Schneier on Security
A blog covering security and security technology.
« Spider Webs Contain Ant Poison |
| Security Systems as a Marker for High-Value Targets »
November 29, 2011
Shopper Surveillance Using Cell Phones
Electronic surveillance is becoming so easy that even marketers can do it:
The cellphone tracking technology, called Footpath, is made by Path Intelligence Ltd., a Portsmouth, U.K.-based company. It uses sensors placed throughout the mall to detect signals from mobile phones and track their path around the mall. The sensors cannot gather phone numbers or other identifying data, or intercept or log data about calls or SMS messages, the company says.
EDITED TO ADD (12/14): Two malls have shelved the system for now.
Posted on November 29, 2011 at 7:01 AM
• 38 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
If they say "it cannot do X" I believe there's a high probability that it *can* do X.
Such a technology, by itself, may not be considered harmful by some. But in -even- the short run a bunch of these technologies are put together by governments to devise new tools spy on their own people. That's what makes such innovations very dangerous: there's no way to control them when being used by even a domestic non-military company. Let alone the nightmare of such tools falling into the wrong hands be it intelligence services, psychopaths or terrorists.
I'm an Iranian and living in Iran has taught me that violation of privacy -which ends up in very undesirable situations- is a crawling gradual process. People's right of privacy is slowly taken from them; so unnoticeably slow that most people don't realise until it's too late.
At the very least, such a device would need to be able to catch the IMEI, thus identifying the phone, which in turn will in 99.999% of all cases belong to only one person - therefore all data they catch that is mapped to the IMEI IS indeed attributed to a person...
Before the tinfoil hat gets completely out of control, note that any RF tech with a spectrum analyzer can get a pretty decent idea of cellphone traffic in an area without spending staggering quantities of money on decoders and analyzers and recording systems. If I were the bad guy tasked with this job, that's probably all I'd do. Better data would come from having 10 times the RX units than from having 10 times the detail. The triangulation thingy merely means I need an update rate and power resolution faster than a highly packed mall walking at human speed. I'm thinking the individual nodes data stream will need a time sync like NTP.
As the arstechnica article points out, turning the "anonymized" information about the travels of individual phones into personally-identifiable information about individuals is trivial for anyone who buys something in an identifiable way (credit card and/or store loyalty card).
And tracking individual phones rather than aggregate phone density is crucial for the marketers, because they can already figure out how many people are in which store. The crucial things are about what stores are appealing to the same people, and in what sequence.
I am still surprised that in california there was no pushback from a legal perspective. I thought there was a law that made private tracking of cell phones illegal?
From the money.cnn.com article: "Sharon Biggar, CEO of Path Intelligence, told CNNMoney that she welcomes the chance to speak with [New York Senator Charles Schumer] directly about privacy concerns. She points out that online retailers often track customers' movements in the digital world, without notifying shoppers or giving them an opt-in choice. 'We are simply seeking to create a level playing field for offline retailers, and believe you can do so whilst simultaneously protecting the privacy of shoppers,' she said."
The way to create a level playing field is to eliminate tracking of online customers, not to instigate tracking of offline customers.
An opportunity for some interesting crowdsourcing.
If enough people could be persuaded to go directly from say 'Anne Summers' to M+S to 'the guide dog shop' - we could start to see some really 'interesting' products appear as a result of the research!
"The technology has already been deployed at malls in Europe and Australia, tracking about one million customers a day. A spokesperson for Path Intelligence said the company has not been in talks with any malls in Canada, and the technology has never been deployed there."
Does anyone know which ones?
What would they do with this data? People go into malls and walk around. Well, duh! When they are looking for clothes they go into clothing stores. Great! Now what??
The malls will use it to raise rents.
If they can show that a certain number of a more desirable socio-economic visited your location - they can demand more rent.
Honestly, big deal? As soon as I leave my house anyone with a pair of eyes can see me, track me, record me. Cameras at the intersection can track traffic, or capture my license plate. And so what, I'm at the mall. Big deal. Capturing where my feet take me in a public place can be accomplished 20 other ways. I love how we all sit here crying "FUD!" when McAfee or Symantec publish articles about APT threats or vulnerabilities to SCADA systems, with everyone demanding "PROOF!!!". Yet with this technology, you're all in an uproar that it's doing something that it hasn't yet been proven that it's doing. Hypocrites.
@Peter, I can imagine benefits to the store owners and mall management companies despite the "duh" factor (otherwise they wouldn't make the investment). Staying with the clothes shoppers a moment - when someone hits one store, is there a common cluster of other stores they visit? Mall management may want to space those out to maximize walk-by sales and opportunity buying. If many people visit store x and then store y, is there something store y sells (socks) that complements what store x sells (shoes)? Perhaps store x brings that item in-house and increases revenue.
I heard about this on the radio a few days ago, and I couldn't decide if Senator Schumer was being brilliant or obtuse in suggesting this needs to be an opt-in technology/or have an opt-out available. Either is infeasible - shoppers aren't aware of their IMEI, they aren't likely to take the time to visit a booth/kiosk/whatever to opt-in or opt-out (and at that point you've deliberately revealed your IMEI, so go ahead and put on your tinfoil hat now). People aren't likely to turn their phones completely off to defeat this, and privacy advocates will have a hard time arguing that there's any expectation of privacy somewhere as public as a mall (so look for that SMS and voice tracking to come soon).
