Home Business IT Security Your every move will be tracked (updated)

Imagine walking around a shopping centre and having your every move tracked; by software that has latched onto your mobile phone's unique ID.

Well-known privacy researcher Roger Clarke has labelled this technology 'seriously creepy.' Others call it an invasion of privacy.

What is it?  Path Intelligence (from the UK-based company of the same name) is a method of tracking people in any reasonably confined space (a shopping mall is perfect) by their mobile phone.  It appears that the mobile phone doesn't even need to be turned on for this technology to work as there is enough low-level processing happening in a phone even when (supposedly) turned off; it will certainly respond to ID number requests.  Your only option is to pull the battery out.  Which means the only way to avoid being tracked is to remove the battery from your phone; hardly convenient. (Update: Path Intelligence CEO Sharon Biggar has since asserted that the system will not track a phone that's turned off)

According to the Path Intelligence web site a set of aerials is installed throughout the facility which are able to latch on to every mobile phone within range and track its movement with an accuracy of two metres. 

A recent report indicated that the technology has been installed in two US shopping malls and it would appear that an as-yet unidentified Queensland-based mall will have the technology soon.

Despite the fact that the company is emphatically insistent that all privacy is maintained, that only the phones are tracked (not the users), the technology is ripe for abuse. 

Read on for all manner of possible ways this system could be misused in the future with a few simple changes to the storage and reporting of data.


First we have the problem of attribution.  How easy would it be to link this to the building's video surveillance system to identify (at the very least) whether the person is male or female; or whether they are tugging a flock of kids around with them?  With more sophisticated systems, individual people could be identified and followed.  This would especially be true if it could be linked to a credit card in a store - that way, it wouldn't matter how many different cards you used, you'd be tracked all the way.

Although the company claims that it is simply to identify traffic flow, there is nothing to stop them tracking people across multiple visits to the mall; allowing them to build up a long-term profile of exactly which stores specific people go to.  Or, more importantly, when they go to an unexpected store.

In addition, there's nothing to stop the tracking of store employees for totally different reasons.  It would be very useful to know when the employees of one's competitors are in your store, would it not?  Why are they there?  Are they buying or snooping?

Despite all hopes of privacy, any such collected data is subject to Police 'request.'  They might want to know as much as possible about all people in the vicinity of the jewellery store when it was robbed (for instance).  If you should never have been in the mall at that time (for whatever reason) you're suddenly caught up in the dragnet.

What of consent?  Some of the reports previously linked show images of seemingly hastily posted signs that talk of an "anonymous mobile phone survey" and suggest that if participants have questions, they should contact the management office; no indication that it is possible to opt-out.

According to the Federal Privacy Commissioner Timothy Pilgrim, the Privacy Act would only apply if the information collected was able to identify individuals.  iTWire would argue that tracking the phone ID is tantamount to "identifying individuals" as the phone and the person are seldom apart.

Which brings us to the final problem - that of permission.  It seems rather odd to this writer that a system such as this, which is entirely to the benefit of the shopping centre and its retailers should piggy-back on the functionality of the mobile phone in the pocket or purse of every visitor.  As a phone owner, I have an expensive device in my pocket for which I should be rewarded should someone else attempt to 'borrow' its functionality.  The assumption of access to my phone seems to be entirely backwards.  Even Google seeks permission to use my phone as a source of road traffic data.

The expectation that some third party should be permitted to 'borrow' the use of my phone, and then turn that use against me seems wrong. 

What do the readers think about this?  Path Intelligence has been contacted for response.

 

HOW TOP MANAGERS MOTIVATE, ENERGISE EMPLOYEES

Download an in-depth guide to managing a healthy, motivated and energetic workforce without breaking the bank.

DOWNLOAD NOW!

David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.

 

 

 

 

Connect

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities