There’s a cautionary tale for people who travel by public transit in the latest report on collaboration with Canadian police by the Toronto regional transit agency, Metrolinx.
If you build a system that keeps personally-indentifiable logs of when and where people go, eventually the police will want to exploit those logs for their own purposes — regardless of the original purpose for which the data was collected, or the policies that, at the time the data was collected, purported to restrict how it would later be used.
Like many public transit agencies in the USA, Metrolinx allows riders to use the same RFID-chipped stored-value farecard — called “PRESTO” in Toronto — to pay for travel on buses, subways, streetcars, and commuter trains through the metropolitan area.
The system could be designed so that the value of the card is stored on the card, and the fare for each trip is deducted from the value stored on the card when the trip is completed.
Neither a central registry of cards and card values, logs of card usage, nor information linking cards to individual identities are necessary for fare payment or transit operations. But all of those features, with their surveillance potential, are designed and built into the system. Most regional transit farecard systems in the US work the same way.
The latest report is that Metrolinx handed over travel logs and information identifying transit riders to law enforcement agencies, including agencies as far away as Edmonton, without asking for warrants or court orders or notifying the subjects of the data.
A Metrolinx spokesperson told the Toronto Star that, “in the ‘vast majority’ of cases, the information the agency divulged was either the card users’ partial trip history, or contact information such as their name and address.”
Any US transit agency that identifies riders and logs their movements could do the same. The only meaningful “Do Not Track” is “Do Not Collect”.
Some transit systems allow farecards like this to be purchased anonymously. Others require them to be registered and linked to personally identifying information, or make certain fares or discounts, such as discounts for students, senior citizens, or people with disabilities, available only to those using registered and personally identifiable farecards.
In the Toronto area, 2.3 million of the 3.5 million PRESTO cards have been registered with Metrolinx so that the logs of when and where they are used are linked to the identities of the purchasers.
What can be done? The lesson of what happened in Toronto is that policies cannot protect you against police who want information about you, and other government agencies that have collected information about you and are willing to collaborate with the poilice.
Pay cash for your tickets, travel anonymously, and insist on your right to do so.