We spotted today in the press that Transport for London (TFL) have today begun a four week trial of tracking all passengers using the London Underground – better known as the Tube – by latching onto their Wi-Fi.
Not a word has been mentioned publicly about this prior to a few newspapers picking up on it today. No posters are up at stations telling customers that this will happen or giving them the opportunity to opt out by switching their Wi-Fi off.*
The trial will involve TfL hoovering up passengers’ MAC addresses to track their movements around stations. A MAC address is a unique code that can identify your phone or tablet and is available to all Wi-Fi networks when Wi-Fi is turned on. TfL already track passengers when they enter and exit stations via their Oyster card system or via the increasingly popular method of tapping your debit or credit card onto one of their Oyster readers. But apparently knowing when we enter and exit a station isn’t enough data for TfL bosses, now they want to track our every move.
We understand that a two day pilot of this new project took place earlier on in the year. When isn’t exactly clear, the Register have a quote from Virgin Media who are responsible for the Wi-Fi on the Underground which states that that pilot wouldn’t:
“record any data on usage of the service and doesn’t track individual devices movement across any of Transport for London’s networks including London Underground.”
However, based on what we are told the pilot scheme intends to do, which is track individual devices and their movements across the Underground, that statement seems somewhat curious and misleading. TfL and Virgin Media must be clear at all times, even during a small pilot trial, exactly what data they gather on passengers, why, for what purpose and what options there are not to participate.
While TfL state they want to be use the information gathered to “provide customers with even better information for journey planning and avoiding congestion,” we know that they are also looking to use the data to improve advertising revenue. It is not beyond the realm of possibility that TfL will soon want to use the data to improve revenue in station shops in a similar way shopping centres already do. We have long argued that data collection, even if it is depersonalised, should only occur with the full and informed consent of passengers. Neither TfL or Virgin seem interested in engaging with customers on a human level, they prefer to engage with us by monitoring our moves and hoping we won’t notice.
Staying safe and secure on public Wi-Fi is difficult. Between the lack of secure encryption, spoof Wi-Fi networks and the increased tracking of your device in circumstances such as the above, we would advise that unless you are looking to use the public Wi-Fi, it is better for your security and privacy to just turn your Wi-Fi off while out and about.
For more information on staying safe on public Wi-Fi, check out our Factsheet here.
*We are aware that since this blog was published, TfL have begun informing passengers of the Wi-Fi data collection via posters in underground stations such as the one in the photo below. The posters, situated beneath a pair of CCTV cameras, mention nothing about how they will be tracking passengers or how to stop it from happening.
Of course if you want to find out more while you are underground, you’ll have to log into their public Wi-Fi to visit ww.tfl.gov.uk/privacy, which will likely be an even greater privacy risk than the recording of MAC addresses.