Part 1: The Boston Experience
By Ashok Joshi
With the introduction of the CharlieCard in May 2005, Boston’s Massachusetts Bay Transportation Authority (MBTA) entered a new era of electronic fare collection, as the system enabled fare payment using smart cards and credit/debit cards. MBTA, which operates the nation’s oldest subway system, now possesses the tools to use data more effectively to improve service.
But this also means paying closer attention to privacy issues.
Six months prior to the debut of the CharlieCard, MBTA began to work with consultants to review matters of privacy and provide recommendations. A white paper was prepared examining how other transit agencies with smart cards and credit/debit payment methods addressed privacy issues. In essence, such a fare collection system entails data links to personal banking accounts, bringing to mind a host of potential vulnerabilities and risks.
Research for the report surveyed multiple agencies but focused primarily on information from Washington, D.C., London and Hong Kong, each of which has transitioned to smart-card systems. Parsons Corp., which helped compose the white paper, highlighted various practices and approaches. There are several similarities and a few subtle differences for each agency’s approach, but the underlying common principles were:
Privacy is an extremely sensitive but manageable issue — there are ways to include the necessary tools to manage privacy.
Data collection methods need to ensure that you know what to collect and how to collect it, and you have a sound basis for why that information is needed.
Data collection issues
Data collection is a double-edged sword in all realms of society today. The proliferation of GPS systems, tiny cameras, video recorders and the ability to record massive amounts of data has given transit agencies great resources, while simultaneously causing anxiety among riders. Tracking a customer’s usage patterns and the prospect of that information being misused have become serious concerns. Such worries have been heightened with reports of ID theft and misplaced — but not necessarily misused — data. These incidents raise the ire of the public regarding data collection and privacy.
Rightly judging the importance of these customers concerns, the MBTA asked itself:
What constitutes privacy and what are its basic elements?
What has been the experience of other agencies regarding privacy?
The Fourth Amendment of the Constitution is often quoted as the guiding reference regarding privacy protection in the U.S.:
“The right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated, and upon probable cause, supported by both or affirmation, and particularly describing the place to be searched, the persons or things to be seized.”
Additionally, in 1890, a U.S. Supreme Court justice defined privacy very simply as “The right to be left alone.” Scholars have described privacy as a fundamental right and not an option. In any case, agencies dealing with smart-card privacy issues should take these definitions very seriously.
Other agency practices
Based on findings from the privacy survey conducted by Parsons on behalf of MBTA, agencies indicated that they do not sell personal informational lists. All data — personal or archived — must be provided to law enforcement agencies per local and national requirements, but only with a court order or other such means.
Agencies employ various other types of safeguards in their automatic fare collection systems. Origin-destination travel patterns and people tracking models do not isolate data by each individual. Instead, they look at the bigger picture. For example, an agency might try to ascertain the aggregate volume of people who travel between two stations on a single line in a specific time-span. Agencies also have a need for recording information by fare type — adult, senior, student, etc. These types of analyses are conducted on an aggregate basis to avoid impinging on the privacy of any individual.
Paratransit operations require much more personal data collection to facilitate measurement of certain government mandated service/performance requirements.
In regards to the length of time data is stored, MBTA retains information for 14 months before archiving. The reason for this term is that credit/debit card-related transaction information must remain available in the event of refunds or chargebacks. Other agencies stated that data collected from smart-card holders is retained for anywhere from eight weeks (in London) to 180 days (in Washington, D.C.)
As far as archived data is concerned, most agencies report that data can never really be destroyed because, like e-mail communication, there is an electronic trail of its existence. But agencies can make it very difficult to get access to archived information.
Other, derivative issues to address include the type of personal data collected in the context of transit systems’ requirements and the type of additional information needed for paratransit riders. These and other issues will be discussed during the American Public Transportation Association’s Fare Collection Conference in Atlanta Mar. 19 to 22, 2006.
Addressing common concerns
Since Sept. 11, 2001, and passage of the Patriot Act by Congress, privacy concerns have been well documented in the mainstream media. For example, here is a passage from the Boston Globe Sept. 20, 2001 issue:
“There is a general acknowledgement that society’s delicate balance between freedom and security will tip toward greater security at the expense of individual liberties; but the exact spot along the continuum where Americans will tolerate restrictions on their freedoms (and where they will resist) has not been located.”
