Comment by andrewla
6 hours ago
Can we make things so that you don't need a smartphone? I don't think this is as trivial as you're making it out to be.
Having a non-exfiltratable bearer token is really really hard. In order to present a zero-knowledge proof of the possession of a token you need to have some sort of challenge-response protocol. The simplest one, and the one in most common use (such as this) is a time-based method, where the shared knowledge of the current time represents the challenge.
The other method is to use civil identity as the challenge, and use government-issued IDs as the bearer token that the ticket is tied to. This doesn't scale well to larger events, and presents real challenges involved centralization of ticket exchange.
You can argue whether or not forgery is a significant enough problem to be worth this trouble, but that's a business decision, and as live events like this get more expensive forgery and resale become more and more of a problem, which end up locking out people like this who have legally and legitimately bought tickets but can't gain access to events because someone has stolen and resold their ticket.
Yet, somehow Major League had been selling tickets just fine for more than a century without smartphones.
It's a moving target. Forging tickets has gotten easier and easier, and as tickets get more expensive it becomes more and more lucrative. Law enforcement is generally not helpful for this sort of petty larceny so they are looking for structural ways to prevent it.
In past eras they used holograms and watermarks and special papers in an attempt to prevent forgery but these methods keep getting challenged by an ever more sophisticated criminal element. Moving into cryptographically secure methods is the last barrier here.
They could also rely on the state to match identities to tickets, but this approach does not scale and is frankly undesirable for the majority of people anyway.
Forgery is a non-issue -- this guy is a season ticket holder. Literally all they need is his government ID checked against a list.
The "problem" they were trying to "solve" is letting people sell some of their tickets to third parties, but not all of them. That is understandably how they arrived at a mobile application as a solution
But the problem of admitting the original ticket holder is simple as shit. Just .... check his ID?
What? We sold tickets for literally decades upon decades before smartphones came out. Of course you can do it, it's already been done!
Decades upon decades of holograms and watermarks on tickets to make them unforgeable. But it keeps getting easier to forge them. Meanwhile ticket prices keep increasing (venue space is one of the last things that's truly scarce) and the incentives for forgery keep increasing.
Even if we could make them truly unforgeable, people generally want electronically transferrable tickets. How do you propose to do this?
Go ahead and require a special gadget to get an "electronically transferrable ticket," no skin off my back. That is a feature I will never use.
Don't bother your season ticket holders about getting their own person admitted! I am standing in front of you, bearing identification, and you are whining about a mobile app?
If ticket prices keep increasing, it would seem the capability to print harder-to-forge tickets could be done with the extra revenue.
They could even do something like give him a little RFID token that can be used once. Tap it, gates open, go in, done.