NB: this post is largely incorrect… at least in the fact that actually the systems are much more similar and becoming even more so. I am not going to change the post (because being wrong is part of research and learning), but will direct you to a more recent post here.
Tokyo and London both have pre-paid smart card systems for travel on public transport. They look superficially similar but also have crucial differences.

In fact, first of all, there are several smart cards from different railway companies in Japan. Each of main privatised regional railway companies has one: the most common in Tokyo are the Suica card operated by JR Higashi (East Japan Railways) and the Pasmo card issued by a collection of smaller private railway companies as well as the TOEI subway, bus and Tokyo Metro systems. JR NIshi (JR West) and JR Toukai (JR Central) also have their own cards, ICOCA and TOICA respectively. They are all now pretty much interchangeable and Suica, which is the oldest system in operation since 2001, in particular can now be used for other kinds of payments in station shops and the ubiquitous Lawson chain of konbini (convenience stores) elsewhere in the city. It also now has a keitai denwa (mobile phone) enabled version in which the card is virtually present as a piece of phone software.
Great! It’s convenient, costs no more than buying tickets separately and if you forgot to bring any cash for your morning paper, you can use Suica for that too.
So, just like London’s Oyster card then?
Well, no.

The Oyster card, issued by Transport for London, looks pretty much the same and operates along similar technological lines, but because it also requires the user to register using a verifiable name, address and telephone number, with which the card is then associated, it is effectively also a tracking system, which is gradually producing an enormous database of movement surveillance. And of course this has not gone unnoticed to the UK’s police and security services who have reserved the right to mine this database for reasons of ‘national security’ and detection of crime. If you lose your card or have it stolen, then not only do you lose your £3 deposit, you’d better tell the authorities too or you might end up having some criminal activity associated with your name on the database.
Suica cards, on the other hand, can be bought from any ticket machine, require no deposit and no registration, and it doesn’t matter if you lose them, or leave the country, even for several years.
Tokyo and London’s transport systems have both experienced terrorist attacks so there’s no particular reason why Japan’s authorities shouldn’t have demanded a similar database (if you accept the UK’s reasoning). Tokyo also has a far more extensive, complex and multiply-owned transport infrastructure. Surely this must inevitably lead to an insecure and out-of-control system where disaster is inevitable.
So in which of the two cities does the transport system work far more efficiently? And where is that you are actually less likely to be a victim of crime, and feel safer?
I’ll give you a clue – it isn’t London.
One quick point, David. It is possible to get anonymous Oyster cards in London. That is, without registering any personal details. The catch is that, if you lose it, you can’t get your credit refunded.
And actually, conversely, it is possible to get a registered high credit Suica card too. So maybe the comparison wasn’t so great! When I meet the Japan Railway security people here in a few weeks I will have to ask them about personal data.
Unregistered travel cards are a bit more difficult to link to individuals but not that much more with access to the right databases. Most people have routines, so for example just looking at travel patterns in many cases the area of work and home (and regular pub) can be identified. Then you can associate CCTV images with the card (especially in London tube stations and buses). You can also pattern match location of use of the travel card with mobile phone locations to identify individuals. Also, in the US, Stanford researchers successfully linked commuting patterns with census data to identify associated houses.
See http://www.lightbluetouchpaper.org/2009/05/19/location-privacy/ (comment #5 link to the Stanford research).
I also included a few other related links in http://gizmonaut.net/blog/writing/2009/05/data_remanence_and_dataveillance.html
br -d
That’s all possible – and my generalisations in this post are wildly incorrect anyway!
I am not sure about how easy it would be to do the triangulation of CCTV image, card use and mobile phone location though. Certainly if you were already looking for someone in particular (i.e. targeted surveillance), this would be possible, however as a matter of mass surveillance, I don’t think it would be easy to make it routine. There’s enough problems interpreting CCTV images, especially when there are thousands of people an hour coming through ticket gates, then neither cell nor GPS location is always very accurate, people have different phones, and they could be using different travel cards (certainly they do in Tokyo where you have a choice of 4 different interoperable cards, and in fact the ticket machines can get confused, or even break down, when people pass a wallet over a reader which has more than one smart card in it! And when I’ve looked at the way the police do this kind of analysis, it can be done forensically (i.e.: reconstruction after the fact), but useful, multiple, real-time tracking? No way. Not yet anyway.
However, see my newer post on what’s been happening in Tokyo now with the linking of smart cards to consumer surveillance. https://ubisurv.wordpress.com/2009/07/25/tokyo-brandscaping-suipo/
Fully agree with your analysis.
It would be interesting if you find out the retention laws, policies and guidelines for different type of data (traffic and location data in particular) in Japan. The UK of course went further than the European directive with a compulsory 12 months retention period for communications data. Not sure what it is for Oyster data. It may be up to six years as this can be justified for legal reason, and that’s fine for the ICO (substance of a response to a complain I made about retention of data for a closed account at an ISP). ANPR data is retained 2 years in a live search system and six years as a whole. etc.
I’ll be talking to senior Tokyo police on Tuesday, and this area is one of the things I want to address. It’s also possible that I will get to interview the Japan Railways security people – not confirmed yet though.
FYI, from http://www.coofercat.com/wiki/OysterCardRFI (info from 2006)
(There are other circumstances where one could attempt to match CCTV images to travel card holders: when the cards are bought and topped up. Much less traffic than at ticket gates.)
Suica usage history *is* recorded in JR’s servers and can be accessed by police. Yes, a garden-variety Suica card does not have any personal identifying information on it, but most locals use some sort of card registered with their name and address (commuter pass, credit card, etc.)
Hi Joe – yes, as I’ve already said, my original post is completely wrong in many ways. Unlike many blogs, this one is essentially an open notebook, which means nothing here is checked final material (see the ‘about this blog’ page). I don’t mind being corrected – that’s one of the points.
I don’t know many locals who have registered cards by the way. Probably depends on the kind of company we keep! 😉
And having talked to them today, the police have to jump through a lot of legal hoops to get access, more it seems than in the UK (at least in theory).