The main problems with the RFID farecards is not the existence of such, but that they are both, not anonymized and the EPC chip used (that is actually designed for tracking storages) does not have the same security level as in our e-passports (lacks sufficient authentication procedure with terminal and encryption), and hence, in such a configuration can be misused for a variety of objectives. Try to remember that not only you are able to create motion profiles, but with sufficient efforts and correspondingly large antennas passive RFIDs can be activated over several meters. For instance, the police could capture the passive participants in a demonstration at a time, without any notice and would undermine the freedom of assembly. The system is simply able to determine groupings and therefore, who is in contact with whom. As the frequent commenter ameeriklane already outlined, some other countries who are using the same technology are at least making sure that the data on the cards are not direclty linked to specific user data for outsiders, certainly not including addresses, phone numbers or even email addresses or ID card numbers. What could possibly go wrong? In the U.S., with an equivalent SSN number, one can even take a loan for instance, but also Estonia's ID card numbers can be used to retrieve a variety of information from the users, even on ID Pilet's website the status of a ticket can be validated just with the ID number.

I found the perfect way to validate... When entering the bus I gently move back and touch the validator with my behind (the uhiskaart is in my back pocket). This way I don't have take the card out of my pocket.

Riesling, valid point if the terminals would not struggle when other RFID cards are in someone's pocket same time (from a sportsclub, e.g.) as the system does not differentiate between their own cards and "foreign" cards. But there is indeed another "unintended" service coming with these terminals: one can check if any of their pocket cards unknowingly contain some RFID chip of same type, but we do not know what is then logged to the database (I assume at least the serial number and all other tags that may match with the tags used on the "green" farecard badge). Well, we'll see what our deputy major has to "roughly" say on this, too.

@Knut: "...but with sufficient efforts and correspondingly large antennas passive RFIDs can be activated over several meters". There's an enormous amount of pure nonsence that can be found on the internet about RFID and NFC technology. As my company uses both RFID and NFC, I would be most pleased if you would share the source of this information on: "...correspondingly large antennas passive RFIDs can be activated over several meters". Activating a passive RFID card from several meters distance is easy. No problem. Even I can do it. Reading its signal over a distance of more than 50 cms is however a major problem. It requires very expensive and highly sofisticated hard- and software. As far as I am aware, only M.I.T. has succeeded in actually reading a passive RFID card from a distance of 86 cms under laboratory conditions.The rather expensive ACTIVE RFID cards (battery operated) were developed for exactly this reason. If you would like to see them work, the taxi lane at Tallinn airport uses them. Generally speaking, the data on your card is perfectly safe if the distance between it and a reader is more than 10 cms.

@knut Im not at all worried if someone is activating something in my pants from couple meters away. In fact, it happens all the time. The main tracking device now and always, is the smartphone.

Validator, Big Brother, what's the difference?

Dutch, sure. I refer to the "Extreme-range RFID Tracking" speech by Chris Paget at Defcon 18, available on youtube and elsewhere. This includes also a demo of long rage tag reading, not just activation. And no, one don't need to buy an indeed expensive military radar, unless you want to cover a theoretical radius of 80 miles, and not just two of them (google for "GoodFET Wiring Tutorial" how to do it the cheap way) or just buy the DL910 from DAILY RFID CO. in China that reads 33 feet (10 meters) - 49 feet (15 meters) for as low as 600-700 USD (not much more expensive than the terminals used by the City Government btw, that "roughly" costs 400-500 EUR per terminal according to the deputy major [read above article]). The world record of real life read range is currently 217 feet (equals to 66 meters) with low cost equipment that can be even bought used via ebay and like, and not just 2.82 feet (would be equivalent to 86 cm), and hence would be good enough to cover most of Tallinn Old Town Squere at once. Another two sources worth to mention about concerning cryptography enabled RFID cards (although does not apply here in our "green" farecard case due to absentia of such implementation, but just to show thats also sort of an real life issue) are the speech from Henryk Ploetz and Karsten Nohl at the 25th Chaos Communication Congress (25C3) and the speech of Harald Welte "Reverse Engineering a real-world RFID payment system " at the 27th Chaos Communication Congress (27C3). The movement profiles of GSM operators is not comparable, and, without the attempt to trivialize the existing issues also there, can be also anonymious in Estonia as long a prepaid card is used.

Knut, please check the working frequencies. The single most commonly used frequency with RFID cards is 13.56MHz. I haven't yet seen the farecard but I'm 99% sure it is also 13.56MHz. Your Chinese DL910 works in the 300MHz range and won't notice a 13.56MHz card. And, yes, when you go into the GigaHertz ranges its a totally different ball park again. In the commonly used 13.56MHz a theoretical range of 80 cms is possible. In practice, 8 cms is a damn good result. In our system we work with a maximum of 4 cms. And @Riesling is 100% right. If you're worried about tracking and data loss, don't just turn off your mobile - remove the battery!!! Or, buy a 13.56MHz reader with the right software (less than $25,-) and you can easily manipulate the data stored on the card. Worrying about being tracked with your farecard from distances of less than 10 cms. is paranoid.

Dutch, although I mixed up with one reader example and certainly there are different rfid systems with different characteristics, your claim on the 13.56mhz range cards isn't exactly true. To provide a correct reader example on this frequency, the FN HFD1408 13.56Mhz RFID Long Range Reader with 4 antennas alone reads up to 1.8 meters. And thats not the dead end, it depends mostly on the antennas used how far one can go. Your limit example applies for just using one antenna. On GSM (doesn't meed to be smartphones), the tracking is at least semi-anonymous when using prepaid cards, as unlike in some other EU states, you don't have to identify yourself

Anyway, it's getting to theoretical in technical details most readers won't understand. The thing is that the farecards can be read, contain hard data and therefore one can be identified by third parties - the distance is the least problem here.

Knut, all the theoretical and academic BS aside, a practical, working, reader that works from approx 10 meters away would be a dream come true for my company. Should you find one that works on the 13.56MHz frequency, you're most welcome to wake me up in the middle of the night with this news. With some fairly advanced (and expensive) readers we have managed to extend the range to 40 cms where the data is still reliably transmitted. For us, these few extra cms are not worth the added cost. Your example with the 1,8 meter range is (if it actually works) still way below a practical solution range. We have tested enough readers from China making fantastic range claims that sadly turned out to be nonsense. A good solution would be to use 2,4 Ghz cards/frequency. But, again, the costs involved... 13,56MHz rules the RFID world, we are stuck with that fact and it's range limitations. Just for this one time I wish you were right :-)

Knut, on tracking GSM phones... once the authorities have you in their sights, all they need is your number. Whether it is prepaid or not is then irrelevant. The phone can then be tracked worldwide from the comfort of your home or office using the right software and a laptop. In most of the EU this is illegal. In the UK it is legal and parents often use it to keep track of their children's where abouts. Nothing new and its been available for years. Police will also often contact a mobile provider to check from where a phone call was made. They get the info within seconds. Again, nothing new and its been around for years. If you are truly worried about being tracked... turn off your phone. In the case of smart phones, also remove the battery. On my phone I have software installed that enables me to turn it on and off remotely, delete its data, take pictures of the user which are emailed to me and report it's GPS position. If its ever stolen the thief of my phone has a problem :-)

Dutch, there is a company in France called DAG-System (branch of Pygmalion) that have a long distance detection of up to 10 meters through large area or volume (2D or 3D) on 13.56mhz which is used for sport events. Yes, they cards have a littler longer tags attached, but this distance as a security argument is really nonsense, as even a range of few centimeters is just as enough to track a large number of people. A realistic example would be to just setup antennas on all accommodation streets (tarned as cable shaft e.g.) to a square and you don't need a meter to read people's wallets. What comes to gSM

What comes to GSM comparison, first of all not relevant if other technologies can also invade privacy, second a phone number alone is not hard data and gsm cards do not contain id card number and on prepaid cards owners are not known by default. The farecards, however do have all the infornation together already that can be read directly from the cards. It is therefore hard data, meanhwile gsm prepaid cards at least is soft data that would need additional survelliance in order to track down people online, but the farecards makes it even possible to track down people offline and you know who exactly they re straight away. It's like a dream come true for autocratic states to track down anyone with hard data real time with no online system attached required.