Features Podcasts Family Video Comics Music Tech Science Books Film & TV Games ✚

Jill

Wash., DC transit authority uses proprietary RFID system, gets screwed

Xeni Jardin at 4:35 pm Thu, Sep 16, 2010

— FEATURED —

Science

Making sense of the confusing Supreme Court DNA patent ruling

Science

Ants and Stars: Bruce Sterling and Jasmina Tesanovic visit the Sardinia Radio Telescope in Italy

Feature

The Snowden Principle

Book Review

Carl Hiaasen's Bad Monkey

— FOLLOW US —

Boing Boing is on Twitter and Facebook. Subscribe to our RSS feed or daily email.

 

— POLICIES —

Except where indicated, Boing Boing is licensed under a Creative Commons License permitting non-commercial sharing with attribution

 

— FONTS —

Tweet
Kindle
Via the BB Submitterator, reader Chris Combs tells us: "The Washington, DC transit authority contracted with a proprietary company for their RFID-based fare card system, SmarTrip. Now, just six years after getting the system fully installed, the DC Metro system says that their contractor Cubic will no longer sell them the farecards, and they only have enough stockpile to last until 2012. The best solution they've got is replacing every fare box and farecard... again. Kicker: they're paying more than $3 each for bog-standard 13.56MHz RFIDs, which can be purchased singly by normal folks for $.25."

Boing Boing editor/partner and tech culture journalist Xeni Jardin hosts and produces Boing Boing's in-flight TV channel on Virgin America airlines (#10 on the dial), and writes about living with breast cancer. Diagnosed in 2011. @xeni on Twitter. email: xeni@boingboing.net.

MORE:  Business • Gadgets • politics • Ripoffs • security • Technology

More at Boing Boing

Ants and Stars: Bruce Sterling and Jasmina Tesanovic visit the Sardinia Radio Telescope in Italy

The Snowden Principle

  • Todd Knarr

    Repeat after me: No Single Source. That used to be accepted wisdom in procurement sources, you never went with a critical component if there was only a single source for it. That’s how AMD got into the business of making x86 chips: when Intel went to try and sell IBM on it’s CPU, IBM simply wouldn’t buy unless there was a second supplier of the chips. And it seems intuitively obvious to me that if you’ve committed your business to needing something that one and only one entity can supply, you’re at the mercy of *their* business plan and product roadmap and this is a Bad Thing. So why is it that senior business types, who’re supposed to have gone to school and have tons of experience at this, get caught (and keep getting caught) with their pants down by these exact sort of things?

    • Church

      Yeah, this is what we in the business call “the bleedin’ obvious.”

  • Shazbot

    Proprietary hardware is just as bad as proprietary software at screwing things up when you don’t expect it.

  • zizzybaloobah

    This is not shocking news to anyone that is familiar with the Washington Metropolitan Transit Authority (WMATA or more commonly, Metro) or local DC government.

    They built a subway system dependent on escalators to get folks into and out of the stations and any day has dozens if not more escalators out of service. Only within the last few years (of a 25+ year old system) did the finally manage to cover some escalators that were exposed to weather.

    Metro is prime example of waste and overspending. Makes the Pentagon seem downright frugal.

    • Anonymous

      actually WMATA’s Metro System egress was not designed for escalators; the design called for stairways but public pressure after construction started was to redesign for escalators (forcing some custom escaltors) since physical constraints from land takeaways etcs made off the shelf standard size escalators impossible. Elevators and Escalators are the non-compensated mode of transporation WMATA provides. Perhaps they should tear them out and put stairs in and reduce operating costs , and improve rider health, to eliminate the complaints.

    • PeaceNerd

      Yep. One of the local morning DJs from PGC once recommended the slogan for the DC government should be: “DC: We get up IN ya!” Which is pretty much what I think whenever I heard one of these stories. I remember several years ago the DC DMV spent a good part of the day giving out the exact same license plate over and over. Or then there was the time their speed cameras generated citations for police cruisers that sped by the cameras on their way to respond to calls… and the city tried to make the officers pay the fines. Mmmmm. We get up IN ya.

  • starcadia

    Not a big surprise. The DC Metro is a mess. Increasingly so, despite recent fare hikes. The list of dysfunction would go on a bit. Very frustrating.

  • Chris Tucker

    The MBTA (Boston area transit system) GIVES AWAY RFID farecards. Some stations have piles of cards just sitting there.

    Each card includes, As Xeni describes it, A bog-standard RFID chip.

    Given the number of cards out there, I suspect that the plastic of the card and the printing, costs more than the actual RFID chip.

    • oyvinja

      Well, Chris, I think you might have solved it right there. ;-)
      If Boston has such an abundance, I guess the cheapest thing for DC Metro would be to send someone there and just take what they need from Boston. I’m sure even a daily “card-raid commute” would cost less than replacing everything (at least until they break even).

  • ZDepthCharge

    They must have solved the problem by 2077. Otherwise you wouldn’t be able to get down tehre and fight all those ghouls in Fallout 3.

