Transport for London (TfL) is currently undertaking a four week trial in which they are collecting pseudonimised WiFi connection data “in order to better understand how London Underground passengers move through stations and interchange between lines”.

While seemingly harmless in intention, the announcement has raised concerns over data security.

The TfL trial is being conducted at 54 stations within Zones 1-4, and involves collecting connection request data that will be used to determine how people are using the Tube. TfL could then, at least in theory, plan the transport network more effectively, and set higher advertising rates in those areas that are receiving more traffic, providing more money for reinvestment in the network.

However, while the data is pseudonomised, meaning that no browsing data will be collected and TfL will not be able to identify any individuals, significant security concerns have been raised over the mass collection of data. One of the largest VPN providers, NordVPN, has suggested that the trial not only may open up hacking risks, but large questions over privacy of information.

“The problem with the vast majority of public WiFi hotspots is that they are unsafe as is: people connecting to open networks are easily susceptible to hacking attacks. Moreover, unsolicited surveillance of people¹s devices raises even deeper security issues: if [the] government can decide to track people at any given time, who will protect all the gathered information and is this protection secure enough?” NordVPN said.

“When people¹s data is collected, who will guarantee there are no leaks in the system? Large amounts of data can be accessed by anyone who hacks into the system, and people¹s identities can be stolen, leading to wiped out bank accounts and other repercussions.”

A virtual private network (VPN) is essentially a service that fakes a private network while using a public one, encrypting all the traffic flow between the Internet and a device and helping to hide your IP address. And while it’s not bad advice from Nord to make use of one if within the trial zone, it is worth acknowledging that they have a clear financial stake in people making use of VPNs.

Business interests aside however, Nord raise important questions of privacy. Given the UK’s widening level of surveillance – of particular note is the recently passed and widely criticised Investigatory Powers Bill and our first-place global ranking for CCTV cameras per person – it is not beyond the realm of reason to be worried at the addition of data collection that essentially tracks where you travel.

The important question to be raised is one of trust. If TfL are truly committed to pseudonomising data and protecting said data, then the trial should ultimately have a positive outcome.

And yet, that depends on trusting not only a certain level of competence in data security, a field constantly outdone by hackers, but that the data will never be treated with anything but benevolence.