NYC OMNY Subway Fare System Run by Defense Firm Cubic

In a cheerfully animated promotional video, a woman narrates Cubic Transportation Systems’ vision for the future. Travelers will pay fares using a ticket-free mobile account. Real-time data will be aggregated, linked, and shared. Deals — such as 50 percent off at a partner coffee shop — may even incentivize users to select certain transit routes at certain times.

“The more information that is gathered, the more powerful the system becomes,” the narrator tells us. “The piece of the puzzle missing … is you.”

This is “NextCity,” Cubic Transportation Systems’ idea of a smart city: an urban area that uses technology and networked data to optimize functioning and mobility.

Over the past decade, Cubic has taken the first steps toward actualizing its vision by snapping up contracts for the development of mobile-based, contactless fare collection systems in eight of America’s 10 largest public transit networks. Gone are the days of cumbersome tokens and flimsy farecards; now, millions of bus and subway riders can pay their fare directly by hovering a smartphone or credit card over a reader.

Transit authorities have embraced tap-to-pay technology for its convenience and speed, but privacy advocates are worried that the new fare collection systems pose serious surveillance and security risks. The concerns came to the fore as New York City’s Metropolitan Transportation Authority, or MTA, rolled out OMNY, a fare payment system backed by Cubic that’s slated to fully replace MetroCards by the end of 2023. Nevertheless, Cubic’s widespread use of touchless, mobile-based reader technology is sprouting up everywhere — including places like San Francisco and Miami, where public transit riders would need to dig deep into city documents to find Cubic’s roles.

Cubic is a privately held corporation with broad and varied interests. In addition to its transit operation, Cubic is a vast military contractor doing hundreds of millions of dollars in business with the U.S. military and sales to foreign militaries. The company supplies surveillance technologies, training simulators, satellite communications equipment, computing and networking platforms, and other military hardware and software. Most of the headlines Cubic garners, though, stem from its increasingly indispensable role in public transit systems across the world.

“I’m deeply concerned about how the development of smart cities creates growing incentives for companies like Cubic to aggregate our data and then sell it.”

As Cubic’s quiet grip on fare collection takes hold in more cities, the company’s ability to process rider data grows with it, creating a sprawling corporate apparatus that has the extraordinary potential to gather up reams of information on the very people it is supposed to serve. In some cases, its access to that information is explicit in the transit systems’ privacy policies.

“I’m deeply concerned about how the development of smart cities creates growing incentives for companies like Cubic to aggregate our data and then sell it to police, ICE, and other agencies,” said Albert Fox Cahn, founder and executive director of the Surveillance Technology and Oversight Project, referring to U.S. Immigration and Customs Enforcement. “Right now, our data is a huge part of the product, with almost no safeguards against these sorts of abuse.”

Cubic did not respond to a request for comment.

MG_1681-Cubic-MTA-NYC — Photo: Elise Swain/The Intercept

Turnstiles and Military Systems

The privacy concerns around Cubic would be acute even if its interests were limited to transit, but the company wears dual hats as ubiquitous public service provider and defense contractor.

Cubic Transportation Systems is but one division of Cubic Corporation. The company’s other concerns revolve around providing technologies to U.S. and other security forces. The defense contractor, Cubic Mission and Performance Solutions, handles Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance, and Reconnaissance — or C5ISR — capabilities for the U.S. military. And Cubic also owns a variety of subsidiaries, including Abraxas Corporation, which supplies counterintelligence and cybersecurity software to agencies working in national security.

Since 1992, U.S. government agencies have awarded Cubic’s defense wing and its subsidiaries billions of dollars in contracts, including more than $42.1 million from the Department of Defense this year alone. One of Cubic’s largest contracts came in 2020, when the Pentagon awarded the company $193.3 million for work on training systems, with over half of the money allocated to foreign military sales in Saudi Arabia, Egypt, Morocco, Oman, Poland, Qatar, Singapore, Australia, and the U.K.

Cubic has also provided key support for U.S. drone operations. The company received $1.4 million from the U.S. Air Force in 2018 for Predator/Reaper training software, and in 2020, it signed a cooperative agreement with U.S. Special Operations for the research and development of intelligence, surveillance, and reconnaissance technologies related to drones. Cubic also sells surveillance technologies; a subsidiary that sells video enhancement software has clients including the New York Police Department, U.S. Secret Service, and military criminal investigators.

The defense contracting business runs in parallel to the transit work — where Cubic’s reach is also international. The company has implemented contactless payment technology in other major cities globally, including London, Sydney, and Vancouver. It controls about 70 percent of the market for public transit fare collection across the U.S., U.K., and Australia.

In 2013, when the Chicago Reporter flagged that the company responsible for Chicago’s Ventra system — cards for public transit — had national security ties, a Cubic Corporation spokesperson insisted that the transportation and defense wings were “entirely separate entities and not connected through anything but ownership.”

In annual reports, however, the company emphasized the benefits of its “Living One Cubic” ethos. The reports describe the touchless reader at the center of Cubic’s transit business as “an innovation developed through engineering collaboration” across both divisions of the company. The 2019 annual report also cites the launch of a new internal product management system that will facilitate the sharing of “technical information and data amongst our engineering teams and the overall company.”

The notion of “One Cubic” is also on display in lobbying disclosures. While Cubic has spent massive sums on more than two decades of defense-industry lobbying, Cubic Corporation has put lesser, though still significant funding into lobbying on transit issues; in 2015, the company started directing its resources into “promot[ing] Cubic transportation technology solutions.” In 2019, the company pushed for the “adoption of integrated fare payment and mobility as a service solutions” — corporate jargon for its mobile-based fare collection systems and public-private transit partnerships.

