Difference between revisions of "ORCA whitepaper"

From PublicWiki
Jump to: navigation, search
(Whitepaper)
Line 1: Line 1:
== Whitepaper ==
+
== Outline ==
[[MIT whitepaper]]
+
*Section 1 – Background/History of the ORCA
=== Background ===
+
** Where are we now, how did we get to be here?
 +
** Motivations
  
==== RFID overview ====
+
*Section 2 – Background of RFID
 +
** Very high level, focus more on transit implications
  
==== ORCA background ====
+
*Section 3 - RFID in Transit Systems
 +
** Potential Benefits
 +
** Oyster, Octopus, Charlie, etc.
 +
** ERG Group
 +
** Personnel Cost Savings
 +
** Maintenance Advantages
 +
** Financial Benefits
 +
** Other Benefits (law enforcement, university, city, state, etc)
  
==== ERG group ====
+
* Section 4 - ORCA Details
 +
** ERG Group
 +
** MiFare DESFire
 +
** Trip History
 +
** Data retention
  
=== Stakeholders / Concerns ===
+
* Section 5 – Cautionary Anecdotes
* Why do we care?
+
** A story says 1,000 images
* Anonymity
+
** Trust Your Data to People Who Manage Data [Not Trains]
 +
** Insider Abuse Has Major Risks
 +
** Holey Matrimony
 +
** Tracking Customers is Bad Business
 +
 
 +
* Section 6 - Stakeholder Analysis
 +
** Why do we care?
 +
** Who else should care?
 +
 
 +
* Section 7 – Deployment Considerations
 +
** Legal/Regulatory
 +
*** Audit trails (DC)
 +
*** Anonymity in warehousing?
 +
*** Data retention
 +
*** Rights to access? Across orgs?
 +
*** Is information that is passed between parties anonymized/aggregated?
 +
** Technical
 +
*** What's encrypted? When? How? Where?
 +
*** Who owns the keys?
 +
*** Who's writing the encryption code?
 +
*** Access control?
 +
*** Who makes cards?
 +
** Informing the public/media
 +
* Section 8 - Our Recommendations
  
 
== Legal considerations ==
 
== Legal considerations ==

Revision as of 00:34, 17 April 2007

Outline

  • Section 1 – Background/History of the ORCA
    • Where are we now, how did we get to be here?
    • Motivations
  • Section 2 – Background of RFID
    • Very high level, focus more on transit implications
  • Section 3 - RFID in Transit Systems
    • Potential Benefits
    • Oyster, Octopus, Charlie, etc.
    • ERG Group
    • Personnel Cost Savings
    • Maintenance Advantages
    • Financial Benefits
    • Other Benefits (law enforcement, university, city, state, etc)
  • Section 4 - ORCA Details
    • ERG Group
    • MiFare DESFire
    • Trip History
    • Data retention
  • Section 5 – Cautionary Anecdotes
    • A story says 1,000 images
    • Trust Your Data to People Who Manage Data [Not Trains]
    • Insider Abuse Has Major Risks
    • Holey Matrimony
    • Tracking Customers is Bad Business
  • Section 6 - Stakeholder Analysis
    • Why do we care?
    • Who else should care?
  • Section 7 – Deployment Considerations
    • Legal/Regulatory
      • Audit trails (DC)
      • Anonymity in warehousing?
      • Data retention
      • Rights to access? Across orgs?
      • Is information that is passed between parties anonymized/aggregated?
    • Technical
      • What's encrypted? When? How? Where?
      • Who owns the keys?
      • Who's writing the encryption code?
      • Access control?
      • Who makes cards?
    • Informing the public/media
  • Section 8 - Our Recommendations

Legal considerations

Technical

  • What's encrypted? When? How? Where?
  • Who owns the keys?
  • Who's writing the encryption code?
  • Access control?
  • Who makes cards?

Regulatory

  • Audit trails (DC)
  • Anonymity in warehousing?
  • Data retention
  • Rights to access? Across orgs?
  • Is information that is passed between parties anonymized/aggregated?

Questions

  • Has ERG group had any kind of compromises?

Action Items

  • contact MIT people (Yaw)
  • repurpose best practices from RFID clinic