Myki and database privacy
News today that the Police have already asked the Transport Ticketing Authority to provide movement details for four Myki users. ( http://www.theage.com.au/victoria/myki-is-watching-you-smartcard-operator-gives-police-access-to-customer-info-20100729-10x7l.html )
Unlike a paper ticket, every Myki card has a unique serial number and must be “touched” to the reader at the beginning and end of each journey. This effectively leaves a trail of where you travel to and from and how often. If you travel with friends, and all touch and and off in a group, it will also be clear to the database whom you regularly associate with.
Whilst Myki supposedly offers an “unregistered” option, the reality is that at the moment you can only buy them online, so your name and the delivery address will be linked to the card number somewhere.
For those that are concerned about their privacy, I would recommend:
- Do not get a Myki until you can purchase one anonymously, in person.
- Top it up only with cash, not a credit card or debit card.
- Consider buying more than one card, and pick one at random each day.
This is a timely reminder to everyone that, under the National Privacy Principle 8 ( http://www.privacy.gov.au/materials/types/infosheets/view/6583#npp8 ) you have the right interact anonymously with the Transport Ticketing Authority and railway service.