This site is about the OV-chipkaart (in Dutch), a single national chipcard for all public transport in the Netherlands, which is similar to London's Oyster card or Hong Kong's Octopus card. It is being introduced by Trans Link Systems (TLS), a consortium of public transport companies. Currently the OV-chipkaart is being tested in practice in and around Rotterdam and Amsterdam. National introduction has been postponed a couple of times, but is now foreseen in 2009.
Early 2008 the OV-chipkaart has come under heavy attack because of both security and privacy concerns:
- Individual travel movements are collected centrally and will be used for direct marketing purposes. The Dutch Data Protection Authority (College Bescherming Persoonsgegevens, CBP) has therefore described the approach as: not in accordance with the law (CBP report).
- The cryptographic protection in the Mifare Classic chipcard, used in the personalised cards is broken.
- The throw-away cards have been cloned, enabling free travel.
- Very little is known about how the system actually works, and about how (private) data are protected.
Why this site?
The aim of this site is twofold.
- On the one hand, this site is a place for documenting the current OV-chipkaart system, to be a repository of knowledge. Factual information about the design, strengths and weaknesses of the current system; an explanation of all the things that were in the news since roughly January 2008.
- On the other hand, this site is a place an experiment for transparently developing a new system from scratch in which RFID technology is used for ticketing in public transport. Using an open design process, the design criteria and the quality of the solutions can be evaluated by a broad audience, including scientists, hackers, but of course also stakeholders such as transport companies. This process may eventually result in an open standard.
OV-chip 2.0OV-chip 2.0 offers similar or better functionality than 1.0, but will be dramatically different with respect to privacy and transparency. It will have privacy built-in, instead of as a poor add-on. Its working will be public, such that everyone can verify how and whether it works.
This research is generously sponsored by the NLnet foundation.
Who maintains this site?
This site is set up by the Computer Science department of the Radboud University Nijmegen in the Netherlands. The aim is to encourage an open and public discussion on the technology that is used in projects like the OV-chipkaart. This site is a Wiki, and everybody is free to contribute to it. In particular people with know-how of the OV-chipkaart are encouraged to contribute with their valuable knowledge. This open process may introduce some bias in the information, and therefore this site uses an account registration procedure in which the identity and affiliation of users are verified. The rule is that users contribute personally, not as employees of some organisation; but their affiliations are visible. The initiators hope that visitors of this website thus have more information to evaluate the credibility of the information submitted to this site.
The Radboud University Nijmegen is no stakeholder in the OV-chipkaart project, and desires to maintain its independent position. The Computer Science department, in particular the Digital Security group, aims to assist in designing a system which is acceptable for all stakeholders; in particular for the transport companies because fraud is not feasible, and for citizens because their privacy is adequately protected.