Oyster Card Privacy

If you live in London, you’ll probably know the Oyster Card fairly well. More or less everybody has one. You use it to pay for bus or tube travel – stick £20 on the card and instead of buying a paper ticket each time, just place your card on a yellow reader, and it’ll work out how much the journey cost and automatically deduct it from your card. It does save a ton of time, and quite a bit of money too (tickets are cheaper on Oyster).

If you buy a travelcard in London (e.g. annual or weekly pass) then you’ll probably have it on a Oyster card.


If you tap the Oyster card on machines in Tube stations, you can see a list of journeys made on that card. My usage history included not just those I made over the last few days but also tube and bus trips that I made before Christmas. This in itself I don’t find too scary apart from the fact that anyone who had my card could look at my usage history.

The scary thing is that these Oyster cards if registered to an address (e.g. anyone with an annual pass, child pass, online auto-top up, etc.), the government and Transport for London can instantly recall a list of your movements, including those you made two years ago.

From Wikipedia:

The system has been criticised as a threat to the privacy of its users. Each Oyster card is uniquely numbered, and registration is required for monthly or longer tickets, which are no longer available on paper. Usage data are stored both on the card and centrally by Transport for London; recent usage can be checked by anyone in possession of the ticket at some ticket machines. Privacy groups consider it a form of mass surveillance and are concerned with how these data will be used, especially given the introduction of the London congestion charge by Mayor of London Ken Livingstone in February 2003.

The police have used Oyster card data as an investigative tool, and this use is increasing. Between August 2004 and March 2006 TfL’s Information Access and Compliance Team received 436 requests from the police for Oyster card information. Of these, 409 requests were granted and the data was released to the police.[13]

Sources inside TfL indicate that usage data which should be removed after three months, are not.[citation needed] Databases contain usage data which account for over two years of travel for many individuals, further adding to the criticism of an invasion of privacy.

I really don’t see why this is necessary and in many ways it’s quite scary that TfL could recall your list of tube and bus journeys from over two years ago.

There’s always the argument that if your not doing anything wrong you’ve got nothing to be worried about, but I don’t think this applies. The Oyster Card will not stop terrorists. Terrorists wouldn’t use Oyster cards!

It’s not just that. I’d like to be able to say I trust the government with my privacy and personal information, but with the state of technology security these days, information gets leaked and stolen. It’s quite possible that this information could get into the wrong hands and that would be a serious blow to privacy to anyone who has an Oyster card.

But anyway I took the plunge. I hope TfL are going to look after my privacy.

5 thoughts on “Oyster Card Privacy

  1. Oyster doesn’t provide any new information except making it easier accessable. Consider that there are 7 or 8 cameras in every bus and tube wagon that make it possible to follow you on every step. It was still ok in Oxford or Stratford (but still way more [public] security cameras than compared to e.g. Germany) but in London… oh my, I guess London has more CCTVs than inhabitants. Although it was funny at times, when there were two CCTVs to surveillance 1m² because the building was shaped like this:

    It was relieving when I got home again, although it gets worse in Germany as well.

    By the way, even if a terrorist used this card, it wouldn’t be of any help since it’s not like there’s a "terrorists exit here" station. What I find more concerning is that police investigations become more and more like "let’s see  who possibly could be involved and lets do some investigation until one is left who then will be charged" instead of narrowing beforehand.
    It’s similar to when solving e.g. a math problem with the solutions next to it. You try to solve it, checking every step in the given solution. You’re more likely to say "oh, of course, that’s obvious" than without having the solution. Some applies to police – it’s more likely they think things are "obvious". And of course, if you can choose between having a solution or not having one, you of course take the former.

    What I don’t understand is that more money is invested into preventing terrorism than making cars/traffic saver although it’s more likely to die in an accident. Comparing lives/death isn’t really possible, but wouldn’t it be better for a single person if traffic is made saver if the "chance of unnatural death" counts?

  2. Interesting thoughts. Xeen: I think you probably hit the nail on the head:

    What I find more concerning is that police investigations become more and more like "let’s see  who possibly could be involved and lets do some investigation until one is left who then will be charged" instead of narrowing beforehand.

    I’ve never really thought of it like that, but we can apply the same argument about the Oyster card to credit cards. It’s possible to see all your trips abroad, all the restaurants and places you’ve been to around the world. Yet we’ve all got no problems with using one. 

  3. Just like having an ID card will stop terrorists. Because we all know you need an ID card to buy bombs. Terrorism is just their over-used excuse for breaching privacy.

  4. Yap. Germany has had unique IDs for every German since they were introduced (even during the 3rd Reich, if I remember correctly) but they didn’t prevent anything. Best example is the RAF in the ’70 – it wasn’t even some kind of "foreign group". It took them quite some time to find those terrorists, even though he was publicly known as being a terrorist (and robbed many banks in that time, like 7+) and he had an ID-Card.

    I doubt that would have been different if the ID-Card was digital and there were fingerprints or whatever saved on it (microwave, 180 watts, 2 seconds anyone?)

  5. How can we trust the goverment with the information they need for an ID card when they cannot look after the information they have on us now !!!!

Leave a Reply

Your email address will not be published. Required fields are marked *