ORCA whitepaper
From PublicWiki
Outline
- Section 1 – Background/History of the ORCA
- Where are we now, how did we get to be here?
- Motivations
- Section 2 – Background of RFID
- Very high level, focus more on transit implications
- Section 3 - RFID in Transit Systems
- Potential Benefits
- Oyster, Octopus, Charlie, etc.
- ERG Group
- Personnel Cost Savings
- Maintenance Advantages
- Financial Benefits
- Other Benefits (law enforcement, university, city, state, etc)
- Section 4 - ORCA Details
- ERG Group
- MiFare DESFire
- Trip History
- Data retention
- Section 5 – Cautionary Anecdotes
- A story says 1,000 images
- Trust Your Data to People Who Manage Data [Not Trains]
- Insider Abuse Has Major Risks
- Holey Matrimony
- Tracking Customers is Bad Business
- Section 6 - Stakeholder Analysis
- Why do we care?
- Who else should care?
- Section 7 – Deployment Considerations
- Legal/Regulatory
- Audit trails (DC)
- Anonymity in warehousing?
- Data retention
- Rights to access? Across orgs?
- Is information that is passed between parties anonymized/aggregated?
- Technical
- What's encrypted? When? How? Where?
- Who owns the keys?
- Who's writing the encryption code?
- Access control?
- Who makes cards?
- Informing the public/media
- Legal/Regulatory
- Section 8 - Our Recommendations
Questions
- Has ERG group had any kind of compromises?
Action Items
- contact MIT people (Yaw)
- repurpose best practices from RFID clinic