Difference between revisions of "Open ORCA Questions"

From PublicWiki
Jump to: navigation, search
 
(13 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== email to be sent to Kevin ==
 
 
 
 
 
=== General questions ===
 
=== General questions ===
  
 +
* What is changing between the old transit system and ORCA? What do transit agencies and riders gain? What do they lose?
 
* What is the overall vision of ORCA in the future?
 
* What is the overall vision of ORCA in the future?
 
* What are the big hurdles you've encountered so far?
 
* What are the big hurdles you've encountered so far?
* What are the significant obstacles you see in the near and distant future?
+
* What obstacles do you see in the near and distant future?
* What legal issues have come to the fore in making ORCA possible?
+
* What legal issues have come to the fore in making ORCA possible? (Have the transit agencies been participating in developing the Washington electronic bill of rights?)
 +
* How does ORCA differ from other ERG-contracted transit systems like Oyster, in terms of policy and technology?
 +
 
 +
==== Data management ====
 +
 
 +
* What data is stored on the card? When the card communicates with the reader what information is exchanged? Is this information encrypted?
  
==== Organizational policy ====
+
* What data is stored in the database? What function does each piece of data serve? (Are the unique identifiers salted on the card?)
  
How does this deployment differ from other ERG transit systems (additions and subtractions)? How are they managed (organizationally, legally)
+
* Let's say I take a trip on the bus. From the time I swipe my card until the time I get off, what gets read from the card, where does the data go, what is added to it, when does it get stored to a central database?  
  
Is there any participating in developing the electronic bill of rights? Is there any other legislation that is relevant that you are looking at?
+
* How long is the data kept in the database? We know it is held for a min of 90 days, but what's the max?
590
 
Is there a citizens advisory board? How is compliance with the policies ensured? Who is watching the watcher?
 
  
 +
* Will stored data be aggregated or does it remain connected to personal data?
  
 +
* Physically, where are the databases? Do the transit authorities control those facilities or does ERG?
  
What other applications are you planning on beyond transit? We know about the UW-Pass and Boeing, but who else? Who will you interoperate with?
+
* What technology is used to transmit data from the RFID readers on the bus to the central database? Is it encrypted? Is it sent via WiFi or physically transmitted via disk?
  
How does KC Metro currently handle law-enforcement information. Given that data (entrance/exit) data may be collected for min 90 days. you worried about an increase in requests (see uk)
+
==== Transit agency policy ====
  
Who are the "partner participants"? What gets sent to third party? Is it aggregate or individual records? Can this data be sold? If so, in what formats?
+
* What are the key points of your privacy policy?
  
How are the boundaries of applications defined? Do you have plans to expand beyond transit. And if so, who do you classify as a third party and what data flows between these new applications? Who can issue new cards?
+
* As a user of the ORCA card, what are the terms and conditions? What contract do I sign and when?
  
what is your privacy policy? what are the five key points?
+
* How does KC Metro currently handle requests for information by law-enforcement? Given that data (entrance/exit) data may be stored for a minimum of 90 days, are you worried about an increase in requests for this data (e.g. as the Oyster card has seen)? Is there a mechanism for preventing 'fishing expeditions'
  
What are my options to opt-out. Are these reasonable options?
+
* Will there be options to opt-out of using an ORCA card while using public transit, or will these options be phased out over time? What do users loose when they opt-out?
  
Who gets sued when something goes wrong?
+
* How does KC Metro view ownership of the transit data?
  
What are you changing between this system and the old system? What do you gain (variable rates, more throughput)? What do you see as the long term change.
+
* Will transit users be able to view data that has been collected about them?
  
 +
* Is there an audit trail that individuals and institutional partners can use to trace whom the data has been given out to (e.g. D.C. deployment)?
  
As a user of the system, what are the terms and conditions? What contract do I sign?
+
* Are there processes in place for fixing incorrect data?
  
Data
+
* Is there a citizens advisory board? How is compliance with the policies ensured?
I take a trip on the bus. From the time I swipe my card till the time I get off, where does the data go, what does it get added, and when does it it disappear?
 
  
 +
==== Institutional partners and third parties ====
  
How long is the data kept and what form (aggregate) is it stored?
+
* Who has access to what data? Are there any limits to who has access?
  
Who has access to what data and how?
+
* Who will be the major initial institutional partners? We know about the UW-Husky card integration and Boeing, but are there others? How do you see these institutional partnerships growing in the future?
Where is the data stored?
 
