The first fare gates have been installed in Vancouver and a photo-op was held at the Marine Drive Skytrain station a couple of weeks ago. There’s been a lot of controversy about the system- radicals think it is unfair to force poor people to pay for their rides, and others are concerned about slowing down traffic. But, one of the more important issues has got very little coverage in the mainstream media- privacy.
Translink’s Chief Operating Officer, Doug Kelsey, says that the fare gates will make the transit system safer for commuters- what does he mean by that? In all my research, I haven’t seen an explanation. My instincts, and experience designing London’s toll road system in the UK, get me thinking this is related to the privacy issue. And, this may not make us safer.
The Translink Compass card is a radio frequency ID (RFID) card that enables passengers to swipe their card over the transit turnstile without having to physically touch the scanner. This is extremely convenient, and makes for faster passage through the turnstiles- but, it also introduces new challenges with privacy and personal security.
Let’s start with the basics. Carrying an RFID card in your pocket will make you identifiable. It won’t contain your name and personal information, but it is a unique identifier that can be scanned by someone walking next to you, or a building that has a scanner at the entrance. That said, most people won’t have to worry about that- only the most paranoid.
But, the Compass card does connect to a set of computer servers at Translink- and, this is where many people should start to be concerned about their privacy. If you pay for your card with cash, and recharge your credits with cash, your card will be rather private. But, if you buy credits on your Compass card using a credit or debit card, your personal identification will be linked in the back-end computers. And, if you register your card with Translink (in case it is lost or stolen), your personal information will also be stored in their computers.
What will also be stored in Translink’s computers will be a historical record of each time you have used your card to swipe-in, swipe-out, or recharge it. The data stored will include time, date, location and method of payment. Here’s where things can get interesting- if you are charged, or accused of a crime, this data could be used against you. So, if you are planning to literally get away with murder, don’t use a Compass card to get you to and from the scene of the crime.
But, you bought your card with cash, and never registered your name- so, you can feel free using your Compass card getting home from the scene of the crime, right? Well, don’t carry that card in your wallet, the authorities can still track where you were if they find it in your pocket. It works in the reverse too.
In London, where their Oyster card uses the same system as Vancouver’s, a lawyer named Tom ap Rhys Pryce was robbed and murdered on his way home from the train station. The killers stole his mobile phone and his Oyster card- this was their big mistake. When one of the killers used his Oyster card to take a trip, the station’s CCTV system captured their picture as they passed through the turnstile. Rhys Pryce’s card was registered with Transport For London (the organization I was working for when designing the road toll system), so the police had an easy time identifying one of the murderers.
If you’re not a murderer or criminal you don’t have anything to worry about- right? Well, perhaps not- are you cheating on your spouse? Well, the data in your Compass card could be used to prove this. And, perhaps if you lied about being sick and went to Wreck Beach for the day? Hopefully your employer won’t be asking for this information. There are many ways the data in your Compass card can cause you problems- use your imagination.
Okay, but we can trust the government to treat our data with respect- right? Well, what about the company that created the Compass card computers? The technology is created by a company called Cubic Transportation Systems, and it turns out there are a lot of open questions about who is behind this company.
If you have been following the news lately you may have heard of the Trapwire scandal. Trapwire is a ‘counter-terrorism’ system that combines publicly placed digital cameras and data mining software to ‘predict’ when people may be about to commit a crime. This is scary stuff- as Philip K Dick called it in Minority Report, precrime. Trapwire is run by a company called Abraxas Applications. They also have a product that tracks relationships on social media.
A story came out recently linking Cubic to Trapwire- but, Cubic came out with a denial that they were connected. But, according to research by Cryptome.org, Trapwire is headquartered at the same address as Cubic, and some of the same people are on their board of directors. So, despite their denial, these companies are closely connected. Their customers include most of the major police and national security agencies in the western world.
So, is your Compass card connected to international security & police agencies? There’s no evidence that Cubic has allowed their transit pass systems to be connected to the Compass card system- the connections have only recently been discovered, and the connections are still murky.
That said, it’s entirely possible the systems are connected or could be connected in the future. If you want an example of this, have a look at the telecom industry- telecom billing and phone tapping systems have been connected to poice and intelligence agencies for years now.
As citizens, it’s our job to be aware of what it happening with our data, and to hold the government to be responsible to fully disclose what is being with it. Questions like who has access, where is the data stored, and in what circumstances will it be allowed to be used need to be answered. Today’s implementation of the Compass card may be benign- but, in the future, it could become very scary…