Crosscut's recent story on the Seattle Police Department's license plate scanning systems prompted more than one "Hey, can't track me" response.
Your ORCA Card begs to differ.
The ubiquitous ORCA (One Regional Card for All) used by area transit agencies is surprisingly smart: It holds an unencrypted record, on the card itself, of your 10 most recent trips and five ORCA financial transactions. If you’re a rider with an age-based discount, your date of birth is also encrypted on the card. The system was designed and is operated by the Australian company, VIX Technology.
If you’re an ORCA card carrier, it is easy find out where you've been lately. Yes, there's an App for that. FareBot is the brainchild of Seattle software developers Eric Butler and Karl Koscher (see Related Stories box). It is available free for Android-based smartphones equipped with near-field communications (NFC) capability. (Near-field is the same technology used by ORCA and other transit cards worldwide.)
You can launch FareBot in a few seconds. Just hold your phone near anyone’s card and voila! You get a detailed rundown of where that person has "tapped on" and off any area train, bus or ferry lately.
"It's a little scary because you can get a lot of information," says FareBot creator Butler. "I can't easily come up with a reason why the card needs to store trip history unencrypted — or at all. Removing this travel history while keeping the current balance would ease most privacy concerns."
The technology behind the card is where things get really interesting. The ORCA servers are more elephant than whale because they never forget. They retain data from every ORCA trip taken since the system went live in April 2009. Starting later this year, ORCA data older than 25 months is due to be "archived" but not deleted, according to Sound Transit.
The American Civil Liberties Union made several privacy recommendations to the ORCA consortium when the Card was being developed in 2007. Most of those concerns still apply. Chief among them were the risk of storing travel data on the card itself and the long-term aggregation of travel info tied to specific card numbers. The ACLU was concerned that such data might be used for other purposes in the future.
Those years of travel data represent a mind-bending amount of information.
By January 2013 an average of 391,699 ORCA boardings occurred daily. As of January 24th, 1,425,254 total ORCA cards had been issued. If you do the math, you'll see that the system is storing billions of taps, or trips.
Getting details from the ORCA system (officially the Regional Fare Coordination System) takes effort but is not impossible. The transit agencies that participate (Sound Transit, King County Metro, Community Transit, Kitsap Transit, Washington State Ferries, etc.) are signatories to a byzantine "Interlocal Cooperation Agreement" that governs ORCA operations. Requests for information could be made to or filled by any of the participating transit systems.
Organizations that provide ORCA cards to their employees are the ones most likely to be able to get detailed usage information. Those organizations own the cards and can access the information on them, according to Sound Transit spokesperson Geoff Patrick. Patrick says that, to date, about 60 companies have requested detailed information about card use. When Crosscut asked for a list of those companies, we were referred to the member transit systems for details.
Like what you just read? Support high quality local journalism. Become a member of Crosscut today!