The privacy aspect of E-tickets.

[eroded]

mods note - split from here.

Has nobody mention the privacy aspect yet?

With an eTickets, private companies know exactly your full travel history who you are, your home address, exactly what time you travel, etc etc.

Paper tickets can be anonymous.

 

[sor]

Has nobody mention the privacy aspect yet?

With an eTickets, private companies know exactly your full travel history who you are, your home address, exactly what time you travel, etc etc.

Paper tickets can be anonymous.

the stations are probably riddled with CCTV, as are many trains, and many ticket barriers will keep the ticket at the end of the journey. Lots of people buy those paper tickets with a card. You are probably carrying a mobile phone (doesn't have to be a smartphone) that has to check in with the network at regular intervals. perhaps not as anonymous as you think.

 

[AM9]

the stations are probably riddled with CCTV, as are many trains, and many ticket barriers will keep the ticket at the end of the journey. Lots of people buy those paper tickets with a card. You are probably carrying a mobile phone (doesn't have to be a smartphone) that has to check in with the network at regular intervals. perhaps not as anonymous as you think.

Not a reason why I prefer booking offices and paper tickets, bit simple disguise, switching a mobile off and using cash are simple options if confidentiality is an issue. Being forced to use online communication and registered payment methods as a condition of travel clearly remove all practical means of ensuring confidentiality.

 

[DelayRepay]

Has nobody mention the privacy aspect yet?

With an eTickets, private companies know exactly your full travel history who you are, your home address, exactly what time you travel, etc etc.

Paper tickets can be anonymous.

It's a good point and I understand why some people are concerned. Although as others have said, in these days of CCTV, facial recognition technology, mobile devices and the use of debit cards, it would be quite hard to avoid being tracked if the authorities had a particular interest in you (as opposed to, say, a general trawl to identify everyone who was in a particular area at a particular time).

If I was setting up a county lines drug network, I'd defiantly prefer paper tickets! For my more normal trips, I personally don't particularly care if the police/MI5/GCHQ/Government know I went to Bournemouth for the weekend.

 

[sor]

Not a reason why I prefer booking offices and paper tickets, bit simple disguise, switching a mobile off and using cash are simple options if confidentiality is an issue. Being forced to use online communication and registered payment methods as a condition of travel clearly remove all practical means of ensuring confidentiality.

that's my point, it's already impractical. you don't have confidentiality when travelling on *public* transport. e-tickets certainly give the authorities a little bit more data (and it has been used, albeit quite sensibly, to knobble people putting in DR claims for trains they had no intention of travelling on) but let's not pretend it's some quantum leap forward for the three and four letter agencies.

 

[TUC]

mods note - split from here.

Has nobody mention the privacy aspect yet?

With an eTickets, private companies know exactly your full travel history who you are, your home address, exactly what time you travel, etc etc.

Paper tickets can be anonymous.

So they might contact me with offers relevant to my travel habits rather than random ones. Yes please!

 

[Hadders]

I like the convenience of etickets for rail travel but I do have some concerns about the data and its governance.

When an eticket is scanned (whether at a gate line or onboard a train) where is that data stored?
How long is it stored for?
Who has access to it?
And for what purpose?
Is there an audit trail of who has accessed the data and for what purpose?
Is this audit trail available to the individual?

As far as I know nothing about this is in the public domain. Does anyone know anything? CCTV could be used to track a persons movements but we do know that CCTV data isn't normally kept beyond 31 days.

Oyster has been in widespread use for nearly 20 years and the world hasn't stopped, so that is reassuring. As I understand it, Oyster (and presumably contactless) journey history is anonymised after 8 weeks and can only be kept for very specific reasons such as an ongoing investigation. Perhaps @MikeWh knows more.

The difference is that Oyster is administered by one organisation whereas National Rail data is potentially held by a plethora of TOCs and third parties. I'd really like to know whether there is anything in the public domain about how this data is used and protected.

 

[185143]

So they might contact me with offers relevant to my travel habits rather than random ones. Yes please!

And also, theoretically, goodwill gestures above and beyond Delay Repay if you're frequently delayed I suppose.

Personally speaking, I don't really care if the Police or the Government know what I'm currently doing whilst on "Unofficial Strike Action". I'm having my fun, obviously not doing anything illegal, and that's all that matters. Until they start analysing how many watering holes I frequent and restricting payments in them...

 

[Haywain]

I'd really like to know whether there is anything in the public domain about how this data is used and protected.

I don’t know the answers to the questions you have but anybody concerned enough can raise an FOI request which would probably result in most being answered.

 

[Hadders]

I don’t know the answers to the questions you have but anybody concerned enough can raise an FOI request which would probably result in most being answered.

Most of the rail industry isn't subject to FOI.

 

[Horizon22]

I like the convenience of etickets for rail travel but I do have some concerns about the data and its governance.

When an eticket is scanned (whether at a gate line or onboard a train) where is that data stored?
How long is it stored for?
Who has access to it?
And for what purpose?
Is there an audit trail of who has accessed the data and for what purpose?
Is this audit trail available to the individual?

As far as I know nothing about this is in the public domain. Does anyone know anything? CCTV could be used to track a persons movements but we do know that CCTV data isn't normally kept beyond 31 days.

Oyster has been in widespread use for nearly 20 years and the world hasn't stopped, so that is reassuring. As I understand it, Oyster (and presumably contactless) journey history is anonymised after 8 weeks and can only be kept for very specific reasons such as an ongoing investigation. Perhaps @MikeWh knows more.

