Metro’s SmarTrip fare cards allow the transit agency to monitor passengers’ travel with little regard for privacy concerns, a group focused on privacy issues says.
The SmarTrip fare card, which includes an embedded radio frequency identification (RFID) chip, tracks each rider’s travel and can be matched with the rider’s name, address and credit-card number, according to the District-based nonprofit Electronic Privacy Information Center (EPIC).
“Our basic point is that there is a lot of detailed information being collected,” said Marc Rotenberg, executive director of EPIC, a public-interest group established in 1994 to focus attention on emerging threats to civil liberties. “The privacy protections, in our opinion, are inadequate.”
According to documents obtained by EPIC through the Freedom of Information Act, the SmarTrip card can record a Metro passenger’s time of arrival in the Metro system, the passenger’s destination and the amount of time the passenger spends traveling from point to point.
It even records the gate through which a passenger leaves the station.
But transit officials say they have addressed the privacy issues with a policy expected to be passed by the Metro board at its monthly meeting Thursday.
According to the new policy, personal SmarTrip information may be released by Metro only in what are called “limited instances” — the request must be made by the registered user of the SmarTrip card, there must be a court order, or the request must come from law enforcement when the information is required in the course of an investigation in which time is of the essence.
“Basically, it means nobody can get an individual’s SmarTrip data,” said Lisa Farbstein, a Metro spokeswoman. “The policy is being established as a way to regulate and safeguard individual data.”
If passed, the new policy will take effect Oct. 1.
Since 2000, Metro officials have governed the release of private information through their Public Access to Records Policy. The policy is similar to the federal Freedom of Information Act.
Miss Farbstein said that safeguards on the release of personal information always have been in place and that Metro never has sold or released the information it has collected from SmarTrip cards. The information can be stored indefinitely and used to track ridership trends.
“People still can’t get your SmarTrip information, but this clarifies things,” she said.
The issue became more relevant in June 2004, when Metro began requiring a SmarTrip card to pay for parking at its lots. The shift spurred sales of the plastic cards, which also can be used to pay for Metrorail and Metrobus fares.
Prior to the start of the SmarTrip-only parking payment program, sales of the cards averaged 8,000 per month between May 1999 and May 2004.
Metro officials estimated last year that customers were purchasing between 3,000 and 4,000 of the cards per day, most directly from new SmarTrip vending machines that are located inside 30 Metro stations .
Mr. Rotenberg said he thought the new Metro privacy policy is a good idea but that it was important to notify the public about the type of information that is being collected. He also said there is the potential for abuse when there is “this type of effort to record where people are going.”
