Backlash in Japan over sales of train e-ticket records
One of the country's largest train operators has teamed with Hitachi to sell data based on the NFC train passes
IDG News Service - A privacy debate has erupted in Japan over a new service from a major rail operator that sells private e-ticket records as marketing data.
This week East Japan Railway (JR East), the country's largest rail company, has begun offering for sale the anonymized histories of millions of its passengers. The data is gleaned from its Suica train pass system, which is Japan's most popular with 43 million users, roughly equivalent to a third of the national population.
JR East and Hitachi, which will handle the technical aspects of the service, announced it last week via a terse news release that initially drew little attention. But this is the first time Suica information has been sold to third parties, and the news was soon highlighted by prominent bloggers, triggering a discussion that has now spread to Twitter and other online forums.
"Even if there is a proper way to use this (data), it must be done with the approval of society," wrote Hiromitsu Takagi, a professor and prominent commentator on data privacy, on his Twitter account.
Some were less reserved, with many calling the new service "revolting."
"Personally, rather than being revolted, I just don't have confidence in the ability of JR East and Hitachi to manage the data," wrote another commentator.
The Japanese debate is unfolding as the rest of the world reacts to revelations about surveillance programs of the U.S. National Security Agency. The tale of former NSA contractor Edward Snowden, who released details of the surveillance, has been closely followed by the media in Japan, where many are hesitant to publicize their private details online.
JR East's service provides details for passengers that use specific stations, such as their sex, the date and time they used the service, and the amount they spent. The company and Hitachi are adamant that no laws are being broken, and JR East says the Suica user contract gives it rights to the passenger data.
"There is no way to determine the identity of specific individuals from the data, so we feel there is no privacy issue," said Takashi Yamaguchi, a JR East spokesman.
Hitachi is marketing the service as an example of its prowess at handling "Big Data" a foreign buzzword for using powerful servers to crunch through large amounts of information that has recently caught on in Japan. The cheapest price for the service is AY=5 million (US$50,000), which provides passenger data on ten stations for a year. New data is added to the system monthly.
"This is statistical data," said Hisahiro Sakai, a spokesman for Hitachi. "We will aim to sell it to station tenants, or companies that are thinking of starting businesses in stations, as well as real estate companies and advertisers that want information about specific stations."
JR East was already facing criticism over a newly installed entrance at a busy station in the eastern part of Tokyo. The gates at the "nonowa" entrance only work with Suica or compatible touch cards, so travellers with traditional tickets or passes must take another route.
"No one without an IC Card gets in?," asked the Asahi Shimbun, one of Japan's largest newspapers, in the headline of an article that said many locals consider the entrance to be a form of discrimination.
Another train organization was forced to change its policies after an embarrassing leak last year. An employee of Tokyo Metro, which runs the city's subway system, disclosed the "Pasmo" train pass history of a female passenger, forcing the company to cancel a service that allowed users to view their histories online.
Suica, first launched in 2001, uses NFC technology developed by Sony. Initially offered as train passes that had to be periodically recharged, the technology is now built into credit cards, mobile phones and even USB readers that can be plugged into PCs for home shopping. Payment can now be made in many convenient stores and restaurants, as well as taxi cabs and vending machines.
In March, the most popular regional electronic train pass systems in use throughout Japan signed agreements so that they could all be used interchangeably. The data sold by JR East currently covers only users of its own Suica system.
JR East is the largest of Japan's seven overland railway companies, formed when a nationwide rail system run by the government was broken up in 1987. JR East's domain covers about half of Japan's main island, including the crowded Tokyo capital and surrounding metropolis. It runs everything from daily commuters to the bullet trains that operate on its territory, all of which are compatible with Suica.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Legal White Papers | Webcasts