Slashdot Mirror
Smartcards to Track London Commuters
misterpies writes "Technophiles across London have been excited about the recent introduction of Oyster smartcards on public transport to replace old-fashioned paper tickets. Their enthusiasm might cool off now that London Transport has admitted that not only can the card be used to track your journey across London -- they're actually going to keep the data for 'a number of years'. Add that to their congestion charge cameras used for tracking car movements and pretty soon you'll have to stick to walking if you don't want your movements tracked. Until they implement those facial recognition systems that were such a great success in Tampa, Florida."
With the Oyster Card (official web site is here: http://www.oystercard.com) you can
in a sense "opt out" if you are willing to pay more. Since the cards are mandatory
for people who buy season tickets, you can choose to have privacy at a fee by buying
individual tickets (which will remain on paper for some time).
Here in New York the Metrocard system offers some opportunity for tracking users
because the card have a unique ID and could be linked to credit card or debit card
information (and hence to you) if you buy the card at a machine with card. You often
see ads in the subway encouraging people to reuse their cards, for environmental
reasons, of course, but that does seem to me to help anyone who wanted to get long
term data on your travel habits.
Luckily, most Metrocard machines still accept cash for the anonymous purchase, and
then you can throw it away after your limited set of journeys.
Similarly, you can pay extra for a little bit of privacy on road tolls, New York's
EZPass system is cheaper (and quicker) than the cash toll, but less private. (Unless
you count those little cameras staring at your license plate of course).
John.
How about wearing jammers that confuse the electronics trying to track you?
...AKA Eric Blair was from Britain. On the bright and happy side, I suppose it gives us another hacking project. Lets see how many times the Prime Minister can be made to transverse the tubes :>
A day is going to come when condom makes put RFID tags on the outside of them condoms. Then the British government can start taxing that too.
Thats one way for population control, though.
See also Central London webcams go dark for anti-war demo at The Register.
Trusted Computing FAQ | Free Dawit Isaak!
Simple solution: swap your transit passes with your friends when you get together.
SCREW PROFILING, some ways to poison the well:
Swap supermarket "discount cards" with friends. (friend and I swap Safeway Club Cards when we get together)
Never give the right answers on surveys. Postage-paid mail in ones are the best. Make them think you go through 12 boxes of Kotex Extra Fluffy Pads a month even though it may just be you in your mom's basement.
Air Miles cards? Flying is cheap enough without my purchasing info being pored over by scumbag marketers.
Places that ask for your phone number? Give them a local massage parlour's number. (yes, I have one memorized for that purpose)
When entering your name somethere use a bogus middle initial so you know which firm sold your info when mail starts coming in with a wrong middle letter. If you get junk, return it as "Moved".
Bah, this is way off topic (mod me to hell) but it felt good. Time to check the tinfoil on my hat.
Trolling is a art,
I was thinking about this. I recently got one, and I was thinking that at the end of the month I would request all the data that London Underground holds on me. By law, under the Data Protection Act they have to give me all the info they hold for a small fee (capped at 10 if I recall correctly).
It will be interesting to see what they store..
(Also, they are not permitted to share that information with anyone else without my permission)
why everyone these days actually gathers as much data as possible and saves it for very long periods. Is it actually useful to have this data after several years? I don't mean the statistics gathered (like how many passenger there were), but the raw, personalized, data itself. Or do they hope this will make them friends within the police/government?
Well, they can only track you by your smartcard ticket.
So if you're worried, just take your card and smash it all up with a hammer. Far more effective and much cheaper than any sort of jamming device. And the results are virtually instantaneous. I've heard rumors that this method also works 99.999% of the time.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
Angle Grinder Man
Maybe he has a brother, Card Scambler Man, for getting rid of those nasty radio tracking waves.
http://www.degaussers.net/degausserVS250.htm
In some cases, the data is not kept on the card, but more and more I run into places that want to 'swipe' various cards to input data into their systems. This is starting to become very notable in Texas, where everyone and their brother wants to swipe your TXDL while you're paying.
Degaussing my driver's license and ruining the track 1 and 2 data stored on it means that the various POS terminals that want to scan it go balls up. The manager comes over and almost invariably says 'Hmmm... Treat this like a cash payment.'
It's not perfect, but it's a step in the right direction.
Is inconvenience worth your privacy? It is for me.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
We had an argument with the public transportation department (ytv) in the beginning of the year when "travel cards" were taken into use.
The tracking info was previously put in store for months, now it isn't permanently recorded.
Complain to your decisionmakers, it worked before.
Firstly, readers should remember that Transport for London, who currently operate the tube network are a publically run company whose sole aim is to provide cheap and efficient travel for Londoners and visitors. Even if the Tube did move to a public-private-partnership type set up, I doubt individual operators would have serious access to this data.
