Privacy group raises OMNY security concerns

New York City's OMNY system.
New York City's OMNY system.
Shutterstock

Privacy group raises OMNY security concerns

The tap-and-go payment system may pose a threat to undocumented immigrants.
October 2, 2019

A new white paper from the Surveillance Technology Oversight Project, a New York-based privacy advocacy group, finds that the Metropolitan Transportation Authority’s One Metro New York tap-and-go payment system poses a threat to undocumented immigrants. The report highlights how the contactless technology used with OMNY, which is in the process of being phased in across all MTA subway and bus stations, is able to track when and where specific users enter MTA stations. That ability, the report states, could pose a threat to undocumented immigrants if the data were shared with U.S. Immigration and Customs Enforcement. Already, agencies including the New York Police Department engage in information-sharing with ICE.

“The current OMNY privacy policy fails to protect riders from having our travel habits perpetually tracked by the NYPD or even federal agencies like ICE,” Albert Fox Cahn, executive director of S.T.O.P., said in a statement. “Even the choice of RFID technology raises concerns, following widespread reports that the technology has been hacked in other cities.”

By the time OMNY’s rollout is scheduled to be completed in 2023, riders will not only be able to use contactless credit/debit cards and digital wallets to pay fares, but will have the option of using an OMNY card that can be paid for with cash and not contain the data that might be shared through a credit card or smart device. Still, the S.T.O.P. report points out that other locales have added fees to these cards, and that if high fees are added when purchasing an OMNY card, it would constitute a “privacy tax.”

Annie McDonough
Annie McDonough
is a tech and policy reporter at City & State.
20191018