A Boston University study found that three-quarters of the people in the U.S. have a supermarket card, and 86% of them use it nearly every time they shop, even though the study stated that 52% of them are worried about privacy issues. According to James McQuivey, the professor who supervised the study, “The fact that consumers — even those generally concerned about privacy — are willing to use these cards is testament to the fact that personal information is a commodity people are willing to trade with the right company for the right price.”
In Boston, customers will have the choice to purchase one or the other of:
An anonymous CharlieCard.
A personalized CharlieCard with a loss protection feature.
The anonymous CharlieCard is sold without collecting any personal data. If a customer loses the card number, it’s like losing money. On the other hand, the personalized CharlieCard is issued only to those customers who agree to provide personal information such as name, address, telephone number, e-mail address, postal address and a password for customer access to make inquiries. This offers customers better loss protection. MBTA wanted to ensure that:
Internal procedures for data handling and availability include an awareness of privacy issues, meeting governmental and banking regulations related to the requirements for retaining and furnishing relevant data.
A reasonable balance was made between making information available for customer service and collecting too much data. Travel information should be retained for a specific number of most recent trips in order to facilitate handling of customer inquiries about refunds, overcharges or failed transactions.
Access is secured with use of password, user ID and different tiers of security.
Later, a Dec. 7, 2005, Boston Globe headline stated: “Charlie is watching you: “T” cards will track riders’ movements.” The article goes on to say that General Manager Dan Grabauskas, who considers himself to be a privacy advocate, believes the authority will be committed to “zealously” guarding travel information collected by the CharlieCard system.
“There are things that could be better,” said State Sen. Jarrett Barrios, (D-Cambridge), in a Globe counterpoint. Barrios pushed hard for privacy in the new system and then helped craft MBTA’s new policy. “I’d like to see travel records on customers destroyed after two or three months,” she added.
Joshi is a principal systems engineer with Parsons and has been in the fare collection business for more than 20 years.
Part 2: L.A. Story
By Joey Campbell, Managing Editor
Spanning 1,400 square miles from beach to desert, encompassing suburban neighborhoods and the urban jungle of the nation’s second most populous city, Los Angeles County is a world unto itself in terms of getting around. After deciding nearly 10 years ago that the area needed a more convenient fare collection method for its transit system, the Los Angeles County Metropolitan Transportation Authority (MTA) is on the brink of opening the West Coast’s first comprehensive multi-agency smart-card system.
Also partially responsible for the funding and operations oversight of 16 municipal transportation providers and the Metrolink commuter railroad, MTA faced a steep uphill task when it agreed to install smart-card readers on every bus, train and station in the system. For those keeping score, this meant approximately 4,000 new smart-card readers for buses, 400 for railcars and about 350 off-board machines in transit stations.
Though talks started around the mid-1990s, it wasn’t until 2002 that the MTA awarded a contract to San Diego-based Cubic Corp. to install what the agency dubbed the Universal Fare System (UFS). The initial contract, worth $84 million, signaled the beginning of a mammoth collaboration, bringing the MTA and its municipal operators, as well as various equipment manufacturers and consultants, together in a common cause.
In any regionalized fare collection system, getting every operator on the same page is a challenge. But in Los Angeles, where some of the “small” municipal agencies operate fleets of more than 300 buses, pacification can be elusive at best.
“Historically, the MTA and the surrounding municipal operators haven’t always liked each other, and most of the time it’s about money,” says Mark Kroncke, director of business development for Cubic. “But in this case, from the start, there was money set aside for the munis, and the MTA has done a terrific job of keeping them involved.
Additional safeguards were set up to protect municipal operators from implementing an unproven system. “The original agreement calls for the MTA to have full installation first, prove that the system is operational, and then the munis will be taken care of,” says Kroncke.
Part of the reason for the synergy between the MTA and smaller agencies has been the project’s reliance on committees, wherein every stakeholder has a voice. With separate committees on various subjects, discussions have involved city council members, MTA officials, municipal representatives and board members. This approach, though often contributing to lengthy debates, opened the door for compromise and consensus.
