THIS STORY HAS BEEN FORMATTED FOR EASY PRINTING

MBTA board member blasts agency's ticketing system

Independent audit of program urged

T General Manager Daniel Grabauskas says the CharlieTicket program is regularly reviewed by the federal government. T General Manager Daniel Grabauskas says the CharlieTicket program is regularly reviewed by the federal government.
By Christopher Baxter
Globe Correspondent / August 14, 2008
  • Email|
  • Print|
  • Single Page|
  • |
Text size +

An MBTA board member delivered scathing criticism of the T's ticketing system yesterday, seizing on the findings of three MIT students who said they discovered how to hack the system and ride for free.

At the Massachusetts Bay Transportation Authority's monthly meeting, Janice Loux distributed a report by the students detailing the vulnerabilities of the CharlieTicket and CharlieCard program. She said it was the latest example of "a systemwide failure" to properly implement and oversee automated fare collection.

"Whatever the reality of the reports, the automated system is a mess," Loux said, calling for an external audit of the program. "I've lost all confidence in our general manager."

The MBTA remains concerned about what Massachusetts Institute of Technology students Zack Anderson, R.J. Ryan, and Alessandro Chiesa may have discovered during their research for a network security class. A federal judge granted a temporary order Saturday blocking the trio from publicly discussing at a Las Vegas convention how to hack the cards and ride the T for free.

Daniel A. Grabauskas, general manager of the MBTA, said Monday that claims made in the past against the cards have either been dismissed or dealt with, adding yesterday that both internal audits and federal reviews monitor the program's performance.

Federal officials "have not raised any concerns," Grabauskas told the board. "They have been highly complimentary of the program, and they are pleased with how it's proceeded."

In court today, the agency will request changing the order to bar the students from discussing "nonpublic" information. That would probably allow them to talk about the details of their conference presentation, including how to hack the cards, and also about a vulnerability report that identifies weaknesses in the ticketing system. The MBTA would then have to persuade a judge to order a permanent injunction.

Grabauskas said after the meeting that he was not convinced the two documents contained all of the students' findings, which is why the agency is pushing forward with the injunction.

But he avoided the question of whether the reports posed a threat to the system.

Christopher Baxter can be reached at cbaxter@globe.com

© Copyright 2008 Globe Newspaper Company.
  • Email
  • Email
  • Print
  • Print
  • Single page
  • Single page
  • Reprints
  • Reprints
  • Share
  • Share
  • Comment
  • Comment
 
  • Share on DiggShare on Digg
  • Tag with Del.icio.us Save this article
  • powered by Del.icio.us
Your Name Your e-mail address (for return address purposes) E-mail address of recipients (separate multiple addresses with commas) Name and both e-mail fields are required.
Message (optional)
Disclaimer: Boston.com does not share this information or keep it permanently, as it is for the sole purpose of sending this one time e-mail.