NYC’s 'tap and go' Metrocard replacement is a privacy nightmare

The subway system’s technological leap forward hides a host of issues.

Bloomberg/Bloomberg/Getty Images

After years of trying, New York City officials and the Metropolitan Transit Authority (MTA) finally began the process of phasing out the MetroCard. OMNY, an NFC-fueled, contactless fare payment system began officially rolling out to buses and subway stations last year. Though there was some initial excitement about the technological advancement, a new report from The Verge exposes some unsavory permissions and practices.

The MTA can turn your data against you — OMNY’s privacy policy leaves room for the collection of data beyond payment, including IP addresses and device numbers. Somehow the most positive way this could be used is for advertisements, but it could also just be used to track you outside of the transit system.

The MTA could also potentially exclude people from the system. This could help enforce a current legislative push to ban sex offenders from mass transit in New York City, but access to transit could be blocked for far less. People could be suspended from transit use for the mere “suspicion of other illegal activity” or for a “breach our code of conduct,” completely at the MTA’s discretion. According to The Verge, “Behaviors deemed illegal by the MTA in recent years include putting your feet up on a seat, sleeping on the train, or passing between subway cars.”

Falling asleep could result in account suspension.Thom Lang/The Image Bank/Getty Images

Why OMNY? — The MTA is, to put it lightly, struggling with old infrastructure; trains run (allegedly on a schedule) on tracks from the 1960s. It is also deciding to create a problem for itself with strict fare evasion policies that disproportionately affects black and brown riders. OMNY is meant to be a beacon of modernity in a system where the infamous unreliability of the L train somehow infected the entire system.

A New York City transit token in use.New York Daily News Archive/New York Daily News/Getty Images

The flimsy MetroCards phased out tokens by 2003, only to seem behind the times a decade later. Other metro transit systems have long since introduced tap-to-pay cards, like London’s Oyster card or even LA’s TAP card. Matt Cole, an executive at the company behind OMNY, Cubic, told The New York Times last year “ many ways, New York has leapfrogged other cities in the world that have smart cards but not contactless.”

The problem with contactless payment — At this point, riders can choose between a digital wallet or a contactless card to use OMNY, but most people in the U.S. don’t have the latter. Until OMNY cards and cash payments are released next year, riders hoping to ditch MetroCards have to use their smartphone.

Language in OMNY’s terms of service and privacy policy has raised some concerns. Notably, it removes liability from the MTA if people are double-charged, which happened to many Apple Pay users earlier this year. Essentially, a smartphone simply being close enough to a turnstile could trigger a fare payment.

A contactless debit card.Bloomberg/Bloomberg/Getty Images

“If you’re using OMNY on your phone – there’s no card yet – it’s not clear to me what other information they’re taking from your phone or how that can identify you,” Jerome Greco, a staff attorney at the Legal Aid Society’s digital forensics unit told The Verge.

What now? — Al Putre, the MTA’s program director for OMNY, after being questioned by The Verge put out a statement. “For clarity and effective immediately, the OMNY Terms of Service have been amended to remove references to actions that might summarily prohibit access to OMNY services — a provision that has never been used.”

The new terms cite “Suspicion of fraudulent or other illegal activity in connection with the use of such card or digital wallet while the suspected fraud or illegal activity is under investigation” as a reason for account suspension, removing the MTA’s carte blanche. The language indemnifying the service from double-charge claims is still present, but the terms also acknowledge customers can reach out to the company’s call center for a refund due to “alleged improperly functioning OMNY equipment.” OMNY still has access to IP addresses and device numbers.