Difference between revisions of "Open ORCA Questions"

From PublicWiki
Jump to: navigation, search
(New page: Policy What are the top issues you've come across? What are the big hurdles you've encountered and what do you foresee? What do you see are the pertinent legal issues? How does this dep...)
 
 
(14 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Policy
+
=== General questions ===
  
What are the top issues you've come across? What are the big hurdles you've encountered and what do you foresee? What do you see are the pertinent legal issues?  
+
* What is changing between the old transit system and ORCA? What do transit agencies and riders gain? What do they lose?
 +
* What is the overall vision of ORCA in the future?
 +
* What are the big hurdles you've encountered so far?
 +
* What obstacles do you see in the near and distant future?
 +
* What legal issues have come to the fore in making ORCA possible? (Have the transit agencies been participating in developing the Washington electronic bill of rights?)
 +
* How does ORCA differ from other ERG-contracted transit systems like Oyster, in terms of policy and technology?  
  
How does this deployment differ from other ERG transit systems (additions and subtractions)? How are they managed (organizationally, legally)
+
==== Data management ====
  
Is there any participating in developing the electronic bill of rights? Is there any other legislation that is relevant that you are looking at?
+
* What data is stored on the card? When the card communicates with the reader what information is exchanged? Is this information encrypted?
590
 
Is there a citizens advisory board? How is compliance with the policies ensured? Who is watching the watcher?
 
  
 +
* What data is stored in the database? What function does each piece of data serve? (Are the unique identifiers salted on the card?)
  
 +
* Let's say I take a trip on the bus. From the time I swipe my card until the time I get off, what gets read from the card, where does the data go, what is added to it, when does it get stored to a central database?
  
What other applications are you planning on beyond transit? We know about the UW-Pass and Boeing, but who else? Who will you interoperate with?
+
* How long is the data kept in the database? We know it is held for a min of 90 days, but what's the max?
  
How does KC Metro currently handle law-enforcement information. Given that data (entrance/exit) data may be collected for min 90 days. you worried about an increase in requests (see uk)
+
* Will stored data be aggregated or does it remain connected to personal data?
  
Who are the "partner participants"? What gets sent to third party? Is it aggregate or individual records? Can this data be sold? If so, in what formats?
+
* Physically, where are the databases? Do the transit authorities control those facilities or does ERG?
  
How are the boundaries of applications defined? Do you have plans to expand beyond transit. And if so, who do you classify as a third party and what data flows between these new applications? Who can issue new cards?
+
* What technology is used to transmit data from the RFID readers on the bus to the central database? Is it encrypted? Is it sent via WiFi or physically transmitted via disk?
  
what is your privacy policy? what are the five key points?
+
==== Transit agency policy ====
  
What are the five hardest things you have overcome so far and what are they five that you foresee?
+
* What are the key points of your privacy policy?
  
What are my options to opt-out. Are these reasonable options?
+
* As a user of the ORCA card, what are the terms and conditions? What contract do I sign and when?
  
Who gets sued when something goes wrong?
+
* How does KC Metro currently handle requests for information by law-enforcement? Given that data (entrance/exit) data may be stored for a minimum of 90 days, are you worried about an increase in requests for this data (e.g. as the Oyster card has seen)? Is there a mechanism for preventing 'fishing expeditions'
  
What are you changing between this system and the old system? What do you gain (variable rates, more throughput)? What do you see as the long term change.
+
* Will there be options to opt-out of using an ORCA card while using public transit, or will these options be phased out over time? What do users loose when they opt-out?
  
 +
* How does KC Metro view ownership of the transit data?
  
As a user of the system, what are the terms and conditions? What contract do I sign?
+
* Will transit users be able to view data that has been collected about them?
  
Data
+
* Is there an audit trail that individuals and institutional partners can use to trace whom the data has been given out to (e.g. D.C. deployment)?
I take a trip on the bus. From the time I swipe my card till the time I get off, where does the data go, what does it get added, and when does it it disappear?
 
  
 +
* Are there processes in place for fixing incorrect data?
  
How long is the data kept and what form (aggregate) is it stored?
+
* Is there a citizens advisory board? How is compliance with the policies ensured?
  
Who has access to what data and how?
+
==== Institutional partners and third parties ====
Where is the data stored?
 
How does KC Metro view ownership of data?
 
How is it shared?
 
Is there an audit trail? Transparency builds trust.
 
Is there a way fix incorrect data?
 
  
Can I look at data about me (as opposed to my data).
+
* Who has access to what data? Are there any limits to who has access?
  
