MIT whitepaper

From PublicWiki
Revision as of 00:00, 17 April 2007 by Travis (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Section 1 – History of the MBTA....................................................................................6

Section 1.1 – Early Public Stagecoach Service............................................................6

Section 1.2 – Passenger Comfort and Reliability.........................................................7

Section 1.3 – The First Subway in America.................................................................8

Section 2 – History of RFID..........................................................................................10

Section 2.1 – The Commercialization of RFID..........................................................10

Section 2.2 – Mult-Purpose RFID Cards....................................................................11

Section 3 – Benefits to the MBTA.................................................................................12

Section 3.1 – Personnel Cost Savings........................................................................12

Section 3.2 – Maintenance Advantages......................................................................13

Section 3.3 – Financial Benefits................................................................................13

Section 3.4 – Law Enforcement Considerations.........................................................16

Section 4 - Technical Basics..........................................................................................19

Section 5 – Cautionary Anecdotes.................................................................................20

5.1 – A story says 1,000 images.................................................................................20

5.2 – Trust Your Data to People Who Manage Data [Not Trains]..............................20

5.3 – Insider Abuse Has Major Risks.........................................................................22

5.4 – Holey Matrimony.............................................................................................23

5.5 – Tracking Customers is Bad Business................................................................24

Section 6 - Case Studies of RFID Smartcards in Transit................................................25

Section 6.1 - A Foreign Case – Transport for London (Oyster Card)..........................26

Section 6.1.1 – Opt-out Availability for the Oyster Card........................................26

Reduced Fares and Student Registration................................................................27

Limiting Unregistered Card Use Geographically....................................................27

Section 6.1.2 – Oyster Card Privacy Communications...........................................28

An Alternative to a Privacy Policy – London’s Ticketing Data Protection Policy...29

Section 6.2 - Fully Implemented Domestic Cases – The CTA and WMATA.............30

Section 6.2.1 - Chicago Transit Authority (Chicago Card and Chicago Card Plus).30

Clearly Indicating the Differences between Cards with and without Registration...31

Maintaining Fare (Fair) Incentives.........................................................................32

The CTA’s Need for Clearly Defined Privacy Measures........................................33

Releasing Information to Individuals – Security Protections for Registered Cards.34

Section 6.2.2 - Washington Metropolitan Area Transit Authority (SmarTrip)........34

Best Information Practices: Logging Employee Interactions with Data..................35

The WMATA’s Need for Defined Privacy Measures.............................................35

Section 6.3 - A Domestic Case in Development – Metro Transit (Minneapolis/St. Paul,

MN)..........................................................................................................................36

A Blurry Line between Registered and Unregistered Cards....................................36

Integrating Use Incentives in an RFID System - The Ride to Rewards Program.....37

Reduced Fares and Registration Requirements Revisited.......................................38

Section 6.4 - Comparing RFID Smartcard Implementations.......................................39

Section 6.5 - Other Implementations on the Horizon.................................................39

Section 6.6 - General Reflections on Interviews and Case Studies.............................40

Section 6.7 - The MBTA’s Privacy Action Plan........................................................41

Section 7 – Legal Considerations..................................................................................42

Section 7.1 – Chapter 66A........................................................................................43

Section 7.1.1 - Chapter 66A Requires Reasonably Minimal Data Collection..........43

Section 7.1.2 - Chapter 66A Constrains the feasibility of a Multi-Use CharlieCard44

Section 7.1.3 - Chapters 66A Requires Advance Notice of a Subpoena..................44

Section 7.1.4 - Chapter 66A Provides Customers a Right to Access Their Data.....45

Section 7.2 – The Personal Information Protection Act..............................................45

Section 7.3 – A Constitutional Right to Travel Anonymously....................................46

Section 7.4 – The Data Protection Act of 1998..........................................................47

Section 8 - Our Recommendations................................................................................48

Section 8.1 - Gaining Citizen Trust...........................................................................49

Section 8.1.1 - Openness........................................................................................50

Section 8.1.1.1 - Example Privacy Statements.......................................................51

Section 8.1.2 Choice...........................................................................................54

Section 8.1.2.1 Functionality not required for an Opt-out Program........................54

Section 8.2 - Providing a Safe, Secure Service...........................................................55

Section 8.2.1 Preventing Internal Abuse.............................................................56

Section 8.2.1.1 Storing Reasonably Minimal Personal Data...................................57

Section 8.2.1.2 - Data Use Policies........................................................................60

Section 8.2.1.3 Response to Government Request for Data.................................61

Section 8.2.1.4 Accountability............................................................................62

Section 8.2.2 - Preventing External Abuse.............................................................62

Section 8.2.2.1 - Encryption..................................................................................62

Section 8.2.2.2 - Separation from other Networks..................................................63

Section 8.2.2.3 Minimal Storage of Data............................................................64

Section 8.2.2.4 Evolving with Technology.........................................................65

Section 9 - Suggestions Not Included............................................................................66

Section 9.1 Data Quality............................................................................................66

Section 9.2 - Specifying Where Data is Stored and How in the Privacy Policy..........66

Section 9.3 - Recommending a Particular Storage Architecture.................................67

Section 9.4 - Including Why Data Use is Acceptable in the Privacy Policy................67

Section 9.5 - Printing "RFID Inside" Whenever RFID Technology is Used...............67

Appendix A - Technical Information.............................................................................69

A.1 - Overview of RFID System...............................................................................69

A.1.1 What is RFID?.............................................................................................69

A.1.2 What the DOD and Wal-Mart see in RFID...................................................69

A.1.3 Active or Passive........................................................................................70

A.1.4 What’s so remarkable about this stuff?.........................................................72

A.2.0 Plunging one level deeper (technically)............................................................73

A.2.1 Active vs. Passive revisited..........................................................................73

A.2.2 Passive Cards – Inductive vs. RF coupled....................................................73

A.2. How cards are fabricated....................................................................................75

A.3 Pushing the technical limits................................................................................76

A.4 ###%20# hWo eNeds nEcryption? ####^%687#..............................................77

A.4.1 128 bit vs. 3DES vs. scrambling letters.......................................................78

A.4.2 What manufactures want you to believe.......................................................79

A.4.3 What Encryption experts want you to know.................................................80

A.4.4 What should we demand in the future (technically)......................................81

Appendix B - A Possible Design...................................................................................83

Section B.1 General Design.......................................................................................83

Section B.1.1 Operation of the Databases..............................................................84

Section B.1.2 Meeting the Specifications...............................................................85

Section B.2 Variation 1: Shared Secret (Password)....................................................86

Section B.3 Variation 2: Personal Information...........................................................86

Section B.4 A Combination.......................................................................................88

Appendix C - Modifying a Current System to Incorporate our Recommendations.........89

Appendix D - RFID and Transit Smartcard Glossary.....................................................91

Reference List...............................................................................................................94