In a move to uphold its commitment to customer privacy, New York City’s Metropolitan Transportation Authority (MTA) has deactivated a particular function on its OMNY website. This feature allowed individuals to monitor a subway rider’s entry points by simply entering the rider’s credit card information. The MTA has taken the step of shutting down this seven-day history feature on its OMNY system.
According to a statement by MTA spokesperson Eugene Resnick to BuyTechBlog, the feature was originally designed to offer riders easy access to their travel histories, whether for paid or free journeys, without requiring an OMNY account. “In light of our sustained focus on ensuring the privacy of our customers, we’ve chosen to disable this feature while we look into alternative methods to cater to these users,” Resnick elaborated.
The now-defunct page on the OMNY website allowed individuals to punch in a credit card number and its expiry date to view that cardholder’s seven-day subway entry history in NYC. While this was initially implemented as a convenience for subway passengers, it also became what Eva Galperin, the Electronic Frontier Foundation’s cybersecurity director, termed “a bonanza for potential abusers.”
This tracking capability was initially exposed by Joseph Cox of 404 Media, who was able to keep tabs on someone’s subway entry points after obtaining their consent. Cox remarked, “If I had continued to track this individual, I would’ve eventually pieced together their usual starting subway station—which is likely close to their residence. I’d also be aware of the specific times they generally use the subway.”
The feature raised concerns as it became a potential tool for stalkers, vindictive ex-partners, or anyone who managed to get their hands on someone’s credit card information. Shockingly, there were no PIN or password requirements to use this feature. Although the website did offer an option for creating a more secure account, this was inconspicuously tucked away further down the page.
So, let this be a cautionary tale. While technology often aims to make life more convenient, sometimes it might just end up inviting trouble you never signed up for.
Frequently Asked Questions (FAQs) about MTA Privacy Concerns
What feature has the NYC Metro Authority disabled on its OMNY website?
The NYC Metropolitan Transportation Authority (MTA) has disabled a feature on its OMNY website that allowed people to track a subway rider’s seven-day entry history using their credit card information.
Why did the MTA decide to disable this feature?
The MTA disabled this feature as part of its commitment to customer privacy. Although initially aimed at providing convenience for users, the feature was criticized for potentially enabling stalking and other abusive behaviors.
What was the original intent behind the now-disabled feature?
The feature was initially intended to offer subway riders easy access to their travel histories for both paid and free journeys, without requiring them to create an OMNY account.
Who raised concerns about the potential abuse of this feature?
Eva Galperin, the Electronic Frontier Foundation’s director of cybersecurity, and Joseph Cox of 404 Media raised concerns about the feature. They highlighted that it could be misused for stalking or other forms of abuse.
Were there any security measures in place for using the disabled feature?
The feature did not require any PIN or password for access, making it easier for potential abusers to misuse it. Though there was an option to create a more secure account, it was not prominently displayed on the webpage.
Is the MTA planning to introduce an alternative feature?
According to MTA spokesperson Eugene Resnick, the agency is evaluating other ways to serve customers who want easy access to their travel histories while still maintaining privacy standards.
What information was needed to use the now-disabled tracking feature?
Users needed only a credit card number and its expiration date to track a subway rider’s seven-day entry history in NYC.
What kind of risks did the feature pose?
The feature posed risks of stalking, abuse by ex-partners, and general invasion of privacy, as anyone with access to a person’s credit card information could track their subway movements.
Where was the option for a more secure account located?
The option to create a more secure OMNY account was available on the website, but it was placed inconspicuously farther down the page, making it less likely for users to notice it.
What lesson can be learned from this incident?
The incident serves as a cautionary tale about the double-edged nature of technology. While it may offer conveniences, it can also inadvertently create opportunities for abuse and privacy invasion.