Menu

Timesdelhi.com

June 25, 2019
Category archive

Mayor

London’s Tube network to switch on wi-fi tracking by default in July

in api/controlled/Delhi/encryption/Europe/European Union/India/London/London Underground/MAC Address/Mayor/mobile devices/Politics/privacy/Security/smartphone/transport for london/Transportation/United Kingdom/wi-fi/wireless networking by

Transport for London will roll out default wi-fi device tracking on the London Underground this summer, following a trial back in 2016.

In a press release announcing the move, TfL writes that “secure, privacy-protected data collection will begin on July 8” — while touting additional services, such as improved alerts about delays and congestion, which it frames as “customer benefits”, as expected to launch “later in the year”.

As well as offering additional alerts-based services to passengers via its own website/apps, TfL says it could incorporate crowding data into its free open-data API — to allow app developers, academics and businesses to expand the utility of the data by baking it into their own products and services.

It’s not all just added utility though; TfL says it will also use the information to enhance its in-station marketing analytics — and, it hopes, top up its revenues — by tracking footfall around ad units and billboards.

Commuters using the UK capital’s publicly funded transport network who do not want their movements being tracked will have to switch off their wi-fi, or else put their phone in airplane mode when using the network.

To deliver data of the required detail, TfL says detailed digital mapping of all London Underground stations was undertaken to identify where wi-fi routers are located so it can understand how commuters move across the network and through stations.

It says it will erect signs at stations informing passengers that using the wi-fi will result in connection data being collected “to better understand journey patterns and improve our services” — and explaining that to opt out they have to switch off their device’s wi-fi.

Attempts in recent years by smartphone OSes to use MAC address randomization to try to defeat persistent device tracking have been shown to be vulnerable to reverse engineering via flaws in wi-fi set-up protocols. So, er, switch off to be sure.

We covered TfL’s wi-fi tracking beta back in 2017, when we reported that despite claiming the harvested wi-fi data was “de-personalised”, and claiming individuals using the Tube network could not be identified, TfL nonetheless declined to release the “anonymized” data-set after a Freedom of Information request — saying there remains a risk of individuals being re-identified.

As has been shown many times before, reversing ‘anonymization’ of personal data can be frighteningly easy.

It’s not immediately clear from the press release or TfL’s website exactly how it will be encrypting the location data gathered from devices that authenticate to use the free wi-fi at the circa 260 wi-fi enabled London Underground stations.

Its explainer about the data collection does not go into any real detail about the encryption and security being used. (We’ve asked for more technical details.)

“If the device has been signed up for free Wi-Fi on the London Underground network, the device will disclose its genuine MAC address. This is known as an authenticated device,” TfL writes generally of how the tracking will work.

“We process authenticated device MAC address connections (along with the date and time the device authenticated with the Wi-Fi network and the location of each router the device connected to). This helps us to better understand how customers move through and between stations — we look at how long it took for a device to travel between stations, the routes the device took and waiting times at busy periods.”

“We do not collect any other data generated by your device. This includes web browsing data and data from website cookies,” it adds, saying also that “individual customer data will never be shared and customers will not be personally identified from the data collected by TfL”.

In a section entitled “keeping information secure” TfL further writes: “Each MAC address is automatically depersonalised (pseudonymised) and encrypted to prevent the identification of the original MAC address and associated device. The data is stored in a restricted area of a secure location and it will not be linked to any other data at a device level.  At no time does TfL store a device’s original MAC address.”

Privacy and security concerns were raised about the location tracking around the time of the 2016 trial — such as why TfL had used a monthly salt key to encrypt the data rather than daily salts, which would have decreased the risk of data being re-identifiable should it leak out.

Such concerns persist — and security experts are now calling for full technical details to be released, given TfL is going full steam ahead with a rollout.

 

A report in Wired suggests TfL has switched from hashing to a system of tokenisation – “fully replacing the MAC address with an identifier that cannot be tied back to any personal information”, which TfL billed as as a “more sophisticated mechanism” than it had used before. We’ll update as and when we get more from TfL.

Another question over the deployment at the time of the trial was what legal basis it would use for pervasively collecting people’s location data — since the system requires an active opt-out by commuters a consent-based legal basis would not be appropriate.

In a section on the legal basis for processing the Wi-Fi connection data, TfL writes now that its ‘legal ground’ is two-fold:

  • Our statutory and public functions
  • to undertake activities to promote and encourage safe, integrated, efficient and economic transport facilities and services, and to deliver the Mayor’s Transport Strategy

So, presumably, you can file ‘increasing revenue around adverts in stations by being able to track nearby footfall’ under ‘helping to deliver (read: fund) the mayor’s transport strategy’.

(Or as TfL puts it: “[T]he data will also allow TfL to better understand customer flows throughout stations, highlighting the effectiveness and accountability of its advertising estate based on actual customer volumes. Being able to reliably demonstrate this should improve commercial revenue, which can then be reinvested back into the transport network.”)

On data retention it specifies that it will hold “depersonalised Wi-Fi connection data” for two years — after which it will aggregate the data and retain those non-individual insights (presumably indefinitely, or per its standard data retention policies).

“The exact parameters of the aggregation are still to be confirmed, but will result in the individual Wi-Fi connection data being removed. Instead, we will retain counts of activities grouped into specific time periods and locations,” it writes on that.

It further notes that aggregated data “developed by combining depersonalised data from many devices” may also be shared with other TfL departments and external bodies. So that processed data could certainly travel.

Of the “individual depersonalised device Wi-Fi connection data”, TfL claims it is accessible only to “a controlled group of TfL employees” — without specifying how large this group of staff is; and what sort of controls and processes will be in place to prevent the risk of A) data being hacked and/or leaking out or B) data being re-identified by a staff member.

A TfL employee with intimate knowledge of a partner’s daily travel routine might, for example, have access to enough information via the system to be able to reverse the depersonalization.

Without more technical details we just don’t know. Though TfL says it worked with the UK’s data protection watchdog in designing the data collection with privacy front of mind.

“We take the privacy of our customers very seriously. A range of policies, processes and technical measures are in place to control and safeguard access to, and use of, Wi-Fi connection data. Anyone with access to this data must complete TfL’s privacy and data protection training every year,” it also notes elsewhere.

Despite holding individual level location data for two years, TfL is also claiming that it will not respond to requests from individuals to delete or rectify any personal location data it holds, i.e. if people seek to exercise their information rights under EU law.

“We use a one-way pseudonymisation process to depersonalise the data immediately after it is collected. This means we will not be able to single out a specific person’s device, or identify you and the data generated by your device,” it claims.

“This means that we are unable to respond to any requests to access the Wi-Fi data generated by your device, or for data to be deleted, rectified or restricted from further processing.”

Again, the distinctions it is making there are raising some eyebrows.

What’s amply clear is that the volume of data that will be generated as a result of a full rollout of wi-fi tracking across the lion’s share of the London Underground will be staggeringly massive.

More than 509 million “depersonalised” pieces of data, were collected from 5.6 million mobile devices during the four-week 2016 trial alone — comprising some 42 million journeys. And that was a very brief trial which covered a much smaller sub-set of the network.

As big data giants go, TfL is clearly gunning to be right up there.

Cities that didn’t win HQ2 shouldn’t be counted out

in Amazon/America/austin/baltimore/boston/Brown University/Buffalo/Business/Column/Delhi/denver/Economy/India/Innovation/innovation center/jeff bezos/Mayor/national league of cities/new york city/Philadelphia/pittsburgh/Politics/Private equity/rhode island school of design/Seattle/Startup company/sustainability/tampa/tampa bay/Technology/texas/United States/university of texas/Washington DC by

The more than year-long dance between cities and Amazon for its second headquarters is finally over, with New York City and Washington, DC, capturing the big prize. With one of the largest economic development windfalls in a generation on the line, 238 cities used every tactic in the book to court the company – including offering to rename a city “Amazon” and appointing Jeff Bezos “mayor for life.”

Now that the process, and hysteria, are over, and cities have stopped asking “how can we get Amazon,” we’d like to ask a different question: How can cities build stronger start-up ecosystems for the Amazon yet to be built?

In September 2017, Amazon announced that it would seek a second headquarters. But rather than being the typical site selection process, this would become a highly publicized Hunger Games-esque scenario.

An RFP was proffered on what the company sought, and it included everything any good urbanist would want, with walkability, transportation and cultural characteristics on the docket. But of course, incentives were also high on the list.

