These Cards Are Made For Stalking...

By Rob Last edited 155 months ago
These Cards Are Made For Stalking...

When Oyster cards were first introduced there was an initial, not unsurprising, concern over privacy issues. Some people just didn't want their every movement logged by London Transport, even if it meant slightly cheaper journeys.

In recent days however those fears have taken on a slightly different twist, with private detectives and lawyers beginning to report that suspicious husbands and wives are accessing the information to track their partner's whereabouts.

The Independent recently called Oyster cards "a one-way ticket to the divorce courts" (more over at Annie Mole's excellent Underground blog) and The Register quickly picked up on the story, taking a closer look at the technology involved in Oyster-snooping:

The IoS claims that Oyster journey data can be extracted at a ticket machine using the card, or online by keying the serial number of the card. As far as The Register is aware, however, internet access is slightly more secure than this, requiring a username and password or the serial number, and mother's maiden name or similar, from the application form. These are not, however, insuperable hurdles for the suspicious spouse or close friend, and access to the individual's email account would probably be enough for a snooper to change passwords and gain access to the account itself.

It is possible to obtain an anonymous pay as you go Oyster card, but most users will either have filled in a form or registered online, so TfL has their name, address, and some personal details.

The real problems will arise, The Register hypothesises, when TfL's plans to turn the Oyster into a an 'e-cash' card and proper fraudsters start to get in on the act:

An RFID card, used by the majority of commuting Londoners for travelling and shopping, could well be worth a spot a high-tech snooping, cloning and skimming, well ahead of the national ID card achieving similar status. So how good will the security on Oyster V2 be? We're not sure we'd put money on it...

Does this mean that very soon we're going to be have to be wary of people tampering with the ticket machines to discover our pin numbers? Will we have to keep an eye out for 'shoulder surfers' in the queue at the Tube station? Let's hope not.

Last Updated 22 February 2006