March 30, 2017

NYC to Collect GPS Data on Car Service Passengers—Good Intentions Gone Awry or Something Else?

During the holiday season, New York City through its Taxi & Limousine Commission (the “TLC”) proposed a new rule expanding data reporting obligations for car service platform companies including Uber and Lyft. If the rule is adopted, car services will now have to report the GPS coordinates of both passenger pick-up and drop-off locations to the city government. Under NY’s Freedom of Information Law, that data in bulk will also be subject to full public release.

This proposal is either a classic case of good intentions gone awry or a clandestine effort to track millions of car service riders while riding roughshod over passenger privacy.

The stated justification for the new rule is to combat “driver fatigue” and improve car service safety. While the goal is laudable and important, the proposed data collection does not match the purpose and makes no sense. Does anyone really think GPS data measures a driver’s hours on the job or is relevant for the calculation of a trip’s duration? If the data collection were really designed to address driver fatigue, then the relevant data would be shift length (driver start/stop times, ride durations, possibly trip origination), not pick up/drop off locations.

The reporting, though, of this GPS data to the city government poses a real and serious threat to passenger privacy. The ride patterns can be mined to identify specific individuals and where they travel. In 2014, for instance, The Guardian reported that the TLC released anonymized taxi ride data that was readily reverse engineered to identify drivers. A 2015 paper shows that mobility patterns can also be used to identify gender and ethnicity. Numerous examples—from the Netflix release of subscriber film ratings  that were reverse engineered to identify subscribers to the re-identification of patients from supposedly anonymous health records—show that bulk data can often be identified to specific individuals. Disturbingly, the TLC proposal only makes one innocuous reference to protecting “privacy and confidentiality” and yet includes neither any privacy safeguards against identification of individual passengers from ride patterns nor any exemption from the NY State Freedom of Information Law.

If this weren’t worrisome enough for privacy, here’s the flashing red light. The TLC proposal mentions in passing that the data might be useful for “other enforcement actions.” But, the examples given for “other enforcement actions” do not map to the data being collected. For instance, the proposal says the GPS data “will facilitate investigating passenger complaints or complaints from a pedestrian or other motorist about unsafe driving, including for incidents alleged to have occurred during or between trips, by allowing TLC to determine the location of a vehicle at a particular time.” The pick-up and drop-off locations will not work for this goal. Likewise, the proposal says that “[b]y understanding when for-hire trips to and from the airports occur TLC can better target resources to ensure that passengers are picked up at the airport only by drivers authorized to do so.” This too is a strange justification to collect individual passenger records for every ride throughout the city! This goal would be satisfied much more effectively by seeking aggregate drop-off data for the particular areas of concern to the TLC.

This vague enforcement language and the mismatch between the proposal and the articulated goals strongly suggests that the rule may be a smokescreen for a new mass surveillance program of individuals traveling within New York City. Only two years ago, the NY Police Department was caught deploying a controversial program to track cars throughout the city using EZ Pass readers on traffic lights. This proposed new rule looks like a surreptitious expansion of that program to car service passengers. The TLC rule, if adopted, would provide a surveillance data trove that makes an end run around judicial oversight, subpoenas, and warrants.

It’s time to put the brakes on the city’s collection of trip location data for car service rides.

Comments

  1. Great post – reminds of similar function creep and privacy violations in Amsterdam.

    One day, the municipality suddenly required all car drivers to enter license plate numbers into computers on the streets to park you car. So simple, you’d never need to return to your car with a ticket!

    Soon enough, it turned out that law enforcement and IRS used those data to check if cars were reported stolen or even if drivers had paid their taxes. Months later, the municipality let Google Street View-like cars automatically photograph license plates and instantly check with the database whether you’d paid up for your parking — mind you, the most expensive public parking in the world.

    Today, you get an automated hefty fine by snailmail the day after you’ve missed a minute out on the street. The inspecting cars render enforcement nearly perfect. It’s apparently important to a nearly bankrupt municipality, after sinking millions in the vast swamps under Amsterdam to build a new subway line. What a started with seemingly innocuous digitization of parking, ended up with grotesque license plate tracking, broader privacy violations and perfect enforcement to make up for municipality overspending.

  2. This bureaucratic over-reach is breathtaking.

    What sort of anaesthetised brains dream this up and don’t riot when it’s suggested.

    George Orwell didn’t imagine this depth of evil in his book 1984.

  3. Those are all secondary goals, and yes, they are legitimate so stop with the institutional paranoia. Those are good things and should be required by any private service operating in public. The real goal of course is about tax evasion. And fair play, it’s all too easy to fudge numbers about trip length/cost. There’s a literal fortune being made that’s not being reported and taxed and that needs to stop. When people don’t pay their fair share the rest of us are left to pick up the slack. Commercial private services already have to deal with this. This is just closing a loophole they’ve enjoyed for several years now. This is not the spectre of 1984. Good grief!

    • Joel Reidenberg says:

      I do not think GPS data has any relevance for tax collection and the TLC proposal would not make any sense if there is a revenue under-reporting issue.