Amazon could have been a transformational catalyst for a plethora of cities throughout the US, but instead, it chose two superstar cities: the number one and five metro areas by GDP which, combined, amounts to a nearly $2 trillion GDP. These two metro areas also have some of the highest real estate prices in the country, a swath of high paying jobs and of course power — financial and political — close at hand.

Perhaps the take-away for cities isn’t that we should all be so focused on hooking that big fish from afar, but instead that we should be growing it in our own waters. Amazon itself is a great example of this. It’s worth remembering that over the course of a quarter century, Amazon went from a garage in Seattle’s suburbs to consuming 16 percent — or 81 million square feet — of the city’s downtown. On the other end of the spectrum, the largest global technology company in 1994 (the year of Amazon’s birth) was Netscape, which no longer exists.

The upshot is that cities that rely only on attracting massive technology companies are usually too late.

At the National League of Cities, we think there are ways to expand the pie that don’t reinforce existing spatial inequalities. This is exactly the idea behind the launch of our city innovation ecosystems commitments process. With support from the Schmidt Futures Foundation, fifty cities, ranging from rural townships, college towns, and major metros, have joined with over 200 local partners and leveraged over $100 million in regional and national resources to support young businesses, leverage technology and expand STEM education and workforce training for all.

The investments these cities are making today may in fact be the precursor to some of the largest tech companies of the future.

With that idea in mind, here are eight cities that didn’t win HQ2 bids but are ensuring their cities will be prepared to create the next tranche of high-growth startups. 

Austin

Austin just built a medical school adjacent to a tier one research university, the University of Texas. It’s the first such project to be completed in America in over fifty years. To ensure the addition translates into economic opportunity for the city, Austin’s public, private and civic leaders have come together to create Capital City Innovation to launch the city’s first Innovation District at the new medical school. This will help expand the city’s already world class startup ecosystem into the health and wellness markets.

Baltimore

Baltimore is home to over $2 billion in academic research, ranking it third in the nation behind Boston and Philadelphia. In order to ensure everyone participates in the expanding research-based startup ecosystem, the city is transforming community recreation centers into maker and technology training centers to connect disadvantaged youth and families to new skills and careers in technology. The Rec-to-Tech Initiative will begin with community design sessions at four recreation centers, in partnership with the Digital Harbor Foundation, to create a feasibility study and implementation plan to review for further expansion.

Buffalo

The 120-acre Buffalo Niagara Medical Center (BNMC) is home to eight academic institutions and hospitals and over 150 private technology and health companies. To ensure Buffalo’s startups reflect the diversity of its population, the Innovation Center at BNMC has just announced a new program to provide free space and mentorship to 10 high potential minority- and/or women-owned start-ups.

Denver

Like Seattle, real estate development in Denver is growing at a feverish rate. And while the growth is bringing new opportunity, the city is expanding faster than the workforce can keep pace. To ensure a sustainable growth trajectory, Denver has recruited the Next Generation City Builders to train students and retrain existing workers to fill high-demand jobs in architecture, design, construction and transportation. 

Providence

With a population of 180,000, Providence is home to eight higher education institutions – including Brown University and the Rhode Island School of Design – making it a hub for both technical and creative talent. The city of Providence, in collaboration with its higher education institutions and two hospital systems, has created a new public-private-university partnership, the Urban Innovation Partnership, to collectively contribute and support the city’s growing innovation economy. 

Pittsburgh

Pittsburgh may have once been known as a steel town, but today it is a global mecca for robotics research, with over 4.5 times the national average robotics R&D within its borders. Like Baltimore, Pittsburgh is creating a more inclusive innovation economy through a Rec-to-Tech program that will re-invest in the city’s 10 recreational centers, connecting students and parents to the skills needed to participate in the economy of the future. 

Tampa

Tampa is already home to 30,000 technical and scientific consultant and computer design jobs — and that number is growing. To meet future demand and ensure the region has an inclusive growth strategy, the city of Tampa, with 13 university, civic and private sector partners, has announced “Future Innovators of Tampa Bay.” The new six-year initiative seeks to provide the opportunity for every one of the Tampa Bay Region’s 600,000 K-12 students to be trained in digital creativity, invention and entrepreneurship.

