Surveillance Infrastructure Creeps Forward in D.C.

by Jim Harper on November 7, 2007 · Comments

The D.C. Examiner reported yesterday that the D.C. Department of Motor Vehicles plans to embed drivers’ licenses with SmarTrip chips, the RFID chips increasingly used to access the Metro system.

This is another step taken to make Metro access more convenient – oh, and more subject to surveillance.


The SmarTrip card is an RFID-chipped card that controls access to Metro stations and deducts fares from users’ card-based accounts.

Metro has long encouraged people to register their cards, because this allows lost cards to be cancelled and new ones issued, preserving the value of the lost card. Registration of the card, of course, allows Metro to correlate use of the card with a particular person. It’s a bearer document, but a SmarTrip card is usually used by the same person, which is usually the person who registered it.

In 1998, to promote public transit, Congress gave employers a tax break for providing money to employees for use on transit systems. Metro has offered a program called Metrochek, in which employers have given employees farecards, a magnetic-striped paper stored-value card. Farecards are generally given out to employees without records of which went to whom, giving users effective anonymity because use of a card could only be associated with an employer, not a particular employee.

However, because of fraud in the program – not discouragement of commuting mind you, just people trading their Metrocheks to others for cash – Metro is transitioning to a thing called SmartBenefits. This is where the value is added automatically to a SmarTrip card, the serial number of which is given to the employer by the employee. This will help suppress the fraud, while expanding the capability of the Metro system to track users. The serial number of the employee held by the employer can be matched to Metro system records to reveal the comings and goings of the worker.

Still, a person could always decline registration, or swap cards with others to perfect their anonymous travel.

Adding the SmarTrip chip to the driver’s license constricts that loophole quite narrowly. It is very unlikely that people would trade drivers’ licenses in order to avoid tracking. It’s a step forward in convenience (assuming the D.C. DMV gets it right), but it’s a step down a primrose path toward comprehensive surveillance of Metro users.

Discussion of this latest development on DCist follows the pattern that is typical when a technology useful for surveillance is offered as a convenience. Along with practical questions about what happens when the RFID chip in the license breaks, the majority don’t see the privacy problem. Their Metro travels aren’t private, and there are all kinds of other things that track them. It’s a barn door they don’t seem to want closed.

And they won’t, until divorce lawyers routinely make use of Metro/DMV records to reveal long lunchtime excursions to the Maryland suburbs. Or when D.C. government employees look up the movements of former spouses or lovers. Or when having a D.C. license is the only way to access the Metro system without submitting to a pat-down search.

Obviously, you can’t yell and scream at a small step forward for the surveillance infrastructure premised on convenience. You can only point to the trend, point out how a transportation subsidy ends up eroding privacy, and perhaps look for alternatives.

Anyone got a plan for anonymous commuting that serves all the wonderful goals of the SmarTrip and SmartBenefits programs?

Comments Posted in: Privacy, Security & Government Surveillance

  • Justin R.
    Use a vanpool! You get the same dollar benefit and it's applied in a voucher. Thousands of people use vanpools to DC and the only registered person is the Primary and Alternate drivers. VPSI inc @ www.vpsiinc.com is a great company and has great rates for federal workers commuting from all points to DC. Hope this helps!
  • I have been thinking of it for a while, and I was even wondering about the appropriateness of posting my observation since it has more to do with Solveig Singleton. And yes I know there are many different opinions here. In early November Singleton wrote two posts Public Knowledge on Copyright Reform and Further Notes on Patent Reform that caused me to think about this concept a bit more.

    Additionally TechDirt is running a pole: Which Internet Concern Worries You The Most? In responding to that pole (July 2007) I wrote:
    "The poll results are interesting in that the responders do not appear to reacting to concerns that actually would "hurt" them. For example, the number one response (at least for now) is government spying. In theory, this is being done to protect society and if one is not doing anything illegal - it should be of no consequence. (Privacy today is virtually non-existent, every time we go in a public place we are now recorded.)

    However, the question "DRM restrictions get more draconian" raises the issue that laws are being passed that take away a consumers rights, criminalize behaviors, and aggrandizes the "rights" of the product producers. The fact that laws are being passed that deprive me of rights and criminalize certain behaviors is much more of a concern than some obscure bored bureaucrat watching me. With the way DRM is going, I could find myself in jail for buying the wrong ink for my printer."

    My concern with Singleton's posts actually goes deeper than government versus corporate spying. In her post she raises the issue of an "enforcement problem". This phrase is suitably ambiguous as to what it really means. But based on the concept that corporations have a "right" to protect their so-called property, the logical implication, in the extreme sense, is that corporations should be given the right to "arrest", "judge", and "fine" whoever the corporations anoint as an intellectual property thief. No due process.

    As I am writing this, I peeked at TechDirt again looking for an article that I had previously read a while back on how consumers were losing their rights. TechDirt has two new posts. One "MLB's Latest Efforts To Screw Fans: All That Content You Bought? Gone, Thanks To DRM Change" and "Using The DMCA And DRM To Prevent Innovation" Well, I've gone on long enough.
  • B
    You can always buy another card. In fact, Metro is planning on making the cards free and allowing you to buy them at more venues, so this'll be easier. Remember that the DC metro has as many MD/VA commuters as residents, and has to be tourist-friendly, so it'll be a long time before access is closed to Smartrip users only, let alone state-IDs only.
  • Jim Harper
    Thanks for the observation, Steve. Each of the bloggers here on TLF speaks for him- or herself, and we don't all agree on everything, so there well could be "gaps" among us on issues like this. But I'd be interested to know which posts have promoted DRM for tracking consumers. I know there are plenty that criticize DRM, if not directly on that basis.

    Corporate tracking is less concerning to most of us than government tracking because corporations do not have the monopoly on force that governments have. Corporations can inconvenience people and do some bad things, but governments can lock you up and throw away the key, so I think most of us prioritize concerns with government power.
  • As a result of reading the posts on this website, I have been sensing logical "gaps". In this case the use of RFID chips to track the movement of people (consumers) versus the use of DRM technologies to track how people (consumers) use a product. The logical "gap" in this case: Why is "bad" for the government to track people, but it is "good" for corporations to track people????

    In either situation, we are loosing "privacy" and we are being subjected to ever greater "surveillance". So from my point of view, both government and private industry are essentially doing the same thing; yet government surveillance tends to be viewed as "wrong" while corporate surveillance tends to be viewed by some as "acceptable".
blog comments powered by Disqus

Previous post:

Next post: