Recently in Transport Surveillance Category

It appears that security researchers at Radboud University in Nijmegen, in the Netherlands, have extended their previous demonstration of the flaws in their own Phillips MiFare based travel cards, to the similar system used in the London Oyster Card.

See the reports by ZDnet: and the translation of a report about the researchers' evidence to the Netherlands Parliament regarding such transport card vulnerabilities:

They can reportedly use an Oyster Card, and then re-set the monetary balance, something which shows that the system is possibly vulnerable to fraud.

Transport for London claim that they would detect such a scam within 24 hours and so it would only be limited one day's free travel.

However, this assumes that the Dutch researchers, or any criminals exploiting the same vulnerabilities, are using are not spoofing or re-programming the Oyster card's serial number every day, as well as re-setting the monetary credit balance, in which case, this will not be picked up via a nightly accounting reconciliation subroutine on the central database.

If randomly chosen, or specifically targeted Oyster card serial numbers were to be re-programmed, then the Transport for London / TranSys consortium anti-fraud routines could be abused to create a Denial of Service attack on random innocent travellers or specific targets.

More worryingly, it appears that they can also cause a software malfunction in the Tube Gates, which are then jammed shut, after their Denial of Service attack presumably sends the wrong sort of code to the system.

At busy stations during the rush hour, this sort of Denial of Service attack could cause a lot of misery, and could potentially put lives at risk, especially at those stations which have Oyster card barriers very close to the up escalators, where there is a risk of people get trampled by a panicked crowd.

Transport for London must immediately ensure that Tube gates cannot be jammed shut by such a software malfunction. This is a safety issue, and , as such, must be given a far higher priority than any anti-fraud measures.

Transport for London need to actually publicly demonstrate that they have responded properly, to make such potential attacks impossible, and not just issue public relations spin that claim that there is no real problem.

The Daily Mail website has some photos of Saturday night's utterly predictable "Last Orders" alcoholic binge on the the Tube.before Boris Johnson's ban on drinking alcohol came into force.

Pictured: Chaotic scenes as alcohol-fuelled Facebook party to mark the end of drinking on the tube ends in violence

Many began fighting and vomiting, seven Tube staff and two police officers were assaulted, six Underground stations had to be closed and several trains were taken out of service after party-goers began smashing them up.

Police made 17 arrests

Apart from the extra crowds caused by closing the 6 Tube stations, how was this worse than a typical Saturday night, with say, crowds of football supporters roaming the the Tube ?

The only difference was that the Police were actually on the spot, instead of hiding away somewhere, as they normally are.

The problem with alcohol on public transport is not so much what goes on in central London, but what happens on the last bus or tube or national rail train home on a Friday or Saturday night, when the extra alcohol being consumed in transit , in addition to that which people who have been drinking all evening, kicks in.

There are usually no British Transport police riding such tubes, buses or trains .out into to the suburbs, and CCTV does absolutely nothing to deter drunken violent or anti-social behavior.

We will wait and see how this new policy will actually be enforced over the next few weeks and months.

Crapita seem to have lost the London Congestion Charge and Low Emission Zone road taxation and sneaky mass surveillance schemes contract to IBM, from 2009 onwards.

Transport for London announces new Congestion Charge service provider

25 October 2007

Transport for London (TfL) today announced that IBM United Kingdom Limited is the selected bidder for the Congestion Charging and Low Emission Zone service provider contract.

The decision follows a 12-month competitive tendering procurement process.

IBM will be responsible for the operation of the Congestion Charging and Low Emission Zone schemes from November 2009, including the technology that will underpin payments and all customer contact channels.

The contract is for a duration of five years with an option to extend a further five years.

IBM's consortium partner, NCP Services, will be responsible for the schemes' enforcement.

[...]

"We expect to continue our excellent working relationship with Capita over the next two years."

We expect Crapita's demoralised staff, facing redundancies, etc. to offer an even more dire level of "service" for the next two year> Crapita now have no financial incentive to invest any extra money in the necessary training or maintenance to keep the systems running, let alone to improve them.

IBM, will, like Crapita before them, have underbid to secure the contract, knowing that they then have Ken Livingstone over a financial and political barrel and can "negotiate" extra public money in the future, exactly like Crapita did.

We await with interest the next criticism of the Daily Mail or the Evening Standard newspapers by Ken Livingstone, organisations which he usually claims are somehow tainted by their corporate predecessor organisation's supposedly nazi sympathetic past back in the 1930s.

Where is Ken Livingstone's criticism of International business Machines (IBM), whose long experience of customised data processing "solutions", included state of the art transportation back office systems for the German railways and for the recording and categorisation of the poeple sent to nazi concentration and extermination camps ?

Has anyone on the Mayor of London's media spin team bothered to read the book IBM and the Holocaust by Edwin Black ?

Why did Ken Livingstone not demand strong safeguards on the privacy and security of the Congestion Charge data beloning going to millions of innocent motorists, which is now, since July, being slurped automatically in bulk, in real time, from the Congestion Charge system by the Metropolitan Police and other shadowy, unaccountable "national security" organisations, ?

