Snapping at privacy
There have been some negative reports around Snapper and its approach to privacy so I decided to take a look.
Snapper is a stored-value contactless smartcard that can be used in Wellington’s buses and as an alternative to cash/EFTPOS for low value purchases. It’s similar to Oyster, Octopus, etc. but with a more secure chip.
Losing a Snapper card is like losing cash. So people will soon be able to register their cards online. If a registered card is lost, the person can transfer the balance to a new card.
After that, it’s all downhill. A very slippery, steep decline at that.
For example, to set up an online account, Snapper says “we will collect personal information from you, including your name, title, email address, password, gender, date of birth, telephone numbers, postal or physical addresses, preferences, demographic information, and other personal information.”
Why? What possible justification can they have to collect this information? Incidentally, this probably makes it downright illegal.
Not being satisfied with that, they go on to say that “the information we collect when that Card is used will be associated with any personal information about the card holder that you supply.” So, they want both personal information plus profiling information. Wow! Considering the range of uses for the Snapper card outlined- everyday purchases, loyalty card, building access control, ticketing and event access- they seem more intent on being a datamart than a smartcard company.
Still not satisfied with that, they go on further to envisage Snapper being used as an identity card. They will then “collect additional information about you, which may include:
- your date of birth
- any relevant licences or endorsements that you hold
- other attributes relevant for identification purposes (for example, which school or university you attend)”
I’m left shaking my head in wonder. Did a dinosaur somehow survive the Ice Age?
I can’t see how they can verify the information people give. So, despite their warnings of giving incorrect personal information, I’m willing to bet that a lot of people will do just that.
And yet, the solution for the most part is actually quite simple. Snapper could use pseudonymous identity rather than real identity. Leaving aside tracking usage or their notion of becoming an identity card (which I can’t even begin to imagine as even remotely realistic), using pseudonymous identity could keep everyone happy.
Otherwise, I’ll just stick to good old anonymous cash, thank you.