Open ORCA Questions

From PublicWiki
Jump to: navigation, search

General questions

  • What is changing between the old transit system and ORCA? What do transit agencies and riders gain? What do they lose?
  • What is the overall vision of ORCA in the future?
  • What are the big hurdles you've encountered so far?
  • What obstacles do you see in the near and distant future?
  • What legal issues have come to the fore in making ORCA possible? (Have the transit agencies been participating in developing the Washington electronic bill of rights?)
  • How does ORCA differ from other ERG-contracted transit systems like Oyster, in terms of policy and technology?

Data management

  • What data is stored on the card? When the card communicates with the reader what information is exchanged? Is this information encrypted?
  • What data is stored in the database? What function does each piece of data serve? (Are the unique identifiers salted on the card?)
  • Let's say I take a trip on the bus. From the time I swipe my card until the time I get off, what gets read from the card, where does the data go, what is added to it, when does it get stored to a central database?
  • How long is the data kept in the database? We know it is held for a min of 90 days, but what's the max?
  • Will stored data be aggregated or does it remain connected to personal data?
  • Physically, where are the databases? Do the transit authorities control those facilities or does ERG?
  • What technology is used to transmit data from the RFID readers on the bus to the central database? Is it encrypted? Is it sent via WiFi or physically transmitted via disk?

Transit agency policy

  • What are the key points of your privacy policy?
  • As a user of the ORCA card, what are the terms and conditions? What contract do I sign and when?
  • How does KC Metro currently handle requests for information by law-enforcement? Given that data (entrance/exit) data may be stored for a minimum of 90 days, are you worried about an increase in requests for this data (e.g. as the Oyster card has seen)? Is there a mechanism for preventing 'fishing expeditions'
  • Will there be options to opt-out of using an ORCA card while using public transit, or will these options be phased out over time? What do users loose when they opt-out?
  • How does KC Metro view ownership of the transit data?
  • Will transit users be able to view data that has been collected about them?
  • Is there an audit trail that individuals and institutional partners can use to trace whom the data has been given out to (e.g. D.C. deployment)?
  • Are there processes in place for fixing incorrect data?
  • Is there a citizens advisory board? How is compliance with the policies ensured?

Institutional partners and third parties

  • Who has access to what data? Are there any limits to who has access?
  • Who will be the major initial institutional partners? We know about the UW-Husky card integration and Boeing, but are there others? How do you see these institutional partnerships growing in the future?
  • Are there other applications planned beyond transit, such as the use of ORCA cards as commercial debit cards? If so, how are the boundaries of applications defined? Who do you classify as a third party and what data flows between these new applications?
  • What might be sent to third parties? Is it aggregate or individual records? Can this data be sold? If so, in what form?
  • Who will be allowed to sell new cards? Who will be authorized to sell/distribute one-use cards? What data will these card issuers be entitled to?
  • Why is it necessary for customer-service agents, employees of ERG, transit agents, and institutional partners to have access to transit histories for specific transit-users?

Miscellaneous

  • What is the timeline for bringing forward proposals for changes to the ORCA system and ORCA policies. What aspects of the ORCA system are set in stone?