Difference between revisions of "Open ORCA Questions"

From PublicWiki
Jump to: navigation, search
(Organizational policy)
 
(10 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== email to be sent to Kevin ==
 
 
 
 
 
=== General questions ===
 
=== General questions ===
  
 +
* What is changing between the old transit system and ORCA? What do transit agencies and riders gain? What do they lose?
 
* What is the overall vision of ORCA in the future?
 
* What is the overall vision of ORCA in the future?
 
* What are the big hurdles you've encountered so far?
 
* What are the big hurdles you've encountered so far?
* What are the significant obstacles you see in the near and distant future?
+
* What obstacles do you see in the near and distant future?
* What legal issues have come to the fore in making ORCA possible?
+
* What legal issues have come to the fore in making ORCA possible? (Have the transit agencies been participating in developing the Washington electronic bill of rights?)
 +
* How does ORCA differ from other ERG-contracted transit systems like Oyster, in terms of policy and technology?  
  
==== Organizational policy ====
+
==== Data management ====
  
* How does this deployment differ from other ERG transit systems like Oyster (additions and subtractions)?  
+
* What data is stored on the card? When the card communicates with the reader what information is exchanged? Is this information encrypted?
* How are they managed (organizationally, legally)
 
  
* Have the transit agencies been participating in developing the Washington electronic bill of rights?
+
* What data is stored in the database? What function does each piece of data serve? (Are the unique identifiers salted on the card?)
  
Is there a citizens advisory board? How is compliance with the policies ensured? Who is watching the watcher?
+
* Let's say I take a trip on the bus. From the time I swipe my card until the time I get off, what gets read from the card, where does the data go, what is added to it, when does it get stored to a central database?  
  
 +
* How long is the data kept in the database? We know it is held for a min of 90 days, but what's the max?
  
 +
* Will stored data be aggregated or does it remain connected to personal data?
  
What other applications are you planning on beyond transit? We know about the UW-Pass and Boeing, but who else? Who will you interoperate with?
+
* Physically, where are the databases? Do the transit authorities control those facilities or does ERG?
  
How does KC Metro currently handle law-enforcement information. Given that data (entrance/exit) data may be collected for min 90 days. you worried about an increase in requests (see uk)
+
* What technology is used to transmit data from the RFID readers on the bus to the central database? Is it encrypted? Is it sent via WiFi or physically transmitted via disk?
  
Who are the "partner participants"? What gets sent to third party? Is it aggregate or individual records? Can this data be sold? If so, in what formats?
+
==== Transit agency policy ====
  
How are the boundaries of applications defined? Do you have plans to expand beyond transit. And if so, who do you classify as a third party and what data flows between these new applications? Who can issue new cards?
+
* What are the key points of your privacy policy?
  
what is your privacy policy? what are the five key points?
+
* As a user of the ORCA card, what are the terms and conditions? What contract do I sign and when?
  
What are my options to opt-out. Are these reasonable options?
+
* How does KC Metro currently handle requests for information by law-enforcement? Given that data (entrance/exit) data may be stored for a minimum of 90 days, are you worried about an increase in requests for this data (e.g. as the Oyster card has seen)? Is there a mechanism for preventing 'fishing expeditions'
  
Who gets sued when something goes wrong?
+
* Will there be options to opt-out of using an ORCA card while using public transit, or will these options be phased out over time? What do users loose when they opt-out?
  
What are you changing between this system and the old system? What do you gain (variable rates, more throughput)? What do you see as the long term change.
+
* How does KC Metro view ownership of the transit data?
  
 +
* Will transit users be able to view data that has been collected about them?
  
As a user of the system, what are the terms and conditions? What contract do I sign?
+
* Is there an audit trail that individuals and institutional partners can use to trace whom the data has been given out to (e.g. D.C. deployment)?
  
Data
+
* Are there processes in place for fixing incorrect data?
I take a trip on the bus. From the time I swipe my card till the time I get off, where does the data go, what does it get added, and when does it it disappear?
 
  
 +
* Is there a citizens advisory board? How is compliance with the policies ensured?
  
How long is the data kept and what form (aggregate) is it stored?
+
==== Institutional partners and third parties ====
  
Who has access to what data and how?
+
* Who has access to what data? Are there any limits to who has access?
Where is the data stored?
 
How does KC Metro view ownership of data?
 
How is it shared?
 
Is there an audit trail? Transparency builds trust.
 
Is there a way fix incorrect data?
 