How does KC Metro view ownership of data?
 
How is it shared?
 
Is there an audit trail? Transparency builds trust.
 
Is there a way fix incorrect data?
 
  
Can I look at data about me (as opposed to my data).
+
* Are there other applications planned beyond transit, such as the use of ORCA cards as commercial debit cards? If so, how are the boundaries of applications defined? Who do you classify as a third party and what data flows between these new applications?
  
What data is stored on the card and what is stored in the database? Are the unique identifiers salted on the card?
+
* What might be sent to third parties? Is it aggregate or individual records? Can this data be sold? If so, in what form?  
  
How does data get back to the central database? Is it sent in the clear? Via wifi? smoke signals?
+
* Who will be allowed to sell new cards? Who will be authorized to sell/distribute one-use cards? What data will these card issuers be entitled to?
  
Data retention. We know it is held for a min of 90 days, but what's the max? What data are you collecting and why?
+
* Why is it necessary for customer-service agents, employees of ERG, transit agents, and institutional partners to have access to transit histories for specific transit-users?
  
If there are one-use cards, what are the issuers entitled to (data wise)
+
==== Miscellaneous ====
  
To Do
+
* What is the timeline for bringing forward proposals for changes to the ORCA system and ORCA policies. What aspects of the ORCA system are set in stone?
Who will be there?  
 
We are not n00bs...
 
Perhaps bring a lawyer and a technician
 

Latest revision as of 22:56, 14 May 2007

General questions

  • What is changing between the old transit system and ORCA? What do transit agencies and riders gain? What do they lose?
  • What is the overall vision of ORCA in the future?
  • What are the big hurdles you've encountered so far?
  • What obstacles do you see in the near and distant future?
  • What legal issues have come to the fore in making ORCA possible? (Have the transit agencies been participating in developing the Washington electronic bill of rights?)
  • How does ORCA differ from other ERG-contracted transit systems like Oyster, in terms of policy and technology?

Data management

  • What data is stored on the card? When the card communicates with the reader what information is exchanged? Is this information encrypted?
  • What data is stored in the database? What function does each piece of data serve? (Are the unique identifiers salted on the card?)
  • Let's say I take a trip on the bus. From the time I swipe my card until the time I get off, what gets read from the card, where does the data go, what is added to it, when does it get stored to a central database?
  • How long is the data kept in the database? We know it is held for a min of 90 days, but what's the max?
  • Will stored data be aggregated or does it remain connected to personal data?
  • Physically, where are the databases? Do the transit authorities control those facilities or does ERG?
  • What technology is used to transmit data from the RFID readers on the bus to the central database? Is it encrypted? Is it sent via WiFi or physically transmitted via disk?

Transit agency policy

  • What are the key points of your privacy policy?
  • As a user of the ORCA card, what are the terms and conditions? What contract do I sign and when?
  • How does KC Metro currently handle requests for information by law-enforcement? Given that data (entrance/exit) data may be stored for a minimum of 90 days, are you worried about an increase in requests for this data (e.g. as the Oyster card has seen)? Is there a mechanism for preventing 'fishing expeditions'
  • Will there be options to opt-out of using an ORCA card while using public transit, or will these options be phased out over time? What do users loose when they opt-out?
  • How does KC Metro view ownership of the transit data?
  • Will transit users be able to view data that has been collected about them?
  • Is there an audit trail that individuals and institutional partners can use to trace whom the data has been given out to (e.g. D.C. deployment)?
  • Are there processes in place for fixing incorrect data?
  • Is there a citizens advisory board? How is compliance with the policies ensured?

Institutional partners and third parties

  • Who has access to what data? Are there any limits to who has access?
  • Who will be the major initial institutional partners? We know about the UW-Husky card integration and Boeing, but are there others? How do you see these institutional partnerships growing in the future?
  • Are there other applications planned beyond transit, such as the use of ORCA cards as commercial debit cards? If so, how are the boundaries of applications defined? Who do you classify as a third party and what data flows between these new applications?
  • What might be sent to third parties? Is it aggregate or individual records? Can this data be sold? If so, in what form?
  • Who will be allowed to sell new cards? Who will be authorized to sell/distribute one-use cards? What data will these card issuers be entitled to?
  • Why is it necessary for customer-service agents, employees of ERG, transit agents, and institutional partners to have access to transit histories for specific transit-users?

Miscellaneous

  • What is the timeline for bringing forward proposals for changes to the ORCA system and ORCA policies. What aspects of the ORCA system are set in stone?