Slashdot Mirror
Smartcards to Track London Commuters
misterpies writes "Technophiles across London have been excited about the recent introduction of Oyster smartcards on public transport to replace old-fashioned paper tickets. Their enthusiasm might cool off now that London Transport has admitted that not only can the card be used to track your journey across London -- they're actually going to keep the data for 'a number of years'. Add that to their congestion charge cameras used for tracking car movements and pretty soon you'll have to stick to walking if you don't want your movements tracked. Until they implement those facial recognition systems that were such a great success in Tampa, Florida."
With the Oyster Card (official web site is here: http://www.oystercard.com) you can
in a sense "opt out" if you are willing to pay more. Since the cards are mandatory
for people who buy season tickets, you can choose to have privacy at a fee by buying
individual tickets (which will remain on paper for some time).
Here in New York the Metrocard system offers some opportunity for tracking users
because the card have a unique ID and could be linked to credit card or debit card
information (and hence to you) if you buy the card at a machine with card. You often
see ads in the subway encouraging people to reuse their cards, for environmental
reasons, of course, but that does seem to me to help anyone who wanted to get long
term data on your travel habits.
Luckily, most Metrocard machines still accept cash for the anonymous purchase, and
then you can throw it away after your limited set of journeys.
Similarly, you can pay extra for a little bit of privacy on road tolls, New York's
EZPass system is cheaper (and quicker) than the cash toll, but less private. (Unless
you count those little cameras staring at your license plate of course).
John.
...AKA Eric Blair was from Britain. On the bright and happy side, I suppose it gives us another hacking project. Lets see how many times the Prime Minister can be made to transverse the tubes :>
A day is going to come when condom makes put RFID tags on the outside of them condoms. Then the British government can start taxing that too.
Thats one way for population control, though.
See also Central London webcams go dark for anti-war demo at The Register.
Trusted Computing FAQ | Free Dawit Isaak!
Simple solution: swap your transit passes with your friends when you get together.
SCREW PROFILING, some ways to poison the well:
Swap supermarket "discount cards" with friends. (friend and I swap Safeway Club Cards when we get together)
Never give the right answers on surveys. Postage-paid mail in ones are the best. Make them think you go through 12 boxes of Kotex Extra Fluffy Pads a month even though it may just be you in your mom's basement.
Air Miles cards? Flying is cheap enough without my purchasing info being pored over by scumbag marketers.
Places that ask for your phone number? Give them a local massage parlour's number. (yes, I have one memorized for that purpose)
When entering your name somethere use a bogus middle initial so you know which firm sold your info when mail starts coming in with a wrong middle letter. If you get junk, return it as "Moved".
Bah, this is way off topic (mod me to hell) but it felt good. Time to check the tinfoil on my hat.
Trolling is a art,
I was thinking about this. I recently got one, and I was thinking that at the end of the month I would request all the data that London Underground holds on me. By law, under the Data Protection Act they have to give me all the info they hold for a small fee (capped at 10 if I recall correctly).
It will be interesting to see what they store..
(Also, they are not permitted to share that information with anyone else without my permission)
why everyone these days actually gathers as much data as possible and saves it for very long periods. Is it actually useful to have this data after several years? I don't mean the statistics gathered (like how many passenger there were), but the raw, personalized, data itself. Or do they hope this will make them friends within the police/government?
How about wearing jammers that confuse the electronics trying to track you?
This would be moronic. If you jam the smartcard, then the ticket gates won't let you on to the platform. The gates log the id's of the smartcards passing though them. Since they know the owner of the smartcards (which are season tickets), then they can track which stations you use.
HH
--
http://www.degaussers.net/degausserVS250.htm
In some cases, the data is not kept on the card, but more and more I run into places that want to 'swipe' various cards to input data into their systems. This is starting to become very notable in Texas, where everyone and their brother wants to swipe your TXDL while you're paying.
Degaussing my driver's license and ruining the track 1 and 2 data stored on it means that the various POS terminals that want to scan it go balls up. The manager comes over and almost invariably says 'Hmmm... Treat this like a cash payment.'
It's not perfect, but it's a step in the right direction.
Is inconvenience worth your privacy? It is for me.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
We had an argument with the public transportation department (ytv) in the beginning of the year when "travel cards" were taken into use.
The tracking info was previously put in store for months, now it isn't permanently recorded.
Complain to your decisionmakers, it worked before.
And how is this any different from the ordinary magnetic strip paper cards which has been in use for years on the Tube?
They, incidentally, also have a unique ID number linked to the registered owner's name, which is recorded together with the location and time of the exchange every time the card is used...
Ethics is what you say you do. Morals is what you actually do.
My employer asked for a blood sample, urine sample, stool sample and sperm sample.. I gave them my underwear.
Trolling is a art,
# When entering your name somethere use a bogus middle initial so you know which firm sold your info when mail starts coming in with a wrong middle letter. If you get junk, return it as "Moved".
I did something similar to this once, but worse for the companies. I was living in a dorm, and we got a MASS mailing from a credit card company. Three bags of mail came in that day. One was completely filled with credit card offers. Many people got more than one.
Well that was too much. So I rounded up everyone by the mail desk, and asked them to open their offers, tear out anything with their name on it, and mail the offer, and torn up envelope back using the postage-paid envelope sent by the company.
That way, they have to pay the postage, pay someone to open the mail, and pay extra while that person tries to figure out exactly what he's holding in his hand.
Sort of like calling telemarketers at home... The old -taste-of-your-own-medicine- ploy.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
The legislation is just as relevant in this case and it would be possible to request from London Transport a copy of all information they hold on their computer systems about you and your travel movements. Then it might be possible to decide just how paranoid to become. Alternatively - just take the bus.
Let's face it: in our digital age, privacy has become a scarce commodity. We just have to surf the net and wonderful items such as cookies and spyware are downloaded to our machine at no additional cost. Not to mention corporate internet tracking tools to see what employees are surfing.
And what about credit card information? Why should I have somebody analyze my purchases to determine what I buy? Or, retail companies who analyze sales data by region (even right down to the household). If I want to buy from your store, I will.
As much as people say, "You're information will not be shared with anybody else...", I personally don't believe it. That's like saying we can carry a water with a siv.
The old addage of, "Well, if you do nothing wrong, you have nothing to fear..." is a load of crap. Why should we have anything to track our movements? All we need is somebody to say something is illegal/unethical/etc, and they can find out who's been going to those "illegal/unethical/etc" places (whether on the net or on the street).
People have been crying to governments for years for privacy, but it seems governments cannot keep up with technology. Heck, even governments allow this kind of activity. There's been quite a controversy over street cameras here in Canada, whether they be cameras to patrol the streets to stop crime, to photo-radar to stop speeding, to red-light cameras...with no proof it stops crime.
I know this sounds too much like a rant, but what I'd like to know is what can we do about it? We cry when our privacy is invaded, but how can we protect it? I'm looking for some realistic and practical solutions (blowing up governments is not a practical solution :-) ).
Thanks.
It is not our abilities that show what we truly are... it is our choices.
All these are excellent suggestions. But as technology becomes more and more pervasive, it will become nearly impossible to fool all the potential tracking systems, without either severely inconveniencing yourself or breaking the law.
Ultimately this problem will only be solved at the political level. The government has to be aware that its citizens are concerned about privacy. Once enough people make noise about it, and once pro-privacy representatives start winning elections, the attitude of government and corporations will start to change. Strong legal protection of privacy is the only answer; voluntary "privacy policies" are a red herring.
However, in the current political climate, this will be an uphill climb. Most people are willing to trade off security against privacy. To force the issue, instances where personal privacy was abused with catastrophic results must be made widely known.
Toronto-area transit rider? Rate your ride.
The real problem is this: your everyday actions generate a (continually growing) stream of data. But, under the present system, you don't have ownership rights to that data. There has been some recognition that you're a stakeholder who can demand corrections to some categories of data (for instance, credit reports), but it still belongs to someone else.
The law should be changed to explicitly state that you have an ownership interest in data that is derived from your transactions and movements. It may not be 100% ownership, but for the sake of argument, let's say it's 50/50. The only exception should be for journalism, since journalists are already constrained by libel laws. Then unauthorized dissemination of your personal information can fall under the increasingly draconian IP laws, and furthermore you will be entitled to a share of the revenues derived from sale of your data.
This still doesn't help with governments, but will put an economic constraint on the privatization of totalitarian control that's been progressing unchecked in developed countries.
Get your teeth into a small slice: the cake of liberty