These eight cities help demonstrate the innovation we are seeing on the ground now, all throughout the country. The seeds of success have been planted with people, partnerships and public leadership at the fore. Perhaps they didn’t land HQ2 this time, but when we fast forward to 2038 — and the search for Argo AISparkCognition or Welltok’s new headquarters is well underway — the groundwork will have been laid for cities with strong ecosystems already in place to compete on an even playing field.

May Mobility puts autonomous shuttles on the streets of Columbus, Ohio

in Columbus/Delhi/detroit/India/May Mobility/Mayor/michigan/Ohio/Politics/Startups/TC/University of Michigan by

This December a set of autonomous vehicles will start roaming the streets of Columbus, Ohio, in an effort to turn this bustling Midwestern community into the first smart city. The project, which is part of the Smart Columbus and DriveOhio initiatives, is the first step in launching a fully autonomous shuttle route in the city.

“We’re proud to have the first self-driving shuttle in Ohio being tested on the streets of Columbus,” said Mayor Andrew J. Ginther. “This pilot will shape future uses of this emerging technology in Columbus and the nation. Residents win when we add more mobility options to our transportation ecosystem – making it easier to get to work, school or local attractions.”

Michigan-based May Mobility provided the shuttles and the team is training the autonomous vehicles to navigate Columbus streets. May Mobility already launched their vehicles in Detroit and this is the second full implementation of the tech.

The six-seater electric shuttles will follow a 3 mile route through downtown Columbus and the vehicles will start picking up passengers on December 1. Rides are free. May Mobility has already performed over 10,000 successful trips in Detroit. In Columbus the shuttles will drive the Scioto Mile loop, a scenic route through the city and by the Ohio River. A large digital display will show system information and there will be a single operator to oversee the trip and take control in case of emergency.

Founder Edwin Olson is a robotics professor at the University of Michigan and his team won the original DARPA challenge in 2007.

“Cities are seeking cost-effective transportation services that will improve congestion in urban cores, and self-driving shuttles can offer a huge relief,” he said. “As we work toward a future where people can drive less and live more, we’re thrilled to be working with partners from Columbus to provide a new transportation experience that will make traveling through Columbus safe, reliable and personal.”

Columbus won the $40 million Smart City Challenge in June 2016 to test and implement smart city tech.

Tall Poppy aims to make online harassment protection an employee benefit

in Abuse/American Civil Liberties Union/behavior/bill de blasio/bullying/Canada/cyberbullying/cybercrime/Delhi/Department of Education/Donald Trump/eventbrite/Facebook/harassment/Honeywell/India/law enforcement/linux/Mayor/Microsoft/New York/online abuse/online communities/online harassment/Politics/Ron Wyden/Salesforce/Security/Sexual harassment/slack/social network/Startups/TC/teacher/ticketfly/United States/Y Combinator by

For the nearly 20 percent of Americans who experience severe online harassment, there’s a new company launching in the latest batch of Y Combinator called Tall Poppy that’s giving them the tools to fight back.

Co-founded by Leigh Honeywell and Logan Dean, Tall Poppy grew out of the work that Honeywell, a security specialist, had been doing to hunt down trolls in online communities since at least 2008.

That was the year that Honeywell first went after a particularly noxious specimen who spent his time sending death threats to women in various Linux communities. Honeywell cooperated with law enforcement to try and track down the troll and eventually pushed the commenter into hiding after he was visited by investigators.

That early success led Honeywell to assume a not-so-secret identity as a security expert by day for companies like Microsoft, Salesforce, and Slack, and a defender against online harassment when she wasn’t at work.

“It was an accidental thing that I got into this work,” says Honeywell. “It’s sort of an occupational hazard of being an internet feminist.”

Honeywell started working one-on-one with victims of online harassment that would be referred to her directly.

“As people were coming forward with #metoo… I was working with a number of high profile folks to essentially batten down the hatches,” says Honeywell. “It’s been satisfying work helping people get back a sense of safety when they feel like they have lost it.”

As those referrals began to climb (eventually numbering in the low hundreds of cases), Honeywell began to think about ways to systematize her approach so it could reach the widest number of people possible.