Finding peace and harmony between public sector agencies can seem like fun and games when compared with the task of establishing cooperation between two competitor businesses. But that is exactly what the UFS required.
“From day one, this was a joint effort between Cubic and GFI Genfare,” says Kroncke. GFI has supplied the farebox technology to handle cash and coins, while Cubic is responsible for the smart-card portion. “We’ve been competitors in the past, but because of the success of the L.A. experience, we are also working together in Washington, D.C., Baltimore and Atlanta,” adds Kroncke.
One of a kind
Los Angeles is a unique breed among American cities, but not just geographically. Several other distinctive considerations played an influential role in this installation.
For one, Los Angeles represents the first system to transition from cash and coin fare payment directly to smart cards. Most other cities, both domestically and abroad, have used a magnetic reader or some form of interim technology to make the transition easier. “LA is going from an antiquated fare collection system to a modern day system all at once,” says Kroncke. “No one else in the U.S. has done that.”
This means that significant infrastructure changes were required simultaneously during the operation of revenue service. Old fareboxes have been pulled out, and new ones were put in, while wiring and necessary electrical upgrades were required in stations. Many of these tasks were facilitated by the presence of the MTA’s technical consultant, Booz Allen Hamilton.
Additionally, says Kroncke, one of the greatest challenges of the L.A. experience has everything to do with the Southern California lifestyle. “The people riding transit here are primarily people who can’t afford cars, whereas in New York City, for example, minimum wage workers ride the subway next to CEOs of large corporations.”
According to Jane Matsumoto, project manager for the UFS, this distinct lifestyle has a positive financial benefit. “Los Angeles has the largest pre-paid ridership in the country, and all of our products and services are available with the use of pre-paid passes,” she says.
Timetable for completion
Completion of the UFS is expected in the latter half of 2006, says Matsumoto. The MTA plans to initially issue about 600,000 smart cards, which it has nicknamed TAP cards. After the MTA and its municipal partners finish their installations, the next step is crucial — setting up the regional central computer.
“The [central computer] is going to be the warehouse of all the trips taken on the TAP card between MTA and municipal operators,” says Matsumoto. “It will track, for instance, someone who took a ride on Montebello Bus Lines, transferred onto MTA, then took a Santa Monica Big Blue Bus.”
This crucial last step will also involve finding a third party to operate the regional smart-card system. The company will operate like a call center and financial clearinghouse, as the balance of its responsibility will be to administrate funds settlement, financial reconciliation, customer inquiries and other functions of smart cards.
All in all, a complete system implementation will follow a pilot program model using seven stages, says Matsumoto. “We already have close to 10,000 employees with smart-card-enabled employee ID badges, which have dual capability of building access and MTA service,” she says. “With these smart-card attributes in use today, we have 250,000 actions a day being tracked and captured by the smart-card system already.”
With the introduction of smart cards to L.A., a window of future opportunities has opened based on the advanced technology of the TAP cards. “There are two primary possible uses for the smart cards,” says Cubic’s Kroncke. “The first one is that Visa, Mastercard and American Express have pilot programs to work in concert with smart-card systems. So our card readers will take any of these cards.”
As futurists have for years been projecting a society less reliant on cash, the MTA’s smart-card capabilities position it well to be compatible with any type of magnetic strip-based card.
Kroncke says the second major smart-card function being discussed relates to parking. “Tying a parking lot to smart-card use really makes a lot of sense,” he says. The Washington Metropolitan Area Transit Authority has set up its system so that motorists cannot park at any of the agency’s lots unless they have a smart card. This serves as both an incentive to ride public transit and an extra revenue booster, says Kroncke.
Matsumoto says that the smart card-parking idea is currently receiving serious consideration. Other potential uses of the TAP cards, she says, include partnerships with retailers, hotels and destination sites along transit lines that would offer promotional packages to transit riders. “What I am really looking forward to is capturing different riders based solely on the uniqueness of this technology,” she adds. “Once we get the TAP card incorporated with different programs, it will boost the system’s level of convenience and accessibility to media.