August 22, 2019

‘Dutch Rail discriminates against travellers when it comes to privacy’

Filed under: General by Orangemaster @ 5:22 pm

Michiel Jonker of Arnhem is a big defender of privacy. He is going to court to fight for his right to use an anonymised public transport chip card used for trams, subways, buses, and trolleys if you’re in Arnhem—a card that can also be used for trains.

One of the many issues is that only people who agree to give up their personal details as well as all their travel information can use a Dutch Rail discount on their card, giving them, in one instance, a 40% discount a year for an annual fee that I also pay, that keeps going up and that I don’t remember what it is.

Jonker uses an anonymised card, but it’s also not at all anonymous. “When you top up your card, the top-up doesn’t go onto your card, it goes to a sort of bank account owned by TransLink Systems [the company that makes the cards—Orangemaster]. The moment you top up your card, the company registers where and when you’ve done that.”

Jonker claims that the Dutch Data Protection Authority is too easily convinced by the arguments of Dutch Rail for registering information such as sex, email address and other personal details. Dutch Rail says that registering such information is necessary to combat fraud and ensure security, and yes, if a company can prove that such details are necessary to function then Europe’s General Data Protection Regulation (GDPR) will back them up. However, if that cannot be proven, then Jonker has a point and Dutch Rail will have a problem.

Regardless, only travellers with one of the many non-anonymous types of cards can get travel discounts. Jonker explains that for decades, train staff checked paper tickets and that worked just fine.

Watch the video below in Dutch:

(Link: Omroep Gelderland; video: YouTube / Omroep Gelderland)

Tags: , , ,

March 22, 2019

Free housing in exchange for all your data in Helmond

Filed under: Dutch first,Science by Orangemaster @ 11:09 am

Binary code

In Helmond, Noord Brabant, there are plans to build a neighbourhood, called Living Lab, where people will be able to live for free, but there’s a catch: they’ll have to give up all their data.

Part of the Brainport Smart District, Living Lab will be the ‘smartest neighbourhood in the Netherlands’ with 1500 homes where 4000 people are expected to live. Their behaviour will generate a huge flow of data and that’s the goal. Basically, you’d be a guinea pig with free housing. Sensors will measure what you do, how you sleep, what you do online and whatever else companies will pay to find out.

Free living for only a year is not very practical, but considering how difficult it is to find a place in this country, I’m sure they will find 4000 people ready to give up their privacy, which is a bit sad in a way.

Toronto, Canada was the location of a similar project called Sidewalk Labs, a subsidiary of Alphabet, the parent company of Google. The difference is that this project hit a brick wall when it came to privacy and proprietary rights of the data.

Living Lab is on the edge of what is actually acceptable, which means it’s not out of the woods yet. But again, in a country where corruption is common in the housing market, having a free space to live that’s nice will have people willing to give up quite a bit of their lives. Let us not forget that social media seems free, but many of us are giving away our data there as well.

(Link: Bright)

Tags: , , , ,

May 5, 2018

Rabobank uses animal and plants for client privacy

Filed under: General,Online by Orangemaster @ 1:14 pm
privacy

To comply with the General Protection Data Regulation that will enter into force on 25 May 2018, the Dutch bank Rabobank has found a nifty way of using client data without having to ask permission: by assigning Latin animal and plant names to their clients data, pseudonymising it. They also claim it’s something they were toying around four years ago when the GPDR wasn’t on anybody’s radar, but yeah, Google was doing that back then as well with animal and creatures names that anonymised Google docs users.

Special software was developed by IBM to make people’s data unrecognisable, but still useable for analysis. The software is currently part of a service aimed at a small group of financial organisations. Later, it will also be used in retail and healthcare.

(Link: bright.nl)

Tags: , , ,

September 4, 2016

Febo and other companies violate patrons’ privacy

Filed under: Technology by Orangemaster @ 9:24 pm
kroket1.jpg

Since January 2014 the Dutch Data Protection Authority has observed that snack chain Febo, through its use of the Bluetrace data tracking system, was violating its patrons’ privacy by collecting information without their permission, according to the Personal Data Protection Act. And after several warnings, nothing has changed, but the agency is pissed off enough to fine Bluetrace if they don’t clean up their act within the next six months.

According to Bluetrace’s website, they claim to “respect the privacy of persons”, since “after 24 hours, all anonimized data is being erased from our systems”. However, that “anonimizing” they carry out is apparently very easy to undo, so basically nothing at all has been done to protect people’s privacy for quite some time.

Febo also has to make sure that they don’t collect personal data of people who live nearby, make sure they tell people explicitly that their data is being collected, and tell them how long their data will be stored, etc., which they don’t. Dutch law states that “the processing of any personal data requires the data subject’s unambiguous consent,” like a sign at Febo that warns people. Bluetrace has said that they place signs, but that’s not the case in the 30 or so Dutch municipalities where their system is operational.

Turning off your phone was a retarded Dutch government answer, because even when your phone is off, it could still be giving out information through radio signals and possibly with malware, if Edward Snowden has taught the world anything.

Febo is just an example, as many other companies and towns who use Bluetrace are also violating the law, and I’d dare say, even flaunting it, since 2014. Why the authorities are only getting serious now remains a mystery.

(Link: motherboard.vice.com)

Tags: ,

December 2, 2014

Looming privacy disaster with ID system and police

Filed under: Online by Orangemaster @ 10:46 am
privacy

As of 2015 Dutch citizens will be able to file charges with the police using DigiD, the national government’s digital identification system. If there’s a company that’s not thrilled with that idea, it’s advertising agency Digi-D in Waalwijk, Noord-Brabant.

For years, Digi-D, who opened shop three years before DigiD came along, have been receiving people’s personal data erroneously and trying relentlessly to get the government’s full attention on the matter. The government decided first to bully the ad agency into changing its name, which was too expensive. At the moment, the government is listening a bit more closely and is trying to come up with a solution, albeit not fast enough. As of 27 November, Digi-D has received 45,282 wrongly addressed requests with people’s personal data, so you can imagine how antsy they are about getting police reports as well. Oh, and they are also the victims of hackers who can’t spell. The company is run by two people and they surely have better things to do than monitor municipalities who keep telling their residents to register with Digi-D because they can’t spell either.

(Link: www.nu.nl)

Tags: , , ,

November 19, 2014

Police monitor people buying tools

Filed under: General by Orangemaster @ 10:32 am

screwdriver

In and around the city of Ede, Gelderland, several DIY chain stores have decided to film anyone buying tools such as big screwdrivers, chisels, crowbars or lump hammers under suspicion of being potential robbers. Once you’re on film with your new tools, the cops look at the footage to see if you’re a robber that matches their files (ha, pun).

Besides being a potential privacy breach, this is a useless strategy. Webwereld and surely other sources have listed the stores doing the filming so robbers can either take from a toolbox instead of buying new tools or just go to another store. Even better, hop over to Germany or get the missus to do the shopping for you as I bet the cops will only look at men on the film. A Dutch white female pushing a pram should do the trick.

(Link: webwereld.nl, Photo of screwdriver by Noel Hankamer, some rights reserved)

Tags: , , ,

November 11, 2014

Fined 60 euro for trying to park anonymously

Filed under: Automobiles by Orangemaster @ 10:36 am

This morning Privacy First, a foundation committed to preserving and promoting the right to privacy, is in court in Amsterdam over having to enter one’s license plate number when parking on the city’s streets.

Bas Filippini, who when parking in Amsterdam enters the license plate number ‘NOWAY’ (see film linked to the source), says the problem is two-fold: 1) a person in Amsterdam now has no choice but to enter their license plate number and 2) people cannot pay with cash, which both breach the right to privacy and anonymity, never mind being a pain for tourists or other visitors who don’t have the right bank card or mobile phone.

Filippini is in court because of a 60 euro fine he got for not entering his license plate number. According to Privacy First, every free citizen has the right to privacy in the sense of anonymity in public spaces, including parking one’s car, a right stated by Article 8 of the European Convention on Human Rights (PDF).

We’ve been parking cars on the streets in Amsterdam for decades without the city knowing anything about our cars, and continue to gleefully do so across the country. Article 8 says unless matters such as, “national security, public safety or the economic wellbeing of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others” come into play, which I cannot possible imagine they do.

UPDATE: The verdict is due 23 December 2014. Postponed for six weeks.

UPDATE No. 2: Verdict out: “The council considers that using the wrong number plate is the same as not paying but the court disagreed. Not finding a payment corresponding to a real number plate could be evidence that no payment was made but the person parking can demonstrate they did pay in a variety of ways”.

(Link: www.telegraaf.nl)

Tags: , ,

October 14, 2014

Crazy verdict: Dutch Rail may abolish paper tickets

Filed under: Technology by Branko Collin @ 8:44 am

lady-justice-chaoukiThe business court of The Hague has determined that Dutch Rail can abolish paper train tickets even though the law says a traveller has a right to an objective proof of the right to travel.

