1. Exquisite Tweets from @Psythor, @tommorris, @AlbyEarley, @BenjaminHouy, @rossmasters, @Tech_Litig8or

    PreoccupationsCollected by Preoccupations

    1/ BIG news today for London: TfL is announcing that it is rolling out technology to track passengers using wifi full time from July 8th.

    I’ve written about this story for some time, so if you’ll forgive me, a little thread on why this is cool but also… controversial!

    Reply Retweet Like

    Psythor

    James O'Malley

    2/ So what exactly is happening? TfL will be using the wifi beacons already on the tube to log any devices it picks up. If you have the wifi on your phone switched on, even if you don’t connect to the wifi, it will count you.

    Reply Retweet Like

    Psythor

    James O'Malley

    3/ This is because it can still detect your phone’s MAC address - nothing to do with Apple computers, it’s like a unique ID number that every phone or wifi device has.

    But why would TfL want to collect this data?

    Reply Retweet Like

    Psythor

    James O'Malley

    4/ …Because the data insights it can learn about the London Underground are incredible - and could massively improve the Tube network in terms of capacity, planning, and letting apps tell us how busy stations/platforms are etc.

    Reply Retweet Like

    Psythor

    James O'Malley

    5/ A couple of years ago, I obtained under FOI the results some of the results of a month long pilot conducted in December 2016.

    It contained awesome diagrams like this, showing what % of people take different route options between Liverpool Street and Victoria.

    Reply Retweet Like

    Psythor

    James O'Malley

    6/ TfL later published an official report, which had a similarly awesome diagram, showing how people choose to travel between Kings Cross and Waterloo.

    Remember: Before, all TfL knew was where your journey started and ended, based on Oyster taps.

    Reply Retweet Like

    Psythor

    James O'Malley

  2. tommorris

    Tom Morris 🏳️‍🌈

  3. 7/ The data also gave TfL insights into how people move around individual stations. Here’s a heat-map of Euston station - note how the Southbound Victoria Line is clearly the busiest platform.

    Reply Retweet Like

    Psythor

    James O'Malley

    8/ This station data also enabled TfL to time how long it takes real passengers in real conditions to traverse through a station. Here’s how long it takes to walk around Victoria station.

    Reply Retweet Like

    Psythor

    James O'Malley

  4. I guess it will be rolled into your conditions of carriage somehow

    Reply Retweet Like

    AlbyEarley

    J A Earley

  5. Hardly the enthusiastic, informed consent required under GDPR.

    Reply Retweet Like

    tommorris

    Tom Morris 🏳️‍🌈

  6. 9/ Because nothing is pure and wholesome, this data could also be used for advertising - if TfL know where people are standing, or even the commutes people take, advertising can be better targeted or priced differently in different parts of a station.

    Reply Retweet Like

    Psythor

    James O'Malley

    10/ And yes, there are also privacy concerns. The Tube is the nervous system of London and if you live here you can’t avoid it - do we really want TfL to know everywhere we’ve been travelling?

    Luckily, I think TfL have been as responsible as possible. (Cont)

    Reply Retweet Like

    Psythor

    James O'Malley

    11/ In the new rollout, they repeatedly point out how the stored data is depersonalised so that - in theory - specific data on your journeys cannot be accessed.

    In the pilot, they hashed and salted personal data.

    I’m told this time around MAC address data will be tokenised.

    Reply Retweet Like

    Psythor

    James O'Malley

    12/ If you’d like learn more about the rollout, check out this piece I wrote for @WiredUK which has just been published:

    wired.co.uk/article/london…

    Reply Retweet Like

    Psythor

    James O'Malley

    13/ And here’s my original FOI scoop for @GizmodoUK with more cool diagrams and maps:

    gizmodo.co.uk/2017/02/heres-…

    Here’s a follow-up from TfL’s official report:

    gizmodo.co.uk/2017/09/london…

    And here’s a big thing on privacy and the trial:

    gizmodo.co.uk/2017/09/could-…

    Reply Retweet Like

    Psythor

    James O'Malley

    14/ Finally this is completely shameless but I am a freelancer, so am available to talk/write about this further if you want to hire me to do so. My DMs are open.

    Reply Retweet Like

    Psythor

    James O'Malley

  7. Maybe something for @ICOnews to look into. I don't particularly want @TfL to have even more data about my whereabouts and I don't recall consenting to this.

    Reply Retweet Like

    BenjaminHouy

    Benjamin Houy

  8. TfL has stressed that they've worked with the ICO and have followed all of the best practice stuff, so I suspect it has already been signed off as fine.

    Reply Retweet Like

    Psythor

    James O'Malley

  9. I'm surprised they can do that without explicitly asking people to opt in. I don't mind if they immediately erase the MAC addresses and all unique identifiers but it doesn't sound like they do from your tweet.

    Reply Retweet Like

    BenjaminHouy

    Benjamin Houy

  10. IIRC they’re not actually storing the MACs, but a hash of them (so an id that can’t be reversed to a MAC). That hash also uses the current date, so your same device on two days is indistinguishable from two completely different devices. It’s a good effort from a privacy pov imo

    Reply Retweet Like

  11. Great article - for those querying lawful basis for processing *part* of the answer is that this is wifi tracking - if you turn your wifi off before entering the station then as I understand it you are not tracked.

    Reply Retweet Like

    Tech_Litig8or

    Will Richmond-Coggan

  12. Yep, if your wifi is off you’re not tracked.

    (Maybe this is too complex a question for a tweet but how is it established that wifi switched on = consent to tracking? Is there a previous case or is it specifically written into law?)

    Reply Retweet Like

    Psythor

    James O'Malley

  13. Nothing so simple but, if I remember the pilot, there were notices outside and within the stations ahead of time and during the pilot which informed travellers that if their wifi was on they would be tracked and how they could avoid this.

    Reply Retweet Like

    Tech_Litig8or

    Will Richmond-Coggan

    I don't know what lawful basis TFL are relying on for their processing. As such "consent" might be misleading. They may consider that the processing is a justified intrusion in service of their legitimate interests, and have satisfied the balancing considerations...

    Reply Retweet Like

    Tech_Litig8or

    Will Richmond-Coggan

    ...around impact on the data subject by the ability to avoid tracking by deactivating (or not activating) their wifi. All of this is a little over-simplified, but hopefully that makes some sort of sense?

    Reply Retweet Like

    Tech_Litig8or

    Will Richmond-Coggan

  14. Psythor

    James O'Malley