all those fucking departments? oh wait, nobody gives a shit about techdirt.... which came from techmud, im guessing...)

      link to this | view in chronology ]

      • identicon
        tenpound, 14 Jan 2006 @ 12:50pm

        Re: No Subject Given

        I work for the CIA, ATF, FBI and BBB and I can assure you all that there is plenty of personal information on those hotel key cards.

        I know because I personally supervise the operation that initiated this program to begin with. LaQuinta and Holiday Inn are actually data warehousing honeypots.

        link to this | view in chronology ]

        • identicon
          CharlesGriswold, 14 Jan 2006 @ 3:26pm

          Re: No Subject Given

          *puts sunglasses on*

          *FLASH*

          Nothing to see here, people. Hotel key cards just let you into your room. Have a nice day.

          Seriously, though, I've worked as a hotel desk clerk, and the magnetic key cards just let you into your room. I mean really, what would be the point of (for instance) letting the room locks know what the guests' credit card number is? So the locks can do the billing?

          link to this | view in chronology ]

      • identicon
        Anonymous Coward, 14 Jan 2006 @ 12:53pm

        Re: No Subject Given

        flame war anyone?

        link to this | view in chronology ]

      • identicon
        Thumper, 14 Jan 2006 @ 2:27pm

        Re: No Subject Given

        If you can't say anything nice, don't say anything at all.

        link to this | view in chronology ]

  • identicon
    sean, 15 Jan 2006 @ 7:08pm

    umm, not so sure

    have you taken a card reader to a drivers lic, or a credit card??

    Usually has address, sometimes soc. # - I wouldn't be suprised if the coded the hotel cards also.

    link to this | view in chronology ]

    • identicon
      Not paranoid, 15 Jan 2006 @ 7:15pm

      Re: umm, not so sure

      but why would they do it? What possible use would it be to encode that on a door card?

      I could see that perhaps once upon a time some hotel's new card software might have defaulted to include more info than necessary but the bottom line is that there is NO PROOF that hotels put any information that anyone need be concerned about, and indeed rarely if ever more than a code that lets you in your room.

      Yet...like most good myths...in the face of facts and lack of proof the supporters of this won't let it die.

      link to this | view in chronology ]

    • identicon
      Mousky, 16 Jan 2006 @ 8:13am

      Re: umm, not so sure

      Oh my god, the magnetic strip on your driver's licence contains your address. Holy shit Batman, that beats reading the address from the front of the card.

      link to this | view in chronology ]

  • icon
    OBM (profile), 16 Jan 2006 @ 1:41am

    What's on that key....

    many years back I worked for a major European hotel chain implementing a new door key system in one of their flagship hotels.

    the system was incredibly smart (and yup, expensive) but allowed the guest to provide any 'standard' mag swipe card with a 2-3 track strip and we'd use that rather than issuing a key (less chance of them loosing it!)

    it also allowed us to easily issue several keys for a room, use on key for multiple rooms and put some pretty smart rules in place (eg Mum and Dad could open the mini-bar with their credit card, but junior with a hotel issued key couldn't, the parents could access the rooftop pool after 8pm and junior couldn't).

    we didn't have the actual values flying round the network but an encrypted hash key (quicker for checking and applying rules) and we did basic checks to ensure the same hash wasn't active for more than one guest at a time.

    some guests didn't like it... so we continued to issue our own keys in those cases. some guests loved it. we found the system to be a pleasure because we got less issues with the guests losing or mis-treating the keys (and argued less about auxilliary charges because they where less likely to let the key out of sight). sadly the system was too expensive to justify rolling out outside the one flagship property... I wonder if it's still in use...

    link to this | view in chronology ]

  • identicon
    Gilmartin, 31 Mar 2007 @ 4:49am

    re; keys having info stored on them.

    How could they store your info,duh, the keys are reswiped and changed in most bigger motels/hotels,
    so your info would be wiped off even if it were on there. Which it isn't, Am more concerned with
    Geisinger that stores computer with "all " your data
    on it and then loses them and said"Maybe the thief
    stealing from a computer record holding storage building does not know what they got," Ha Ha, fat chance. Lots more to worry abought there.

    link to this | view in chronology ]

  • identicon
    Jain, 3 Sep 2007 @ 4:42am

    Hotel key cards no personal data

    All hotels are well networked. Hence there is no need to record all kinds of data on a keycard. Only the room nos is more than adequate. Once the room nos is indexed as a key field then the server can link up all the data required in the database.Hence there is absolutely no need to have any data on the card

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.