Often, Cubic Corporation’s defense and transportation lobbying is targeted at the same lawmaker or handled by the same firm, with disclosures listing House and Senate defense authorizations alongside federal transportation appropriations.

For Bill Budington, senior staff technologist at the Electronic Frontier Foundation, the soft wall between Cubic’s transportation and military businesses raises questions that have yet to be addressed by transit authorities about the risks that personal data could move between the two sides of the company.

“I think it depends on the overlap, and whether the technologies employed are bleeding over to the other side of the company,” said Budington. “And whether the typical concerns, when it comes to the privacy and security of data that’s being handled for the public, are lessened by the fact that you’re part of the intelligence community that is looking for targets and employing military technologies overseas.”

He added, “That is something that should be raised to the public, and there should be a public debate about it. And I don’t think that there has been.”

Vague Privacy Policy

The Cubic Corporation’s privacy policy outlines the notably lenient guidelines governing the use of data provided both through Cubic’s own website and its contracts with clients. The sharing of personal information is permitted among recipients, including Cubic’s family of companies, affiliates, and subsidiaries; external auditors; police, regulators, government agencies, and judicial or administrative authorities; and third parties connected with mergers and acquisitions.

The company also says it may share information “where disclosure is both legally permissible and necessary to protect or defend our rights” and in “matters of national security.” Personal data may be stored for up to 10 years.

Cubic’s privacy policy allows data sharing between corporate divisions only if it’s for the product being delivered, not for ancillary business practices. However, Cahn said that it’s difficult to know what corporate firewalls are truly in place when dealing with private companies.

“I think this highlights one of the broader design tensions with smart cities infrastructure,” Cahn said. “Oftentimes, we have a misalignment of incentives, where companies have every reason to look for ways to monetize our most intimate data, or as a government tracking tool, rather than having incentives to truly keep that information protected.”

The guidelines for the MTA’s touchless system OMNY have been criticized for their weakness. The Surveillance Technology and Oversight Project found in a 2019 report that the policy permits the MTA and Cubic to store users’ personal data indefinitely, allowing law enforcement and other government agencies access to that and other information. The touchless system’s predecessor, the MetroCard, which Cubic designed and implemented in 1992, already enables enforcement agencies to track users’ whereabouts.

“There should be some kind of oversight body that is making sure the new surveillance technology that’s employed isn’t going to violate the privacy rights of individuals.”

Recent media reports noted that, because OMNY links credit card information to a user profile by design, location tracking could be connected to names, payment cards, and any other information web tracking and data scraping could tie to the account. According to TransitCenter, a group focused on improving public transportation in cities, OMNY would elevate tracking capabilities to a “near-instantaneous” level.

The MTA’s OMNY privacy policy stipulates that Cubic and other vendors must adhere to privacy practices “at least as stringent” as those in the OMNY policy. Other Cubic-designed systems, though, do not disclose such restrictive rules. The Chicago Ventra program policy simply authorizes the sharing of personal information with Cubic, provided it “maintain[s] the confidentiality of the information” and uses it only as necessary for administering the program.

Budington, of the Electronic Frontier Foundation, told The Intercept that phrases such as “necessary to provide services” or “as permitted by law” raise red flags. This vague language cannily obscures any specifics of what the company is doing with the provided data.

“This is why we at EFF are big advocates for city council ordinances when surveillance technologies are employed on a population,” he said. “There should be some kind of oversight body that is making sure the new surveillance technology that’s employed isn’t going to violate the privacy rights of individuals.”

Cubic-MTA-NYC — Photo: Elise Swain/The Intercept

Public Service, Private Equity

Cubic Corporation had been publicly traded since it was founded in 1959, but in May 2021, Veritas Capital and Evergreen Coast Capital paid roughly $3 billion to take the company private. Veritas also owns the Department of Homeland Security’s biometrics database and has acquired business units of Raytheon, Northrop Grumman, Lockheed Martin, and other defense contractors. One critic has suggested that Cubic’s recent acquisition by the private equity firms could exacerbate the company’s lack of interest in safeguarding users’ data.

Cubic’s defense industry ties highlight a stark paradox: Public transit is widely viewed as an essential public service, but the private contractors that enable the systems may have corporate incentives that don’t align with the goal of a common good. For instance, though the MTA has pushed back against privacy advocates’ concerns, Cubic’s own documents emphasize that it has broad ambitions for the use of rider data.

A brochure for the back-end analytics tool that Cubic offers to transit agencies boasts that the technology can enable transit authorities to search and visualize large datasets to “make discoveries” and “identify trends.” The software can also aggregate and anonymize personally identifiable information, turning that information into “an analytics-ready dataset that can be securely consumed for research, monetization schemes, and other internal and external purposes.” Experts have noted that even purportedly anonymized data holds privacy risks, as it is often possible to re-identify users with their personal information.

The company’s vision for NextCity would join data collected by Cubic with other smart-city infrastructure to “build a model for real-time data gathered across a transportation network.” Cubic Corporation’s annual reports outline how it aims to expand its portfolio beyond fare collection to include ride and bike sharing, tolls and parking, and traffic congestion reduction. Toward these ends, Cubic Corporation has acquired multiple companies in recent years that are focused on smart city technologies, including GRIDSMART, which supplies cameras to enable real-time traffic monitoring, and Delerrok, an electronic fare-collection system.

For now, cities with Cubic’s mobile-based payment systems also offer the option to purchase fare cards with cash, albeit for an additional $5, at select retailers. Individual people concerned with their privacy might opt for this method despite the convenience of OMNY and similar systems.

Despite the workarounds, transit authorities in major metropolitan areas are increasingly letting any notion of privacy fall by the wayside. As an increasing number of metropolitan areas embrace the concept of smart cities, the privacy risks associated with the technology are poised to grow — until, eventually, everyone’s choice between convenience and privacy might be made for them.