Japanese Railway Selling E-Ticket Data
Courtesy Megan Geuss, ArsTechnica
A Suica card.
Last week, East Japan Railway (JR East), the largest rail company in the country, announced that it would be partnering with Hitachi to gather and anonymize data that it collected from its e-ticketing system, called Suica. In the program, travel histories of its passengers would be stripped of identifiers like names, addresses, and other information, and then sold in bulk to third party companies.
A June 28 Nikkei post reports that Hitachi “will profile commuter activity at each train station by parameters like gender, age, and times of use, analyzing such things as the customer-drawing power of each station and the potential for business in the area.”
But according to Jay Alabaster of Computerworld, many prominent bloggers have taken issue with the plan, and the news has caused concern. On Twitter, professor and prominent commentator on data privacy Hiromitsu Takagi wrote "Even if there is a proper way to use this (data), it must be done with the approval of society." Others expressed their disbelief that JR East and Hitachi would properly anonymize the data.
Part of the concern, Alabaster says, might come from the memory of a recent e-ticketing privacy scandal in Japan in which a Tokyo Metro employee made the personal details of a female passenger public. The employee was subsequently fired, but rumors persisted that the “Pasmo” ticketing system that the Tokyo subway uses was easy enough to crack that people could check their partners’ travel history to see if they were cheating.
JR East counts about 42 million Suica users. It plans to “sell the information in the form of monthly reports to retailers, eating and drinking establishments, and real estate agencies that operate near the train stations,” according to Nikkei. Takashi Yamaguchi, a JR East spokesman, told Computerworld, "There is no way to determine the identity of specific individuals from the data, so we feel there is no privacy issue.”