News

Privacy has taken a back seat amid the Opal debate



11 June 2013

Imagine a world in which your every move could be monitored by the government. You might board the train in the morning, switch to the bus to get to the office, later take a ferry to a client meeting. Across all modes of public transport, every one of your journeys would be tracked and stored in an ever-growing database that holds a detailed profile of your whereabouts.

If this sounds like an over-dramatised scene from a Hollywood movie, or an only-in-America National Security Agency-style surveillance, think again. It could soon be you, once the NSW government introduces the Opal card payment system.

The card will replace paper tickets on all Sydney public transport. It is now being tried on ferries, a trial on one train line starts on Friday and it will progressively be introduced across more of the NSW network by the end of next year. The government's aim is "to make travelling an easy and convenient customer experience".

The idea is that customers no longer have to queue for paper tickets. You simply load money onto your Opal card and swipe at the gates or when entering and leaving a bus. You can also link your Opal card to your credit card for automatic top-ups.

So far, the public debate on the Opal system revolves around its claimed benefits, its costs, and whether or not travel will become more expensive for users. What has gone largely unnoticed so far is the fact that Opal might well be the largest people-tracking system ever implemented in Australia.

This raises various questions about privacy and data security that the government needs to address if it wants users to trust the system.

The Opal privacy policy document states that all individual travel movements will be stored across several central databases. The resulting data is intended to be used in many ways. For example, to "manage fare calculations", perform "statistical analysis for transport planning", engage in marketing and support the "provision of secure and efficient services".

The government has an understandable interest in this data. Accumulating and analysing such a big data pool could contribute to solving some of Sydney's mounting transport problems. It will allow a better overview of travel flows, congestion patterns, bottlenecks and presumably contribute to informed decisions about investments in the transport network. Combine this with data from toll roads and an even more comprehensive picture of travel flows will emerge.

But this data also allows the tracking of individual users, potentially for months and years in retrospect. During the current trial period, all cards are registered in the customer's name. Only later will unregistered cards become available. But since all movements on these cards are equally stored, it would still be possible to link the card to an individual person (for example via CCTV footage or social media data). Opal's tracking of users and storage of individual travel histories raise several questions the government needs to address. For how long will this information be stored? Who has access to it? How will the data be protected? How and for what purposes will it be used?

The privacy document states that individual travel histories can be used by law enforcement agencies to investigate offences. Intuitively, this sounds like a good idea, but it also raises issues about data reliability. Are we confident that the data is secure, accurate and reliable? How confident are we that transactions cannot accidentally be attributed to another user? And what happens if someone steals another user's Opal card, travels with it and commits an offence?

While the information will be useful in many ways - for planning, research and law enforcement, any large pool of personalised data will also create significant risks. It is impossible to keep such data pools secure. What if the entire Opal database, with minute-by-minute movements of Sydneysiders, appeared on WikiLeaks one day? The privacy ramifications - as we saw in the US last week - could be extensive.

I am not suggesting the government has anything other than genuine good intentions for how the information is used. But the creation of a database on this scale deserves public debate and scrutiny. The danger is that, once established, the Opal system will quietly operate in the background, all the while amassing large amounts of individual-tracing data.

Transport users should be aware of the data storage involved in Opal so they can make informed choices. The government should address any privacy concerns proactively, before conspiracy theories compromise public perception of a system that has many benefits but already faces cynicism from the public because of its late arrival.


Associate Professor Kai Riemer is chair of the discipline of business information systems at the University of Sydney Business School.


Follow University of Sydney Media on Twitter

Media enquiries: Katie Szittner, 02 9351 2261, 0478 316 809, katie.szittner@sydney.edu.au