The MTA’s switch to OMNY machines is a privacy nightmare:

Cards like the ones these new machines will be supplying are likely to follow the model of other Cubic Corp. cards, including San Francisco’s Clipper and London’s Oyster cards. The OMNY card will likely have a persistent identifier that makes tracking people throughout the city an easy task.

Tying those journeys to a real name and personal information becomes significantly easier if you link that card, or a phone or credit card, with an OMNY account. Accounts have users’ names, payment information, and every web tracker and cookie the OMNY account management site might decide to deploy—along with data scraped from social media—associated with their method of entry. 

While the MTA’s MetroCard is also run by Cubic, that system was deployed in 1991 and doesn’t have quite the same tracking capabilities. Transit justice organization TransitCenter reported that the MTA has stated OMNY will give the city “near-instantaneous” reporting on rider tap-ins and travel, an improvement from weeklong delays for MetroCard data. Tap-to-pay with a phone leverages near-field communication (NFC) technology, a system with its own issues that exacerbate the OMNY system’s existing privacy concerns. 

Who will they share this new trove of data with? The current legal landscape and previous experience with Cubic tells us that warrantless access to this data is both permitted and commonly exercised.