What data is stored on the card and what is stored in the database? Are the unique identifiers salted on the card?
+
* Who will be the major initial institutional partners? We know about the UW-Husky card integration and Boeing, but are there others? How do you see these institutional partnerships growing in the future?
  
How does data get back to the central database? Is it sent in the clear? Via wifi? smoke signals?
+
* Are there other applications planned beyond transit, such as the use of ORCA cards as commercial debit cards? If so, how are the boundaries of applications defined? Who do you classify as a third party and what data flows between these new applications?  
  
Data retention. We know it is held for a min of 90 days, but what's the max? What data are you collecting and why?
+
* What might be sent to third parties? Is it aggregate or individual records? Can this data be sold? If so, in what form?  
  
If there are one-use cards, what are the issuers entitled to (data wise)
+
* Who will be allowed to sell new cards? Who will be authorized to sell/distribute one-use cards? What data will these card issuers be entitled to?
  
To Do
+
* Why is it necessary for customer-service agents, employees of ERG, transit agents, and institutional partners to have access to transit histories for specific transit-users?
Who will be there?
+
 
We are not n00bs...
+
==== Miscellaneous ====
Perhaps bring a lawyer and a technician
+
 
 +
* What is the timeline for bringing forward proposals for changes to the ORCA system and ORCA policies. What aspects of the ORCA system are set in stone?

Latest revision as of 22:56, 14 May 2007

General questions

  • What is changing between the old transit system and ORCA? What do transit agencies and riders gain? What do they lose?
  • What is the overall vision of ORCA in the future?
  • What are the big hurdles you've encountered so far?
  • What obstacles do you see in the near and distant future?
  • What legal issues have come to the fore in making ORCA possible? (Have the transit agencies been participating in developing the Washington electronic bill of rights?)
  • How does ORCA differ from other ERG-contracted transit systems like Oyster, in terms of policy and technology?

Data management

  • What data is stored on the card? When the card communicates with the reader what information is exchanged? Is this information encrypted?
  • What data is stored in the database? What function does each piece of data serve? (Are the unique identifiers salted on the card?)
  • Let's say I take a trip on the bus. From the time I swipe my card until the time I get off, what gets read from the card, where does the data go, what is added to it, when does it get stored to a central database?
  • How long is the data kept in the database? We know it is held for a min of 90 days, but what's the max?
  • Will stored data be aggregated or does it remain connected to personal data?
  • Physically, where are the databases? Do the transit authorities control those facilities or does ERG?
  • What technology is used to transmit data from the RFID readers on the bus to the central database? Is it encrypted? Is it sent via WiFi or physically transmitted via disk?

Transit agency policy

  • What are the key points of your privacy policy?
  • As a user of the ORCA card, what are the terms and conditions? What contract do I sign and when?
  • How does KC Metro currently handle requests for information by law-enforcement? Given that data (entrance/exit) data may be stored for a minimum of 90 days, are you worried about an increase in requests for this data (e.g. as the Oyster card has seen)? Is there a mechanism for preventing 'fishing expeditions'
  • Will there be options to opt-out of using an ORCA card while using public transit, or will these options be phased out over time? What do users loose when they opt-out?
  • How does KC Metro view ownership of the transit data?
  • Will transit users be able to view data that has been collected about them?
  • Is there an audit trail that individuals and institutional partners can use to trace whom the data has been given out to (e.g. D.C. deployment)?
  • Are there processes in place for fixing incorrect data?
  • Is there a citizens advisory board? How is compliance with the policies ensured?

Institutional partners and third parties

  • Who has access to what data? Are there any limits to who has access?
  • Who will be the major initial institutional partners? We know about the UW-Husky card integration and Boeing, but are there others? How do you see these institutional partnerships growing in the future?
  • Are there other applications planned beyond transit, such as the use of ORCA cards as commercial debit cards? If so, how are the boundaries of applications defined? Who do you classify as a third party and what data flows between these new applications?
  • What might be sent to third parties? Is it aggregate or individual records? Can this data be sold? If so, in what form?
  • Who will be allowed to sell new cards? Who will be authorized to sell/distribute one-use cards? What data will these card issuers be entitled to?
  • Why is it necessary for customer-service agents, employees of ERG, transit agents, and institutional partners to have access to transit histories for specific transit-users?

Miscellaneous

  • What is the timeline for bringing forward proposals for changes to the ORCA system and ORCA policies. What aspects of the ORCA system are set in stone?