  
Can I look at data about me (as opposed to my data).
+
* Who will be the major initial institutional partners? We know about the UW-Husky card integration and Boeing, but are there others? How do you see these institutional partnerships growing in the future?
  
What data is stored on the card and what is stored in the database? Are the unique identifiers salted on the card?
+
* Are there other applications planned beyond transit, such as the use of ORCA cards as commercial debit cards? If so, how are the boundaries of applications defined? Who do you classify as a third party and what data flows between these new applications?  
  
How does data get back to the central database? Is it sent in the clear? Via wifi? smoke signals?
+
* What might be sent to third parties? Is it aggregate or individual records? Can this data be sold? If so, in what form?  
  
Data retention. We know it is held for a min of 90 days, but what's the max? What data are you collecting and why?
+
* Who will be allowed to sell new cards? Who will be authorized to sell/distribute one-use cards? What data will these card issuers be entitled to?
  
If there are one-use cards, what are the issuers entitled to (data wise
+
* Why is it necessary for customer-service agents, employees of ERG, transit agents, and institutional partners to have access to transit histories for specific transit-users?
  
Can we get access to an ORCA card/reader?
+
==== Miscellaneous ====
  
To Do
+
* What is the timeline for bringing forward proposals for changes to the ORCA system and ORCA policies. What aspects of the ORCA system are set in stone?
Who will be there?  
 
We are not n00bs...
 
Perhaps bring a lawyer and a technician
 

Latest revision as of 22:56, 14 May 2007

General questions

  • What is changing between the old transit system and ORCA? What do transit agencies and riders gain? What do they lose?
  • What is the overall vision of ORCA in the future?
  • What are the big hurdles you've encountered so far?
  • What obstacles do you see in the near and distant future?
  • What legal issues have come to the fore in making ORCA possible? (Have the transit agencies been participating in developing the Washington electronic bill of rights?)
  • How does ORCA differ from other ERG-contracted transit systems like Oyster, in terms of policy and technology?

Data management

  • What data is stored on the card? When the card communicates with the reader what information is exchanged? Is this information encrypted?
  • What data is stored in the database? What function does each piece of data serve? (Are the unique identifiers salted on the card?)
  • Let's say I take a trip on the bus. From the time I swipe my card until the time I get off, what gets read from the card, where does the data go, what is added to it, when does it get stored to a central database?
  • How long is the data kept in the database? We know it is held for a min of 90 days, but what's the max?
  • Will stored data be aggregated or does it remain connected to personal data?
  • Physically, where are the databases? Do the transit authorities control those facilities or does ERG?
  • What technology is used to transmit data from the RFID readers on the bus to the central database? Is it encrypted? Is it sent via WiFi or physically transmitted via disk?

Transit agency policy

  • What are the key points of your privacy policy?
  • As a user of the ORCA card, what are the terms and conditions? What contract do I sign and when?
  • How does KC Metro currently handle requests for information by law-enforcement? Given that data (entrance/exit) data may be stored for a minimum of 90 days, are you worried about an increase in requests for this data (e.g. as the Oyster card has seen)? Is there a mechanism for preventing 'fishing expeditions'
  • Will there be options to opt-out of using an ORCA card while using public transit, or will these options be phased out over time? What do users loose when they opt-out?
  • How does KC Metro view ownership of the transit data?
  • Will transit users be able to view data that has been collected about them?
  • Is there an audit trail that individuals and institutional partners can use to trace whom the data has been given out to (e.g. D.C. deployment)?
  • Are there processes in place for fixing incorrect data?
  • Is there a citizens advisory board? How is compliance with the policies ensured?

Institutional partners and third parties

  • Who has access to what data? Are there any limits to who has access?
  • Who will be the major initial institutional partners? We know about the UW-Husky card integration and Boeing, but are there others? How do you see these institutional partnerships growing in the future?
  • Are there other applications planned beyond transit, such as the use of ORCA cards as commercial debit cards? If so, how are the boundaries of applications defined? Who do you classify as a third party and what data flows between these new applications?
  • What might be sent to third parties? Is it aggregate or individual records? Can this data be sold? If so, in what form?
  • Who will be allowed to sell new cards? Who will be authorized to sell/distribute one-use cards? What data will these card issuers be entitled to?
  • Why is it necessary for customer-service agents, employees of ERG, transit agents, and institutional partners to have access to transit histories for specific transit-users?

Miscellaneous

  • What is the timeline for bringing forward proposals for changes to the ORCA system and ORCA policies. What aspects of the ORCA system are set in stone?