Police using Oyster Card Data
12 March 2008In light of our recent results showing the security vulnerabilities in the Mifare Classic chip used in the London Transport Oyster card (and many other systems), this article about how the police use data collected from Oyster card users raises some interesting evidence and privacy concerns:
Police make 3,000 requests for data from Oyster cards, The Evening Standard, 21 February 2008.
Information obtained today by consumer magazine Which? shows that Transport for London received more than 3,100 requests from the police for passenger journey data between January and October last year.
Oyster cards were introduced five years ago and account for millions of journeys each day.
Which? today raised concerns about the apparent failure of Transport for London to make clear to passengers that their travel data will be stored for eight weeks at a time. It claims this is in breach of the Data Protection Act.
TfL says the information is required if journeys have to be refunded.
According to Which?, passengers signing up for an Oyster card are told their personal information is used for “the purposes of administration, customerservices and research”. However-there is no explanation that their bus, Tube and train journeys will be logged for up to two months.
Which? editor Neil Fowler said: “Which? is concerned that some private companies aren’t complying with the Data Protection Act and we urge them to tighten up their processes, so that consumers can be reassured that their data is in safe hands.”
Liberal Democrat mayoral candidate Brian Paddick said: “Companies increasingly have access to more and more of people’s personal details – and the public expect that data to be protected. It’s extremely worrying that every journey you make using Oystercard is recorded on TfL’s computer.