The BBC have a report about how the Police are increasingly using the unique serial number identifier built into the by now familiar Oyster Card travel smartcard, for criminal investigations.

via Martin Stabe:

BBC Last Updated: Monday, 13 March 2006, 08:14 GMT

Oyster data is 'new police tool'

Police are increasingly turning to Oyster travel cards to track criminals' movements, according to new figures.

The smartcards, used by five million Londoners, record details of each bus, Tube or train journey made by the holder over the previous eight weeks.

In January, police requested journey information 61 times, compared with just seven times in the whole of 2004.

The Metropolitan Police said it was a "straightforward investigative tool" used on a case-by-case basis.

In total, 229 of the 243 requests made by police to access records were granted, the figures disclosed under the Freedom of Information Act show.

[...]

A Transport for London spokesman said: "Very few authorised individuals can access this data and there is no bulk disclosure of personal data to third parties for any commercial purposes."

He added that police requests are made under Association of Chief Police Officers' guidance and disclosed in accordance with the Data Protection Act.

A single "request" could cover all the uses of all the Oyster Cards at a specific station for a specific time period.

Remember that the Oyster Card itself stores the travel / payment history for the last few transactions (up to the capacity of the memory on the chip), but that Transport for London have the entire history of any particular Oyster Card on their centralised database systems.

Note that this statement by Transport for London does not preclude bulk transfers and "fishing expeditions" for "national security" or for "the prevention and detection of crime" loopholes in the Data Protection Act.

Similarly, there is no mention of the combination of CCTV surveillance and Oyster Card monitoring of millions of innocent people, rather than just the minority of criminals who are under specific criminal investigation.

Ken Livingstone has published another fake public "consultation" regarding his "Low Emission Zone" plans which will cover the whole of London within the M25 starting in 2008.

Low Emission Zone Consultation

Frequently Asked Questions

This will cover all the 33 London Boroughs within the M25, but not the M25 itself, and will seek to limit particulate carbon air pollutants , which are mostly produced by pre-2001 vintage diesel engined lorries etc. through Yet Another Automatic Number Plate Recognition enforced system of fees (£100 to £200 a day) and fines (£ 1000 or more).

Unlike the London Congestion Charge, presumably this LEZ scheme will need to be run 24/7 and at weekends.

"It is proposed that the LEZ would be enforced using Automatic Number Plate Recognition (ANPR) cameras similar to those used for Congestion Charging. Fixed cameras would be supplemented by mobile patrol units fitted with ANPR cameras"

Why have they chosen the most intrusive and privacy unfriendly "control freak" way of enforcing this anti-pollution policy ?

About this blog

This website comments on the policies of the Mayor of London, the London Assembly and the Greater London Authority and actually pre-dates even the referendum which took place before these public bodies were set up.

Email Contact

Please feel free to email us your views about this website or news about the issues it tries to comment on:

blog @mayor-of-london.co.uk

If you need to contact us in confidence, use our our PGP public encryption key or an email account based overseas e.g. Hushmail

Please do not confuse this website with the tax payer funded Mayor of London, the London Assembly and the Greater London Authority website.

Do not confuse that lot with the ancient office of the Lord Mayor of London either.

Hints and Tips for Whistleblowers

There are many good people trapped in the bureaucracies which run London. If you are thinking about blowing the whistle on shadowy and powerful people in Government or commerce, and their dubious policies then you need be very careful these days. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g.

Links

Wikipedia article on the Mayor of London

Wikipedia article on the London Assembly

The Evening Standard newspaper - fulfills its role by scrutinising the Mayor and the GLA etc. rather more effectively than the politicians and bureaucrats do.

Mayor of London press releases

London Assembly press releases

MayorWatch - commercial news site about the Mayor of London etc.

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID - opposition to the NuLabour Compulsory Biometric ID Card
NO2ID - opposition to NuLabour's plans for Compulsory Biometric ID Card and National Identity Register centralised database.

asboconcern logo
ASBO Concern - alliance of organisations and individuals who are concerned about the abuse of NuLabour's Anti Social Behaviour Orders.

MI5 encrypted contact web form use 999 or 112 to report immediate threats
Encrypted MI5 web response form NuLabour's "Climate of Fear" is not the same as the real fight against terror.

gamesmonitor_logo_150.gif Games Monitor - "Games Monitor is a network of people raising awareness about issues within the London Olympic development processes. We want to highlight the local, London and international implications of the Olympic industry. We seek to deconstruct the 'fantastic' hype of Olympic boosterism and the eager complicity of the 'urban elites' in politics, business, the media, sport, academia and local institutional 'community stakeholders'. "

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond
Parliament Protest blog - resistance to the Designated Area resticting peaceful demonstrations or lobbying in the vicinity of Parliament.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill Act

Ken Livingstone Links

Syndicate this site (XML):

November 2018

Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30