Slashdot Mirror

← Back to Stories (view on slashdot.org)

'How I Went Dark In Australia's Surveillance State For 2 Years' (cnet.com)

Posted by BeauHD on from the off-the-grid dept.

schwit1 shares a report from CNET, written by Claire Reilly: In 2015, during the transition from paper to Opal [contactless public transit cards], Australia passed sweeping new data retention laws. These laws required all Australian internet service providers and telecommunications carriers to retain customers' phone and internet metadata for two years -- details like the phone number a person calls, the timestamps on text messages or the cell tower a phone pings when it makes a call. Suddenly, Australians were fighting for the right to stay anonymous in a digital world. On one side of the fence: safety-conscious civilians. They argued that this metadata was a powerful tool and that the ability to track a person's movements through phone pings or call times was vital for law enforcement. On the other side of the fence: digital civil libertarians. They argued that the data retention scheme was invasive and that this metadata could be used to build up an incredibly detailed picture of someone's life. And sitting in a barn two paddocks away from that fence: me, switching out burner phones and researching VPNs. When it emerged that police had the power to search Opal card data, track people's movements and match this to individual users, it was the last straw. August 2016 rolled around, paperless tickets were phased out and I hatched my plan. The Black Opal. The concept of the Black Opal is simple. Buy your transport card. Pay cash. Top up with cash (preferably in a new location each time). Never register it. Never link it to your credit or debit card. Live off the grid. Stay away from The Man.

[Reilly discusses the problems she faced:] All the top-up machines at train stations, light rail stops and ferry terminals were card-only affairs. One tap on that baby and you were back in the system. So, if I was busing downtown for a work meeting, I'd have to factor in extra time to get to an ATM, get cash out and then find somewhere to top up my card. Running for the train with friends, I was the one who had to divert three blocks, change jackets, burn off my fingerprints and find a nondescript corner store to top up. Here's what I learned. No one likes the paranoid one. [...] I finally came undone last week. Racing for a flight, I forgot about my Black Opal. I'd had an unusually busy week on public transport, and my balance was low. On the train to the airport terminal, it hit me. Did I have enough money on my card to pay the AU$17.76 tap-off fee that they use to gouge tourists at the airport? As I rode up the escalators and the exit turnstiles came into view, my heart sank. No ATM. No cash in my wallet. Just a row of bright green Opal readers and a top-up machine. Card only. With one trip, my years of off-grid living were undone. I slumped against the top-up machine and swiped my debit card. I was just 9 cents short, but it cost me so much more than that. My Black Opal was dead.

30 of 235 comments (clear)

  1. Jesus H. by Type44Q · · Score: 2

    I only read the headline (mea culpa) but talk about the best way to raise a red flag... you want to blend in...

    1. Re:Jesus H. by fahrbot-bot · · Score: 5, Insightful

      I only read the headline (mea culpa) but...

      Don't be too hard on yourself; that probably saved you some brain cells. TFA is either a joke, or the woman is literally an idiot.

      Here's an excerpt (really):

      My email address (that is, my real email address, not my burner address) doesn't use my birth name. I am no fun at birthday parties, but you'd never know it... mostly because I won't reveal my actual birthday.

      But I'm not alone. For someone who was mostly educated through the received wisdom of Hollywood movies, I learned a lot about what The State could do to me. I watched "The Net" as if it were a documentary. I didn't brush my hair for weeks after watching "Gattaca." I spent months walking around my house, narrating my life after watching "The Truman Show," just to give Ed Harris more material to edit.

      I wish these stories weren't true. But in the grim near future of "Demolition Man" I know I would be the one hiding in the bathroom, away from the countless surveillance cameras, trying to stop people stealing my eyeballs.

      --
      It must have been something you assimilated. . . .
  2. Link to article by carlhaagen · · Score: 2, Informative

    https://www.cnet.com/news/how-...

  3. this is not enough. by Anonymous Coward · · Score: 5, Interesting

    The "black opal" idea is fairly ridiculous. Home IP + work IP is enough to uniquely identify someone. Simply tapping out at the airport might be enough to de-anonymize the card: passenger manifests are probably efficiently searchable by shrink-wrap surveillance software like Palantir's, and the small set of people departing the airport within a four-hour window plus some other weak bit of information is probably enough to uniquely identify you and thus all your past and future trips on that card. "Co-presence," this kind of correlation, is not exotic. It's the typical goal of these whole-take surveillance systems, so I would expect the attacks possible with it to be in use.

    In London I think you can turn in your Oyster card and get a refund in cash, which you can then use to get a new Oyster card a couple hours later with a different serial number, but of course nobody does that so it might be like wearing a kick-me sign to attempt evasion that way. I don't know.

    1. Re:this is not enough. by b0s0z0ku · · Score: 4, Insightful

      Australia doesn't actually require ID to fly domestically in all cases so manifests may or may not be accurate. Also, there are plenty of non-flyers going to the airport on any given day. Contractors, interviewees, people meeting friends/dropping them off, etc.

  4. always have a backup plan by pz · · Score: 5, Insightful

    This is exactly why you have TWO cards. One that you use only occasionally that is traceable and used only for emergencies, and one that you use mostly, which you top up with loads of cash (and cash only), and keep frelling topped up. If you're really paranoid, you cycle the cash-only one every month or two for a new one, and don't frelling worry about the last dollar-and-a-half when you ditch it.

    Basic engineering: make allowances for cockups.

    --

    Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
    1. Re:always have a backup plan by Zaelath · · Score: 2

      Yeah, that doesn't help if they tapped on with the wrong (low balance) card. The system is designed to allow you entry regardless, then deny you exit and hoover up that lovely penalty cash. Ka-ching, ka-ching!

    2. Re:always have a backup plan by b0s0z0ku · · Score: 3, Interesting

      Practically, a new card costs $1 with $4 of "hidden" credit. If you think of them as having $4 hidden credit, you should always use the negative credit if (say) you're a tourist who isn't planning on returning, Then leave the card lying around so someone can pick it up and not have to pay for a new card. Pay it forward.

    3. Re:always have a backup plan by tlhIngan · · Score: 2

      The system Vancouver (BC) uses allows for perfectly anonymous usage, with prepaid cards, as well as convenience modes where you can tie that card to a ID.

      You buy a card from a retailer (there are several) for $6. From there, you can head to a fare machine and put money on it, or buy a pass. You can pay by cash, credit card or debit card, but the former is preferable if you wish to remain anonymous.

      If you want convenience, you can create an account, and tie that card to yourself. Which means you can have the card "auto refill" itself by buying a new pass automatically so you don't have to line up to use the machine every month. Or if someone steals your pass, you can transfer the passes on the stolen card to your new card.

      You can also buy paper passes at the one-way-trip rate (a bit more expensive).

      Basically, you pick your level of anonymity and convenience you want - you can buy a pass and use cash to top it up and it'll work just fine. The transit company gets their tracking information but cannot tie it to anyone except through cameras. Or you can get it so you never have to wait in line to buy passes ever again and give them an ID and credit card.

      The cards are tied to a central system so balance faking is somewhat hard - you can't erase and rewrite them - the next you scan it through will rewrite it with what the central database tells it you have.

      (They are standard NFC. And later one, they're adding Apple Pay/Android Pay/Credit Card scanning at the gate, so if you really didn't want to wait at the machine, you can tap your credit card to get billed the one way trip rate. Because of this they're warning people to not tap their wallets on the machines in case it grabs the credit card instead of the passes.

    4. Re:always have a backup plan by thegarbz · · Score: 2

      If you think not catching public transport in some cities is easily worked around then you've obviously never driven in Sydney, or any city in Europe for that matter.

  5. Why hold a single "black opal" card for so long? by Nonesuch · · Score: 5, Insightful

    Why did she hold onto one single card for so long and keep topping it up?

    You'd think somebody who was truly paranoid would have multiple cards, and routinely discard older cards and acquire new cards through unorthodox means. For example, if you hang out at the airport outside the "tap off" exit from the train, you can find a lot of tourists who are flying out and just want to discard their old transit card. Or put just enough to "tap on" (there's usually a minimum balance to enter the train station) on your old cards, and then find homeless people who have a near-zero-value card and trade with them-- they get into the station, you get a new anonymous card with some random travel history on it.

    --

    I do not deploy Linux. Ever.
  6. Re:Is there a mechanism for lost cards? by b0s0z0ku · · Score: 2, Informative

    Sure they do -- if they're in Boston :) https://www.youtube.com/watch?...

  7. Re:Is there a mechanism for lost cards? by Zaelath · · Score: 3, Informative

    Yeah, no. In Australia (even if you have registered your card, bought a monthly card that only needs to tap on for statistics purposes, and have a clear pattern of travelling from Stop A to Stop B and vice versa every day) what happens if you forget to tap on at the start, or lose your card on the journey, is they fine you $200-238.

    To stress that, this is even when you've already paid but just forgot to tap on.

    Arseholes.

  8. Tap-off loophole by ben_kelley · · Score: 5, Informative

    A little known loophole: Your Opal card can go into negative balance. So long as you have enough balance to tap on, you can always tap-off. Tap on with $2.50 credit, tap off for $17.76, throw the card away and get another one. Simples! (You have been living off the grid for 2 years but you didn't know this? Hmm...)

  9. How to get noticed 101 by fahrbot-bot · · Score: 5, Insightful

    Buy your transport card. Pay cash. Top up with cash (preferably in a new location each time). Never register it. Never link it to your credit or debit card. Live off the grid. Stay away from The Man.

    Ya, because acting like that isn't suspicious. "The Man" knows someone is paying for that unregistered, un-linked card w/cash, at different locations. They know the card number, they know where and when it was reloaded and used. They have CCTV cameras. They have a picture of you from somewhere you used it and, if you have any official ID -- driver license, passport, etc... -- they can match them up. They know who you are, what you're doing and where you're doing it. They have devices to identify the mobile phone(s) you're carrying and can track them if they want to.

    Either they've been tracking you all this time or determined that you're an idiot and have been ignoring you all this time.

    Why do you think businesses and governments encourage, and make it easy to use, electronic payment systems over cash? Identification and tracking.

    --
    It must have been something you assimilated. . . .
    1. Re:How to get noticed 101 by Anonymous Coward · · Score: 5, Insightful

      "Suspicious pattern of camouflaged activity" only causes scrutiny when the pattern's components are (somehow) assembled to a single name.

      99% of the system ("The Man") isn't a man. Half your post describes systems that require a human operator, which only happens AFTER a motivating cause for them. Automated logging costs effectively nothing.

      > they have been ignoring you all this time.
      Computers don't "ignore" logs, they just dump hoover dump dragnet dump scoop dump. Even if the data isn't useful. Same goes for every commercial industry, particularly anything in mobile OSs. "Logging costs nothing. Keep everything, maybe we'll contract an interpreter later to figure out this shit."

      Logging != monitoring, only the most concerning PoIs get the latter. Resisting mass dragnets is an exercise against algorithms, not people. And results aren't a binary outcome, they're a spectrum. This really should be more obvious.

  10. Why are Australians so concerned about privacy? by Applehu+Akbar · · Score: 2

    This is a serious question. Whenever a US data privacy debate pops up online, Australians seem to weigh in with Europeans in calling privacy a paranoid American concern. When the government told them to turn in their guns, they did so in concern for the greater good. Why not agree to have their movements tracked and their telephony metadata archived? It's for the greater good too, isn't it?

    1. Re:Why are Australians so concerned about privacy? by b0s0z0ku · · Score: 3, Insightful

      If anything, Europeans are MORE concerned about privacy than Americans.

      The EU actually put data-privacy and retention limits in place. Germany is still largely a cash economy BECAUSE people value their privacy. (holdover from WW2?)

  11. Okay, no. by fahrbot-bot · · Score: 5, Insightful
    The TFA subtitle:

    They called me the nameless one, the ghost who commutes, the silent passenger who refused to get an Opal transport card.

    I doubt "they" called you any of those things -- especially since you actually *had* an Opal transport card (that you simply paid for w/cash).

    I'm going to call you "pretentious".

    --
    It must have been something you assimilated. . . .
  12. Re:Is there a mechanism for lost cards? by omnichad · · Score: 3, Insightful

    The original card's entire history was tied to a real person with one single card transaction. That's the big loss.

  13. Re:Is there a mechanism for lost cards? by b0s0z0ku · · Score: 2

    No, I was talking about "losing" the cash card, then using whatever mechanism they have, so people who dropped their card on the train can still get out.

  14. depends by harvey+the+nerd · · Score: 2

    Depends on how criminal the State is.
    At some point to be law abiding means abetting crimes, even murder, and/or being suicidal.
    At some point many States want more than you earn, stealing your savings.
    Some slaves, with enough goodwill, courage and intelligence, successfully escape.

    1. Re:depends by rtb61 · · Score: 4, Insightful

      It's a choice, a free choice, one that should not be taken away, the individual right to live a private life, ohhh, the sheer outrageous evil of that thought apparently.

      Trying to live a private life is difficult at this time because of just so many psychopathic control freaks in position of power, being able to pry into others lives, feeds their ego, their sexual perversions, it is their nature, from primary school to adulthood, the same perverse behaviour, a real sickness.

      In this age, you stay private by creating false information a flood of false data and preferably get your electronic device to do it for you. Create 100 times as much data, as your actual behaviour would generate, 1% truth mixed in with 99% lies and let them try to datamine that. False associations, false behaviour, false contacts, a sea of bullshit they have to wade through at high cost, only to discover they have eliminated the truth by accident along they way because they were looking for negative outcomes and created them, only to find they were not real.

      More FOSS tools need to be created to poison databases and hopelessly corrupt data mining. Every venue of digital contact should be flooded with 100 times as many fictitious data contacts. A ocean of data motion, rather than just tapping into your private stream, of data flow. All you social media should be done in fantasy mode, a toon you create to interact with others toons or a broader scale (a really imaginative toon, that you express yourself with, so nothing wrong with presenting yourself as a blue century egg https://en.wikipedia.org/wiki/... with no gender as yet, with a bent for space piracy and a fervent supporter of Hillary Clinton for World President and all who oppose her are deplorables and should die horribly, it should make no difference in reality, something to laugh at and have fun with, to mock and deride, not life or death), linked to alternate encrypted contact methods.

      --
      Chaos - everything, everywhere, everywhen
    2. Re:depends by Cederic · · Score: 2, Insightful

      Australia has a horrific past for human rights, especially if you're born black and native.

      Even now they're terribly nanny state and I wouldn't be surprised to find out there continue to be dodgy policies that just aren't being made public.

  15. Re:One seriously stupid woman by kaptink · · Score: 2

    Card credit expires in 30 days from memory

    --
    Those who can, do. Those who cannot, sue.
  16. Comment removed by account_deleted · · Score: 2

    Comment removed based on user account deletion

  17. Re: Is there a mechanism for lost cards? by c6gunner · · Score: 3, Funny

    It's $200 AUD. That's like $1.50 US.

  18. Re:Please explain your *METADATA* in this context by Calydor · · Score: 2

    In this case it's simple.

    The card likely has a unique ID, otherwise the system falls apart. This ID is flagged as having no credit card attached, which is a curiosity.

    The card is used in cities A(delaide), S(ydney) and C(anberra). Cross-reference ATM withdrawals on cards NOT attached to an Opal card in those cities within, say, two hours of the Opal card being used.

    Bam, after four or five withdrawals the Man has narrowed the list down to very few suspects.

    --
    -=This sig has nothing to do with my comment. Move along now=-
  19. Re:No Problem in Bellingham, Washington by mallyn · · Score: 2
    I would like to please disagree with your assessment of Bellingham. I have been here two years (in retirement from being a security consultant at Intel in Oregon) and I have nothing but good experiences here. I am both a gay and a bicyclist as well as an artist (www.allyn.com) and an engineer; and I have had absolutely no problems with the Bellingham Police. About 95 percent of the people I associate with (groups that I belong to include the Spark Museum, the Bellingham Unitarian Fellowship, the Community Boating Center, Bellingham Access Television, among others.

    I am currently undergoing radiation treatment at the cancer center here and I have nothing but good things to say about them. They are an excellent facility, especially for a city of our size (85,000).

    Bellingham is excellent for outdoor activity. I live close to downtown, but I can bicycle for less that 1/2 hour and be in open countryside.

    I know the job market sucks, but for a retiree like myself, I find very little fault with this town.

    Mark Allyn

    --
    Most Respectfully Yours Mark Allyn Bellingham, Washington
  20. Be a tourist by MooseTick · · Score: 2

    Couldn't she have just bought a NEW card list a tourist would and then ditch it? At best, the "man" could determine she visited the airport once in her life. She could have also called a cab, had them take her to an ATM, and then paid cash. Or, she could have walked. Or, she could have called a friend/family.

    --
    Ninjas don't carry tic tacs