Privacy and the 'Belgian Mobility Card' (BMC)

It has been some while since we blogged about the "Privacy failure in the Belgian RFID transport card", but the card will still be introduced nationally.

See Chipkaarten De Lijn niet voor volgend jaar (datanews)

Testing will occur in 2010 and the rollout will happen during 2011 and 2012. Time to go over some past facts.

Some researchers of the UCL published a report about a privacy issue together with opensource tools that they used to test the card. On http://www.uclouvain.be/sites/security/mobib.html

But the details of the research were removed soon after, together with the tool. Why? Were they pressured in removing it? What would the benefit be in removing it? Don't people know that security by obscurity doesn't work? Sound a bit like a conspiracy, considering who owns the transport card company and who subsides the university. But we can't say for sure.

Some details could still be found via google:

http://www.uclouvain.be/sites/security/download/slides/Avoine-2009-iwrt-slides.pdf

From the PDF:

Personal data are stored in the clear in the card.

• Data stored in the card during its personalization: name of the holder, birthdate, zipcode, language, etc.

• Data recorded by the card when used for validations: last three validations (date, time, bus line, bus stop, subway station, etc.), and some additional technical data.

How can this not be an issue? This can totally be abused by stalkers with a good antenna and a laptop in their backpack, just to name one of the obvious abuses. Fathers, lock up your wife and your daughters.

So I hope that the MIVB/STIB, minister Hilde Crevits and other parties involving the Belgian Mobility Card (BMC) will do the right thing and NOT store this sensitive information in the clear before launching this card!!!

Claiming that our national ID contains the same public information is true but it is not on a contactless card. Meaning I have to take it out of your wallet and physically put it in a reader. Comparing those two and claiming there is no issue with cleartext information on a wireless chip is a fantasy story.

There is enough information and other tools available to read the info on the card. e.g.

• rfidiot.org
  
• http://wiki.yobi.be/wiki/MOBIB

Other online articles mentioning the issue:

• Met Mobib op het openbaar vervoer in Brussel: uw gegevens te grabbel? (Permanent Gecontroleerde Zones)
• Gekraakte Mobib-kaart doet vragen rijzen naar privacy (Brussel Nieuws)

(Photo under creative commons from Jools of Sweden's photostream)