Mar 17, 2008 Records of journeys made by people using smart cards that allow 17 million Britons to travel by underground, bus and train with a single swipe at the ticket barrier are among a welter of private information held by the state to which MI5 and police counter-terrorism officers want access in order to help identify patterns of suspicious behaviour.
One solution being debated in Whitehall is an unprecedented unlocking of data held by public bodies, such as the Oyster card records maintained by Transport for London and smart cards soon to be introduced in other cities in the UK, for use in the war against terror. The Office of the Information Commissioner, the watchdog governing data privacy, confirmed last night that it had discussed the issue with government but declined to give details, citing issues of national security.
http://www.guardian.co.uk/uk/2008/mar/16/uksecurity.terrorism/print
Now that the Oyster card can be hacked, we learn that MI5 thinks the system is good enough to assist in preventing terrorism.
The two situations don’t quite sync.
1 Comment 
hacking, london transport, mi5, oyster card, privacy, security, terrorism, tfl
Mar 10, 2008 It seems that the RFID chip used in London Underground’s Oyster Card – supplied by former Philips subsidiary, NXP Semiconductor – has been hacked by researchers at the University of Virginia.
The researchers were testing the claims in a report for the Dutch government that hacking the travelcard would require at least $9,000 worth of hardware and would not be an easy prospect for at least two years. They have found that they can do the same job with a standard laptop computer and some cheap equipement.
It’s not clear yet what implications this has for Oyster card users, but presumably cards can be cloned by reading the RFID signal with a small device attached to the reader in quiet stations. You can then embed that into cloned cards and sell them as a way of getting free transport.
As journeys are logged, it is likely that unusual travel patterns would trigger fraud software and cut the card off – but that then in turn causes considerable inconvenience to the legit passenger.
At a time when we are preparing for the UK government to force us into some monolithic database and ID card scheme, this is a timely reminder of how nothing is ever really secure from being hacked.
Links:
Jan 29, 2008 Rather a good cartoon seen via Digg which is timely in todays world where privacy rights are reduced to increase state security.
Nicely, it doesn’t make a judgement as to whether that is a good thing or not – simply delivers the message in a simple manner.
Personally, I think it is a bad thing – and excessive to the scale of the threat.
Think about it – how many people do terrorists kill, and then wonder how many people are killed in random murders by “ordinary people” over the same period of time. But which one gets all the attention?
Via Digg
Contact
Subscribe