=======================================================================
   EPIC Documents: DC Metro's SmarTrip Collects Vast Traveler Data
========================================================================

Documents recently obtained by EPIC from the Washington Metropolitan
Area Transit Authority show the extensive scope of the data collected
and processed by the SmarTrip program. SmarTrip uses permanent,
rechargeable farecards embedded with radio frequency identification
(RFID) chips to keep track of the cards' values and travel itineraries.
SmarTrip cards can be used to pay fares on the Metro's rail and bus
systems, as well as for parking in Metro parking lots.

The documents show that the SmarTrip program can collect a vast amount
of information about a passenger, including personal information such as
name, address, and phone number; the place and time of the passenger's
arrival in the Metro system; the place where the passenger exits the
system; the amount of time the passenger spends traveling within the
system; and the time and date the passenger enters and leaves a Metro
parking lot. This data can be used to create a detailed profile of the
SmarTrip cardholder. Most similar records held by state agencies are
protected by law. Currently, only an internal Metro policy protects the
information collected through the SmarTrip system.

The Washington Metro announced this week  a new  privacy policy for the
collection and use of SmarTrip data or credit card usage in the Metro
system. The policy limits disclosure without prior written authorization
from the person. It assures individuals access to their own information
and an accounting of disclosures. The Board also approved changes to its
Public Access to Records Policy,  more closely aligning it with the
federal Freedom of Information  Act. The changes to that policy
establish certain exemptions and time frames for processing requests,
provide for judicial review, and exempt individual SmarTrip data from
disclosure except in limited instances.

EPIC supported  the changes, but noted that the new policy will permit
disclosure of passengers' personal information -- including all SmarTrip
information -- upon written request from the head of a federal, state or
local government agency in the context of a specific civil or criminal
law enforcement activity.

Documents obtained by EPIC from the Washington Metropolitan Area Transit
Authority (pdf):

      http://www.epic.org/foia_notes/wmata.pdf

EPIC FOIA Note #5: DC Metro Tracks Travelers:

      http://www.epic.org/foia_notes/note5.html

EPIC's comments to DC Metro:

      http://www.epic.org/open_gov/foia/wmata/parp_cmts-021405.html

Metro's Proposed Amended Public Access to Records Policy and Proposed
Privacy Policy (approved May 19, 2005) (pdf):

      http://content.wmata.com/board_gm/board_docs/051905_PARP.pdf

Announcement of New Metro Privacy and Open Records Policy

      http://wmata.com/about/parp2.cfm

========================================================================

Source: EPIC Alert - http://www.epic.org/alert/EPIC_Alert_12.10.html

Cheers, Steve..

---