Smart card: What your ORCA never forgets

If you carry an ORCA card, it's easy to find out where you've been lately. In fact, there's an app for that.
Crosscut archive image.

ORCA cards tell all

If you carry an ORCA card, it's easy to find out where you've been lately. In fact, there's an app for that.

Crosscut's recent story on the Seattle Police Department's license plate scanning systems prompted more than one "Hey, can't track me" response.

Your ORCA Card begs to differ.
The ubiquitous ORCA (One Regional Card for All) used by area transit agencies is surprisingly smart: It holds an unencrypted record, on the card itself, of your 10 most recent trips and five ORCA financial transactions. If you’re a rider with an age-based discount, your date of birth is also encrypted on the card. The system was designed and is operated by the Australian company, VIX Technology.
If you’re an ORCA card carrier, it is easy find out where you've been lately. Yes, there's an App for that. FareBot is the brainchild of Seattle software developers Eric Butler and Karl Koscher (see Related Stories box). It is available free for Android-based smartphones equipped with near-field communications (NFC) capability. (Near-field is the same technology used by ORCA and other transit cards worldwide.)

You can launch FareBot in a few seconds. Just hold your phone near anyone’s card and voila! You get a detailed rundown of where that person has "tapped on" and off any area train, bus or ferry lately.
"It's a little scary because you can get a lot of information," says FareBot creator Butler. "I can't easily come up with a reason why the card needs to store trip history unencrypted — or at all. Removing this travel history while keeping the current balance would ease most privacy concerns."
The technology behind the card is where things get really interesting. The ORCA servers are more elephant than whale because they never forget. They retain data from every ORCA trip taken since the system went live in April 2009. Starting later this year, ORCA data older than 25 months is due to be "archived" but not deleted, according to Sound Transit.

The American Civil Liberties Union made several privacy recommendations to the ORCA consortium when the Card was being developed in 2007. Most of those concerns still apply. Chief among them were the risk of storing travel data on the card itself and the long-term aggregation of travel info tied to specific card numbers. The ACLU was concerned that such data might be used for other purposes in the future.

Those years of travel data represent a mind-bending amount of information.
By January 2013 an average of 391,699 ORCA boardings occurred daily. As of January 24th, 1,425,254 total ORCA cards had been issued. If you do the math, you'll see that the system is storing billions of taps, or trips.
Sound Transit is the lead administrative agency for ORCA. Its privacy policy states that the agency does not retain personally identifiable information associated with ORCA cards. The agency also says that when credit cards are used to make purchases, everything except the last four digits of the card are "masked" in the system. But in the burgeoning world of networked, relational Big Data, it is not difficult to envision a government agency or employer associating a card (each has a unique ID number) with an individual and obtaining highly detailed information — years of it — about that person’s travel history without his or her knowledge.
Getting details from the ORCA system (officially the Regional Fare Coordination System) takes effort but is not impossible. The transit agencies that participate (Sound Transit, King County Metro, Community Transit, Kitsap Transit, Washington State Ferries, etc.) are signatories to a byzantine "Interlocal Cooperation Agreement" that governs ORCA operations. Requests for information could be made to or filled by any of the participating transit systems.

Organizations that provide ORCA cards to their employees are the ones most likely to be able to get detailed usage information. Those organizations own the cards and can access the information on them, according to Sound Transit spokesperson Geoff Patrick. Patrick says that, to date, about 60 companies have requested detailed information about card use. When Crosscut asked for a list of those companies, we were referred to the member transit systems for details. 

Sound Transit has been asked for, and has provided data four times in response to court orders (involving two thefts, one robbery and a homicide case). Community Transit has provided information to the Edmonds and Monroe School Districts and to the Snohomish County Sheriff. Disclosure requests to other agencies are still pending.
ORCA policy requires business customers who want card data to cite a reason for their request — investigation of misuse, for example. But the policy does not require ORCA to make any assessment about the merits of the request. Bottom line: Companies who ask for the data, get the data.
Concerned ORCA users can take a few easy steps to protect the privacy of their travel. They can purchase ORCA cards anonymously, something that about 30 percent of ORCA users already do. Anonymous purchase requires finding a transit facility that takes cash. If you’re truly paranoid you could use several ORCA cards instead of just one. That way no single card contains a full history of your movements. Finally, avoid leaving your ORCA card out where some snoop with a cell phone can scan it. Maybe a tinfoil wallet to go with the hat?
Privacy aside, the enormous amount of detailed data is a treasure trove of precise intelligence about who is using what transit systems and when. Analyzing that data could help make our transit systems work better. “This information is valuable in calculating the productivity and cost-effectiveness of our service,“ says Sound Transit spokesperson Patrick, “and in determining whether changes in service are needed."

FareBot creator Butler agrees, to a point: "I really like these systems,” says Butler. “They make transit easy to use. But these are public systems and taxpayers should be able to expect that they are secure."


Please support independent local news for all.

We rely on donations from readers like you to sustain Crosscut's in-depth reporting on issues critical to the PNW.


About the Authors & Contributors

Matt A. Fikse

Matt A. Fikse

Matt Fikse-Verkerk (Twitter: @mattfikse) covered urban affairs, politics, tech, and business at Crosscut from 2009 to 2014. He lives in Seattle and works for a biotechnology firm in Redmond, WA.