Wednesday, 28 November 2012

Einfrieren! Zeigen Sie uns Ihre OPUS Unterlagen

(Translation: Freeze! Show us your OPUS documents)
My apologies for the crappy quality, I only had one shot at this photo... The two people with the supra-glow lettering on their jackets are transit cops (not real cops) 
So there I was, on the bus, minding my own business after a days work, when the bus stops and two armed thugs get on using both the front and back doors. Armed with a gun, a taser, handcuffs, and official looking uniforms which aren't clearly marked "not police" from the front, yet clearly marked "STM inspector" on the back (sorry, that would have been much more visible had the flash not gone off, but by the time I turned it off, they were no longer on the bus). These armed thugs then proceeded to verify everybody's bus passes and transfers using a portable card scanner, without any explanation as to why.

So it has come to this, has it? Randomly stopping buses to 'verify' that we have not stolen a free ride? Here it is, our notice that they are looking to collect $500 (plus fees) from any who discarded their transfer before they made it to their destination. Funny, this doesn't tell you that they will 'restrain you' if you do not comply with their IN FRENCH ONLY request.

Is it because somebody figured out how to hack the system? That sounds likely, because, of course, they've gone on record to state these things cannot be hacked, which is usually the only challenge a hacker requires to get to work at it. It isn't like the smart cards used by cable TV and satellite companies can be hacked either, except that I had read an article 10 years ago which stated the smart cards being used by Bell, Dish network, and some European cable operators (and many other companies I am sure) had been hacked before they were even put into broad use. (I wish I could find that article, but I cannot... But that's OK, this system was hacked before my city bought into it and I have that article right here, and here).

The funniest thing in all of this is I was aware of the MiFare hacks, before I was aware that my bus pass was going to become one. That computerworld article I've linked above wasn't even the only source I read because it was quite literally on just about every tech news site, and even made honorable mentions in some of the MSM. I guess that's just the speed and efficiency of bureaucracy being demonstrated.

When these cards were issued, I was under the assumption that the cards were probably not storing the fares on them because, that, would be a silly thing to do given that the system had already been proven as being hackable. So it would make sense to have the readers on buses equipped with 3G data service and maybe even GPS to capture real-time scheduling delays... Especially since this system cost so much money from the start ($217,000,000 CAD). You might think they'd put their money where their mouths are before making audacious statements like "The cards offer "good means against the fraud,""... Nope, they read the sales brochure, not the interweb.

Don't get me wrong, I did not like the idea that I was carrying an RFID chip through a live tracked transit system either, though I should have figured it all out when the buses continuously failed to show up on schedule that the live communication thing was a myth of my own creation. That's one way I would have fought ticket fraud, except, that it would have been lowest on my list, because it still isn't ideal and has it's own privacy issues and hacking risks.

Nice. Buy a broken system to prevent fare fraud, which actually makes it easier than it had been previously, then frisk me as a common criminal over it.

So, how much is this Gestapo service going to cost, and how soon until they also want me to 'turn my head and cough' as well as scanning my opus? I am willing to bet that there is way more money going into stopping the fraud, than there is money being lost by the fraud itself since that seems to be the case in any anti-fraud countermeasure. It also appears that there is now a 'law' in the province granting STM inspectors "grand inquisitor" right since this clearly states 'This document has official status. Dated November 1st 2012'.


So I suppose it will not be long now before we all have to keep our ankle bracelets charged...

I also think it's time to scan my bus pass and see what secrets it's telling the fake cops about me. Maybe I can encode a message for them into it for them, and we'll all have a good laugh over that time my bus pass told an STM fake pig to go fuck himself.

(updated 20 minutes later)
And, without spending a cent, I have a card reader.


No comments:

Post a Comment