  • lhopitalified

    It wasn’t clear at first glance what the original article meant about losing money on $2.50 cards. Apparently, the system will let you go negative, and you do not need to register your SmarTrip card (i.e. no associated identity), so it is possible to just throw away a card with negative balance…

    Theoretically, it should be easy to hire a bunch of young hackers to reverse-engineer the protocol over a summer and then WMATA can produce their own compatible cards. Too bad about that DMCA though…

  • Anonymous

    Read “the great metro socitey” amazing history of the metro.

    • Anonymous

      The book’s name is “The Great Society Subway” and it IS excellent.

      http://www.amazon.com/Great-Society-Subway-Washington-Landscape/dp/080188246X/ref=sr_1_1?ie=UTF8&s=books&qid=1284730445&sr=8-1

  • Anonymous

    They should hire these guys: http://hackaday.com/2008/08/09/defcon-16-mit-boston-transit-presentation-gagged

    I’m sure any hacker worth their salt would be able to reverse engineer these cards in a half hour, and start churning out 25cent replacements at a rate of hundreds per hour.

    As was mentioned above though, too bad about that DMCA law that says that’s illegal no matter what the circumstance. Looks like the taxpayers will have to foot the bill for a few more hundred million dollars to fix this instead.

    I wonder… If your garage door opener malfunctioned, and you had to physically break into your own garage, would that be circumventing a digital lock, and thus punishable under the DMCA?

    • rrh

      Probably not:

      http://freedom-to-tinker.com/blog/felten/ruling-garage-door-opener-case

      “The judge ruled that Skylink was not violating the DMCA, essentially because consumers have permission to open their own garages. … The judge’s problem was that in a previous DMCA case (Universal v. Remeirdes) a court had ruled that consumers do not have permission to view their own DVDs, except on devices ‘authorized’ by the copyright owner. ”

    • jungletek

      IANAL, but AFAIK the DMCA specifically has a provision allowing reverse engineering for ‘interoperability purposes’. If such a project didn’t qualify, then what would?

  • Anonymous

    There was an official comment about the escalators saying that a study had been done and it was more cost effective to start a new escalator contract, including the cost of replacing all mechanisms, than to install stairs. This surprised me, not only for the supposed cost of converting escalators to stairs, but the obvious ‘turn them off and you have stairs at no cost’ with the small inconvenience of a few abnormal height steps at ends [which happen all them time during breakdowns]

  • Anonymous

    I love the “put some hackers in charge” argument that gets bandied about for things like this.

    People who say this sort of thing obviously do not no very many actual hackers. Taking things apart and figuring out how they work does not necessarily lend itself well to things like documentation and process which any large project basically cannot do without. Most hacking is rarely collaborative despite what the movies and the con promoters want you to believe.

    I don’t even think you could find people with the right combination of skills willing to touch a project like this with a 10 foot pole.

    • Marcel

      I just grabbed my 10 foot pole and look who I found:

      http://www.sos.cs.ru.nl/applications/rfid/main.html?

      Okay, these guys aren’t exactly hackers, they’re researchers, but they cracked MiFare security, including Oyster’s, wide open.

      So much so, that all you have to do now, is buy yourself a RFID card reader/writer for your home computer at about 20 dollars, download a little program they’ve written, and you can basically down and upload all data, so your card will allways have credit.

      How about them apples?

  • Anonymous

    When the Oyster system was introduced in London the contractor owned the system but Transport for London brought the brand and all the equipment so they are now in control of the system.

    http://www.nearfieldcommunicationsworld.com/2010/04/13/33348/transport-for-london-buys-oyster-brand-name-plans-extra-services-and-move-to-mobile-ticketing/

    Though I am not sure I agree with their assertion that “Oyster is the world’s most successful transport smartcard,” – I would think that other cities like Hong Kong or Tokyo might disagree.

  • SkullHyphy

    Muni underground stations in San Francisco are switching to RFID cards in association with Clipper (formerly TransLink). I wonder if they’re taking notes on this development.

  • Anonymous

    It’s 2010 and at a minimum government depts and agencies should insist on standards-compliant RFID solutions to prevent this type of thing from happening anywhere in the government. The US Dept of Defense is actually a bit of a thought leader in this regard and moved from a proprietary active RFID system to a standards-based one last year, awarding a $429 million contract to four competing vendors and helping to ensure that even if one vendor stops making RFID hardware, there are others standing by to pick up the slack. For more info on this case study, visit http://ht.ly/2G5He

  • Yamazakikun

    Cubic Transportation Systems’s business strategy prominently features bidding for work and then suing when the bid isn’t accepted. (See their history with the MBTA’s AFC contract.)

    I have to wonder where the money is going on the Counterweight continent — a Myki card (Victoria) costs AUD$10 net.

  • Anonymous

    Helsinki, Finland made the same smart decision and now had to change all of their travel cards.

    (@Anon: Oyster is a bog-standard RFID chip (Mifare Classic).)

  • Baldhead

    Why does it not shock me that Washington seems a hotbed of bureaucratic idiocy? The only shock really is that it goes all the way to the bottom.