NoTechFor: OMNY

  • by

In 2019, 500 new officers were appointed to the MTA by New York Governor Andrew Cuomo to stop “attacks against transit workers and persistent fare evasion”. Violent arrests have since become a common sight at New York subway stations, in what many are calling the criminalization of poverty. Things are about to get even worse thanks to a new technology called OMNY.

OMNY is an electronic payment system that uses radio signal transceivers in phones, smart devices, and credit and debit cards to process riders’ fares directly at subway turnstiles or bus entries. While it is promoted as a convenience, the new system will provide the MTA (and potentially third parties) with a massive amount of data about riders: where and when a user enters the system, the card used for the purchase, as well as the billing address. Cubic Tech, the company behind OMNY, can then store this data for an undisclosed amount of time. According to the Surveillance Technology Oversight Project report, when combined with the surveillance methods that are already in place at the MTA, OMNY will increase their surveillance capacity to unprecedented levels.

According to OMNY’s privacy policy, “the MTA uses your Personal Information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal processes, such as to respond to subpoenas or requests from government authorities.” This means that the data that OMNY collects could be shared with the NYPD, FBI, CIA or ICE, without the need for a warrant on the rider.  OMNY’s terms of service also states that a user’s access could be revoked at any point if there is suspicion of other illegal activity — a decision left to the discretion of the MTA. MTA’s definition of illegal activity in recent years has included putting your feet up on a seat and sleeping on the train.

Perhaps even more alarming is the presence of “small laptop style hidden cameras” on OMNY payment machines. Though the OMNY privacy policy does not mention anything about cameras or image capturing/recording, the presence of these cameras raises the possibility that they will used for “infrared based facial recognition to obtain a clearer image of the face.”

From location and banking data, to the possibility of facial data, OMNY has the ability to collect vast amounts of sensitive data on MTA travellers. This poses not only a privacy concern but also a security concern. Cubic Tech’s poor security record provides little reassurance on this front. Their Muni light rail payment system in San Francisco was hacked in 2016 and held ransom for $73,000 in BitCoin. London’s Oyster payment system was taken offline in 2019 after it was discovered that a number of user credentials were stolen and used to access the system. All of this increases the possibility that third parties might access sensitive data on MTA riders.

MetroCard data is routinely used by police to recreate the movement of suspects, and there is little doubt that OMNY data will be similarly used. With smartphone device identifiers and comprehensive location data OMNY will enable law enforcement to access even more information on suspects. Cubic Tech and OMNY exemplify the ambiguous policies that allow private companies to hold vast amounts of data on non-consenting individuals. Further, these policies actively facilitate law enforcement in circumventing due process, potentially exposing innocent individuals to incursions into their privacy.

For turning the daily metro ride into a commute with Big Brother @OMNY @CubicTech No Tech For U