RFID & Hexakosioihexekontahexaphobia

Recently I purchased an Oyster card. This card has an RFID chip in it which you can load up with money at shops to later use on public transport. Just walk into a station and swipe the card over the reader. Sorted.

It’s a great idea as it cuts out the annoying waiting in line for a train ticket. Invariably the person in front of you in the queue is an old lady enquiring about vouchers and special rate deals for an outing she has planned next month. Whilst she prattles on about what bad weather we are having, her arthritis and the general cost of things today, you see your train pull in, then depart.
With the Oyster card you can load it up before hand in a shop with no queue. Also there is generally a discount for using the card. It’s a winner. However I do have some concerns.

When you first get a card you fill in a form with your name address, phone number etc. then as each card is unique whenever you charge it up, use it to pay for travel someone knows where you are and where you have been. What’s being done with this information?

I guess you can use the argument If you don’t have anything to hide you don’t need to worry?, but I just feel it’s another form of tracking the government has at it’s disposal. And it is the government that has direct access to this, unlike credit cards which they have to request the data for. How long is this info stored on your movements? I think cell phone info is never thrown out, probably the same with Oyster cards. Armed with Oyster and cell data a very detailed track of your daily movements could be made.

On the subject of credit cards, recently the whole skimming of credit cards was big news. When you paid for something the waiter or shop assistant etc could run it through a reader and clone your card. With the old credit cards the info was stored on a magnetic strip so the card had to physically be swiped through a reader. With RFID it can be read at a distance. The readers at stations only work close up as they run at low power but if a high power reader was set up at some choke point, such as a door, it could read every RFID card then went through the doorway. If that doorway was at some large commuter hub you could collect a lot of data. What is some malicious hacker set up such a reader to clone cards?

I used to swipe in at stations or busses with my card still in my wallet but as newer credit cards may also have these RFID chips embedded on them I’m worried that the reader will be able to get data from these as well. I would hope that any info stored on credit/debit cards are encrypted but even so, it’s a concern.

I bet the government would love to expand the idea of the Oyster card to other areas such as purchasing fuel, Consumer goods, Food etc. I can see it replacing money altogether. Before anyone starts quoting The mark of the beast I have to say that on the whole, for me, the benefits of an Oyster card, and indeed cell phone, outweigh the concerns I have about there spying on you. However I do propose swapping cards with your friends & family every now and again just to keep them from building an accurate database on your movements.

OK another rant done. Some of you may notice that this was written and posted at 04:00. This is because the flu has denied me of sleep these last few nights and this helps pass the time. Hope it’s not H5N1. đŸ˜‰

Links:
NY Times article on poor RFID security

RFID zapper Gun

Entropy1024

Leave a Reply

Your email address will not be published. Required fields are marked *