| |
| META TOPICPARENT | name="FirstPaper%25" |
|---|
| | | The most important privacy protection for the Octopus is that it need not be registered or personalized. Only students need provide their personal data, and then only if they desire the student discounts available on some of the transportation networks. Secondly, the Octopus is a cash card system--although a credit-card-based auto-replenishment system is available, the vast majority of passengers will buy and refill their Octopus with Hong Kong Dollar banknotes. Nothing stops one from exchanging cards (as long as one is eligible for any discounts on the card) or maintaining multiple cards: in fact, Octopus encourages buying limited-edition “sold” cards (or chip-containing products) with, for example, holiday designs or cartoon characters on the card. Although anonymous cards still have identifying serial numbers, the possibility for correlation with personal identity is far lower than with credit or debit cards. | |
<
< | Of course, given the substantial presence of surveillance camera at major transport facilities, it should be fairly easy to correlate an anonymous Octopus serial number with the face (and perhaps identity) of its user. The same applies to the $4 Metrocard you can buy from a sidewalk newsstand, or to a credit or debit card, though. | | | But What About the Howling? | |
<
< | We’ve heard a lot about cards “howling” (which, to be clear, refers to the replies of cards to readers close enough to reach them and hear back). The howling nature of the Octopus (or the CUID) and the ability to use it through a bag or wallet is part of what makes it successful, but there are countermeasures available for things we’re more worried about: contactless US passports are allegedly shielded when closed, and contactless “enhanced” driver licenses/passport cards sometimes ship with a protective sleeve. | >
> | Of course, given the substantial presence of surveillance cameras at transport facilities, it should be fairly easy to correlate an anonymous Octopus serial number with the face (and perhaps identity) of its user. The same, though, applies to the $4 Metrocard you can buy from a newsstand, or to a credit or debit card.
We’ve heard a lot about cards “howling” (which refers to the replies of cards to readers close enough to reach them and hear back). The howling nature of the Octopus (or the CUID) and the ability to use it through a bag or wallet is part of what makes it successful, but there are countermeasures available for things we’re more worried about: contactless US passports are allegedly shielded when closed, and contactless “enhanced” driver licenses/passport cards sometimes ship with a protective sleeve. The RFID's lack of an off switch is mitigated by this sort of easy countermeasure--it's no harder to apply such than to definitively disable, say, a mobile phone (requiring battery removal: it has no "hard" power switch either). | | | I Saw the Best Minds of My Generation | |
<
< | You might still be worried about your cash cards--even if your rogue reader can’t crack the encryption, she’s still picking up a unique identifier. Going out in public with neither a balaclava over your face nor a variety of artificial limps should worry you almost as much: video biometric recognition is likely to progress just as fast as whatever technology is required to build out a network of long-range RFID scanners even approaching the existing surveillance camera network's ambit. Everything about the way you look and move is howling to every camera that can see you. | >
> | Don’t forget that mobile phone--in more civilized cities it works underground, too--and it actively howls. If you would not turn off your phone or leave it at home to avoid being tracked, you gain little from smashing your RFID chips. It's probably fair to say that most of us in this class, aware of the bargain, choose the convenience of a mobile over location privacy. | | | | |
<
< | Don’t forget your mobile phone--in more civilized cities it works underground, too--it actually, actively howls. If you would not turn off your phone or leave it at home to avoid being tracked, you gain little from smashing your RFID chips. | >
> | You might still be worried about your cash cards--even if your rogue reader can’t crack the encryption, she’s still picking up a unique identifier. There's no technical solution to this problem, though: going out in public without disguising your appearance and gait may soon be just as treacherous, as video biometric recognition is likely to progress as fast as the technology required to build out a network of long-range RFID scanners even approaching the existing surveillance camera network's ambit. Broadcasting a unique identifier is a fact of life in modern society--this, not any specific technology, is the problem. | | | What’s the Real Issue? | |
<
< | I suspect that opposition to contactless smart cards stems from the idea that, when used for identification, they make life too easy. The user wants to be able to get through his day; the privacy advocate might rather see cumbersome identification technology hassle the user out of his complacency. The question is whether we should be requiring identification at all (or using payment cards rather than cash). Fighting that question on the merits would take more than 1,000 words, but going by Octopus’s uptake we can assume that convenience is a compelling, perhaps deciding factor. The energies of privacy advocates will be better spent lobbying for legal protections: it’s too easy to look like an irrelevant Luddite when you’re smashing chips and playing with tinfoil. | >
> | I suspect that opposition to contactless smart cards stems from the idea that, when used for identification, they make life too easy. The user wants to be able to get through his day; the privacy advocate might rather see cumbersome identification technology hassle the user out of his complacency. The question is whether we should be requiring identification at all (or using payment cards rather than cash). Fighting that question on the merits would take more than 1,000 words, but going by Octopus’s uptake and our use of mobile phones we can assume that convenience is a compelling, perhaps deciding factor. The energies of privacy advocates will be better spent education people about their exposure to privacy-invasion and lobbying for a legal framework protective of privacy: it’s too easy to look like an irrelevant Luddite when you’re smashing chips and playing with tinfoil. | | |
|
|