Slashdot Mirror
'How I Went Dark In Australia's Surveillance State For 2 Years' (cnet.com)
schwit1 shares a report from CNET, written by Claire Reilly: In 2015, during the transition from paper to Opal [contactless public transit cards], Australia passed sweeping new data retention laws. These laws required all Australian internet service providers and telecommunications carriers to retain customers' phone and internet metadata for two years -- details like the phone number a person calls, the timestamps on text messages or the cell tower a phone pings when it makes a call. Suddenly, Australians were fighting for the right to stay anonymous in a digital world. On one side of the fence: safety-conscious civilians. They argued that this metadata was a powerful tool and that the ability to track a person's movements through phone pings or call times was vital for law enforcement. On the other side of the fence: digital civil libertarians. They argued that the data retention scheme was invasive and that this metadata could be used to build up an incredibly detailed picture of someone's life. And sitting in a barn two paddocks away from that fence: me, switching out burner phones and researching VPNs. When it emerged that police had the power to search Opal card data, track people's movements and match this to individual users, it was the last straw. August 2016 rolled around, paperless tickets were phased out and I hatched my plan. The Black Opal. The concept of the Black Opal is simple. Buy your transport card. Pay cash. Top up with cash (preferably in a new location each time). Never register it. Never link it to your credit or debit card. Live off the grid. Stay away from The Man.
[Reilly discusses the problems she faced:] All the top-up machines at train stations, light rail stops and ferry terminals were card-only affairs. One tap on that baby and you were back in the system. So, if I was busing downtown for a work meeting, I'd have to factor in extra time to get to an ATM, get cash out and then find somewhere to top up my card. Running for the train with friends, I was the one who had to divert three blocks, change jackets, burn off my fingerprints and find a nondescript corner store to top up. Here's what I learned. No one likes the paranoid one. [...] I finally came undone last week. Racing for a flight, I forgot about my Black Opal. I'd had an unusually busy week on public transport, and my balance was low. On the train to the airport terminal, it hit me. Did I have enough money on my card to pay the AU$17.76 tap-off fee that they use to gouge tourists at the airport? As I rode up the escalators and the exit turnstiles came into view, my heart sank. No ATM. No cash in my wallet. Just a row of bright green Opal readers and a top-up machine. Card only. With one trip, my years of off-grid living were undone. I slumped against the top-up machine and swiped my debit card. I was just 9 cents short, but it cost me so much more than that. My Black Opal was dead.
[Reilly discusses the problems she faced:] All the top-up machines at train stations, light rail stops and ferry terminals were card-only affairs. One tap on that baby and you were back in the system. So, if I was busing downtown for a work meeting, I'd have to factor in extra time to get to an ATM, get cash out and then find somewhere to top up my card. Running for the train with friends, I was the one who had to divert three blocks, change jackets, burn off my fingerprints and find a nondescript corner store to top up. Here's what I learned. No one likes the paranoid one. [...] I finally came undone last week. Racing for a flight, I forgot about my Black Opal. I'd had an unusually busy week on public transport, and my balance was low. On the train to the airport terminal, it hit me. Did I have enough money on my card to pay the AU$17.76 tap-off fee that they use to gouge tourists at the airport? As I rode up the escalators and the exit turnstiles came into view, my heart sank. No ATM. No cash in my wallet. Just a row of bright green Opal readers and a top-up machine. Card only. With one trip, my years of off-grid living were undone. I slumped against the top-up machine and swiped my debit card. I was just 9 cents short, but it cost me so much more than that. My Black Opal was dead.
The "black opal" idea is fairly ridiculous. Home IP + work IP is enough to uniquely identify someone. Simply tapping out at the airport might be enough to de-anonymize the card: passenger manifests are probably efficiently searchable by shrink-wrap surveillance software like Palantir's, and the small set of people departing the airport within a four-hour window plus some other weak bit of information is probably enough to uniquely identify you and thus all your past and future trips on that card. "Co-presence," this kind of correlation, is not exotic. It's the typical goal of these whole-take surveillance systems, so I would expect the attacks possible with it to be in use.
In London I think you can turn in your Oyster card and get a refund in cash, which you can then use to get a new Oyster card a couple hours later with a different serial number, but of course nobody does that so it might be like wearing a kick-me sign to attempt evasion that way. I don't know.
Practically, a new card costs $1 with $4 of "hidden" credit. If you think of them as having $4 hidden credit, you should always use the negative credit if (say) you're a tourist who isn't planning on returning, Then leave the card lying around so someone can pick it up and not have to pay for a new card. Pay it forward.