These are some of the other smartcard implementations that are currently in pilot or implementation phases. Additional research into these cases should provide further insight into the approaches that should be taken in an RFID smartcard implementation.
Bay Area Translink33
Limited Availability to Bus Users in October, 2004
Full Implementation in 2005
Central Puget Sound Regional Fare Coordination Project34
Los Angeles County Metropolitan Transit Authority35
Metropolitan Atlanta Rapid Transit Authority – Breeze36
First system in the U.S. to deploy a low-cost, limited use smartcard to be used for ALL fare purchases
System will feature 6-foot “jumper proof” gates
Can read any smart card that meets ISO standards (more flexibility)
Section 6.6 - General Reflections on Interviews and Case Studies
Common themes arose from our conversations with the representatives of the various transit authorities. Most, for example, seemed shocked that privacy was even an issue with smartcards. One representative of the CTA, for example, cited that 96% of CTA riders have chosen the registered version of the CTA’s Chicago Card.37 She thus seemed compelled to believe that users did not care about their privacy. However, when consumers are not told about the privacy implications of registration, why wouldn’t they register? If consumers were more informed, we believe that this number would be reduced. Certainly, many transit users wouldn’t care about the data collection practices of the WMATA or CTA, but we need to acknowledge those who may change their mind based on being more informed.
In addition to those concerns presented in the body of the case studies, there are two other points that should be addressed based on the information in figure 6.4. First, the length of time data is held is generally too great. Holding data for years at a time while keeping it associated with a person’s name is unnecessary. A cross-application to our privacy recommendations in section 7 will help to explain that. We also encourage the maximum value stored on cards to be lowered. In the WMATA’s case, $300 in value can be stored on the card. Since transit authorities have given users the right to recoup their losses from a registered card if it is lost or stolen, users who see a higher maximum may be more inclined to register it. Although this point is low-impact, and users can just put lower amounts of money on the card themselves, it is important to avoid practices that may encourage registration.
Most of the transit representatives we talked to knew of no laws that regulated their RFID data collection practices (besides regulations against selling information to third parties), and acknowledged the new and developing nature of the laws in the RFID world. When the transit representatives acknowledged their general lack of acquaintance with any aspects of law regulating smartcards, they were often willing to make concessions and appreciate some of the suggestions we made. At this point, laws relating to RFID privacy and information collection practices are only beginning to be filed. Transit authorities need to acknowledge that the potential for these laws is real, and that it is never too early to begin taking steps to address them. Based on our review of the transit authorities in this section, it is clear that many steps still need to be taken to comply with laws that even minimally require transit authorities to explain the privacy implications of RFID smartcards.
Section 6.7 - The MBTA’s Privacy Action Plan38
As London, Chicago, Washington D.C., Minneapolis, and other transit authorities are asked to reflect on the privacy issues relating to their present and future RFID smartcard endeavors, the MBTA is utilizing a privacy action plan throughout its process of determining an ideal privacy policy. While our paper and analysis provide tips and suggestions for creating a privacy policy, we encourage all transit authorities to create an action plan of a similar form and do their own independent analysis. As smartcard implementations change and new privacy issues arise, it is important to remain up to date on any relevant information.
The plan, as reprinted in Figure 6.4, includes several useful steps in making a privacy policy. These include researching comparable policies, consulting an outside attorney for feedback and guidance on privacy, drafting a new policy, utilizing customer focus groups and feedback, and creating a formal “privacy officer” position. All of these steps are useful, especially the ones that consider consumer feedback. An attorney is also necessary to ensure that data collection and other RFID implementation aspects do not violate local laws. However, this list is not exhaustive. Transit authorities should consider new and innovative ideas to place in their privacy action plans.
Figure 6.4. MBTA Privacy Policy Task List
Share with your friends: |