London Calling: City to Collect Tube Visitor Data

The UK’s Transport for London is starting a four-week trial to analyze how people travel on the Tube—by examining Wi-Fi connection data.

As ever, there seems to be a rather wide opening for that most insidious of cyber-effects: Unintended Consequences—let’s call it UC for short. Whether it’s a cyber-weapon being intercepted, retro-engineered and then used against us, or cybercriminals gaining access to the massive amounts of unsecured personal data that we leave floating around from registering on various websites, UC looms large on the cyber-landscape.

In this case, the data collected will include records of people entering and leaving the Underground, to be used to analyze their movements. After the data is crunched, the researchers will be able to determine which spots are more crowded, in order to set higher prices for advertising locations, among other things. The overall goal is to plan the transport network more effectively.

Yet the Transport for London decision to track passengers’ mobile phones raises two concerns: the safety of public Wi-Fi and the extent of government surveillance.

“The problem with the vast majority of public Wi-Fi hotspots is that they are unsafe as is: main reason—people connecting to open networks are easily susceptible to hacking attacks,” explained NordVPN, which issued a statement on the issue. Clearly, passengers have to make sure they are connecting to the official Metro Wi-Fi network, and not a look-alike network with a similar-sounding name that might be spoofed.

It added, “Moreover, unsolicited surveillance of people's devices raises even deeper security issues: if government can decide to track people at any given time, who will protect all the gathered information and is this protection secure enough? When people's data is collected, who will guarantee there are no leaks in the system? “

Now, NordVPN’s assessment may seem self-serving—after all, the company provides identity-protecting VPN solutions—but the points raised here are valid. Large amounts of data can be accessed by anyone who hacks into the system, and people's identities can be stolen, leading to wiped out bank accounts and other repercussions. The potential here for UC seems as massive as the glut of people at rush hour at Waterloo Station.   

The Underground authorities haven’t said how the data will be handled, encrypted or anonymized, but the news comes as the UK prepares to make the Investigatory Powers Bill, aka the “Snooper’s Charter,” into law. That law allows the ‘powers that be’ to hack, read and store any information from any citizen's computer or phone, without even the requirement of proof that the citizen is up to no good. In essence, whether you’re a law-abiding citizen or not, intelligence agencies and the police will be entitled free reign to your files. And won’t all of that Tube data on comings and goings be rather useful in any range of scenarios, which would be characterized as anything from justified to Big Brother-esque?

UC my friends, UC. We need to remain vigilant.

Photo © Deyan Georgiev/ 

What’s Hot on Infosecurity Magazine?