Of course, they could easily make it optional by tracking MAC address on your WiFi or Bluetooth instead - post signs at the entries saying if you don't want to be tracked, turn those radios off. But of course, if you leave it on you can use the free WiFi at the mall with our complements ...
I'd expect you'll see data correlation with point-of-sale data sooner rather than later, and retention of data too ... then retailers will be able to observe that you visited the store, didn't buy anything (or worse, went to a competitor), and can follow up with surveys and targetted marketing to see why you aren't spending. There may even be realtime interactions down the line - an SMS or tweet as you're exiting reminding you that "you bought widget X, now go visit our partners at Battery Hut to get plenty of power for that widget - here's a realtime discount coupon".
One way to set up an opt-in capability is to do this via mobile apps. A good friend of mine is working on this approach, and getting buy-in from various store owners.
I thought about linking the following article along with the cell phone tracking article on Friday but chose not too because it's more of an opinion piece.
For those who don't want to read the whole article this is the money shot quote:
"As it turns out, our culture has voluntarily joined the Surveillance Society, leaving reasonable expectations behind. And only a fool would deny that."
I think that is indeed the mall's strongest argument. And I too wonder if it's possible at this stage in the game to stuff the genie back into the bottle.
Hahaha exactly, Give them humorous and useless data to make a point
Oh here's one, once everyone sees the sign telling you your being monitored via cell phone tracking technology, you walk out the mall.
My boss uses a similar technique to determine how much "bathroom time" we use.
Anyway, I'm sort of in the I'm-not-concerned camp. There are plenty of ways to thwart the system, if you care.
It will help the shopping center outside Richmond figure out why the food court doesn't get as much business as expected, or notice that lots of people go directly from Williams-Sonoma to Cold Stone Creamery without stopping by any of the stores in between. This is already done routinely and cheaply using human observers, but it's fun to sell technological solutions to the upper middle class.
How's this for opt-in: Give shoppers an opportunity to grab a tracking device that also provides some benefit to them. For instance, when they turn in the tracking device, they get 2% of their purchases back or a coupon good for $20 at any mall store. Devices would need to be very cheap to produce, because there will be theft or unintentional failure to turn them in. Of course detectors at the mall exit could remind shoppers to return them, too.
This is an opt in system. Going into a private building with signs posted that they are following your phone = opting in.
IF they have the system removed from external networks, and delete EIMI once you leave the premises or at the end of the day, there is very little concern from me. And I am usually very paranoid.
We learn by discussing, and switching the domain, context, and consequence elements, helps us think clearly over time.
I care about the scadatubez too, but privacy has a very serious long term ramification to our society as well.
Think about the cyber-physical transition. It is what matters in industrial systems, but it is also what matters here, just going the other way.
In other words following you is one thing. Following everyone all the time, is quite another...
"The technology has already been deployed at malls ... Does anyone know which ones?"
There are several mobile marketing consulting and technology companies claiming that Bluewater, on the M25 London orbital motorway is one.
The technology seems to come from the Phillipines.
Mobile marketing via Proximity Systems, also referred to as Proximity Marketing, relies on GSM 03.41 which defines the Short Message Service - Cell Broadcast. SMS-CB allows messages (advertising, public information, etc.) to be broadcast to all mobile users in a specified geographical area. In the Philippines, GSM-based proximity broadcast systems are used by select Government Agencies for information dissemination on Government-run community-based programs to take advantage of its reach and popularity (Philippines has the world's highest traffic of SMS). It is also used for commercial service known as Proxima SMS. Bluewater, a super-regional shopping centre in the UK, has a GSM based system supplied by NTL to help its GSM coverage for calls, it also allows each customer with a mobile phone to be tracked though the centre which shops they go into and for how long. The system enables special offer texts to be sent to the phone.
Note: I have not yet checked the GSM spec to verify if this is possible.
There is a similar technical approach using Bluetooth. Providing the customer has a device that is discoverable, the location owner can push content over Bluetooth.
I've seen this technology deployed in the Mercedes Museum in Stuttgart (Oct 2010) where it is used to send wallpaper and audio clips to mobile devices at various locations in the museum.
Cute, but it is another way to track paths of mobile devices within a controlled space. Given the range of Bluetooth, it is probably more accurate that something based on GSM (unless you have access to femto-cells).
> Honestly, big deal? As soon as I leave my house
> anyone with a pair of eyes can see me, track me,
> record me. Cameras at the intersection can track
> traffic, or capture my license plate.
As soon as you leave your house, anyone with a gun can see you, aim at you, shoot you.
Does that mean anything people can do should be legal ?
@CB: I don't buy it (but of course, I'm not paying the bills).
Of course there is a correlation among traffic to similar or related stores, but I don't think there is much money to be made by estimating the value of the correlation a little more accurately.
