Anonymous Travel is Dead
Aug 29th, 2008 by sherri
Anonymous travel is dead. Even for subway riders who still use tokens and people who bicycle around town, the proliferation of cameras, facial recognition technology, biometrics and RFID tagging will render anonymity obsolete within a generation.
I believe the public’s next battleground is to gain control over what happens to our data, and how it’s used. Right now there is very little transparency. Transportation organizations are collecting a lot of information about people, and there is very little public input or disclosure regarding uses, length of storage time, or standards for securing this data.
Boston’s MBTA, for example, does not consider the CharlieCard’s serial number to be personal information, and it therefore reserves the right to store rider histories associated with each card indefinitely. Even when CharlieCards are obtained “anonymously” (not the majority) they can
always be linked to the financial transactions database which also stores the card serial number (ie. if you even once pay with credit card, your CharlieCard is not anonymous any more). The specifics aren’t publicized; this is information I obtained by doggedly calling the MBTA’s IT department.
I believe the public should have the following rights:
- Transportation organizations should be required to publicly disclose what data is collected about individuals, and how long that data is stored.
- Disabled people and senior citizens should have access to the same level of privacy as everyone else. (Right now in Boston, they cannot obtain a CharlieCard without having their personal information and photograph associated with the card and permanently stored by the MBTA.)
- The public should have regular input on how long personal data is stored and how it is managed.
- Individuals should be able to easily find out who has accessed their travel histories and the purpose of disclosure.
- Transportation organizations that store personal data should be subject to regular external audits to ensure that they are in compliance with standards, and that they have implemented appropriate measures to secure personal data. A summary of these results should be made public.
Personally, I don’t want to have a history of my travel stored in any database. Right now, purchasing a one-time CharlieTicket is a 30 cent surcharge per ride, but it is the only way to take the subway in Boston without creating a travel history. Privacy in public transportation should be equally accessible to all citizens, regardless of financial resources.
Sherri Davidoff
Another problem with passenger history is of course the potential for abuse. I can potentially create false alibies by having someone travel with my charlie card, then saying “I was on the subway, check my credit card -> charlie card activity”.
Taking a couple of steps back, it’s worth thinking about fundamental rights. Lots of us assume that privacy and anonymity are or ought to be inalienable rights, right up with there with life, liberty, property, and/or the pursuit of happiness. But of course these “rights” aren’t enshrined anywhere, such that lots of entities — from the MBTA right up to the U.S. Supreme Court — can and do point out that they don’t actually exist and are therefore subject to systematic, willful flouting.
So: what formal, historical legitimacy (if any) do these rights have, for example in common law? What might it take to get them explicitly recognized by a modern government?
(These questions may well have well-known answers; I’m being a lazy armchair commentator here, without, like, doing any actual research first.)
Interesting. And I’ll be curious to see what becomes of my recent complaint after a NYC MTA vending machine ate my $20 bill.
Last week, I attempted to refill a regular (not time-limited “weekly” or “monthly”) NYC MetroCard. This card had been leftover from a guest who had stayed with me a few weeks prior. The balance on the card was $9, and it had been left for me to use.
To reload the MetroCard, I chose an MTA vending machine, tapped the touch-screen choosing “refill card”, and then deposited my $20, which it ingested effortlessly. All of a sudden, the machine turned on me. It spit out the card, displayed a big red “Error” on the screen, and wouldn’t return my $20, or give me a receipt of my transaction. I examined the card carefully and noticed that one of the corners had been bent slightly, but I’m not convinced that this was a “card” malfunction vs. a vending machine mechanical failure. If it was a card failure, wouldn’t the machine at least have given me a receipt for the $20 that I’d deposited, and it kept?
I spoke with a nearby MTA clerk who was very kind and gave me a form to fill out to retrieve my $20. However, the form asks you to detail the history of the card in question, for example, when it was last used and where it was purchased. Being that this particular card had been left behind from a friend’s recent visit, I could only guess it had been bought at the station nearest my home. I did know that I had used the card earlier that same day, and it had worked just fine at that point.
I am waiting to hear back from the NYC MTA, and I do hope I get my $20 back, but after going through this process, I wonder how sophisticated their complaint database is against repeated attempts. I often see MetroCards on benches and turnstiles that others have left behind, and I am curious what controls are in place to keep someone from making repeated false complaints about malfunctions with some of those cards? For example, one could answer that the station where the card was found was where it had been purchased (fairly plausible-if a commuter, close to 50% chance?). And, since the card had been tossed most likely because it had run out, it’s pretty safe to guess that that was the last time/place the card had been used. There are other factors-maybe the owner had tried to use the card at that station but it had already run out at the previous station, or perhaps a commuter wouldn’t be as likely to toss their card, but instead refill it. I’m not a statistician, but I’m thinking the guess-factor could have a pretty high rate of return on this one?
If there are enough people who are concerned about this problem, why not have a card-swap? 10 people meet at the T, and each buys a $20 card, put all the cards in a hat and pick one out at random. - It’s legal - now let’s see who tries to stop it. Make sure the fact of the event is recorded - the fact that the event occurs is more important than the amount of actual data scrambling. If even a few of these occur regularly, the whole tracking system will be in doubt, and the legal validity voided. Yay! I’m there.
I agree with Scoop. We shouldn’t give up the fight against the intrusive technology. We should creatively and non-destructively make it less useful to our Overseers. We introduce noise and non-compliance: scrambled identification numbers, silly identification badges, pebbles in our shoes to foil gait-recognition, goofy eyeglasses to foil facial recognition, identification swapping, cheap cell-phone swapping, forgetfulness, and clumps of people doing these things at once, at one chokepoint, who don’t know one another but learned about the event on meetup.com or the like. All with a sense of humor.
David Brin in “The Transparent Society” makes the argument that the fight against the spying machines has been lost. We should, therefore, make all of everyone’s data available for public inspection, including the powerful people’s data.
The counter-argument persuades me. If we can’t get them to take down the cameras and databases, what makes you think we’ll get them to open up the databases? We are opposing powerful interests. Do not cede this ground. Cory Doctorow makes this counter-argument in his wonderful novel, “Little Brother.”
The man who becomes our new President in January of 2009 might not be able to dismantle the Surveillance State all by his lonesome. He might need some help. I am feeling patriotic!
The point you emphasize - that there are many ways our personal information is encroached on - is aptly put by your list of countermeasures, “scrambled identification numbers, silly identification badges, pebbles in our shoes to foil gait-recognition, goofy eyeglasses to foil facial recognition, identification swapping, cheap cell-phone swapping, forgetfulness” But the effect on me of your list was a feeling of helplessness. Must we become limping, forgetful, Harry Potter glasses wearers with silly badges, swapping our no doubt excessive ear wax on cheap phones? Really I was thinking of one countermeasure, for one encroachment. Swapping T-cards may seem futile, but the real countermeasure would be any attendant publicity. Spooks hate the light, or is it ‘freedom fades in the shade of secrecy’, or perhaps the old standby ‘act locally’ that catches my meaning best. Anyone else reading this? Should I set up a meetup? Who wants to be publicist?
See also the book “Kiln People” by David Brin.