The difference is that Oyster is administered by one organisation whereas National Rail data is potentially held by a plethora of TOCs and third parties. I'd really like to know whether there is anything in the public domain about how this data is used and protected.

You could presumably do a Subject Access Request for this sort of information? I'm not sure if that person could then share that more widely. I imagine there is some detail in the small print when you purchase an e-ticket.

"Individuals have the right to access and receive a copy of their personal data, and other supplementary information."

 

[stuartl]

Could you make a Subject Access Request (SAR) to one of the TOC's that you use regularly to see what data they hold about you ? I see someone beat me to it !

 

[AlterEgo]

The BTP want to trawl all contactless and electronic ticket data to see if you're "suspicious" - perhaps a bum-toucher or running county lines operations - as we found out last week. Lovely.

 

[Haywain]

Most of the rail industry isn't subject to FOI.

But two significant operators are.

 

[alistairlees]

But two significant operators are.

Which one of the three is not?

 

[Starmill]

You can buy an eticket in cash from an Avanti West Coast ticket office should you wish to, though you may be asked to use a specific window to pay by cash. You can have the ticket delivered by email or Google Wallet / Apple Wallet.

 

[mmh]

Most of the rail industry isn't subject to FOI.

This is not true.

 

[Starmill]

This is not true.

Surely it defends on your definition of 'most'?

 

[Haywain]

Which one of the three is not?

In eTicket terms I don’t consider Southeastern to be significant (yet).

The BTP want to trawl all contactless and electronic ticket data to see if you're "suspicious" - perhaps a bum-toucher or running county lines operations - as we found out last week. Lovely.

What is your basis for saying this?

 

[AlterEgo]

What is your basis for saying this?

Police want travel card data to track suspicious rail passengers. How much is our privacy under threat?

NOTE: This article is behind a paywall so this link may not be useful to non-subscribers https://www.thetimes.co.uk/article/police-want-travel-card-data-track-suspicious-rail-passengers-latest-cbh88zqkt Police should be able to monitor passengers who spend hours on the railway network in case...

www.railforums.co.uk

 

[Hadders]

This is not true.

Southeastern, LNER, Northern and Network Rail are subject to FOI. I can't FOI any other TOC or any third part retailer.

 

[Haywain]

When an eticket is scanned (whether at a gate line or onboard a train) where is that data stored?

The scan record is written to an eTicket Validation Database (eTVD). This shows details of the ticket and any scan records or blacklisting (refund or cancellation). The record is anonymous with customer information only held by the retailer. I believe there is more than one eTVD with the data being shared.

As I said, I can’t answer your other questions.

 

[Hadders]

The scan record is written to an eTicket Validation Database (eTVD). This shows details of the ticket and any scan records or blacklisting (refund or cancellation). The record is anonymous with customer information only held by the retailer. I believe there is more than one eTVD with the data being shared.

As I said, I can’t answer your other questions.

That very helpful, thank you.

 

[ComUtoR]

So they might contact me with offers relevant to my travel habits rather than random ones. Yes please!

Said whilst posting on a forum with Google analytics and targeted ads.

I use an adblocker on my laptop and on my phone but it's never 100%

 

[MikeWh]

As I understand it, Oyster (and presumably contactless) journey history is anonymised after 8 weeks and can only be kept for very specific reasons such as an ongoing investigation. Perhaps @MikeWh knows more.

Oyster journey data is anonymised after 8 weeks. Records can be transferred to a different system for ongoing investigation. Contactless journey data is kept in tact for a year. This is because it is the justification for actual debits to a bank or credit card account.

 

[AM9]

that's my point, it's already impractical. you don't have confidentiality when travelling on *public* transport. e-tickets certainly give the authorities a little bit more data (and it has been used, albeit quite sensibly, to knobble people putting in DR claims for trains they had no intention of travelling on) but let's not pretend it's some quantum leap forward for the three and four letter agencies.

Unless you are very unlucky, (or very stu[pid)somebody travelling on a paper ticker purchased at a TVM or booking office window is very unlikely to become known to the railway, including the BTP. If you pay for a ticket with a cheque, plastic or an electronic transaction, you are leaving a traceable path. If you buy a ticket online against a registered account with the TOC who sold the ticket, you are giving them even more evidence including your online identity. None of this bothers me, I am not paranoid about being watched, - as I am just one of a large volume of similar 'customers' and unless they have a particular reason to move about undetected, their effective anonymity will be the norm. One thing that does bother me though is that despite the implementation of GDPR regulations, an online subscription with verified e-mail contact details is a very valuable piece of data, and even 'respectable' online companies have been know to abuse the authority that they have been given by the owner of the data which somehow finds its way into more aggressive marketing organisations. That assertion is based on some experience, and not mere paranoia.

 

[TUC]

Said whilst posting on a forum with Google analytics and targeted ads.

I use an adblocker on my laptop and on my phone but it's never 100%

Yes, that's my point. I do hope Google send me relevant adverts and offers. Who wants poorly targeted adverts?

 

[hexagon789]

Southeastern, LNER, Northern and Network Rail are subject to FOI. I can't FOI any other TOC or any third part retailer.

*cough* ScotRail *cough*

I've made two FOI to them myself since they became ScotRail Trains Ltd.

 

[Haywain]

*cough* ScotRail *cough*

I've made two FOI to them myself since they became ScotRail Trains Ltd.

Wouldn’t bother asking them anything about eTickets.

 

[Wallsendmag]

*cough* ScotRail *cough*

I've made two FOI to them myself since they became ScotRail Trains Ltd.

I thought we were talking about eTickets though.