San Francisco Supervisor John Avalos has introduced a resolution urging the Metropolitan Transportation Commission and state Legislature to strengthen privacy protections for Clipper card users.
The transportation commission, which administers the transit card, also has begun re-examining why personal data is stored for seven years after a Clipper card account is closed.
The supervisor’s resolution and the commission’s self-examination come after The Bay Citizen reported earlier this month that a customer’s personal data and Clipper card travel record can be stored for as long as seven years and that the transportation commission had received three search warrants or subpoenas for customers’ personal travel information since the card was introduced in 2010.
“We have a lot of people in the Bay Area who use public transportation to get to events where they exercise their free speech,” Avalos told The Bay Citizen on Wednesday. “The worry is that people would feel that how they move around could get tracked and that could have a chilling effect on free speech.”
The resolution, introduced at Tuesday’s Board of Supervisors meeting, calls on the commission to purge users’ transit histories after four years and six months and to erase all personal information “as soon as possible” after an account is closed. The resolution also calls on the commission to encrypt travel information on the Clipper card, which can be read by scanning it with a smartphone app called FareBot.
Randy Rentschler, a spokesman for the transportation commission, said he did not see the need for the legislation.
“The thing that gets us is seeking a legislative remedy to this,” he said. “We are way ahead of the curve in protecting people’s privacy.”
Rentschler said the commission’s staff is looking at the policy that allows a customer’s personal data to be stored for seven years after an account is closed.
“It does seem too long,” he said.
Use of the card, accepted by every major Bay Area public transit system, is soaring with 689,000 transactions a day and more than 1 million active Clipper cards. Every time a user swipes the card for BART or Muni, the information is saved.
Transit riders can remain anonymous if they pay for a Clipper card in cash and do not register it, Rentschler noted. But people who don’t register stand to lose any money on their card if it is lost, stolen or stops working.
Earlier this year, the San Francisco district attorney’s office subpoenaed Clipper card information for a suspect in a robbery who they believed had fled the scene on a Muni bus. In a second case, the San Francisco Police Department sought the personal and credit card information related to an unidentified Clipper card in hopes of solving an unidentified felony. In the third instance, a private attorney representing the family of a man who died after falling on a Muni train last year sought the man’s travel information to identify which train he was traveling on at the time.
Only the private attorney’s subpoena turned up information relevant to the case, according to commission spokeswoman Pam Grove.
In 2010, California enacted a law limiting the use of data collected on bridges and toll roads through FasTrak devices, but Clipper cards were not included in the legislation. Avalos’ resolution also urges state lawmakers to pass a law to protect Clipper card users.
“I just felt there were a need for privacy when people use their Clipper cards,” Avalos said. “This urges the MTC to factor in ways we can create a level of privacy for the Clipper card.”
View this story on Bay Citizen
This story was produced by The Bay Citizen, a nonprofit, investigative news sources in the Bay Area and a part of the Center for Investigative Reporting. Learn more at www.baycitizen.org.