Claims testing in New York taxis

Back in 2001, I was lucky enough to be visiting James Bach’s Satisfice lab for the WHET 2 workshop. The night before, I was talking to James and Cem Kaner, when James showed us the box that some software came in and asked how we would test it. We both responded that we would read the claims on the box and attempt to verify those. I think this was the first time I heard the term “claims testing”. It was during this visit that I also saw an in car GPS system for the first time, in a car full of testers suggesting various tests involving potentially dangerous driving!

I hope no one tries to test some recent claims by a vendor of technology for New York City taxis. They now have GPS installed, as well as some other extras. It seems someone went for a taxi ride recently, found a PC screen mounted on the seat back, clicked past an error message, and did some mischief. They then blogged about it, then it was picked up in the media (via a comment on the blog post). Of course the technology company had to respond, both with a blog comment and to the media. The claims of the technology company include such gems as “ There are extensive contract-required security protocols in place, which have exceeded government and credit card industry standards and have been stringently tested by our internal and external security experts, which fully prevent access to anything other than media content files residing in the taxicab itself. There is no potential for any malicious activity,”.

There was also “The immediate investigation of the incident determined that the cab was equipped with an outdated modem that had not yet been brought in for replacement. The old modem could have allowed a passenger to access the Internet from the cab. That taxi has been called in and the modem has been replaced. Currently, all cabs in the City of New York equipped with the VTS Passenger Information Monitor and payment solution have been updated. Unrelated error messages may occasionally appear on VTS taxi screens during periodic software updates. Some media files may be visible to patrons, but there is no user access to any editing tools. No credit card data or any passenger’s personal information has been compromised on any occasion. Such data has never been nor will be accessible by any passenger manipulating the onboard computer. None of the units installed in taxis by VeriFone Transportation Systems allow for the storage of any un-encrypted data”

These claims may be a red rag to a bull, especially as some of them appear slightly over the top. Blanket claims are never wise, but how can they say “There is no potential for any malicious activity,”? The thing that fascinates me is replacing an old, outdated modem that could allow a passenger to access the internet…. with a new one that is designed to provide internet access. Huh? I want to see the design document that describes displaying unrelated error messages during software updates that occur while passengers are in the car. I just hope that they don’t also allow access to the PC. By the sound of things, their stringent testers just didn’t test hard or long enough, or review the claims enough! The media crew reported seeing more crashes in the taxis; maybe the testers should catch one themselves for some field testing! [grin]