Security and Conference Badges

| Comments (7) |
Bruce Schneier writes about the RSA Conference's new method of dealing with badge fraud:
Last year, the RSA Conference tried to further limit these types of fraud by putting people's photographs on their badges. Clever idea, but difficult to implement.

For this to work, though, guards need to match photographs with faces. This means that either 1) you need a lot more guards at entrance points, or 2) the lines will move a lot slower. Actually, far more likely is 3) no one will check the photographs.

And it was an expensive solution for the RSA Conference. They needed the equipment to put the photos on the badges. Registration was much slower. And pro-privacy people objected to the conference keeping their photographs on file.

This year, the RSA Conference solved the problem through economics:

If you lose your badge and/or badge holder, you will be required to purchase a new one for a fee of $1,895.00.

Look how clever this is. Instead of trying to solve this particular badge fraud problem through security, they simply moved the problem from the conference to the attendee. The badges still have that $1,895 value, but now if it's stolen and used by someone else, it's the attendee who's out the money. As far as the RSA Conference is concerned, the security risk is an externality.

Bruce's point about incentive alignment is a good one, but it neglects the equilibrium analysis. Even at $1895, people will still lose their badges, so knowing that you might have to buy a complete new one diminishes the value of the initial badge by about the expected loss involved in having to buy a new one. If the loss rate is high enough, then RSA won't be able to charge as much for the initial registration.

How much does this effect matter in practice? Depends on the loss rate. But consider that most of the stuff that's being provided at RSA (access to talks in particular) is partially nonrivalrous. A lot of classrooms are partly empty (mine was) and so a few extra people coming in wouldn't have cost RSA anything. Obviously, they have to charge and have some security because otherwise nobody would pay, but the important question when deciding on this kind of investment is how much security you need to get to the point where (1) excess resource consumption is low and (2) the only people cheating are people you couldn't have extracted money from anyway? So, you have to balance money lost due to fraud against money lost due to unwillingness to pay.

It's also worth noting that the new scheme makes badge swapping between friends much easier. When there were pictures on the badges, this was harder, but now it's no problem. Badge-swapping is actually so common that most people who engage in it don't consider it fraud. After all, you're on the show floor but the person who's badge it is isn't (there are of course counterarguments which I won't get into here. I'm just talking about people's attitudes). Walk around the expo floor and you'll see plenty of people wearing the wrong badge.

Another form of fraud that's enabled by picture-less badges is "in-and-outs". Two people walk into a session (or more likely the party tonight). One stays in and the other takes both their badges out for reuse by a third person outside. This is partially mitigated by RSA scanning each badge so they could in principle notice large numbers of entries on each badge, but probably not stop low levels of fraud.


The value to the conference attendee of not having moochers interloping presumably raises the value of the badge (though how much isn't clear, as you mention in para 2). But let's say the loss rate is 1% (which seems plausible, maybe slightly high if it's made clear to people that losing the badge costs $1895). While "A lot of classrooms are partly empty...", I would guess that the people who are dodging the $1895 fee are partly doing so because they only want to hit one or two of the "big" events, where the crowding is more substantial -- eg the party. Now -- is it worth $18.95 on average for those who did pay full whack to keep the riffraff out of these events where they *are* sucking resources which otherwise would go to the $1895 crowd? If so, then reducing that riffraff could make up for the loss in value attributable to the expected loss rate.

The point is that it's very easy for an attendee to reduce the probability of losing his or her badge close enough to zero that it's no longer worth worrying about. Most people walk around with a collection of one or more fairly valuable objects (wallet, purse, cellphone), and have learned a bunch of techniques and practices for carefully keeping track of those objects. By raising the price of a replacement, they've basically made it each attendee's optimal strategy to treat his or her badge as another one of those objects.

What's surprising to me is the dismissal of badge counterfeiting. The badges I've seen at conferences all look extremely easy to forge, and I have to guess that the reason why badge forgery is uncommon is that the other techniques that Eric mentioned are even easier. Hence the confrence organizers may find that if they succeed in suppressing these easier forms of fraud, they'll then have to find a way to make badges hard to forge, as well.

Uh, Eric, come clean! Is this really about the economic mechanics, or what's your own MTBBL[*]?


[*] Mean Time Between Badge Losses

I lost my (expo only) badge, and managed to talk them out of a replacement for free. They reminded me to bring back the original badge if I found it, but that was the only cost to get a replacement. The guy in front of me in the "I lost my badge" line had a full conference pass, but was a Big Software Company VIP, and got his replacement badge gratis. They talked about how it'd normally be $1895 for the replacement, but didn't enforce the policy.

The other question that Bruce does not seem to consider is enforcement. RSA may say that a new badge will cost you $1,895 but I doubt that they have sold many replacement badges and we do not know whether this policy is actually enforced.

The other interesting change this year is that the badges all have RFID chips in them and these are being checked at the door. This would also allow the organizers to revoke a badge reported stolen - at least in theory.

I'm not sure about the economics of the replacement badges, but the economics of getting into the full conference are pretty cool. You can either:

a. Be interesting enough to get a talk in. (For the Cryptographer's Track, that means a peer-reviewed paper, though this isn't where you send your n lg n time factoring algorithm or practical key-recovery attack on AES.)

b. Be serious enough about the industry to cough up $2K just to get in the door.

This makes for a fairly interesting mix.

My other economic insight: If you're out of work at the right time, you should write a paper capable of getting you into the cryptographer's track, or buy an EXPO ONLY badge. Either way, you will get huge opportunities to sit and chat with people who need people that can do what you can do.

(This assumes you have some computer security skills somewhere, of course--if you're a first-rate construction engineer, I'm not sure where you should go to look for work.)

This may be tangential, but what I find weird about RSA is how much higher the entry price is than comparable conferences (including those conferences where you would send your poly-time factorization papers). I suppose the presence of John's type-b people above might justify it ..

Leave a comment