Gathan Beaga

snapper: what about privacy (again)?

SnapperI should refer you to Stephen’s posting on his take on Snapper and privacy. What he says makes perfect sense to me. We shouldn’t give corporates, and probably even the government, any more information than they absolutely need to do their jobs. Collectively, they’re just not competent enough to take care of it. We’ve seen this time after time recently, the worst example being the British Government’s loss of a file of 25 million people’s names and addresses in the mail.

Your own information is the most valuable asset you have in this information age. Look after it.

So I try to do this as much as I can. But it’s hard for various reasons: legal; financial; or convenience; sometimes I’ll just go for it anyway and spill the (personal information) beans. But most times I do think about it on a case by case basis; coming to a trust decision about a particular organisation. It doesn’t always produce logical and consistent results, but it works for me.

For example, I can go to my favourite coffee shop, and sign up for a prepaid loyalty card to get a discount. The coffee shop may know where I live (although there’s no real reason for them to know this), and how much coffee I drink, but that’s it. I get cheaper coffee, and they get a regular customer; and everyone wins. I trust and like the coffee shop and their staff (and I guess at this point those other variables like brand come in too). And if the coffee shop lose my data somehow, all that’s at risk is knowledge of my coffee-drinking habits.

Similarly with Snapper. I can get a Snapper card, and sign up for their website so I can view the transactions (real name and address optional, thankfully), and I allow them to know my public transportation movements in exchange for cheaper travel and convenient ticketing. I think I can trust Snapper with this limited data.

Where it gets interesting for Snapper though is that I start feeling uncomfortable about mixing those two trust decisions up. This trust is not transitive. Just because I think I can trust Snapper with my pseudonymised public transportation information it doesn’t mean I think I should trust them with anything else.

So, after my initial flush of geekly enthusiasm I don’t think I’ll be using Snapper for anything more than bus travel, once I get rid of the residual balances on my little collection of plastic. And if I do (probably just for emergency purchases – need coffee), it’ll likely be on a new card separately pseudonymised. At the moment this isn’t really a problem: while Snapper is convenient for coffee purchases, it doesn’t work with most shops’ own prepaid loyalty systems, and for anything bigger than quick caffeine fixes I have an EFTPOS card.

[ AHA”, you say, “EFTPOS card… so what about banks? They know EVERYTHING about you.” That’s true, to an extent. But I (and you) trust them with this information: there’s longstanding, proven and strong safeguards about how it’s used, how it’s stored, and how it’s dispensed to third parties.]

It will be a problem for Snapper if too many people think/feel like me and are a little cautious about using the cards for other than public transport. Snapper’s business model seems to place a lot of importance on the cards being a cash replacement for small purchases.

I may not be a minority though. Anecdotally I’ve noticed hardly anyone using Snapper at the coffee shop over the road now that the free credit has been used up on the trial USB Snappers used by bank staff. Time will tell.