Monday 14 July 2008

Is the Oyster Failure a Red Herring?

This weekend there was a "fault" on the UK London Underground Oyster card system which caused chaos for many travellers and rendered a large number of cards inoperable and requiring replacement.

This follows the recent cloning of the Oyster card by a group of "Dutch Boffins" (The Register's term, not mine) who had previously cracked the encryption used on the Amsterdam metro (GVB).

I found this story interesting as I travel regularly using both services. It also piqued my curiousity because of the implications on data encryption. It shows that given enough time and ingenuity, it is possible to hack/crack almost all, if not all encryption methods. This has significant impacts for the use of Cloud Storage as a location to store what I would term "Data at Risk" (not Data in Flight or Data at Rest) and re-inforces the need for organisations with valuable data (governments etc) to store their information in secure locations.

Anyway, getting back to this weekend's failure, the conspiracy theorist in me says that TFL decided to change the encryption method used by Oyster to fix the successful Duch crack. This inevitably rendered a number of cards invalid as the cards were/are fixed in nature and couldn't be changed. TFL decided it was better to take the bad publicity of a number of rejected cards than compromise the entire system, because you can be sure the workaround for getting the card recharged would eventually find itself in the public domain.

What do you think?

2 comments:

Unknown said...

Ooh. A bit more excitement the next time I jump off the Heathrow Express and try and get a Tube from Paddington. I keep my Oyster in my bag since I'm over and back so often.

I wouldn't be surprised if they nuked a percentage of cards to maintain the security of the system. Though I wouldn't have minded getting an email telling me if mine had been marked as "defective" or some such nonsense since I've registered it online.

I'd guess that it's the earliest generation ones which were expired since they might be less sophisticated than later gen cards.

Maybe what should happen is they date stamp the back of the cards and routinely expire them after 12 months. You hand it back at a station and they issue you a new card running the state of the art tech or whatnot.

Matt Povey said...

Never ascribe to malice, that which can be more easily explained through incompetence (god knows who said that first, but they deserve a prize).

In other words, they may well have buggered about with the system in some way but likely as not, the consequences were unintended. More than likely, they simply screwed up an infrastructure or software change.

In my experience, a healthy proportion of bus Oyster readers are broken much of the time anyway :).