Technical Construction File (TCF) submitted to the VCA for the DTES whole-system approval
Request ID: FOI-1198-2425 Date published: 04 September 2024
You asked
Follow-up to FOI-0984-2425: Dear Transport for London,
Further to the below, I would like to request a copy of the entirety of the Technical Construction File (TCF) submitted to the VCA for the DTES whole-system approval.
We answered
TfL Ref: EIR-1198-2425
Thank you for your request received by Transport for London (TfL) on 16th July 2024 asking for a copy of the Technical Construction File (TCF) submitted to the VCA for the DTES whole-system approval.
Your request has been considered in accordance with the requirements of the Environmental Information Regulations (EIRs) and our information access policy.
I can confirm that we hold the information you require. However, I am afraid that the document is excepted from release under Regulation 12(5)(a) of the EIRs, the exception that applies to material whereby release would adversely affect international relations, defence, national security or public safety (in this specific instance, national security and public safety). This decision has been taken following advice from colleagues in both our Road User Charging and Cyber Security teams.
As you will be aware, TfL infrastructure, both physical and digital, can be the target for attacks by hostile operators. This threat is very much real rather than perceived, as evidenced by this week’s cyber attack on TfL systems as reported widely in the media, such as here: https://www.bbc.co.uk/news/articles/cd9dpek1883o.
It is also the case that camera systems operated by organisations – both Automatic Number Plate Recognition and CCTV technology - can be one potential area of weakness that would-be hackers may try to exploit, as can be seen from reports such as these:
The document you have requested contains detailed information around the camera technologies in use by our Road User Charging team, including detail on how they are configured and how they connect to our data centres, which would assist those with a malicious intent in planning an attack on the service. While, of course, we make no suggestion that you personally have any such intent, release of information under the EIRs is considered to be release to the world at large, and it is on that basis that we have to base our decision.
The use of this exception is subject to consideration of the public interest test, to determine whether the greater interest rests in the exception applying and the information being withheld, or in releasing it in any event. We appreciate the need for openness and transparency in the operation of our business, and the fact you have requested the information is in itself an argument in favour of release. However, we see little wider public interest in the release of such detailed material. All the information that the public need to comply with our Road User Charging schemes is already published on our website, as is information about our use of camera systems, including information on what personal information is captured and the legal basis for doing so – see here:
Given this, and given the obvious need to do all we can to mitigate against the threat from hackers and other hostile actors, we believe the greater public interest rests in the exception applying and the document being withheld in its entirety.
Please see the attached information sheet for details of your right to appeal.
Yours sincerely,
David Wells FOI Case Officer FOI Case Management Team General Counsel Transport for London
