14 DAY TRIAL // Dutch journalist Brenno de Winter who publicized security weaknesses in the country's new transit payment system, is being questioned about his actions in a fraud investigation.
De Winter works as a freelance journalist for Dutch publication WebWereld. For a long time he has been reporting about the lack of security in the OV transit chipcards which can be exploited to travel free of charge.
De Winter's reports have sparked discussions about the new Dutch unified transit payment system built by Trans Link Systems and led to its implementation being delayed.
De Winter told CNET that he was questioned for four hours in June in connection with his reports and was told that he potentially faces charges of manipulating a debit card, being in possession of fraud tools and computer hacking, which carry a sentence of six years in prison.
Trans Link Systems claims the company filed a criminal complaint regarding OV chip cards fraud, but not targeting de Winter in particular. "The public prosecutor has investigated this fraud and because of this investigation the police questioned de Winter," a spokeswoman said.
The Dutch journalist demonstrated how easy it is to alter an OV chipcard with the help of a Windows computer and off-the-shelf RFID tag reader. However, he didn't release the technical details that would enable people to do this.
"They are effectively banning me from doing my job because if I write about this card, I have to think about the consequences. I'm writing a book and I have to leave whole chapters out," de Winter said.
A Dutch court has previously favored security researchers from Radboud University in a case brought by NXP Semiconductors who tried to prevent the publication of their research about vulnerabilities in the MIFARE Classic RFID tags. The same chips are used in the OV cards.