Myki and privacy
September 19, 2012 |
The Age ran an interesting piece on privacy and myki usage yesterday in Police handed data on myki users.
It provides:
Victoria’s public transport authority is increasingly handing over information about myki users’ movements to police, raising concerns that the smartcard is being used as a tracking device.
The Transport Ticketing Authority says police have made 113 requests about myki users since the smartcards were introduced in late 2009.
There have already been 71 requests for customer movements this year, more than three times the number of requests received last year.
Under the TTA’s privacy policy, police can make a written request for information about a customer’s movements without court oversight.
The policy states that personal information about myki customers will be handed to police when ”an authorised police officer certifies in writing that the disclosure is reasonably necessary for the enforcement of the criminal law”.
TTA chief executive Bernie Carolan said police were handed information only when justified. ”Strong privacy controls are maintained at the TTA and any release of data to, for example, the police is only granted when sufficient justification is given. Release of the data is always approved by TTA senior management,” he said.
The reusable smartcard is microchipped and collects information on the movements of about 2.2 million public transport users, including when and where they touch on and off.
Customers who register their myki card must provide their name and either a phone number or postal or email address. Some concession card holders must provide the TTA with their residential address.
Mr Carolan said the authority had declined police requests for customer information on nine occasions, including eight times this year. He would not provide details about why the requests had been declined, saying only they did not meet the required standard.
He said the increasing number of police requests was not surprising as many more people were now using myki.
Australian Privacy Foundation treasurer Jan Whitaker said the private information should not be collected in the first place and could be misused.
”There’s no reason to collect that data. It’s critical for those who can manage their private movement through space to be able to do so without tracking by the government,” she said.
Ms Whitaker said that while full-fee-paying users did not have to register and could remain anonymous, senior and concession card holders had to provide their personal details.
The TTA warns in its privacy policy that having an unregistered myki ”reduces the potential for the myki smartcard to be requested by third parties as ‘evidence of identity’.”
About 51 per cent of myki users, or 1.1 million people, have registered their cards.
In 2009 Liberty Victoria expressed concern about the cards being used as unofficial tracking devices.
The revelation is worrying enough. That police can approach a transport authority and ask for details. Just like that. Based on the story there is no formal application, no discernible paper trail. A policeman’s dream come true. The Authority determines unto itself whether to hand over those details based on some vague waffle disguised as guidelines (if I can abuse that word in such a way). No warrants, no legal criteria involved. Why worry about process issues let alone rigor in considering the privacy issues of the users. The real rub is that it is reasonable to asssume, almost a given, that the Authority wishes to have a good working relationship with the police. They are a presence at large stations, they have powers of arrest which are required from time to time and are a very powerful voice on matters of interest to the Authority; security, ease of transport and acceptable modes of behaviour. In that context even people of good will and the best of intentions are going to face difficulties in weighing the issues. What surprises me is that the Authority does not seem to be too worried about what is a clear policy and practical problem. Why? Perhaps because the Authority’s focus is on managing the transport system rather than dipping its toes into policy and legal problems associated with privacy. And that is fair enough, as far as it goes. Of course it does not deal with the glaring gap in privacy protections.
The World Today ran an interesting story on this issue yesterday. That included an interview with the Transport Ticketing Authority’s chief executive, Bernie Carolan. It is found here and provides:
ELEANOR HALL: In Melbourne, privacy advocates are warning today that the city’s public transport ticketing system is being used as a tracking device by police.
The introduction of smart-card ticketing systems in several states allows people to travel more easily. But it can also provide law enforcement agencies with tools for surveillance.
Privacy advocates are now calling for travellers’ information to be more closely guarded, as Simon Lauder reports from Melbourne.
SIMON LAUDER: There are already surveillance cameras on many city corners and for a long time bank or phone use details have been a tool to track activities and movements. But now train, tram and bus passengers are also logging their every move with the electronic ticket they use to come through these gates.
At Melbourne’s Flinders Street train station, some commuters don’t mind at all that they’re leaving an electronic trail – others are oblivious.
VOX POP 1: No, I didn’t know that. Oh well, you know, what have I got to hide.
VOX POP 2: Nothing. You can’t do anything these days without being tracked or seen.
VOX POP 3: No difficulty whatsoever, I don’t see any reason that if I’m not doing anything that I’ve got any concerns about why the device couldn’t be used to assist police in their inquiries.
VOX POP 4: Look I know practically nothing about it.
VOX POP 5: Why does the system have to know where you are, what trams you’re getting on, your patterns?
SIMON LAUDER: And for you, do you have something to hide or is it the principle?
VOX POP 5: It’s just the principle.
SIMON LAUDER: Melbourne’s Myki ticketing system has been controversial mainly for a major budget blow-out and massive delays. Now that it’s widely used across Melbourne, civil libertarians, including Spencer Zifcak, are concerned about privacy.
SPENCER ZIFCAK: It is almost inevitable that the police will seek to access that information at some stage or another in the course of law enforcement activity, whether justifiably or unjustifiably.
SIMON LAUDER: Myki cards can be registered to their user, so they can be returned if lost, but increasingly that information is being shared. The introduction of smart-card ticketing systems brings privacy concerns into public transport Australia-wide.
Graham Currie is a Professor of Public Transport at Monash University.
GRAHAM CURRIE: Perth, Adelaide and Brisbane have smart cards and Sydney is developing smart card technologies now.
SIMON LAUDER: Victoria’s Transport Ticketing Authority says police have made more than 100 requests for information about Myki users since the system was introduced in late 2009. Most of those requests were made this year. Nine requests have been turned down.
The president of Liberty Victoria, Spencer Zifcak, says there should be independent oversight of those requests.
SPENCER ZIFCAK: These requests ought to be determined by an independent authority, whether a judge or a magistrate or a tribunal member before they are granted.
SIMON LAUDER: The authority says it has declined police requests on some occasions.
SPENCER ZIFCAK: That’s right, but what we’re talking about there is an assessment of a request, not by a judicial officer but by a public servant and that is simply inadequate.
SIMON LAUDER: The president of the Australian Council of Civil Liberties, Terry O’Gorman, says he’s concerned that police have also accessed the travel records of some commuters in Brisbane.
TERRY O’GORMAN: We in the Civil Liberties Council object to that being done without there first being obtained a magistrate’s warrant, because we say, simply because you are forced to use electronic ticketing does not mean that you give up your privacy.
It’s a very unusual person who even knows that they’re in effect giving permission for their travel records to be accessed by the police without any sort of court supervision, no sort of judicial supervision, no sort of probable cause needed to be shown by the police before that information can be obtained.
SIMON LAUDER: Professor Graham Currie backs the call for independent oversight, but he supports the use of passenger information by police.
GRAHAM CURRIE: I broadly support the appropriate use of this data and this is the key question, what’s appropriate. Having people who do illegal things around is bad and we should try and catch them.
I think if we have nothing to fear, there’s nothing wrong with this ability to monitor people.
SIMON LAUDER: In Victoria it’s the public transport authority which decides what amounts to appropriate use of its passenger data and that’s governed by a privacy policy.
The Transport Ticketing Authority’s chief executive, Bernie Carolan, says not many of Melbourne’s millions of public transport users are affected.
BERNIE CAROLAN: In shorthand, the police need to be able to prove that the case is serious, that it justifies release of the data and that the data is relevant, the travel data is actually relevant to the case in question.
So that’s the essence of it.
SIMON LAUDER: So who at the Transport Ticketing Authority makes an assessment of whether the police request is reasonable?
BERNIE CAROLAN: It has to be one of our senior managers, so sometimes it comes right through to me as chief executive officer, and certainly a few of the individual requests that I personally have seen and approved are serious matters that I support releasing the data to, you know, to see if the individual deserves to have the police action taken against them.
ELEANOR HALL: That’s the chief executive of Victoria’s Transport Ticketing Authority, Bernie Carolan, speaking to Simon Lauder.
At best the system Carolan describes is appallingly lassez faire with his users personal information. He sets the criteria as:
In shorthand, the police need to be able to prove that the case is serious, that it justifies release of the data and that the data is relevant, the travel data is actually relevant to the case in question.
So that’s the essence of it.
So what does the police have to do? Do they have to set out the nature of the alleged crime? What is serious? Is it an indictable offence or a summary offence. In what context do they have to identify the person of interest, a suspect or a witness. Is it a matter of convenience to the police or necessity. What exactly does relevant mean? And who determines it? Is it considered soley by the executives of the Authority (and which ones and why those individuals) or is there some legal input into the process. What is relevant to a hard pressed executive with no legal training and a lawyer (not to mention a Magistrate) are often two different things in the normal course. Carolan’s description, the essence of it in his words, is waffle and begs more questions than it asks. What it may do is hide very unfortunate lack of protections on very private data. Because the police want some information does not mean they should get it. That is why warrants exist. The police should justify their request against a legal criteria, as is the case with the warrants process. Police asking for information from an Authority which works closely with them and needs their co operation on a daily basis is likely to be an easier task than seeking permission to access that material from a disinterested party who looks at all the issues, or at least should. That a senior manager should be charged with this responsibility is poor public policy. That they exercise this power with such vague guidelines described by Mr Carolan is a disgrace.
The Age reports Carolan as saying:
”Strong privacy controls are maintained at the TTA and any release of data to, for example, the police is only granted when sufficient justification is given. Release of the data is always approved by TTA senior management,” he said.
If Bernie Carolan is properly quoted and believes what he reportedly says then he needs to get out more. He displays very little understanding of the concept of privacy and what privacy controls actually are and do.