1/ BIG news today for London: TfL is announcing that it is rolling out technology to track passengers using wifi full time from July 8th.
I’ve written about this story for some time, so if you’ll forgive me, a little thread on why this is cool but also… controversial!
2/ So what exactly is happening? TfL will be using the wifi beacons already on the tube to log any devices it picks up. If you have the wifi on your phone switched on, even if you don’t connect to the wifi, it will count you.
3/ This is because it can still detect your phone’s MAC address - nothing to do with Apple computers, it’s like a unique ID number that every phone or wifi device has.
But why would TfL want to collect this data?
4/ …Because the data insights it can learn about the London Underground are incredible - and could massively improve the Tube network in terms of capacity, planning, and letting apps tell us how busy stations/platforms are etc.
5/ A couple of years ago, I obtained under FOI the results some of the results of a month long pilot conducted in December 2016.
It contained awesome diagrams like this, showing what % of people take different route options between Liverpool Street and Victoria.
7/ The data also gave TfL insights into how people move around individual stations. Here’s a heat-map of Euston station - note how the Southbound Victoria Line is clearly the busiest platform.
9/ Because nothing is pure and wholesome, this data could also be used for advertising - if TfL know where people are standing, or even the commutes people take, advertising can be better targeted or priced differently in different parts of a station.
10/ And yes, there are also privacy concerns. The Tube is the nervous system of London and if you live here you can’t avoid it - do we really want TfL to know everywhere we’ve been travelling?
Luckily, I think TfL have been as responsible as possible. (Cont)
11/ In the new rollout, they repeatedly point out how the stored data is depersonalised so that - in theory - specific data on your journeys cannot be accessed.
In the pilot, they hashed and salted personal data.
I’m told this time around MAC address data will be tokenised.
13/ And here’s my original FOI scoop for @GizmodoUK with more cool diagrams and maps:
Here’s a follow-up from TfL’s official report:
And here’s a big thing on privacy and the trial:
IIRC they’re not actually storing the MACs, but a hash of them (so an id that can’t be reversed to a MAC). That hash also uses the current date, so your same device on two days is indistinguishable from two completely different devices. It’s a good effort from a privacy pov imo
Nothing so simple but, if I remember the pilot, there were notices outside and within the stations ahead of time and during the pilot which informed travellers that if their wifi was on they would be tracked and how they could avoid this.
I don't know what lawful basis TFL are relying on for their processing. As such "consent" might be misleading. They may consider that the processing is a justified intrusion in service of their legitimate interests, and have satisfied the balancing considerations...