Tuesday, August 12, 2008

Transportation Funding and Charlie Card Security Breach Finders

According to this morning's Boston Globe, Govenor Deval Patrick's administration is trying to avoid a transportation melt-down. Yesterday, Transportation Secretary Bernard Cohen met with the heads of the T, the Turnpike, Massport, and the Highway Department. The subject: finding funding for the debt-plagued T and Turnpike. One solution - diverting monies from Massport and the Highway Department.

Transportation insiders note that another strategy is needed, as there are doubts that this monetary infusion will help the T and the Turnpike with their significant budget issues come fiscal year 2009.

IT publication NetworkWorld published an article yesterday about the MIT students who wanted to show the security flaws with the T's Charlie Card. It is a fun read - case in point:

Oh, sure, their diversionary assault was problematic enough for the clueless bureaucrats: The students did manage to gather details of the cheesiness of CharlieTicket and CharlieCard -- named for you know who -- and they were hell-bent on distributing that information at the recently concluded Defcon security conference.

But here's the real reason the MBTA sought and was granted that court injunction: Seems those MIT hackers had unearthed incontrovertible evidence that Charlie did get off of that train -- and right quick, mind you. What has followed has been a massive cover-up stretching six decades.

One of the comments to this article is dead-on:

The hackability of the MBTA's "smart" card is not news. Neither is the T's inability to manage the system when it actually works.

Since the poor selection of technology was made by our blundering "Authority", security experts have been sounding all manner of warnings. Presenting some findings at a security conference won't tell experts more than they already know. Rather, it will serve to rightfully humiliate the inflated egos and T seat-warmers who, as a matter of job description, maintain a sense of self importance lest the alleged legitimacy of the "Authority" be shaken. Any threat to reputation, particularly when the bondholders get to read about yet another blundering mess, most certainly deserves a Code Red. Never mind the big investors who the T (and therefore the state and taxpayers) are out billions for. What if the public finally got the drift: that their critical piece of transportation infrastructure is headed by idiots, political hacks, and the very unemployable elsewhere? Why, they might revolt and clean out the joint! Maybe the "Authority" would be no more. Can't have that. The T has always been a sweet deal for nephews of State Senators and friends of others in high places. Horrors!

Imagine the trouble for those former T hacks who would have to fend for themselves in what we call the "dreaded private sector"? They'd lose all those perks such as"Authority"-provided SUV's (for employees of a public transit system - one that runs trains and buses).

Gee, I wonder if a rider of the commuter rail, bus, subway, or commuter boat submitted that comment?

The Globe also published an update on this issue. The MIT students made some really reasonable recommendations. Too bad when Danny G is on the hot seat, he only knows how to freak out.

No comments: