Will Vancouver’s New Transit Passes Be Spying On You? (And, who has access?)

Translink’s new fare gates…

The first fare gates have been installed in Vancouver and a photo-op was held at the Marine Drive Skytrain station a couple of weeks ago. There’s been a lot of controversy about the system- radicals think it is unfair to force poor people to pay for their rides, and others are concerned about slowing down traffic. But, one of the more important issues has got very little coverage in the mainstream media- privacy.

Translink’s Chief Operating Officer, Doug Kelsey, says that the fare gates will make the transit system safer for commuters- what does he mean by that? In all my research, I haven’t seen an explanation. My instincts, and experience designing London’s toll road system in the UK, get me thinking this is related to the privacy issue. And, this may not make us safer.

The Translink Compass card is a radio frequency ID (RFID) card that enables passengers to swipe their card over the transit turnstile without having to physically touch the scanner. This is extremely convenient, and makes for faster passage through the turnstiles- but, it also introduces new challenges with privacy and personal security.

Let’s start with the basics. Carrying an RFID card in your pocket will make you identifiable. It won’t contain your name and personal information, but it is a unique identifier that can be scanned by someone walking next to you, or a building that has a scanner at the entrance. That said, most people won’t have to worry about that- only the most paranoid.

But, the Compass card does connect to a set of computer servers at Translink- and, this is where many people should start to be concerned about their privacy. If you pay for your card with cash, and recharge your credits with cash, your card will be rather private. But, if you buy credits on your Compass card using a credit or debit card, your personal identification will be linked in the back-end computers. And, if you register your card with Translink (in case it is lost or stolen), your personal information will also be stored in their computers.

What will also be stored in Translink’s computers will be a historical record of each time you have used your card to swipe-in, swipe-out, or recharge it. The data stored will include time, date, location and method of payment. Here’s where things can get interesting- if you are charged, or accused of a crime, this data could be used against you. So, if you are planning to literally get away with murder, don’t use a Compass card to get you to and from the scene of the crime.

But, you bought your card with cash, and never registered your name- so, you can feel free using your Compass card getting home from the scene of the crime, right? Well, don’t carry that card in your wallet, the authorities can still track where you were if they find it in your pocket. It works in the reverse too.

In London, where their Oyster card uses the same system as Vancouver’s, a lawyer named Tom ap Rhys Pryce was robbed and murdered on his way home from the train station. The killers stole his mobile phone and his Oyster card- this was their big mistake. When one of the killers used his Oyster card to take a trip, the station’s CCTV system captured their picture as they passed through the turnstile. Rhys Pryce’s card was registered with Transport For London (the organization I was working for when designing the road toll system), so the police had an easy time identifying one of the murderers.

If you’re not a murderer or criminal you don’t have anything to worry about- right? Well, perhaps not- are you cheating on your spouse? Well, the data in your Compass card could be used to prove this. And, perhaps if you lied about being sick and went to Wreck Beach for the day? Hopefully your employer won’t be asking for this information. There are many ways the data in your Compass card can cause you problems- use your imagination.

Okay, but we can trust the government to treat our data with respect- right? Well, what about the company that created the Compass card computers? The technology is created by a company called Cubic Transportation Systems, and it turns out there are a lot of open questions about who is behind this company.

If you have been following the news lately you may have heard of the Trapwire scandal. Trapwire is a ‘counter-terrorism’ system that combines publicly placed digital cameras and data mining software to ‘predict’ when people may be about to commit a crime. This is scary stuff- as Philip K Dick called it in Minority Report, precrime. Trapwire is run by a company called Abraxas Applications. They also have a product that tracks relationships on social media.

A story came out recently linking Cubic to Trapwire- but, Cubic came out with a denial that they were connected. But, according to research by Cryptome.org, Trapwire is headquartered at the same address as Cubic, and some of the same people are on their board of directors. So, despite their denial, these companies are closely connected. Their customers include most of the major police and national security agencies in the western world.

So, is your Compass card connected to international security & police agencies? There’s no evidence that Cubic has allowed their transit pass systems to be connected to the Compass card system- the connections have only recently been discovered, and the connections are still murky.

That said, it’s entirely possible the systems are connected or could be connected in the future. If you want an example of this, have a look at the telecom industry- telecom billing and phone tapping systems have been connected to poice and intelligence agencies for years now.

As citizens, it’s our job to be aware of what it happening with our data, and to hold the government to be responsible to fully disclose what is being with it. Questions like who has access, where is the data stored, and in what circumstances will it be allowed to be used need to be answered. Today’s implementation of the Compass card may be benign- but, in the future, it could become very scary…

Permanent link to this article: http://www.genuinewitty.com/2012/08/22/will-vancouvers-new-transit-passes-be-spying-on-you-and-who-has-access/

21 comments

Skip to comment form

  1. Sure. Use your imagination. I had to connect to your WP via FB, WP, or TW accounts. So much for privacy :p.

    That said, I think everyone takes the whole privacy issue waaay too far into left field without understanding any of the implications.
    I want a rapist/murderer stupid enough to steal your RFID enabled card, to get caught. I want to be able to track potential “terrorists” (though I use that word very carefully as it’s so goddamn loaded) movements through public transit. There are a few problems here though.
    1. Governments are notoriously disorganized and slow. Even if they had the data, you could be confident that Canadian authorities wouldn’t have a system in place to properly track anyone.
    2. Assuming you’re not a murderer/rapist or generally an asshole, what do you care if a computer keeps track of your movement? The issue should be “what is this information being used for”. I firmly support the collection of all data, personal or not, if for no other reason than statistical analysis. Tracking peoples movements on public transit, if properly analysed, could result in dramatically more efficient service at a dramatically decreased cost. In practice, this probably won’t happen but ya know… We’re talking about imagination here right?
    3. You’re probably already carrying heaps of RFIDS. Every bank/credit card issued in the past 6 years has an RFID as well as a little chip used for decryption purposes. They can be scanned from a few feet away with the right equipment. If your’e right underground, you’re still being tracked by cameras everywhere you go. I doubt the Canadian govt. has a handle on this. They’re probably NOT doing a good enough job to warrant any concern from the public, but they COULD if … well, they hired me. Traffic cameras in the US are all linked to a central DC where everything is run through facial recognition (read carnivore) to track you wherever you go. Again, exists, but is clearly not utilized correctly.
    4. What are you worried about? The gummint’s goona single you out and follow you around? a. They have neither the technology nor the know-how. I could do this, as could any decent hacker, but the government certainly can not (I know this from personal experience). b. Why would they invest time/money into tracking you? Because you cheat on your wife? If I was married, my wife would be able to track me. If she could not, we’d be getting divorced anyway. You can always hire a private investigator for relatively cheap.

    Long short, I strongly suspect that people are more worried about their “feelings” with regards to privacy and the invasion of such (even when it’s not an invasion whatsoever), and nearly everyone else has done something that warrants their loss of the right to privacy. I don’t want to live in a police state. I do shit all day that the government doesn’t want me doing, but certainly nothing immoral or “wrong”. I do worry that I’ll eventually be incarcerated for doing what I believe to be “most right” while the government disagrees, but RFID enabled mass transit passes aren’t going to be the final word in my eventual demise, I am sure.

  2. First, let’s note that your blog is a great bit of analysis because it clearly defines the issues that people SHOULD think about with Compass or any other eletronic system that records and stores your transactions. We at TransLink are familiar with these concerns — similar ones emerged when our namesake in Brisbane Australia launched their electronic fare card (see brisbanetimes.com.au on July 30 2010 for an article on the subject).

    Our intention is to first of all be very clear about the information being collected, how it is stored, for how long and who has access to it for what purposes. TransLink is required to do a Privacy Impact Assessment that answers these questions and we must abide by the law as set down in BC’s FOIPP legislation. But beyond all that, we simply don’t want to do anything that gets in the way of Compass being a big success and a real value-add for transit customers. We will get back to you with specifics on how it’s all going to work.

    • Tamara D. on August 23, 2012 at 00:49
    • Reply

    Compass may eventually give into pressure (if they haven’t already) and share their data files that the average person would find a violation of their privacy as well as unnecessary. It seems that our privacy is being threatened and as for the “feeling” of privacy loss, doesn’t it cause a person stress when they are put under pressure privacy wise? Human need privacy at some level, we are not a hive-mind, we are individuals within communities… Some people are not willing to give up as much privacy as others and it will cause them stress, which can result in them becoming physically and mentally ill.. and to assume that most “normal” people wouldn’t become ill is a dangerous assumption. It has been proven time and again that people do not respond exactly the same to situations, they have different learning styles, different tastes, etc. To force everyone under a blanket assumption doesn’t work, and besides… how do we know the tech will be used for non-corrupt purposes when in other countries considered regimes they have far-reaching and very invasive security measures? This stuff can be used for corrupt purposes and we should not dismiss that possibility because to do so would mean we couldn’t stop it if someone DID try to use it for corrupt purposes… since history (and current world events) show people have done so. Also why should some people (who haven’t even been found guilty of anything BUT wanting privacy) be forced to lose it? Terrorists? What terrorists? It’s been 11 years and they are pushing for more and more invasive technology but there haven’t been any attacks here in Canada.. have there? I mean one where the CIA or FBI or CSIS wasn’t involved? I mean, those signs in the TTC about suspicious packages, where they even have 2 of the same signs side-by side… They are going way over the top. If I find a bag sitting on the platform or on a subway I’m gonna just look inside… that’s what we used to do, take it to the lost and found or something. Now if you forget you shopping bag people are actually scared that there’s a bomb in there… it’s ridiculous!!

    You think people are taking their privacy too serious, I think it’s just the opposite… There are not terrorists under every rock, but people are still afraid! The odds of getting killed by many, many other everyday events is far, far higher… As for tracking terrorists, take a look in the the Fast and Furious situation.. And this article which shows that terror attacks in history were carried out by the people supposedly fighting terrorists! To start wars and such…

    http://georgewashington2.blogspot.co.uk/2010/02/governments-have-admitted-that-they.html

    Look closely on the article, there are links to each part that says government and agencies admit to their actions.

    So when the conspiracy theory people say they suspect a false flag event, they have reason to… through-out history governments have done it! What does this have to do with worrying about being tracked etc? If governments are willing to do these things it mean we are all expendable. We can be used, despite any rights we have, we can be killed for an agenda. I do NOT accept that. I do NOT condone it. We shouldn’t let governments get away with creating terror, not even our own. They expect us to keep giving up our rights for “national security” but set up events to make us think we’re being attacked in order to justify things… So I am not willing to give up my privacy because I cannot trust those who ask me to because they are not trustworthy. Once they stop playing these terror games then maybe I will consider it… Until then, I refuse.

    1. @TamaraD, are you more worried about soft data being collected about the holder of your transit pass, or someone following you around and sticking camera’s in your bathroom?
      Just because more data is available, doesn’t mean it’s going to be used. Every time you use your bank card, you’re giving several organizations your data. By posting a reply on this site you’re waiving your right to privacy. If you posted this from home, I could probably, within’ about 20 minutes, figure out where you live and start watching all your internet and phone traffic. Anyone with a little experience and know how could track you down to your door and watch your every move.
      So, are you really worried about soft, mostly anonymous data being collected about how people use transit?

      1. I’d think it beneficial to be able to track someone who’s stalking you :p.

  3. meh eventually they will attach it with other credentials to this new universal id scam bc is calling mandatory and starting to be rolled out this november. When they phase out cash you won’t have a choice regarding those privacy concerns because it will already be too late.

    1. But still no one’s going to answer my original question, which was “what is your actual concern?”.

      I ask all the time what peoples issue is with something like drunk driving. The answer 99% of the time is “it’s illegal”. Clearly, 99% of people have never thought about the “why” of it all.

      So in this case, what is everyone actually worried about? There are legitimate concerns, but I’m very curious to know what YOUR concerns are. Anyone?

        • Tamara D. on August 23, 2012 at 18:00
        • Reply

        I have been watching and reading various alternative (and even mainstream) media suites… there is technology and systems being set up to track people even in their homes. I do not trust any of them because I do not trust our leaders. Have you heard of trapwire? How about Google going around and taking data using trucks from people’s personal computers through wi fi?

        http://rt.com/usa/news/stratfor-trapwire-abraxas-wikileaks-313/

        http://www.dailymail.co.uk/news/article-2150606/Google-deliberately-stole-information-executives-covered-years.html

        What about Intellistreets? Have you heard of that? Take a look:

        http://rt.com/usa/news/harwood-intellistreets-hills-farmington-321/

        There’s alot more.. Drones are also going to be used for surveillance, facial recognition software can track you where ever there is a camera in a city, or even across the country once it is all set up. We have to be VERY careful with all this!! Intellistreets, for instance, is being rolled out in various cities in the US, Trapwire even has a connection in Ottawa and with the RCMP… The CIA chief even said they’ll spy on you through your appliances

        http://www.wired.com/dangerroom/2012/03/petraeus-tv-remote/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

        You can, if these links don’t work, type in the content in them as keywords and find the articles through google… there is alot more but this is a good start. I am very worried.

        1. I don’t trust our “leaders” any more than you, but I think you have far too much faith in their intelligence and worry too much about their interest in you. I do shit that is waaay outside the bounds of Canadian law every day, I do it quite publicly, I mock the authorities and hired goons on a regular basis. If they’d be interested in anyone, it’d be me, yet their largest expenditure on me was to send a few unmarked cruisers to park in front of my house for the last few weeks of, and 8 weeks following Occupy Vancouver. They weren’t even capable of doing that right. I’d walk right up and say hello every time I left or arrived home and they’d drive away and replace themselves with a new car. Meanwhile, I have about 9TB of media from OV, some of it pretty damning with regards to government officials making asses of themselves, while downloading about 300GB a day of “pirated” media. Sure, I check my WAN connection every once in a while to see if anyone’s bothered to take interest in my traffic, but no such luck.

          The whole “google stealing your data” thing was almost all media hype. What actually occurred was that Google’s streetview cars kept a log of all Wireless AP’s they drove by, to cross reference against GPS. They implemented this data into Android for faster and more reliable GPS locks. Works pretty well. The allegations that they were monitoring your connections and storing passwords was completely baseless. Also, why would Google bother stealing your passwords by driving by your house? Odds are they already store your data on their servers, and you’d be awfully silly to believe they couldn’t simply open it up for a read. Why send a car and driver to steal data they already have? Google’s not that stupid. If they wanted your data, they already had it. The whole story was sensationalized by the media, and all those who enjoy a good conspiracy picked it up and ran with it.

          The only concern for me, with regards to surveillance, is that we have unjust, idiotic, senseless laws that protect no one from anything, but do manage to put me in jail. I don’t want to go to jail for doing absolutely nothing wrong. If I want to overthrow my government, that is my right as a Canadian. With the right surveillance, the government could pick me up before I became a real threat. Fortunately for me, they’re 20 years behind me in technology so they probably don’t even know my name.

          That said, I strongly support surveillance in general. There are heaps of people who do all sorts of shitty shit that I’d like stopped. The data tells the story quite well and can be used to eliminate real crime. Can also be used to make transit more efficient.

          Also, cash is THEIR device, not yours. Cash is not untraceable at all :). You do notice it’s all serialized right?

    • Tamara D. on August 23, 2012 at 17:43
    • Reply

    I don’t want to stop using cash :(

  4. Hi Tamara,

    Cash will continue to be accepted at the bus farebox and at ticket vending machines at SkyTrain, SeaBus and West Coast Express. If you do get a Compass card, you’ll have the option to not register it and be anonymous. The system will know that ‘someone’ tapped in and tapped out at various locations,and will put that info into the Big Data aggregation of system use. But the system will have no idea who the individual was.

    Even if someone took your Compass card and knew it was yours, registered or not, they would need to have legal authorization to access the trip data in a way that identified your movements. Again, this is the sort of issue that will be addressed in the Privacy Impact Assessment.

    1. Hi Ken,

      I believe, in London, that you can go online and see your travel history for your Oyster card. Will Vancouver have the same facility? If so, how secure is this, will you need a password, or just access to the card?

      How long will the data be held in the system- will there be an expiry date? If the police or government agencies ask to see the data will they require a search warrant, or just a simple request?

      Thanks,
      -Greg

      1. And on this topic, the code and infrastructure should all be open to public scrutiny. It’s our money paying for it, it’s our code, it’s our infrastructure. Gimme a look at it and I’ll tell you how everything breaks down. :)

    • Tamara D. on August 23, 2012 at 18:05
    • Reply

    I’ve tried answering you Ben, but my comment for some reason needs moderation… not happened like this since I first started commenting here… Why does it need to be moderated??? I didn’t swear or anything :(

    1. I was upgrading the plugin that makes the comments work, that’s probably why. I’ve approved your message now.

      And, Ben, I’m writing another article to answer your question- I have a lot to say about it, too much for the comments section…

        • Tamara D. on August 24, 2012 at 01:50
        • Reply

        Oh, OK. phew! :)

    • Standing Water on August 23, 2012 at 20:20
    • Reply

    The other issue is that the people of British Columbia have had over twenty years of customary use—being seised in common—of the skytrain. So these gates are, in a big way, a common nuisance. There’s no business case for them. This is an example of how University educated people make work for themselves and their buddies, nothing but 100% pure graft.

    As for what the issue with data collection is, information is valuable. Why a corporation should get to aggregate together data on transit use patterns, except through the voluntary and freely given consent of the ridership is totally beyond my comprehension. And, by the by, “give us your data or walk or drive” is not a “free and voluntary” consent.

    Given that there are cameras in all of the stations, this is a way to get face-data from people without their consent, and to aggregate it to an ID number, thereby forming digital profiles of individuals who may currently subsist without a state profile—using bus tickets, etc. etc. Currently those tickets don’t need to be scanned to enter a station, but once they are, bingo, facial data for everyone who uses any ticket. They want to steal your face.

    Letting rock musicians steal your face is one thing. Letting the Government steal your face, quite another.

    1. Don’t need an RFID to take your picture. Facial recognition is pretty near perfect at this point. There’s no necessity for the RFID to create a profile :). Just use your face. Can track your movements via facial recognition alone. Using the RFID is easier, but it’s also vulnerable to injection of bogus data (ie: trade cards with someone every few days. Harder to trade faces.)

        • Standing Water on August 24, 2012 at 09:56
        • Reply

        With visual data only, they can at best have expert witnesses review the images and state their conclusion as to identity. With RFID/integers being scanned at the same time as the face, they can be associated, and that shows the intention of the person whose face is being scanned to have himself identified with the RFID/integer. Indeed, in the legalese indemnity blather on the ticket/website/etc. they might even say something retarded like “by using this pass you consent to the collection of biometric data, for quality control purposes”, etc. etc.

        The tracking is one thing; use of evidence from tracking is another. We’re in a very dangerous situation right now, where most of the population is retarded enough to accept “computer identification”, that is, a computer can match two faces, and that’s a good match, no need for a human to testify, to be cross-examined, etc. etc.

        And the taking of pictures by Government, especially the logging of the data, is a tort, invasion of privacy. The bleating of ‘safety and security’ is insufficient. Cameras create a false sense of security—in reality, cameras can’t do anything but help with mop-up/morbidity and mortality. When something goes crazy wrong, a camera lets you paint a better picture of how it happened—perhaps. But a camera does not really allow for any rapid response to the sorts of incidents that have been used to skullfuck the populace into accepting cameras everywhere. None of this existed before 9/11 and the retardocracy we’re facing.

        A good way to tell a retard from a non-retard is to ask it how security means anything other than insurance. It does not. So, we’ve been taken over by people obsessed with gambling, that is, insurance. Welcome to CasinoWorld, where Security is Paramount, and by that we mean The House Always Wins!

        And then there is the graft issue—this system won’t save more in fare evasion than it costs because it costs more than fare evasion. Further, nobody is a fare evader until duly convicted. These faregates essentially preconvict people under a law that might not even apply to them, by excluding them from the use of their inheritance, i.e., the world and its improvements. Did you not know that the human family has common use of the entire world and all improvements?

  5. I think everyone is forgetting we are talking about public transit. Who owns public transit? THE PUBLIC!!!! WHY ARE WE PAYING AT ALL……. BECAUSE THEY ARE RIPPING US OFF…. That swiming pool you own, do you pay to use that. We don’t care if they sell off public assets in other cases because we don’t get to use them for free so we don’t know the difference but check out this link, and tell me where this idea came from http://www.consumerpurchasers.com

    • ssource on September 7, 2013 at 19:09
    • Reply

    Here’s one way to reduce the threat to privacy: eliminate the swipe when you get off. Then the system would only be able to store where you got on, not where you went.

    This would mean in turn that zone fares would have to be abandoned. But do they bring in all that much extra money anyway? and don’t they deter one of the main objects of having a public transit system, keeping people from bringing cars into the city?

    If zone fares and the swipe on getting off were eliminated, at least some privacy concerns would be addressed, and we might get less cars from the suburbs and more people on the buses as well.

What's your opinion?

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: