Improperly Anonymized Taxi Logs

From Privacy Wiki
Jump to navigation Jump to search
Improperly Anonymized Taxi Logs
Short Title New Yorks Taxi and Limousine Commission Didnt Anonymize Taxi Drivers Information in Logs Provided as FOIL Response
Location New York, New York
Date July 2014

Solove Harm Insecurity
Information Identifying, Professional, Location
Threat Actors New York City’s Taxi and Limousine Commission

Individuals
Affected New York taxi drivers
High Risk Groups Driver
Tangible Harms

New York City’s Taxi and Limousine Commission made publicly available 20GB worth of trip and fare logs. information (the driver’s licence number and taxi number) had not been anonymized properly.

Description

In July 2014 NYC’s Taxi and Limousine Commission tweeted a data-driven chart about fewer taxis on the roads on NYC during the rush hour. One person who saw this on twitter wanted to double check on the data that was used for calculations and did a request of information from New York state on the basis of New York's Freedom of Information Law (FOIL).

He received a response only a few hours later. However, the data this person got, included not properly anonymised personal information of taxi drivers - the driver’s licence number and taxi number, which wasn’t supposed to be in the reply of FOIL request. Insecurity

There were over 20GB of uncompressed data comprising more than 173 million individual trips. Each trip record includes the pickup and dropoff location and time, hack licence number and medallion number (i.e. the taxi’s unique id number – 3A37 on taxi roof sign and license plate below), and other metadata. The security researchers who looked into this data, say that the government folks clearly intended to anonymize the medallion and licence numbers.

Breakdown

Threat:New York City’s Taxi and Limousine Commission not properly anonymising personal info of taxi drivers in their answer to a FOIL request
At-Risk group:NYC taxi drivers
Harm: Insecurity
Secondary Consequences: not known