It seems to me that decent statistics on the routes that people take through the network could provide a gold mine of information for transport planners to further improve transport in London.
A secondary benefit is that it also ensures that London buses can slowly move towards being cashless (when prepay cards are introduced later this year), which helps prevent petty theft and assaults on bus drivers. Furthermore, bus drivers need waste less time at stops counting cash and giving change.
I would say that I'd rather have less theft from buses and a better planned transport network than an ability (which using prepay you'll still have anyway) to travel on a season ticket anonymously and (more, not fully) untraceably. Yes there are privacy implications, but I'm more than happy to put up with them for the possible benefits.
And how is this any different from the ordinary magnetic strip paper cards which has been in use for years on the Tube?
They, incidentally, also have a unique ID number linked to the registered owner's name, which is recorded together with the location and time of the exchange every time the card is used...
Ethics is what you say you do. Morals is what you actually do.
"Until they implement those facial recognition systems"
...they already have in London Borough of Newham.
My employer asked for a blood sample, urine sample, stool sample and sperm sample.. I gave them my underwear.
Trolling is a art,
# When entering your name somethere use a bogus middle initial so you know which firm sold your info when mail starts coming in with a wrong middle letter. If you get junk, return it as "Moved".
I did something similar to this once, but worse for the companies. I was living in a dorm, and we got a MASS mailing from a credit card company. Three bags of mail came in that day. One was completely filled with credit card offers. Many people got more than one.
Well that was too much. So I rounded up everyone by the mail desk, and asked them to open their offers, tear out anything with their name on it, and mail the offer, and torn up envelope back using the postage-paid envelope sent by the company.
That way, they have to pay the postage, pay someone to open the mail, and pay extra while that person tries to figure out exactly what he's holding in his hand.
Sort of like calling telemarketers at home... The old -taste-of-your-own-medicine- ploy.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
The legislation is just as relevant in this case and it would be possible to request from London Transport a copy of all information they hold on their computer systems about you and your travel movements. Then it might be possible to decide just how paranoid to become. Alternatively - just take the bus.
Let's face it: in our digital age, privacy has become a scarce commodity. We just have to surf the net and wonderful items such as cookies and spyware are downloaded to our machine at no additional cost. Not to mention corporate internet tracking tools to see what employees are surfing.
And what about credit card information? Why should I have somebody analyze my purchases to determine what I buy? Or, retail companies who analyze sales data by region (even right down to the household). If I want to buy from your store, I will.
As much as people say, "You're information will not be shared with anybody else...", I personally don't believe it. That's like saying we can carry a water with a siv.
The old addage of, "Well, if you do nothing wrong, you have nothing to fear..." is a load of crap. Why should we have anything to track our movements? All we need is somebody to say something is illegal/unethical/etc, and they can find out who's been going to those "illegal/unethical/etc" places (whether on the net or on the street).
People have been crying to governments for years for privacy, but it seems governments cannot keep up with technology. Heck, even governments allow this kind of activity. There's been quite a controversy over street cameras here in Canada, whether they be cameras to patrol the streets to stop crime, to photo-radar to stop speeding, to red-light cameras...with no proof it stops crime.
I know this sounds too much like a rant, but what I'd like to know is what can we do about it? We cry when our privacy is invaded, but how can we protect it? I'm looking for some realistic and practical solutions (blowing up governments is not a practical solution :-) ).
Thanks.
It is not our abilities that show what we truly are... it is our choices.
Frankly, I fail to see what the fuss is about. The Tube is public. You have no expectations of privacy. If you're worried about being tracked, buy your tickets with cash --- but remember your trenchcoat and false beard...
We are not technophiles. We are not citizens. We are not even humans. We are consumers to corporations and governments, thus the old-fashioned notions of rights and privacy no longer apply. We are fodder for marketing departments and government committees.
Welcome to the 21st century.
maybe there is a murder, and so they query the database and find all of the people that were in that vicinity at that time, and you (and about 10 other people) fit the description of the alleged murderer, so now they go to a judge and get a search warrant for your house because they have probable cause, and now they are digging through your house, trashing everything looking for the murder weapon. Dragging you down to the station for questioning, harrassing you to no end.
This is why it is troubling.
How is London a subtle reference to 1984 being set in Britain? Unless some people think it's London, Ontario? It'd be just like those unfunny Can-a-dians to pull something like that.
I drank what? -- Socrates
jesus christ people!!! who the hell cares if they know where you are and where you go?!?! people i dont know see me doing this every fscking day!!!! the paranoia in the slashdot community frightens me. newsflash...there are satalites that can track movements of individuals already....there have been for years....there is nothing you can do to keep someone from spying on you or tracking you if they really want to do so....get over it...no one cares THAT much about you anyway
Because I don't like being tracked. I find it offensive.