Yes, there may be some gain by spreading stores to increasing walk-by traffic - but there is also likely to be loss, from people who decide the walk isn't worth it. I avoid a mall near us, because its layout results in too much walking. Figuring out which effect is more important is again likely more expensive than the value.
I still see no significant value in the data.
Nothing new here - Bath University in the U.K. had an experimental tracking system based on bluetooth signals from phones. I can only find web references from ~2005, but I thought it was older than that. The project eventually grew up into cityware.org.uk
"Honestly, big deal? As soon as I leave my house anyone with a pair of eyes can see me, track me, record me."
Your mentality completely explains how this type of system can grow up.
@Bahman M. noted:
"violation of privacy -which ends up in very undesirable situations- is a crawling gradual process."
Thus the situation changes because at every given change *some* people argue that "so what...it is not that different from last month..."
"Going into a private building with signs posted that they are following your phone = opting in."
Yea except that according to Google maps those are "public spaces", that can be mapped...not "private buildings".
Great discussions. Tracking can be so easily misused and in a mall, who is doing the tracking? What can be done with the data?
Are they going to track people of color more at malls? Easier to track Arab Americans now while shopping? Young adults of certain socioeconomic status?
When is Uncle Sam going to start having the malls report suspicious activity to the federales? Do security guards watch the ones considered to be suspicious? Have you been followed around by a security guard as if you were a shoplifter?
Hey they bought a roll up at the Lebanese deli, hmmm middle east, brown hair, bohemian clothing...Arab terrorist?
Wireless tracking is a natural by product of the proliferation of wireless technology, expect more of it. Here is an example of its use that I think few would oppose:
Those that oppose I call Luddites, and will concede the development of this technology to other countries, or worse, limit it to government (ab)use.
"If one access point is good, 53,000 must be better.
Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points. Hide in plain sight amongst Fake AP's cacophony of beacon frames. As part of a honeypot or as an instrument of your site security plan, Fake AP confuses Wardrivers, NetStumblers, Script Kiddies, and other undesirables."
if someone were to accomplish the same for fake cell phones roaming around in random locations, all containing different faked phone data responses, it would be an interesting proof of concept.
I had actually seen this same product several years ago in an Information Assurance class at my university. At that time, it had been being deployed in several locations already, and a local mall was evaluating it. It was also being looked at by a local movie theater, to track patrons who did not turn off cell phones during a movie and roughly triangulate them so they could be removed from the theater.
It is scary how easily you can uniquely identify a user if you can get high enough resolution tracking on a continuous basis. Correlation of multiple sources of information, such as receipts, security cameras (I think there was a discussion of merging this with the surveillance system in a store to track where consumers spent time), etc. and you quickly have your own "little brother".
@Section9-Bateau: "It was also being looked at by a local movie theater, to track patrons who did not turn off cell phones during a movie and roughly triangulate them so they could be removed from the theater."
By ceiling-mounted laser, I hope? :-)
In all seriousness, I can't see that working ... to most people, "turning off" the phone means turning off the ringer or setting it to vibrate, so this system would just help you locate all of the active cell phone radios, which these days would just serve to locate all of the occupied seats in the theatre.
What they'd really need is something that detects the ringtone, or a more general system to detect acoustic disturbances, coupled to the theatre sound system to cancel out the movie soundtrack and isolate only "live" sounds. And coupled to the ceiling-mounted laser, of course ...
We need less surveillance, not more. Just look at this:
"The company’s software pulls off one of the great computer science feats of the era: It combs through all available databases, identifying related pieces of information, and puts everything together in one place."
"Palantir has built a customer list that includes the U.S. Defense Dept., CIA, FBI, Army, Marines, Air Force, the police departments of New York and Los Angeles, and a growing number of financial institutions"
"Palantir’s engineers fill the former headquarters of Facebook along University Avenue in the heart of Palo Alto’s main commercial district. Over the past few years, Palantir has expanded to four other nearby buildings as well. Its security people—who wear black gloves and Secret Service-style earpieces—often pop out of the office to grab their lunch, making downtown Palo Alto feel, at times, a bit like Langley."
So they are in "the former headquarters of Facebook"? I find that quite funny.
@Scared: thanks for the link, interesting reading. I can appreciate the wink to LOTR in the company´s name (so much for the supposed nerdiness of IT guys) but what they do it´s quite scary indeed. It might be old news, but using terrorism as a form of blackmail to impose surveillance on our every move is just... wrong. Also the Facebook reference is spot on. To get back on topic, I wouldn´t be surprised in the least if this Footpath technology could suck infos off of our cell phones. I will start switching mine off everytime I enter a shop bigger than Mom and Pop´s drugstore down the street.
I am trying to figure out how this _exactly_ works. According to this article (from 2008) it uses the TMSI (a temporary mobile subscriber identity defined in the GSM spec). However, a phone that is just on standby will not transmit anything (except if it detects that it is getting out of range from its current base station), so I fail to see how this technique is going to track most shoppers - unless this system is somehow 'active'. Does anybody have more details?
Have been searching for powerline security systems. Digital modulated providing two-way communications, and etc.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.