Track this request
Act on what you've learnt
Similar requests
Some information sent by Transport for London to Harry Metcalfe on 29 August 2008.
All information sent by Transport for London to Mike Hudgell on 17 November 2008.
Response by Transport for London to william perrin on 6 September 2008.
Clarification regarding the recent TFL Oyster card problem and the current MiFare classic chip "hack" publishing case in Holland
A Freedom of Information request to Transport for London by A Watt
The request was successful.
A Watt
21 July 2008
Dear Sir or Madam,
A Dutch judge has just ordered that details of the "hack" used to
clone MiFare Classic Oyster cards should be published, effectively
over-ruling a previous injunction obtained by the MiFare classic
card makers, NXP, gagging publication.
(http://news.bbc.co.uk/1/hi/technology/75...)
During the controversy surrounding this court case, several
thousand London commuters were apparently hit by a "fault in the
system" (http://news.bbc.co.uk/1/hi/england/londo...)
and, according to the BBC website, commuters could "swap their
faulty cards". Indeed, they were allowed to continue on their
journeys while replacements were issued.
Please clarify if the Oyster card problems were actually caused by
the installation of security updates to the oyster card network
system to close the exploit which is detailed in the MiFare Classic
"hack".
Yours faithfully,
A. Watt
Enquire (TfL)
Transport for London
21 July 2008
Ref: TfL 84022
Dear Mr Watt
Thank you for your email received by Transport for London (TfL) on 21
July. You have asked for information about the recent TFL Oyster card
problem and it's relation to the current MiFare classic chip "hack"
publishing case in Holland.
We will deal with your request as soon as possible and in any case
provide you with a response by 18 August.
In the meantime, if you have any queries or would like to discuss your
request, please do not hesitate to contact me at the above email
address.
Yours sincerely
Maria La Tegola
Transport for London
Central Customer Services
As part of our continuing efforts to improve our services to our
customers, TfL undertakes, from time to time, research aimed at
identifying issues and opportunities. We may contact you in the next few
weeks via our appointed research agency, GFK NOP, in connection with
your recent communication with us. If you are contacted, we would
greatly appreciate your contribution to the research survey. Any
information that you give would be totally confidential and you would
not be identified personally. If you do not wish to be contacted for
research purposes, please could you let us know.
show quoted sections
Enquire (TfL)
Transport for London
4 August 2008
Ref: TfL 84022
Dear Mr Watt
Thank you for your email received by Transport for London (TfL) on 21
July. You have asked for information about the recent TfL Oyster card
problem, and it's relation to the current MiFare classic chip "hack"
publishing case in Holland.
Your request has been considered under the requirements of the Freedom
of Information Act and I can confirm that TfL does hold the information
you require
I have checked with TfL's Director of Fares & Ticketing, and he has
informed me that the Oyster failures of 12 July 2008 had no relation to
the publication of the MiFare algorithm in the Netherlands around the
same time. He has confirmed that no software changes were being made on
that date.
I hope this information answers your question, and thank you for taking
the time to contact us.
If this is not the information you are looking for, please do not
hesitate to contact me.
If you are not satisfied with this response, please read the attached
help-sheet entitled 'Your Right to Appeal'
Yours sincerely
Maria La Tegola
Transport for London
Central Customer Services
Your Right to Appeal
Internal Review
If you are dissatisfied with the way TfL has handled your information
request, you can ask us to conduct an internal review of our decision.
The internal review will be conducted by someone other than the person
who made the original decision, in accordance with the complaints
procedure published on our website at www.tfl.gov.uk/foi.
Requests for internal review should be addressed to:
Head of Information Access and Compliance
6th Floor Windsor House
42 - 50
Victoria Street
London
SW1H 0TL
Complaints to the Information Commissioner
If, following the internal review, you remain dissatisfied with the way
TfL has handled your request, then you can take your complaint to:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
A complaint form is available on the Information Commissioner's Office
website
www.ico.gov.uk <http://www.ico.gov.uk/>
show quoted sections
Things to do with this request
Add an annotation (to help the requester or others)
A Watt only:
Reply to Enquire (TfL)
|
Request an internal review
Transport for London only:
Respond to request
R Ross-Langley left an annotation (17 October 2008)
> he has informed me that the Oyster failures of 12 July 2008 had no relation to the publication of the MiFare algorithm in the Netherlands around the same time.
While the failures were not related to the *publication* of the algorithm, the possibility remains that they were related to changes applied to fix or circumvent related security weakness(es).
> He has confirmed that no software changes were being made on that date.
This leaves open the possibility that software and/or hardware changes were made and implemented earlier, perhaps the night before, so that the failures were due to the *operation* of the changed system on that day.
Link to this