OV-Chipkaart
privacy friendly chip card for public transport
This project is about the OV-chipkaart, a single national chipcard for all public transport in the Netherlands, which is similar to London's Oyster card or Hong Kong's Octopus card. It is a propriatory solution being introduced by Trans Link Systems (TLS), a consortium of public transport companies. Currently the OV-chipkaart is being tested in practice in and around Rotterdam and Amsterdam. National introduction has been postponed a couple of times, but is now foreseen in 2009.
Early 2008 the OV-chipkaart has come under heavy attack because of both security and privacy concerns:
- Individual travel movements are collected centrally and will be used for direct marketing purposes. The Dutch Data Protection Authority (College Bescherming Persoonsgegevens, CBP) has therefore described the approach as: not in accordance with the law (CBP report).
- The cryptographic protection in the Mifare Classic chipcard, used in the personalised cards is broken.
- The throw-away cards have been cloned, enabling free travel.
- Very little is known about how the system actually works, and about how (private) data are protected.
The aims for this project are twofold:
- On the one hand, to concentrate documenting of the current OV-chipkaart system, make a public repository of knowledge. Factual information about the design, strengths and weaknesses of the current system; an explanation of all the things that were in the news since roughly January 2008.
- On the other hand, experiment with the card in order to transparently develop a new system from scratch in which RFID technology is used for ticketing in public transport. Using an open design process, the design criteria and the quality of the solutions can be evaluated by a broad audience, including scientists, hackers, but of course also stakeholders such as transport companies. This process may eventually result in an open standard.
- The project's own website: https://ovchip.cs.ru.nl