On 16 Feb, 08:29, Arthur Figgis wrote:
Mizter T wrote:
I am well aware of the worries about surveillance that Oyster
potentially brings (and that you share) - however thus far there
haven't been any properly justified allegations (as opposed to
conspiracy theory talk) that travel data is being misused or widely
used for surveillance purposes by TPTB. However let's look at some
facts...

* "The usage history of each card is retained on an eight week rolling
basis".
* After eight weeks, "anonymised journey information is retained for
research purposes".
* Only "a limited number of authorised individuals within TfL can

Putting on my tin foil hat, is this limited to 10 or 200 people, or 3000
plus the cleaners?


I have no idea but would be interested to know. I presume that the
information must be available to those who work on the Oyster
helpdesk, otherwise they can hardly do their job can they! I would
also presume that it's basically not available to those who do not
administer the day-to-day workings of the Oyster system, so for
example Peter Hendy and Tim O'Toole can't sit at their desk looking up
people with stupid names in the database. I would also strongly expect
that when any particular record is accessed, the details of the
operator/agent who accessed them are logged, as is standard procedure
for such systems. I would also hope that there are a number of other
checks and balances in place.

Incidentally I understand that the Oyster helpdesk is based within TfL
in London, though I think things may have been slightly different in
the early days where it may have been based outside TfL but still
within London - bearing in mind that Oyster is part of the Prestige
contract for ticketing services that is provided by the Transys
consortium. What the status is of the staff that work directly on day-
to-day administration of the Oyster system I don't know, but whether
they be employees of TfL, Transys or of one of the Transys consortium
members I would still expect the same rigorous data handling
procedures to apply, and I'm pretty confident that TfL is very tight
in ensuring that everyone complies by the rules - after all, public
confidence in the system is at stake.

Also, I don't think that taking a concern in these issues should
really be limited to the tin foil hat brigade, not least since it has
recently become clear how spectacularly competently (not) some public
bodies handle our data, as evidenced by the HMRC lost discs scandal
and subsequent revelations of similar failings. I have to say that I
wasn't especially shocked by many of those stories, though I think
they all demonstrated a bang out of order lackadaisical approach to
data security - the HMRC scandal in particular appeared to show just
how many staff seem to have unfettered access to a database of
millions of people's personal details (and at least some had the
subsequent ability to burn these details to disc to take away).

In addition one needs to consider how large databases, in particular
those of telecoms companies, are leaky - not because information in
electronic form gets carried away en masse, nor because external
organisations have access to it (though I wouldn't be outrageously
surprised to hear that GCHQ could directly access such databases), but
because a few insiders - I'm thinking call centre agents particularly
- are crooked, and take money from private investigators (whether
working on behalf of suspicious spouses or partners, newspapers or
something more malevolent) to look up details on the system, such as
call records (and possibly make a print out of them). The larger the
number of staff who have such access the higher the risk, obviously,
so this needs to be considered as well. Telecoms companies partly deal
with this by having a segregated VIP database and staff (so I wonder
if Oyster has anything similar), but ensuring that rigorous procedures
and monitoring are in place can help deal with such a threat.



access Oyster card data and no external organisations have direct
access to the data".

They have to phone up and ask for it to be e-mailed over each they want
it :-)


Ho ho! Thankfully the procedures do appear to ensure that any external
organisation has to properly justify their need for the data, plus
needs to have the statutory authority to make such a request, and all
requests are then assessed by TfL on a case-by-case basis. I've a
feeling that these aren't just well meant words.