“We know that apps also can surreptitiously collect other data on the phone, which can be linked to the ID of the phone,” he said.
And Rebecca Herold, CEO of The Privacy Professor and cofounder of SIMBUS360, said apps are, “some of the most privacy invasive technologies around because of all the data they can suck up from the device – about what the device user is doing, whereabouts, etc., with absolutely no direct interaction with the device users to ask to have data explicitly provided by them.”
Herold and others said there is far too much wiggle room in terms like “personal data,” “consumer information” and “closed network.”
“What does a ‘closed network” mean?” she said. “That no one but their business employees are able to access it? It would imply that they do not outsource access to the data to any third parties, but they do not explicitly state this.”
"(Apps are) apps are some of the most privacy invasive technologies around because of all the data they can suck up from the device."
Rebecca Herold, CEO, The Privacy Professor and cofounder, SIMBUS360
Things like that also trouble Dennis Devlin, cofounder, CISO and CPO of SAVANTURE. Even though the company says the system will not collect any PII and will be on a closed network, there is clearly some collection going on if riders can receive push notifications from advertisers. “The notice is vague as to exactly what is being collected and how it will be used after collection, and there is no access provision for individuals to see their own data,” he said.
He added that, “there is no such thing as guaranteed anonymity when it comes to geolocation data collected from a mobile device.”
The involvement of an app, or apps, for the program is apparently based on vendors advertising through Intersection with the MBTA. While the press release from Intersection says, “a user must download an app that utilizes the technology,” Caitlyn Kasunich, a media representative for Intersection, said there is, “no overarching pilot program app; there will be third-party apps that become part of the program.”
Every device has multiple identities related to the device itself … once collected such data can potentially be joined with other data … and suddenly the customer becomes the product, and someone else becomes the customer.
Dennis Devlin, cofounder, CISO and CPO, SAVANTURE
Indeed, Jason B. Johnson, deputy press secretary of the MBTA, said Intersection is the contracted, “manager of the T’s advertising program. As such, the Pilots Beacon Initiative was not created by the T.”
Sign up for Computerworld eNewsletters.