A policy Analysis of the mbta’s New Automated Fare Collection System
Download 5.21 Mb.
|
Privacy, SmartCards and the MBTA
A Policy Analysis of the MBTA’s New Automated Fare Collection System Ian Brelinsky Brian Myhre Jennifer Novosad Chris Suarez 6.805 – December 10, 2004 Massachusetts Institute of Technology Table of Contents
Acknowledgements 4 Executive Summary 5 Section 1 – History of the MBTA 6 Section 1.1 – Early Public Stagecoach Service 6 Section 1.2 – Passenger Comfort and Reliability 7 Section 1.3 – The First Subway in America 8 Section 2 – History of RFID 11 Section 2.1 – The Commercialization of RFID 11 Section 2.2 – Mult-Purpose RFID Cards 12 Section 3 – Benefits to the MBTA 14 Section 3.1 – Personnel Cost Savings 14 Section 3.2 – Maintenance Advantages 15 Section 3.3 – Financial Benefits 15 Section 3.4 – Law Enforcement Considerations 18 Section 4 - Technical Basics 22 Section 5 – Cautionary Anecdotes 23 5.1 – A story says 1,000 images. 23 5.2 – Trust Your Data to People Who Manage Data [Not Trains] 23 5.3 – Insider Abuse Has Major Risks 25 5.4 – Holey Matrimony 26 5.5 – Tracking Customers is Bad Business 28 Section 6 - Case Studies of RFID Smartcards in Transit 29 Section 6.1 - A Foreign Case – Transport for London (Oyster Card) 29 Section 6.1.1 – Opt-out Availability for the Oyster Card 30 Reduced Fares and Student Registration 30 Limiting Unregistered Card Use Geographically 31 Section 6.1.2 – Oyster Card Privacy Communications 31 An Alternative to a Privacy Policy – London’s Ticketing Data Protection Policy 32 Section 6.2 - Fully Implemented Domestic Cases – The CTA and WMATA 34 Section 6.2.1 - Chicago Transit Authority (Chicago Card and Chicago Card Plus) 34 Clearly Indicating the Differences between Cards with and without Registration 34 Maintaining Fare (Fair) Incentives 36 The CTA’s Need for Clearly Defined Privacy Measures 37 Releasing Information to Individuals – Security Protections for Registered Cards 38 Section 6.2.2 - Washington Metropolitan Area Transit Authority (SmarTrip) 38 Best Information Practices: Logging Employee Interactions with Data 39 The WMATA’s Need for Defined Privacy Measures 39 Section 6.3 - A Domestic Case in Development – Metro Transit (Minneapolis/St. Paul, MN) 40 A Blurry Line between Registered and Unregistered Cards 40 Integrating Use Incentives in an RFID System - The Ride to Rewards Program 41 Reduced Fares and Registration Requirements Revisited 43 Section 6.4 - Comparing RFID Smartcard Implementations 43 Section 6.5 - Other Implementations on the Horizon 44 Section 6.6 - General Reflections on Interviews and Case Studies 45 Section 6.7 - The MBTA’s Privacy Action Plan 46 Section 7 – Legal Considerations 47 Section 7.1 – Chapter 66A 48 Section 7.1.1 - Chapter 66A Requires Reasonably Minimal Data Collection 48 Section 7.1.2 - Chapter 66A Constrains the feasibility of a Multi-Use CharlieCard 49 Section 7.1.3 - Chapters 66A Requires Advance Notice of a Subpoena 49 Section 7.1.4 - Chapter 66A Provides Customers a Right to Access Their Data 50 Section 7.2 – The Personal Information Protection Act 50 Section 7.3 – A Constitutional Right to Travel Anonymously 51 Section 7.4 – The Data Protection Act of 1998 52 Section 8 - Our Recommendations 53 Section 8.1 - Gaining Citizen Trust 55 Section 8.1.1 - Openness 56 Section 8.1.1.1 - Example Privacy Statements 57 Section 8.1.2 Choice 60 Section 8.1.2.1 Functionality not required for an Opt-out Program 61 Section 8.2 - Providing a Safe, Secure Service 62 Section 8.2.1 Preventing Internal Abuse 63 Section 8.2.1.1 Storing Reasonably Minimal Personal Data 64 Section 8.2.1.2 - Data Use Policies 66 Section 8.2.1.3 Response to Government Request for Data 68 Section 8.2.1.4 Accountability 68 Section 8.2.2 - Preventing External Abuse 68 Section 8.2.2.1 - Encryption 69 Section 8.2.2.2 - Separation from other Networks 70 Section 8.2.2.3 Minimal Storage of Data 70 Section 8.2.2.4 Evolving with Technology 71 Section 9 - Suggestions Not Included 72 Section 9.1 Data Quality 72 Section 9.2 - Specifying Where Data is Stored and How in the Privacy Policy 72 Section 9.3 - Recommending a Particular Storage Architecture 73 Section 9.4 - Including Why Data Use is Acceptable in the Privacy Policy 73 Section 9.5 - Printing "RFID Inside" Whenever RFID Technology is Used 73 Appendix A - Technical Information 75 A.1 - Overview of RFID System 75 A.1.1 What is RFID? 75 A.1.2 What the DOD and Wal-Mart see in RFID 75 A.1.3 Active or Passive 77 A.1.4 What’s so remarkable about this stuff? 78 A.2.0 Plunging one level deeper (technically) 79 A.2.1 Active vs. Passive revisited 79 A.2.2 Passive Cards – Inductive vs. RF coupled 80 A.2. How cards are fabricated 81 A.3 Pushing the technical limits 83 A.4 ###%20# hWo eNeds nEcryption? ####^%687# 83 A.4.1 128 bit vs. 3DES vs. scrambling letters 85 A.4.2 What manufactures want you to believe 86 A.4.3 What Encryption experts want you to know 87 A.4.4 What should we demand in the future (technically) 88 Appendix B - A Possible Design 90 Section B.1 General Design 90 Section B.1.1 Operation of the Databases 91 Section B.1.2 Meeting the Specifications 92 Section B.2 Variation 1: Shared Secret (Password) 93 Section B.3 Variation 2: Personal Information 93 Section B.4 A Combination 95 Appendix C - Modifying a Current System to Incorporate our Recommendations 96 Appendix D - RFID and Transit Smartcard Glossary 98 Reference List 101
Directory: mac -> classes -> 6.805 -> student-papers mac -> Issues paper mac -> Adaptation of Fisheries and Fishing Communities to the Impacts of Climate Change in the caricom region Issues paper Robin Mahon mac -> Life and letters of lord macaulay mac -> A message from Mr. Dryden mac -> Education: 2006-2010: Townsend Harris High School mac -> Human Rights in the Global Village: The Challenges of Privacy and National Security mac -> Allis-Roller, llc machine List mac -> Project summary mac -> Macroeconomics Machine-graded Assessment Items Module: Macroeconomic Measures of Performance student-papers -> Democratic Structures in Cyberspace Download 5.21 Mb. Share with your friends:
|