“The reason we’re doing it that way is to help scale up,” says Honeywell. “As with everything in computer security it’s an arms race… As you learn to combat abuse the abusive people adopt technologies and learn new tactics and ways to get around it.”

Primarily, Tall Poppy will provide an educational toolkit to help people lock down their own presence and do incident response properly, says Honeywell. The company will work with customers to gain an understanding of how to protect themselves, but also to be aware of the laws in each state that they can use to protect themselves and punish their attackers.

The scope of the problem

Based on research conducted by the Pew Foundation, there are millions of people in the U.S. alone, who could benefit from the type of service that Tall Poppy aims to provide.

According to a 2017 study, “nearly one-in-five Americans (18%) have been subjected to particularly severe forms of harassment online, such as physical threats, harassment over a sustained period, sexual harassment or stalking.”

The women and minorities that bear the brunt of these assaults (and, let’s be clear, it is primarily women and minorities who bear the brunt of these assaults), face very real consequences from these virtual assaults.

Take the case of the New York principal who lost her job when an ex-boyfriend sent stolen photographs of her to the New York Post and her boss. In a powerful piece for Jezebel she wrote about the consequences of her harassment.

As a result, city investigators escorted me out of my school pending an investigation. The subsequent investigation quickly showed that I was set up by my abuser. Still, Mayor Bill de Blasio’s administration demoted me from principal to teacher, slashed my pay in half, and sent me to a rubber room, the DOE’s notorious reassignment centers where hundreds of unwanted employees languish until they are fired or forgotten.

In 2016, I took a yearlong medical leave from the DOE to treat extreme post-traumatic stress and anxiety. Since the leave was almost entirely unpaid, I took loans against my pension to get by. I ran out of money in early 2017 and reported back to the department, where I was quickly sent to an administrative trial. There the city tried to terminate me. I was charged with eight counts of misconduct despite the conclusion by all parties that my ex-partner uploaded the photos to the computer and that there was no evidence to back up his salacious story. I was accused of bringing “widespread negative publicity, ridicule and notoriety” to the school system, as well as “failing to safeguard a Department of Education computer” from my abusive ex.

Her story isn’t unique. Victims of online harassment regularly face serious consequences from online harassment.

According to a  2013 Science Daily study, cyber stalking victims routinely need to take time off from work, or change or quit their job or school. And the stalking costs the victims $1200 on average to even attempt to address the harassment, the study said.

“It’s this widespread problem and the platforms have in many ways have dropped the ball on this,” Honeywell says.

Tall Poppy’s co-founders

Creating Tall Poppy

As Honeywell heard more and more stories of online intimidation and assault, she started laying the groundwork for the service that would eventually become Tall Poppy. Through a mutual friend she reached out to Dean, a talented coder who had been working at Ticketfly before its Eventbrite acquisition and was looking for a new opportunity.

That was in early 2015. But, afraid that striking out on her own would affect her citizenship status (Honeywell is Canadian), she and Dean waited before making the move to finally start the company.

What ultimately convinced them was the election of Donald Trump.

“After the election I had a heart-to-heart with myself… And I decided that I could move back to Canada, but I wanted to stay and fight,” Honeywell says.

Initially, Honeywell took on a year-long fellowship with the American Civil Liberties Union to pick up on work around privacy and security that had been handled by Chris Soghoian who had left to take a position with Senator Ron Wyden’s office.

But the idea for Tall Poppy remained, and once Honeywell received her green card, she was “chomping at the bit to start this company.”

A few months in the company already has businesses that have signed up for the services and tools it provides to help companies protect their employees.

Some platforms have taken small steps against online harassment. Facebook, for instance, launched an initiative to get people to upload their nude pictures  so that the social network can monitor when similar images are distributed online and contact a user to see if the distribution is consensual.

Meanwhile, Twitter has made a series of changes to its algorithm to combat online abuse.

“People were shocked and horrified that people were trying this,” Honeywell says. “[But] what is the way [harassers] can do the most damage? Sharing them to Facebook is one of the ways where they can do the most damage. It was a worthwhile experiment.”

To underscore how pervasive a problem online harassment is, out of the four companies where the company is doing business or could do business in the first month and a half there is already an issue that the company is addressing. 

“It is an important problem to work on,” says Honeywell. “My recurring realization is that the cavalry is not coming.”

Go to Top