http://www.abc.net.au/news/2017-03-27/q ... on/8390492
Transperth's SmartRider tracking of passengers' movements sparks privacy fears
REBECCA TRIGGER
MON MAR 27 20:39:05 EST 2017
Close up of a SmartRider being used at a Perth train station.
PHOTO Transperth says its privacy policies about SmartRiders are available on the website.
SUPPLIED.
Perth's public transport authority is logging tens of thousands of people's travel patterns in an ever-growing database, in a move that has raised concerns from privacy advocates.
Key points:
SmartRider is being used to track and store personal information about passenger's movements
A privacy advocate has raised concerns about how it is used, and who the information is passed on to
But Transperth say their privacy policies are clear, and the data has already helped it recover $120,000 in unpaid fares
According to advertising by Transperth, the movements of people using the electronic payment system, SmartRider, are being logged, and then used to crack down on fare evaders.
Full fare paying customers can opt not to register their personal information, but concession card holders are registered automatically.
Privacy advocate Professor Roger Clarke said people should be concerned about both the collection of data, and the lack of clear communication by Transperth, when signing up for a SmartRider.
"I've gone to the website and looked as a passenger in Perth normally would, and I can't find anything that tells me the sort of information you would need to have in order to make a rational decision," he said.
"That's completely unacceptable under any data protection or privacy law anywhere in the world, there has to be clear communication as to what's being done."
He said government agencies must justify any collection and retention of data.
"It has to be done in public so people can assess," he said.
"We don't want to jump to conclusions to say 'no, none of this data needs to be kept', or 'no, none of this data should be used to fight fare evasion'.
"What matters is there is a sensible public discussion about what is and isn't done."
Professor Clarke said the data could be used or abused, and government agencies did not have a good track record.
"It leaks continuously," he said.
"We know that organisations a) don't take responsibility for the security of their data, and b) even when they try they fail, because it's extremely difficult to do data security well.
"Apart from which, many of these agencies are tempted to use that data for many other things.
"Clearly there's lots of potential marketing uses, there's lots of ways to manipulate people's behaviour, be it the government agency, be it the contractor operating the system on their behalf, be it a corporation that they're friends with.
"We need to get away from this idea we can trust all of these organisations."
'They didn't give us any warning'
Concession passenger Noel Dowsett, 61, said he was worried about the system.
"I just wonder what would they use that data for, and whose hands could it end up in. I don't like the idea of my movements being monitored," he said.
"They didn't give us any warning. When I purchased my original SmartRider ... there was no 'read these terms and conditions'."
But student Zianab Baboli, 22, said it was not important to her.
"I'm not worried," she said.
"It's a simple thing, because I'm just going home and to my school, [the] government knows about me ... it's not very important if [the] Government knows about this, where I'm going."
Policy made clear: Transperth
In a statement, Transperth said its privacy policies were clear and set out on their website.
Transperth's privacy policy stated that it records people's address, date of birth, travel details, credit and debit card numbers, content of emails, phone numbers, and public interest disclosure applications.
It stated personal information could be disclosed if required or authorised by or under law, and also to third parties including contractors, to provide certain services related to the Public Transport Authority.
The agreement stated it encrypted personal data collected.
The agency said their use of the data to crack down on fare evaders had netted more than $120,000 in lost revenue when people misused their cards.
"This involved looking at travel patterns and confirming that the person using the SmartRider was actually entitled to do so – this process was carried out face to face by our investigators," the statement said.
"We then used these records in the same way the police or another prosecuting agency would to prove an offence had occurred."
The data is stored indefinitely, the statement said.
The NSW Opal card is also used to track passenger movements, while the Myki system in Victoria has reportedly handed tracking information to police.