Home |
Search |
Today's Posts |
|
London Transport (uk.transport.london) Discussion of all forms of transport in London. |
Reply |
|
LinkBack | Thread Tools | Display Modes |
|
#1
|
|||
|
|||
Oyster PAYG query
On 16 Feb, 08:29, Arthur Figgis wrote:
Mizter T wrote: I am well aware of the worries about surveillance that Oyster potentially brings (and that you share) - however thus far there haven't been any properly justified allegations (as opposed to conspiracy theory talk) that travel data is being misused or widely used for surveillance purposes by TPTB. However let's look at some facts... * "The usage history of each card is retained on an eight week rolling basis". * After eight weeks, "anonymised journey information is retained for research purposes". * Only "a limited number of authorised individuals within TfL can Putting on my tin foil hat, is this limited to 10 or 200 people, or 3000 plus the cleaners? I have no idea but would be interested to know. I presume that the information must be available to those who work on the Oyster helpdesk, otherwise they can hardly do their job can they! I would also presume that it's basically not available to those who do not administer the day-to-day workings of the Oyster system, so for example Peter Hendy and Tim O'Toole can't sit at their desk looking up people with stupid names in the database. I would also strongly expect that when any particular record is accessed, the details of the operator/agent who accessed them are logged, as is standard procedure for such systems. I would also hope that there are a number of other checks and balances in place. Incidentally I understand that the Oyster helpdesk is based within TfL in London, though I think things may have been slightly different in the early days where it may have been based outside TfL but still within London - bearing in mind that Oyster is part of the Prestige contract for ticketing services that is provided by the Transys consortium. What the status is of the staff that work directly on day- to-day administration of the Oyster system I don't know, but whether they be employees of TfL, Transys or of one of the Transys consortium members I would still expect the same rigorous data handling procedures to apply, and I'm pretty confident that TfL is very tight in ensuring that everyone complies by the rules - after all, public confidence in the system is at stake. Also, I don't think that taking a concern in these issues should really be limited to the tin foil hat brigade, not least since it has recently become clear how spectacularly competently (not) some public bodies handle our data, as evidenced by the HMRC lost discs scandal and subsequent revelations of similar failings. I have to say that I wasn't especially shocked by many of those stories, though I think they all demonstrated a bang out of order lackadaisical approach to data security - the HMRC scandal in particular appeared to show just how many staff seem to have unfettered access to a database of millions of people's personal details (and at least some had the subsequent ability to burn these details to disc to take away). In addition one needs to consider how large databases, in particular those of telecoms companies, are leaky - not because information in electronic form gets carried away en masse, nor because external organisations have access to it (though I wouldn't be outrageously surprised to hear that GCHQ could directly access such databases), but because a few insiders - I'm thinking call centre agents particularly - are crooked, and take money from private investigators (whether working on behalf of suspicious spouses or partners, newspapers or something more malevolent) to look up details on the system, such as call records (and possibly make a print out of them). The larger the number of staff who have such access the higher the risk, obviously, so this needs to be considered as well. Telecoms companies partly deal with this by having a segregated VIP database and staff (so I wonder if Oyster has anything similar), but ensuring that rigorous procedures and monitoring are in place can help deal with such a threat. access Oyster card data and no external organisations have direct access to the data". They have to phone up and ask for it to be e-mailed over each they want it :-) Ho ho! Thankfully the procedures do appear to ensure that any external organisation has to properly justify their need for the data, plus needs to have the statutory authority to make such a request, and all requests are then assessed by TfL on a case-by-case basis. I've a feeling that these aren't just well meant words. |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Quick PAYG query | London Transport | |||
Query about Oyster PAYG on Central Line from Stratford | London Transport | |||
Oyster Fare and routing query | London Transport | |||
Another Oyster Query | London Transport | |||
Oyster Query | London Transport |