For you privacy theorists/skeptics out there, what if I buy 7 of these - 1 for each member of my family and 1 for each of my 2 triplet brothers...
Now, each of us travels around with some of those travel segments being with others using the cards I bought.
Who are they tracking, the purchaser of the cards or the person using the card?
Anyone that thinks they can accurately track anyone with this technology is simply wrong. They would have to assume that everyone that uses them buys 1 and only 1 card and doesn't buy for anyone else. Well, that's just not reality based.
Twin or more? ITA
Apache/Spring/La
All these are excellent suggestions. But as technology becomes more and more pervasive, it will become nearly impossible to fool all the potential tracking systems, without either severely inconveniencing yourself or breaking the law.
Ultimately this problem will only be solved at the political level. The government has to be aware that its citizens are concerned about privacy. Once enough people make noise about it, and once pro-privacy representatives start winning elections, the attitude of government and corporations will start to change. Strong legal protection of privacy is the only answer; voluntary "privacy policies" are a red herring.
However, in the current political climate, this will be an uphill climb. Most people are willing to trade off security against privacy. To force the issue, instances where personal privacy was abused with catastrophic results must be made widely known.
Toronto-area transit rider? Rate your ride.
Back in 1994, the Toronto Transit Commission (TTC) introduced annual transit passes. These were credit-card sized, with a magnetic strip to operate the turnstiles and your picture on the card for boarding buses and streetcars. You needed to provide your address when getting the pass in the first place.
No smart cards or RFID needed - presumably each pass had a unique magnetic code, which the TTC can correlate with your photo and address at the time the pass is issued. I don't know if the turnstiles logged the use of the magnetic cards for any extended period of time. They do enforce the rule that the same card cannot operate the turnstiles at a station within a 5-minute time span, to avoid obvious sharing.
This type of tracking was possible only with the single-card pass. Monthly pass users have a separate magnetic card and photo-ID, which are not correlated. You buy a new magnetic card each month, write your photo-ID number on it and away you go, so the mapping between magnetics and person changes each month.
The TTC also had a monthly subscription system where you could give them a credit card number and they mail you a magnetic pass each month. Same problems.
I thought I had a comp.risks submission about this, but I can't find it in the archives.
I visited Singapore a couple of months ago and they already have a system like this in place. At the MRT station, you give them $10, and they hand you a card with $5 on it. The other $5 is a deposit that you get back when you turn the card in (I hope I remembered that right. Feel free to correct me if you know otherwise) They do not require any personal information, which seems to differ from the UK version. Other than that, the function appears to be identical.
:)). Obviously, the system works great without the need to tie personal information to the card.
Singapore's MRT system is highly efficient and is all run on these cards. We did not need a taxi or a car to see most of the country, and getting around was a snap even though we were tourists and it was our first time in Singapore (I guess it helps that English is a primary language there
Draw your own conclusions as to why the UK goverment feels the need to assign names to the cards.
-R
I have no problem at all with the congestion charge per se - something needs to be done to improve public transport, and this is as good a way of raising funds as any other, now that the neocon regressive tax regieme instituted by Thatcher is now the default set up (the less you earn, the more tax you pay.) Encouraging people not to drifve into Central London (esp the City) is a Good Thing IMHO - I must say I appreciate the quiet & practically empty roads
However I've just had an extremely painful experience trying to pay the CC. Their website is absolutely atrocious, breaking just about every usability rule you could think of. eg navigation buttons implemented in Java??!! Why, oh why?! And trying to use it in Lynx (or links) - well, forget it. Then the actual navigation itself is completely b0rked. I imagine 90% of people arriving on the front page want either (a) a link to the "pay online now" form, or (b) the phone-number for paying by credit card. I encourage anyone with ten minutes on their hands to visit the above URL and try hunting for those bits of information. No points for getting half-way through completeing the form before realising they're actually trying to REGISTER you (as in, collect personal info) rather than just taking CC details and car registration number.
So I fired off a somewhat ranty complaint using their (equally dreadful) "contact us" stuff. Yes we've got a fancy DHTML form with a font size set unreadbaly small which stops you typing more than a couple of hundred chars. Oh and of course let's waste 70% of the screen real estate on whitespace , pointless graphics etc etc.
Today I got a response back. Of course it's a canned reply - what really put the icing on the cake was that the mail arrived with an attached HTML page (!) called something like "template.109797653-236" !! Have these people never heard of RFC822? I heard a rumour that the IT infrastructure was built by EDS, which might partly explain how utterly, utterly shite the site is.
I have similar feeliongs about the Oyster card - in theory a smart swipeable card is a good idea, and collecting anonymised data on which journeys people actually make is obviously a Good Thing for planning, resource management etc. but why do I get teh feeling that a bureacracy is rolling and, in tune with the evil schemes of Mr Blunkett, is planning to violate all alleged 'civil liberties' BY DEFAULT? If only a few civil servants would lose their pensions when the inevitable review by the EU court of human rights throws out the whole scheme... ah well a man can dream can't he...
I shall also miss the old cardboard tickets when they're finally phased out. Apart from the saddo-anal-retentive thing of keeping old tickets stamped with particular dates (elections, dead royals, and other days of special celebration) they're absolutely perfect roach material. I shall have to return to collecting old club fliers on Saturday mornings...
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
The only solution I see is the separation of the personal details and ID's. Like usernames: they identifie you, but don't give access to your personal information. The guvernment has, as should have your personal information. But I think a system could be made so everybody else( banks, shops, tube companies) only get your ID are not allowed to have your private information unless with direct consent from you. And for law enforcement you can always allow the combination of the databases with a warrant if you are a suspect and there is a "probable cause". We know the technology can easily allow data mining. Are we unable to divese a system that can be robust to unapprouved data mining ? Just my 2c
When this happened in NYC several years ago, techno-alarmists would get to retain their privacy while taking advantage of the Metrocard convenience by swapping Metrocards with fellow hackers at weekly 2600 meetings at the Citicorp building. Perhaps something similar will start with our paranoid London counterparts and their 2600-equivilant meetings.
By the way, NYC has completely phased out tokens. In doing so, they are also phasing out mass-transit employees with sizable layoffs. And they upped the fare from $1.50 to $2. They save money with the more effecient machines and the fare hike, but at the same time thirst for more dollars by laying off lots of good people whom I prefer to deal with over computers. Bastards.
when the damn trains never move except to derail? -disgruntled Tube user
--
The reason people have problems with any information gathering system is because the more information you have on a person, the more power you have over them.
If I know all kinds of things about you I can then engauge in, for example, black ops to eliminate you if you do something I don't like. Slip some cianide into your food while you leave it in your car or the like.
Point here is, nobody trusts the goverment and rightly so. More often than not the law is abused horribly. Plus, if a new law is passed and the goverment has computers than can instantly tell what you've been doing, and can then launch a lawsuit against you, what is going to happen to the rapists and real killers? The system's going to be so swamped it isn't even funny plus what if they decide they'll just abduct people at random without trial and throw them into prison labor camps?
All you're going to do with this kind of system is creat criminals who are smarter and better equiped to fight the law. Plus, with the shotty record of large corperations; communisum failed becuase nobody was motivated to make good stuff, capitalism will fail becuase damn near everybody is so greedy they're trying to essentially bait and switch everybody into buying crap. What's more profitable? Selling you a watch that is a good one or selling you one that'll break in 6 months, is inexpensive to manufacture but looks expensive on the outside?
So what do you want to bet that whever you're buying from goverment agencies is crap?
Candy-Coated Knowledge
You can search the data protection register to see what sort of information organisations keep, "Transport for London" gives you a pretty long list but i cant find anything that says they would store the journey?
This comment does not represent the views or opinions of the user.
Ocifer 1: Sir, we just got a jammed card signal from Reader 4 on Platform 3.
Ocifer 2:Check the security cams for Platform 3.
Ocifer 1: Sir, it appears there's a man with a big battery and a 1337 light-modded black box hanging from his neck.
Ocifer 2: Is that tin-foil on his head? Jeez...*Dispatch...pick up the weirdo on Platform 3 and bring him in*
You know what?
The real problem is this: your everyday actions generate a (continually growing) stream of data. But, under the present system, you don't have ownership rights to that data. There has been some recognition that you're a stakeholder who can demand corrections to some categories of data (for instance, credit reports), but it still belongs to someone else.
The law should be changed to explicitly state that you have an ownership interest in data that is derived from your transactions and movements. It may not be 100% ownership, but for the sake of argument, let's say it's 50/50. The only exception should be for journalism, since journalists are already constrained by libel laws. Then unauthorized dissemination of your personal information can fall under the increasingly draconian IP laws, and furthermore you will be entitled to a share of the revenues derived from sale of your data.
This still doesn't help with governments, but will put an economic constraint on the privatization of totalitarian control that's been progressing unchecked in developed countries.
Get your teeth into a small slice: the cake of liberty
Seriously though...could you be more vague? WTF kind of transaction is going to be negatively affected by data on how I ride the subway?
"I strongly urge both the faint of heart and the faint of butt to leave the room at this time."
- Strong Bad
Don't worry. The ticket won't stick. They can't prove it was you driving the car.
Now, if they hand you a ticket at the exit toll that's different.
Killfile(TGK)
No trees were killed in the creation of this post. However, many electrons were inconvenienced.
They already do this in singapore. But they give you the ticket right when you get off the turnpike! DOH!