A policy Analysis of the mbta’s New Automated Fare Collection System



Download 5.21 Mb.
Page1/24
Date17.11.2017
Size5.21 Mb.
  1   2   3   4   5   6   7   8   9   ...   24

Privacy, SmartCards

and the

MBTA


A Policy Analysis of the MBTA’s New Automated Fare Collection System
Ian Brelinsky

Brian Myhre

Jennifer Novosad

Chris Suarez


6.805 – December 10, 2004

Massachusetts Institute of Technology

Table of Contents


Acknowledgements 4

Executive Summary 5

Section 1 – History of the MBTA 6

Section 1.1 – Early Public Stagecoach Service 6

Section 1.2 – Passenger Comfort and Reliability 7

Section 1.3 – The First Subway in America 8

Section 2 – History of RFID 11

Section 2.1 – The Commercialization of RFID 11

Section 2.2 – Mult-Purpose RFID Cards 12

Section 3 – Benefits to the MBTA 14

Section 3.1 – Personnel Cost Savings 14

Section 3.2 – Maintenance Advantages 15

Section 3.3 – Financial Benefits 15

Section 3.4 – Law Enforcement Considerations 18

Section 4 - Technical Basics 22

Section 5 – Cautionary Anecdotes 23

5.1 – A story says 1,000 images. 23

5.2 – Trust Your Data to People Who Manage Data [Not Trains] 23

5.3 – Insider Abuse Has Major Risks 25

5.4 – Holey Matrimony 26

5.5 – Tracking Customers is Bad Business 28

Section 6 - Case Studies of RFID Smartcards in Transit 29

Section 6.1 - A Foreign Case – Transport for London (Oyster Card) 29

Section 6.1.1 – Opt-out Availability for the Oyster Card 30

Reduced Fares and Student Registration 30

Limiting Unregistered Card Use Geographically 31

Section 6.1.2 – Oyster Card Privacy Communications 31

An Alternative to a Privacy Policy – London’s Ticketing Data Protection Policy 32

Section 6.2 - Fully Implemented Domestic Cases – The CTA and WMATA 34

Section 6.2.1 - Chicago Transit Authority (Chicago Card and Chicago Card Plus) 34

Clearly Indicating the Differences between Cards with and without Registration 34

Maintaining Fare (Fair) Incentives 36

The CTA’s Need for Clearly Defined Privacy Measures 37

Releasing Information to Individuals – Security Protections for Registered Cards 38

Section 6.2.2 - Washington Metropolitan Area Transit Authority (SmarTrip) 38

Best Information Practices: Logging Employee Interactions with Data 39

The WMATA’s Need for Defined Privacy Measures 39

Section 6.3 - A Domestic Case in Development – Metro Transit (Minneapolis/St. Paul, MN) 40

A Blurry Line between Registered and Unregistered Cards 40

Integrating Use Incentives in an RFID System - The Ride to Rewards Program 41

Reduced Fares and Registration Requirements Revisited 43

Section 6.4 - Comparing RFID Smartcard Implementations 43

Section 6.5 - Other Implementations on the Horizon 44

Section 6.6 - General Reflections on Interviews and Case Studies 45

Section 6.7 - The MBTA’s Privacy Action Plan 46

Section 7 – Legal Considerations 47

Section 7.1 – Chapter 66A 48

Section 7.1.1 - Chapter 66A Requires Reasonably Minimal Data Collection 48

Section 7.1.2 - Chapter 66A Constrains the feasibility of a Multi-Use CharlieCard 49

Section 7.1.3 - Chapters 66A Requires Advance Notice of a Subpoena 49

Section 7.1.4 - Chapter 66A Provides Customers a Right to Access Their Data 50

Section 7.2 – The Personal Information Protection Act 50

Section 7.3 – A Constitutional Right to Travel Anonymously 51

Section 7.4 – The Data Protection Act of 1998 52

Section 8 - Our Recommendations 53

Section 8.1 - Gaining Citizen Trust 55

Section 8.1.1 - Openness 56

Section 8.1.1.1 - Example Privacy Statements 57

Section 8.1.2 Choice 60

Section 8.1.2.1 Functionality not required for an Opt-out Program 61

Section 8.2 - Providing a Safe, Secure Service 62

Section 8.2.1 Preventing Internal Abuse 63

Section 8.2.1.1 Storing Reasonably Minimal Personal Data 64

Section 8.2.1.2 - Data Use Policies 66

Section 8.2.1.3 Response to Government Request for Data 68

Section 8.2.1.4 Accountability 68

Section 8.2.2 - Preventing External Abuse 68

Section 8.2.2.1 - Encryption 69

Section 8.2.2.2 - Separation from other Networks 70

Section 8.2.2.3 Minimal Storage of Data 70

Section 8.2.2.4 Evolving with Technology 71

Section 9 - Suggestions Not Included 72

Section 9.1 Data Quality 72

Section 9.2 - Specifying Where Data is Stored and How in the Privacy Policy 72

Section 9.3 - Recommending a Particular Storage Architecture 73

Section 9.4 - Including Why Data Use is Acceptable in the Privacy Policy 73

Section 9.5 - Printing "RFID Inside" Whenever RFID Technology is Used 73

Appendix A - Technical Information 75

A.1 - Overview of RFID System 75

A.1.1 What is RFID? 75

A.1.2 What the DOD and Wal-Mart see in RFID 75

A.1.3 Active or Passive 77

A.1.4 What’s so remarkable about this stuff? 78

A.2.0 Plunging one level deeper (technically) 79

A.2.1 Active vs. Passive revisited 79

A.2.2 Passive Cards – Inductive vs. RF coupled 80

A.2. How cards are fabricated 81

A.3 Pushing the technical limits 83

A.4 ###%20# hWo eNeds nEcryption? ####^%687# 83

A.4.1 128 bit vs. 3DES vs. scrambling letters 85

A.4.2 What manufactures want you to believe 86

A.4.3 What Encryption experts want you to know 87

A.4.4 What should we demand in the future (technically) 88

Appendix B - A Possible Design 90

Section B.1 General Design 90

Section B.1.1 Operation of the Databases 91

Section B.1.2 Meeting the Specifications 92

Section B.2 Variation 1: Shared Secret (Password) 93

Section B.3 Variation 2: Personal Information 93

Section B.4 A Combination 95

Appendix C - Modifying a Current System to Incorporate our Recommendations 96

Appendix D - RFID and Transit Smartcard Glossary 98

Reference List 101






Download 5.21 Mb.

Share with your friends:
  1   2   3   4   5   6   7   8   9   ...   24




The database is protected by copyright ©ininet.org 2020
send message

    Main page