The economics of this are obviously different. See http://www3.ttc.ca/

A commuter will make 2 trips a day at $2.75, minimum, so there is a small saving. But the TTC benefits from a plan that gives a predictable cash flow. The consumer also benefits from the convenience of the pass for extra ‘incidental’ trips. No doubt the overall economic analysis also takes into account that this is an incentive to use the transit system compared to driving.

Regardless: what I find interesting is how different cities seem to come to different conclusions and use different economic models given much the same data about commuters.

In short: as they implied in their recommendations, the problem isn’t with a) or b), it’s with c) and d).

Even with crypto, there are still plenty of points of attack — if you think IKE is complicated, try working out the logistics of key distribution for fare readers and buses from Providence to Newburyport.

One question I’m curious about that isn’t explicitly mentioned in either the presentation or the recommendations is: do the CharlieTickets have machine-readable unique IDs that are tracked by the fare readers? If this isn’t the case, the resulting attack doesn’t even require a magstripe reader: Buy a card; slice the important tracks into two (or more if you’re lucky) identical pieces; re-assemble each onto a new card; and go to town. There’s a breakdown of the fields in the slides, but I’m not sure whether or not it’s a complete description of the card.

By the way, since apparently no journalist has bothered to dig this far (even though it’s mentioned in the presentation slides), the contractors responsible for the MBTA’s system are Scheidt & Bachmann/OTI. S&B is also responsible for the awesome LIRR/Metro-North card system that lets users buy cards even if their debit cards don’t have enough money to cover the cost.