Wednesday, August 20, 2008

Ueventful Commute

It is GORGEOUS out ... love, love, love this weather!!!

This morning's commute was uneventful and on time today.

Regarding the T's announcement that Danny G. is going to roll back the salary increase. Finally, a good management decision! Who cares that the Secretary of Transportation told Danny-boy mandated that this be done. It got done.

Today's Globe published a longer article about the MIT-Charlie Card saga than yesterday afternoon's story.
"It's good that they've at least acknowledged that," Zack Anderson said in a telephone interview after yesterday's hearing. "The issues really do need to be fixed."

The lawyer representing the MBTA, Ieuan G. Mahony, and T general manager Daniel A. Grabauskas said the agency will now try to meet with the students in hopes of learning more about their research - a much more conciliatory approach than it had taken over the previous two weeks. Civil liberties groups and Internet technology buffs have been watching the case closely for its possible ramifications on the limitations of free speech as it relates to electronic security.
The article noted that fewer than a third of the T's riders actually use CharlieTickets. That seems low for such an extensive, expensive system. Of course, commuter rail riders can't use the tickets. About 70% of all T riders use the CharlieCards.

Along with the more in-depth article, The Globe also published an Editorial called "Charlie's devils." The editorial contains some good background history into the technology behind the CharlieTicket/CharlieCard.
STRAPPED WITH an $8.1 billion debt, the MBTA can't afford expensive upgrades to its automated fare equipment. That may explain, in part, why the transit agency put such extraordinary legal pressure on three MIT students who claim to have found a way to hack into the transit system's $180 million automated fare system. But trotting out the lawyers didn't make the T less vulnerable to future hackers.

The MBTA needs to find better ways to secure its revenues without sinking further into debt or stomping on the First Amendment rights of hackers. That probably leaves out purchasing an entirely upgraded MIFARE system that uses more advanced encryption standards but would cost about $6 per card, according to T officials - about 12 times the current cost.

While much of the public is focused on a courtroom where a federal judge yesterday lifted a gag order on the MIT hackers, there has been too little attention on what the T is doing to protect the public transit system.

The T erred by not seeking an independent analysis of MIFARE's security capacity during the purchase phase. But it is not standing still. General Manager Daniel Grabauskas says the agency is pressing NXP and its vendors to improve the current system. And new encryption features already have been added to the CharlieCard to frustrate hackers. "The next generation of protection is already in the works," says Grabauskas.

No comments: