MIT whitepaper

From PublicWiki
Revision as of 23:58, 16 April 2007 by Travis (talk | contribs) (New page: Section 1 – History of the MBTA....................................................................................6 Section 1.1 – Early Public Stagecoach Service........................)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Section 1 – History of the MBTA....................................................................................6 Section 1.1 – Early Public Stagecoach Service............................................................6 Section 1.2 – Passenger Comfort and Reliability.........................................................7 Section 1.3 – The First Subway in America.................................................................8 Section 2 – History of RFID..........................................................................................10 Section 2.1 – The Commercialization of RFID..........................................................10 Section 2.2 – Mult-Purpose RFID Cards....................................................................11 Section 3 – Benefits to the MBTA.................................................................................12 Section 3.1 – Personnel Cost Savings........................................................................12 Section 3.2 – Maintenance Advantages......................................................................13 Section 3.3 – Financial Benefits................................................................................13 Section 3.4 – Law Enforcement Considerations.........................................................16 Section 4 - Technical Basics..........................................................................................19 Section 5 – Cautionary Anecdotes.................................................................................20 5.1 – A story says 1,000 images.................................................................................20 5.2 – Trust Your Data to People Who Manage Data [Not Trains]..............................20 5.3 – Insider Abuse Has Major Risks.........................................................................22 5.4 – Holey Matrimony.............................................................................................23 5.5 – Tracking Customers is Bad Business................................................................24 Section 6 - Case Studies of RFID Smartcards in Transit................................................25 Section 6.1 - A Foreign Case – Transport for London (Oyster Card)..........................26 Section 6.1.1 – Opt-out Availability for the Oyster Card........................................26 Reduced Fares and Student Registration................................................................27 Limiting Unregistered Card Use Geographically....................................................27 Section 6.1.2 – Oyster Card Privacy Communications...........................................28 An Alternative to a Privacy Policy – London’s Ticketing Data Protection Policy...29 Section 6.2 - Fully Implemented Domestic Cases – The CTA and WMATA.............30 Section 6.2.1 - Chicago Transit Authority (Chicago Card and Chicago Card Plus).30 Clearly Indicating the Differences between Cards with and without Registration...31 Maintaining Fare (Fair) Incentives.........................................................................32 The CTA’s Need for Clearly Defined Privacy Measures........................................33 Releasing Information to Individuals – Security Protections for Registered Cards.34 Section 6.2.2 - Washington Metropolitan Area Transit Authority (SmarTrip)........34 Best Information Practices: Logging Employee Interactions with Data..................35 The WMATA’s Need for Defined Privacy Measures.............................................35 Section 6.3 - A Domestic Case in Development – Metro Transit (Minneapolis/St. Paul, MN)..........................................................................................................................36 A Blurry Line between Registered and Unregistered Cards....................................36 Integrating Use Incentives in an RFID System - The Ride to Rewards Program.....37 Reduced Fares and Registration Requirements Revisited.......................................38 Section 6.4 - Comparing RFID Smartcard Implementations.......................................39 Section 6.5 - Other Implementations on the Horizon.................................................39 Section 6.6 - General Reflections on Interviews and Case Studies.............................40 Section 6.7 - The MBTA’s Privacy Action Plan........................................................41 Section 7 – Legal Considerations..................................................................................42 Section 7.1 – Chapter 66A........................................................................................43 Section 7.1.1 - Chapter 66A Requires Reasonably Minimal Data Collection..........43 Section 7.1.2 - Chapter 66A Constrains the feasibility of a Multi-Use CharlieCard44 Section 7.1.3 - Chapters 66A Requires Advance Notice of a Subpoena..................44 Section 7.1.4 - Chapter 66A Provides Customers a Right to Access Their Data.....45 Section 7.2 – The Personal Information Protection Act..............................................45 Section 7.3 – A Constitutional Right to Travel Anonymously....................................46 Section 7.4 – The Data Protection Act of 1998..........................................................47 Section 8 - Our Recommendations................................................................................48 Section 8.1 - Gaining Citizen Trust...........................................................................49 Section 8.1.1 - Openness........................................................................................50 Section 8.1.1.1 - Example Privacy Statements.......................................................51 Section 8.1.2 Choice...........................................................................................54 Section 8.1.2.1 Functionality not required for an Opt-out Program........................54 Section 8.2 - Providing a Safe, Secure Service...........................................................55 Section 8.2.1 Preventing Internal Abuse.............................................................56 Section 8.2.1.1 Storing Reasonably Minimal Personal Data...................................57 Section 8.2.1.2 - Data Use Policies........................................................................60 Section 8.2.1.3 Response to Government Request for Data.................................61 Section 8.2.1.4 Accountability............................................................................62 Section 8.2.2 - Preventing External Abuse.............................................................62 Section 8.2.2.1 - Encryption..................................................................................62 Section 8.2.2.2 - Separation from other Networks..................................................63 Section 8.2.2.3 Minimal Storage of Data............................................................64 Section 8.2.2.4 Evolving with Technology.........................................................65 Section 9 - Suggestions Not Included............................................................................66 Section 9.1 Data Quality............................................................................................66 Section 9.2 - Specifying Where Data is Stored and How in the Privacy Policy..........66 Section 9.3 - Recommending a Particular Storage Architecture.................................67 Section 9.4 - Including Why Data Use is Acceptable in the Privacy Policy................67 Section 9.5 - Printing "RFID Inside" Whenever RFID Technology is Used...............67 Appendix A - Technical Information.............................................................................69 A.1 - Overview of RFID System...............................................................................69 A.1.1 What is RFID?.............................................................................................69 A.1.2 What the DOD and Wal-Mart see in RFID...................................................69 A.1.3 Active or Passive........................................................................................70 A.1.4 What’s so remarkable about this stuff?.........................................................72 A.2.0 Plunging one level deeper (technically)............................................................73 A.2.1 Active vs. Passive revisited..........................................................................73 A.2.2 Passive Cards – Inductive vs. RF coupled....................................................73 A.2. How cards are fabricated....................................................................................75 A.3 Pushing the technical limits................................................................................76 A.4 ###%20# hWo eNeds nEcryption? ####^%687#..............................................77 A.4.1 128 bit vs. 3DES vs. scrambling letters.......................................................78 A.4.2 What manufactures want you to believe.......................................................79 A.4.3 What Encryption experts want you to know.................................................80 A.4.4 What should we demand in the future (technically)......................................81 Appendix B - A Possible Design...................................................................................83 Section B.1 General Design.......................................................................................83 Section B.1.1 Operation of the Databases..............................................................84 Section B.1.2 Meeting the Specifications...............................................................85 Section B.2 Variation 1: Shared Secret (Password)....................................................86 Section B.3 Variation 2: Personal Information...........................................................86 Section B.4 A Combination.......................................................................................88 Appendix C - Modifying a Current System to Incorporate our Recommendations.........89 Appendix D - RFID and Transit Smartcard Glossary.....................................................91 Reference List...............................................................................................................94

Retrieved from "http://abstract.cs.washington.edu/wiki/index.php?title=MIT_whitepaper&oldid=6576"