Sydney buses trial free Wi-Fi as provider collects and discloses personal user info

The NSW government has announced that free Wi-Fi will be provided in a trial across 50 buses, using a network provider that openly collects a vast amount of user data and passes it onto third parties.
Written by Corinne Reichert, Contributor

Commuters travelling on Sydney's buses are set to get access to free Wi-Fi thanks to the state government, with the catch that swathes of their personal information will be collected by the provider and passed on to third parties both locally and internationally.

The trial will be conducted across 50 buses in Sydney out of the Ryde, Waverley, Leichhardt, and North Sydney depots, New South Wales Transport and Infrastructure Minister Andrew Constance announced on Friday, with the service to be extended to 1,000 buses if the trial proves to be "successful".

APN Outdoor developed the "CATCH" technology to provide the Wi-Fi on buses, with users on those 50 buses to be prompted to download a free app allowing them to make use of the internet access.

According to Constance, access to free Wi-Fi will improve customer experience on state-provided public transport services.

"This trial will help us understand how reliable the technology is and how our customers would use it," Constance said.

Users will also be asked to provide feedback on the app and Wi-Fi service.

As part of the service, however, APN Outdoor will collect personal information which, according to its terms and conditions, could include names, addresses, dates of birth, location data, photos, videos, credit card details, social media details, user names, sites visited, searches made, mobile device information, driver's licence details, employment details, and "other" details.

"We may disclose your personal information to third parties, such as our contractors, advertisers, competition organisers, service providers, marketing providers who provide marketing, social media, and other data about you to us," the company adds.

"We may send your personal information offshore to servers or datacentres located in Europe, the United States, Asia, or South America."

This is all for the purpose of providing users with "high-quality, relevant, timely advertising about products and services we think you will be interested in, and to facilitate third-party advertisers to offer you products and services", the company explains.

Its privacy policy further details that those third parties that it may disclose personal information to include advertisers, agents, contractors, IT companies, security firms, legal firms, accounting firms, research companies, credit reporting bodies, marketing companies, insurers, financial institutions, debt collection agencies, credit providers, affiliated companies, and government, regulatory, and law-enforcement agencies when required or permitted under law.

In regards to its security statement, the company only says that it takes "reasonable steps" to ensure personal information is protected, and then destroyed or de-identified when it no longer requires the information.

In response, a state transit spokersperson pointed out that users will have to actively opt in for the service, and that most details would only be collected if they enter into transactions across the network.

"This is a purely an opt-in service, meaning customers choose whether or not they wish to use the service," the spokesperson told ZDNet.

"Customers would only be required to enter personal details such as their address, date of birth, etc. if they were to actively opt-in to entering a promotion, competition, or other transaction on the CATCH network."

The state government also announced on Friday that Sydney buses will be fitted with larger digital screens that will broadcast advertising and news in addition to the already-present operational messaging and CCTV footage.

While using public Wi-Fi, meanwhile, approximately 2 million Australians risk data breaches by using online banking on unsecured networks, research by RMIT University revealed in December.

RMIT surveyed 1,200 adults on how they use public Wi-Fi networks, along with their knowledge of network security, finding that more than a quarter of respondents made credit card and PayPal payments and conducted online banking across public Wi-Fi networks during the three-month period, with just 60 percent recognising that these networks are somewhat insecure.

"Almost half of the public Wi-Fi users who conducted financial transactions recognised the networks were insecure, but proceeded anyway, preferring convenience over security," the report said.

"Unsecured networks are easy pickings for hackers and cyber criminals, but we found that even where users are familiar with security options, many choose to forgo them, preferring convenience over security," the report's lead author Ian McShane said.

"Australia ranks sixth highest on an international scale of cyber attacks, which means we should be highly attentive to security issues. Yet we found that almost 2 million Australians were conducting financial transactions, and around 1 million were performing work-related tasks, including email and file sharing, on insecure networks."

NSW originally scrapped plans for a free Wi-Fi network in Sydney back in May 2008, citing high costs.

Adelaide was the first Australian capital city to launch a free Wi-Fi network back in early 2014, after announcing it in November 2012, with iiNet providing coverage across the CBD with 200 Cisco access points. As of October 2014, there were already 90,000 unique users.

The Australian Capital Territory reached an agreement with iiNet in May 2014 to roll out a AU$4 million Wi-Fi network across Canberra using more than 700 Cisco wireless access points.

Following suit, the Public Transport Authority of Western Australia in July 2015 began requesting tenders from internet service providers to supply free Wi-Fi on 1,430 buses, 56 three-car trains, 48 two-car trains, and two ferries in Perth.

In September last year, the AU$11 million Victoria Free Wi-Fi project was also launched, with the network being managed by telecommunications provider TPG.

All access points for VicFreeWiFi, which was labelled "unparalleled" by the state government, will be activated as of the end of the year. Once fully operational, the wireless network will provide coverage to an area of 600,000 square metres, making it the largest free public Wi-Fi network in the country.

The original deal to roll out a new Wi-Fi network using 1,000 access points across Melbourne, Bendigo, and Ballarat was signed between the Coalition government and iiNet back in 2014, just prior to the election of the Labor government.

The federal government also plans to provide free Wi-Fi for remote Indigenous communities across Australia by 2017 after undertaking trials since 2010, with 300 remote areas receiving free Wi-Fi via satellite community telephones.

Mobile and broadband customers of incumbent telecommunications provider Telstra can also use the Telstra Air WiFi network across the country, which has over 500,000 hotspots nationally, including more than 4,500 public hotspots.

Updated at 9.50am AEDT, January 9: Added comment from state transit spokesperson.

Editorial standards