increasingly handing over information about myki users' movements to police, raising concerns that the smart card is being used as a tracking device.
The Transport Ticketing Authority says police have made 113 requests about myki users since the smart cards were introduced in late 2009. There have already been 71 requests for customer movements this year, more than three times the number of requests received last year.
Under the TTA's privacy policy, police can make a written request for information about a customer's movements without court oversight. The policy states that personal information about myki customers will be handed to police when ''an authorised police officer certifies in writing that the disclosure is reasonably necessary for the enforcement of the criminal law''.
TTA chief executive Bernie Carolan said police were handed information only when justified. ''Strong privacy controls are maintained at the TTA and any release of data to, for example, the police is only granted when sufficient justification is given. Release of the data is always approved by TTA senior management,'' he said.Uh huh, so that makes it all ok?
Mr Carolan said the authority had declined police requests for customer information on nine occasions, including eight times this year. He would not provide details about why the requests had been declined, saying only they did not meet the required standard.The card - used on trains, trams and buses - collects information on the movements of some2.2 million public transport users, including when and where they enter/exit the vehicle. Customers who register their myki card must provide their name and either a phone number or postal or email address. Some concession card holders must provide the TTA with their residential address.
There is scope for anonymous cards.
The Myki privacy statement indicates that -
We understand and respect your right to privacy and we are committed to privacy protection ...
Personal information held by Public Transport Authorities may be used or disclosed (including to each other) for the operation of myki; to verify entitlement to concession travel; for ticketing enforcement; in emergencies; otherwise as required or authorised by or under law; or with your consent.There has of course been information sharing for several years. In 2010 for example the Herald stated that
Privacy concerns have been raised over Victoria's troubled myki "smartcard", with fears the new public transport system may be used as a Big Brother-style tool to watch commuters' moves.
The Transport Ticketing Authority has confirmed it will share commuters' travel itineraries and personal information with police.
It also may supply private information to agencies such as VicRoads, Ambulance Victoria and Metropolitan Fire Brigade.
The data-sharing scheme could result in passengers' names, phone numbers, ages and addresses being passed between agencies.
During a criminal investigation, police will be able to trace where and when commuters have swiped on and off the myki network.
Public transport "authorised officers" can have access to private information to investigate offences such as fare evasion.
Even jealous lovers could rort the system by snooping on their partner's travel dates, times and myki charges online.In 2008 the Age commented that -
There are a range of genuinely difficult local issues that could have caused significant delays and respecifications with myki. One such issue is privacy. Myki is one of a wide range of radio frequency identification (RFID) reliant projects in transport, all of which raise similar issues. The familiar CityLink e-tag is another such system.
While myki, like Oyster, will track every trip, every day and for every person, the Australian public is more sensitive to such detailed overseeing than Britons.
The data myki can produce will be invaluable for collecting the travel behaviour data that is essential for transport management and planning, particularly given the uncertainties of climate change and how we will respond to it.
However, accumulation of such data is highly intrusive and almost irresistible to law enforcement agencies, and it can be time consuming to resolve such issues. In this case it is important to ensure that safeguards are in place — and verifiably known to be so. The myki website does not reassure that this is the case.