The court felt that the new electronic travel card system (OV Chipkaart) suffices because there are five places where you can confirm you have the right to travel. Arnoud Engelfriet lists them all:

  1. The display of the electronic gate at the time of checking in.
  2. The display of the vending machine.
  3. A paper print-out at the service desk.
  4. A transaction data listing on the Dutch Rail website.
  5. The display of the train conductor’s travel card reader.

Engelfriet and his commenters point out that there are numerous problems with this verdict.

  1. The electronic display only shows that you’ve checked in for a very short time, especially if somebody checks in a fraction of a second later (this happens a lot during rush hour).
  2. If you are in a rush, you are not going to stand in line at the vending machine or service desk.
  3. The Internet listings are only updated after a significant delay.
  4. Train conductors are “masters at being impossible to find”, according to Rikus Spithorst of travellers association ‘Voor Beter OV’ (‘for better public transport’). (Doesn’t that make train conductors hobbits?)

Basically this means that you either show up five minutes early for your daily commute to double check you are actually checked in or you pay a tax in the form of fines every time you fail to check in for whatever reason.

What bothers me is that in the case of a conflict between a traveller and Dutch Rail (and only the OV Chipkaart in place) travellers now have to rely completely on the antagonistic party to provide them with the proof that they have in fact travelled legally. Travelling without a valid ticket is a criminal offence, so why would the state make rules that make it practically impossible for a suspect to defend their innocence?

See also:

Tags: , , , ,

August 24, 2014

Extending the self into the corporate cloud

Filed under: Technology by Branko Collin @ 9:19 pm

interferenceI went to Interference last weekend, a hacker convention run by anarchists in a former squat called Binnenpret. Most Dutch people know the part of the complex called OCCII, a music venue on Amstelveenseweg.

The talks were somewhat similar to what I have encountered at other hacker conventions in the past. If there was a difference, it was that in the Q&As audience members were criticizing language that could be used as a weapon, as a means to disempower outgroups.

Also, the hosts did not appear to serve coffee.

Cory Shores had a talk about post-humanism and spoke about the blind man’s cane. This is apparently an issue of some contention in philosophy: is the cane part of the man, of the self? A blind man ‘sees’ with the tip of the cane after all, his hand being no more than a relay.

A similar extension of the self was identified by Paulan Korenhof and Janneke Belt who pointed out technological differences in the way people remember things, such as remembering a shopping list versus writing one down. They did not further explore the issue of the self, but instead looked at where our shopping lists (and therefore maybe parts of ourselves) end up: in the cloud, specifically in the indexes of search engines owned by international companies.

Earlier this week I mocked visitors of the Lowlands festival in a posting who gave away their privacy for RFID trinkets, but perhaps my commentary wasn’t entirely fair. The Lowlands RFID wristbands do have some value to the user as they extend the self, even if the company behind them is solidly grounded in the philosophy of “if we give you something for free, you are in fact the product”.

See also: the Interference reader.

Tags: , , , , ,

August 18, 2014

RFID bracelets track festival goers

Filed under: Music,Technology by Branko Collin @ 8:11 pm

waldo-lowlands-2008-gabe-mcintyreHave you ever gone to a music festival but got too drunk to remember which acts you saw?

Yeah, me neither, but apparently now there’s a solution. For the price of whatever was left of their privacy, visitors of the Lowlands festival last weekend could get a ‘free’ wristband that allowed them to keep a diary of sorts.

Every time you held the Nedap-developed wristband against a scanning station, the station would register your ID, time and location in order to be able to present you with a slew of data on the spot or afterwards. The data contained the location of both you and bracelet-wearing friends, the bands that played nearby, photos of you and your friends, ‘spotified’ set lists, and so on.

According to the video below by Face Culture, some people ‘hacked’ the system by trying to get into the top ten of the people that scanned their bracelets the most. Other advantages mentioned were the ability to remember the names of obscure bands you saw and not having to trawl through 20,000 photos online before finding yours. One person complained that she still had a sliver of privacy left: she wanted more scanning stations so that she could also see when she had gone for a burger.

A Campign Flight to Lowlands Paradise (its full name) is an annual festival held near Biddinghuizen in the province of Flevoland.

(Photo of Waldo at Lowlands 2008 by Gabe McIntyre, some rights reserved; if only he had worn an RFID tag, you would have spotted him instantly; link: AD)

Tags: , , , , , ,