snapper: what about privacy (again)?
I should refer you to Stephen’s posting on his take on Snapper and privacy. What he says makes perfect sense to me. We shouldn’t give corporates, and probably even the government, any more information than they absolutely need to do their jobs. Collectively, they’re just not competent enough to take care of it. We’ve seen this time after time recently, the worst example being the British Government’s loss of a file of 25 million people’s names and addresses in the mail.
Your own information is the most valuable asset you have in this information age. Look after it.
So I try to do this as much as I can. But it’s hard for various reasons: legal; financial; or convenience; sometimes I’ll just go for it anyway and spill the (personal information) beans. But most times I do think about it on a case by case basis; coming to a trust decision about a particular organisation. It doesn’t always produce logical and consistent results, but it works for me.
For example, I can go to my favourite coffee shop, and sign up for a prepaid loyalty card to get a discount. The coffee shop may know where I live (although there’s no real reason for them to know this), and how much coffee I drink, but that’s it. I get cheaper coffee, and they get a regular customer; and everyone wins. I trust and like the coffee shop and their staff (and I guess at this point those other variables like brand come in too). And if the coffee shop lose my data somehow, all that’s at risk is knowledge of my coffee-drinking habits.
Similarly with Snapper. I can get a Snapper card, and sign up for their website so I can view the transactions (real name and address optional, thankfully), and I allow them to know my public transportation movements in exchange for cheaper travel and convenient ticketing. I think I can trust Snapper with this limited data.
Where it gets interesting for Snapper though is that I start feeling uncomfortable about mixing those two trust decisions up. This trust is not transitive. Just because I think I can trust Snapper with my pseudonymised public transportation information it doesn’t mean I think I should trust them with anything else.
So, after my initial flush of geekly enthusiasm I don’t think I’ll be using Snapper for anything more than bus travel, once I get rid of the residual balances on my little collection of plastic. And if I do (probably just for emergency purchases – need coffee), it’ll likely be on a new card separately pseudonymised. At the moment this isn’t really a problem: while Snapper is convenient for coffee purchases, it doesn’t work with most shops’ own prepaid loyalty systems, and for anything bigger than quick caffeine fixes I have an EFTPOS card.
[ “AHA”, you say, “EFTPOS card… so what about banks? They know EVERYTHING about you.” That’s true, to an extent. But I (and you) trust them with this information: there’s longstanding, proven and strong safeguards about how it’s used, how it’s stored, and how it’s dispensed to third parties.]
It will be a problem for Snapper if too many people think/feel like me and are a little cautious about using the cards for other than public transport. Snapper’s business model seems to place a lot of importance on the cards being a cash replacement for small purchases.
I may not be a minority though. Anecdotally I’ve noticed hardly anyone using Snapper at the coffee shop over the road now that the free credit has been used up on the trial USB Snappers used by bank staff. Time will tell.
Robyn Gallagher
7 August 2008, 07:31 #
Re banks. An old workmate of mine had previously worked on a call centre in a bank. He said that every time an employee accessed a customer’s account, it was logged, and if they found you were randomly snooping or trying to see how much money Celebrity X had, they could fire you for it.
I wonder if Snapper employees have a similar situation.
Alan
7 August 2008, 08:16 #
I used to work in a bank call centre about ten years ago, and that was certainly the case then.
With Snapper the information has a lower financial value now, being just buses primarily, but will increase every time it’s combined with new data sets from other kinds of Snapper spending. Even so, bank-type controls are probably too expensive for them, which brings me back to the original point: be careful what you share.
Mike Riversdale
7 August 2008, 10:03 #
A most excellent post.
Expect a substantial quote over on the blog(s) :-)
I would also add that trust is not only linked to monetary value. Because a Snapper card is currently used to buy low value items (bus rides, coffee, access to work buildings etc) doesn’t mean it’s of low value over time. Add up all those micro-payments and you may have a “complete” capture of the minutiae of life, and then it becomes valuable … to someone.
That’s my issue with it – capturing the seemingly insignificant things will not stop at just being used to make the buses more efficient. The ability (and willingness?) to take the big picture view and use it will, I believe, be to strong an economic/political pull somewhere down the track.
David French
7 August 2008, 11:26 #
Aside from trusting the bus company (and whoever they want to share it with) with your personal data. You may also end up sharing information with people with really bad reputations as in the recent TradeMe case where transaction data was provided to a prisoner as a result of police action.
…When you order a Card, you must: provide all required information (and you must ensure that such information is complete and correct)….Creating a false identity to avoid linking a trail of your movements directly to you is actually against the terms of use of the device
Alan
7 August 2008, 12:52 #
Mike: Ta. I suspect you, like me, prefer the data about oneself held by other parties to be minimal and completely siloed, except where one may proactively decide to allow matching (and even then, it would be a decision worthy of some thought).
David: yes, that case was in mind, and was covered in the link to Stephen’s blog I posted above.
It is interesting that it’s expressly against the Snapper T&C to use a pseudonym for registration. There’s obviously a gap between the legal and the technical here, as they certainly allow you so sign up with a pseudonym, and don’t have any bank-style verification procedures to make sure it is correct. IANAL, but wouldn’t this therefore be unenforceable from a legal standpoint? And in any case, why do they need your “real” details, I wonder?
Stephen
7 August 2008, 16:02 #
Thanks for the link!
I’m still waiting for a reply to my letter, but certainly there is ambiguity around the terms “account” and registration” such that it’s not clear what Snapper require of you.
I’m glad you laid out this notion of transitive trust so well – that pretty much nails what bugs me about the whole Snapper business, only I wasn’t able to articulate it the way you have.
As far as the comparison with banks goes, if the bank suffers a loss of information such that identity theft is possible, the bank itself stands to lose money – thus protecting your privacy is very much in the bank’s own interests, and not just a matter of keeping the customer happy. Whereas this isn’t the case for Snapper; at least, not to the same extent anyway.
Heck
8 August 2008, 00:46 #
How much information do you have to give to these people, exactly ? Snapper sounds like a debit card wannabe from all I’ve read. I can see where these things might replace the regular debit card, particularly for students or people who make “small” purchases often, and I’ve been following your privacy articles because I use the Suica card here in Tokyo, it’s incredibly useful.
I can use it in pretty much every train and bus in the Greater Tokyo area and other places in Japan, plus many stores and malls, vending machines, etc, only limited by the amount of money I can have on it at a time. It can be charged up to 20,000 Yen currently, but I’m sure this limitation will change soon enough.
I realize they can track all my movements and purchases made with it but since it doesn’t require authentication for using it who knows if I am the one doing it or someone else. Plus, they only asked my name and address when getting the card, and they didn’t even verify either, I could have made them up completely.
If I think there is any reason not to use it, I can always buy a ticket or pay in cash, but I think it’s a pretty good trade-off all in all.
Heck
8 August 2008, 04:23 #
I forgot to add that the Suica technology is embedded in many mobile phones and laptops over here as well. Your mobile doubles as a cash card actually, how scary is that ?
Alan
8 August 2008, 06:59 #
Stephen: Agreed. Banks also jealously guard their reputation, too. No bank wants to be seen as an info-sieve. So that’s another good reason for treating banks slightly differently from the other corporate entities we interact with. But then I’ve worked for banks for years, so my perspective could be rosier than most.
Heck: Suica is one of the other card systems, like T-Money in Seoul, that Snapper is modelled on. The information requirements for Snapper sound much the same as Suica (i.e., in practice a fake name will suffice); and you can only put up to $300 on it – ¥23,400 roughly. It is damn good for public transport, and convenient for other things. Therefore your last two paragraphs on Suica in your first comment summarise what should be a logical position for me with Snapper as well, but I still feel a little uncomfortable with it. It’s not anonymous e-cash, and never will be. Yet the role of cash replacement is what Snapper is intended for by its makers.
Snapper also have plans for mobile phones and various other form factors – there’s some stuff on their website about this.
Michael
8 August 2008, 16:36 #
And, importantly, I believe banks purge their transaction data after a fixed period (mostly admittedly due to sheer volume, rather than privacy concerns, but still).
Snapper, on the other hand, promises to keep your data “for an indefinite period”, “at our other offices and storage facilities (whether in New Zealand or overseas)”.
Most banks I believe would properly balk at shipping transaction histories to foreign shores.
Mike Riversdale
10 August 2008, 10:02 #
@Alan: “Thought” – that’s what most people don’t give it but you are right.
@Michael: “sheer volume” – that’ll go in the near future.
“shipping transaction histories to foreign shores” – who says they have to ‘ship it’, maybe it’s stored there by default.
Stephanie
2 October 2008, 02:19 #
Taking a slight side step on the topic, and because usability is my comfort area, does anyone else feel frustrated that you can’t tell how much cash is left on the snapper card just by getting it out of your pocket and having a look?
With my old bus ticket I knew how many trips I had left at any time just by checking the ticket. I could be walking down the street, check my ticket and know if I needed to stop for cash or not. With your coffee shop loyalty card you most likely can tell how close you are to your next free coffee or ‘reward’ just by looking at the card. I want to know before I get on the bus if I have enough ‘juice’ to get to where I’m going and I don’t want to have to log on to the internet in the morning before I leave to find out.
I am currently avoiding getting a snapper card for this reason and also because my sister’s flatmate has a snapper and has found that over the course of a week the exact same bus trip has deducted varying sums from his snapper. Some days it’s more than it should have been and other days it’s less. The outcome being that having topped his snapper up sufficiently for 10 bus rides he found himself just short of the cost of his 10th trip. Not good.
Alan
6 October 2008, 21:21 #
Steph: Hi! yes, it’s a bit of a problem not having a clear view of what value is left on the card. However, the bus Snapper card readers will tell you what your balance is if it is below $10, so watch out for that (it doesn’t tell you the balance if it’s above $10 for security reasons, I am guessing).
There are three reasons I know of for seemingly different fares over the same route: the first is in the increasingly rare case where the wrong fare table has been loaded against the route by the bus driver. This leads to the your stops not being registered accurately (I find this difficult to understand, but that’s how I’ve read it explained elsewhere).
The second case seemed to occur after the recent fare increase – for some days or weeks later some of the buses charged the older, cheaper fare set.
The third case is only an apparent difference – depending on the direction travelled, either to town or away from town. Going to town you’ll be charged the Snapper fare for one zone ($1.13) with the rest being deducted as appropriate at your destination. Going from town however, you’ll be initially charged the Snapper fare for the City Zone ($1.00) with the rest, once again, being deducted at your destination. Barring cases 1) and 2), the total fare for both trips in and out will be the same.