LONDON'S BY THE HOUR HIRE CYCLES affectionately known as "Boris Bikes" leak enough information to allow an individual to be identified and tracked.
Although Transport for London (Tfl) has never made any secret of the fact that the bikes' movements are trackable, thus enabling them to be billed accurately and prevent them from ending up in people's back gardens, less widely known is the fact that this data is available to view online.
The data is part of the open data feeds on the TfL website that allows developers to create their own apps based around the capital city's infrastructure. Tfl has always resisted creating apps for its services, instead releasing the data for the community to create its own. The INQUIRER recently conducted a test of some those apps, as their quality can vary enormously.
This is all well and good, however an enterprising blogger has demonstrated how this data, in conjunction with APIs from services such as Foursquare, Twitter and Google Plus, can be used to identify a person with particular, regular journeys and track them.
Software engineer James Siddle explained, "What's more interesting (and worrying) is that I'm not really trying very hard, and a deeper inspection of dates, times, locations etc. can reveal far more detail. There's enough here to start thinking about putting a name to the data."
He added, "The point is that there are benign insights that can be made by looking at individual profiles - but the question remains whether these kind of insights justify the risks to privacy that come with releasing journey data that can be associated with individual profiles."
The INQUIRER has contacted Tfl, which has promised to respond in the coming days. µ
TfL’s General Manager of Cycle Hire, Nick Aldworth, said: “We’re committed to improving transparency across all our services and publish a range of data for customers and stakeholders online. Due to an administrative error, anonymised user identification numbers were shown against individual trips made between 22 July 2012 and 2 February 2013. The data, which did not identify any individual customers online, was removed as soon as the matter was brought to our attention.”