I’m surprised – maybe I shouldn’t be – that I’ve not seen or heard much about potential privacy concerns surrounding the rollout of Chicago’s new public transit payment system, Ventra. There is still a dwindling band of last-adapters, those of who cling to our old-school all-you-can-ride passes paid for and used the good old fashioned-way: with cash at the counter, and a quick in-out at the turnstile. But much of the city now uses Ventra, the fancy new touchless swipe system, and soon all of us will be swiping our cards at the baby blue readers whether we like it or not.
I’m all for progress, and it seems touchless is a good way to go. Fast, modern, clean, etc. Or at least in theory – in practice it’s a little different when you’re waiting to load the bus behind riders who cannot successfully swipe their cards without several attempts. Most of that can probably be chalked up to new user unfamiliarity with the system. There are other supposed advantages to the system as well.
What concerns me though, are the privacy issues surrounding Ventra. For instance, to get a card, you must provide a set of personal information. To order on VentraChicago.com, shipping information is required along with an email address and primary phone number. Why email and phone are required is unclear. You are then required to create an account, which includes a mandatory field for a purchaser’s birthdate. So at this point, to ride the subway you need to submit your address, email, phone and birthday to CTA and by extension, its third party vendors. Seems a little strange. Then, of course, you need to pay for the card, so you provide your credit card information.
You also must agree to the terms and conditions of the card, which includes gems like this:
- “Users must present their Ventra Card for inspection by authorized representatives of participating transit agencies’ security, or law enforcement personnel upon request.”
So presumably a CTA agent can ask you for your card, anytime. I’m not assuming this would occur in abusive ways, but the fact is that that authority is written into the program and users are required to agree if they want to participate. Reminds me of the South Park episode “The Human Centipad,” which is a great riff on EULAs (End User License Agreements) in our modern age.
I’m looking into other ways of signing up for the card (you can buy online but also in the stations, I believe, and at places like The Currency Exchange). They may require less information, and if so, I think that’s a good thing.
Another nuisance: Customers are charged a $5 fee to purchase a Ventra card. The only way this is rebated as ridership credit is if you agree to proceed and register your card (by providing certain pieces of personal information).
The biggest potential threat to privacy is this: Can users’ cards be tracked? Does the system have the ability to see that John Doe scanned his Ventra card at 7:42 a.m. on 11/14/13 at the Chicago & Grand Red Line Station, then again at 12:03 p.m. the same day as he boarded the 151 Bus? Is that kind of capability built into the network of card readers and central servers? We don’t know. It’s very possible that there’s no such capability. Maybe that’s obvious to people familiar with the technology. But it’s something Chicagoans should know for sure, and so far I haven’t seen anybody talking about it.
More on this in the coming days…