[Don’t] Look, You’re Being Followed
Retailers have begun using signals from cell phones to track individuals’ movements within their stores.
Retailers now have the ability to collect signals transmitted from customer smartphones to track their movements throughout stores. Phones that are WiFi or Bluetooth enabled transmit a number, called its MAC address, while the phone searches for wireless networks or other Bluetooth devices. The MAC address is a distinctive combination unique to each phone, and is analogous to a person’s social security number. Retailers can then track and log individuals’ movements in a given area. This practice enables retailers to better understand their customers, thereby creating a more relevant, convenient shopping experience.
Consumers may benefit from this new technology by receiving desirable coupons. For instance, the retailers may send particularized coupons or advertisements to consumers based on what they have historically purchased at that store. If used properly, this technology could significantly benefit both consumers and retailers. As with many innovative changes, however, much of the public may be wary of this new technology due to individual privacy concerns.
One trepidation is that this locational data is largely being collected from mobile phone users without knowledge, as well as the fact that such data is personalized by the unknowing individual’s MAC address. Retailers must be careful to balance the degree to which this practice intrudes on consumer privacy, particularly regarding issues of customer anonymity, transparency of data use, and control over data collection.
It is getting easier to identify an individual based on his or her movements due to the high precision of mobile location tracking data.
A mobile device’s MAC address does not contain any personal information, but it does uniquely identify that particular device. Because tracking technology has become increasingly accurate, our devices are similarly becoming more identifiable. In turn, it is easier to spotlight and target an individual based on his or her movements due to the high precision of mobile location tracking data.
A joint project between researchers at Massachusetts Institute of Technology (MIT) and the Catholic University of Louvain examined the extent to which an individual’s information can be inferred based on his or her movements. The study used an approach analogous to the process of identifying a fingerprint, whereby several unique points were mapped to characterize and identify individuals. Researchers traced 1.5 million mobile phone users over the span of fifteen months, and revealed that as few as four location points and the times they reached those points could be used to decipher the identity of a user ninety-five percent of the time. Thus, the notion that your phone’s MAC address does not contain any personal information is really an illusion. When its location is tracked, it can identify you.
The Mobile Analytics Code of Conduct (pdf), introduced by the Future of Privacy Forum, requires that the only information retained by retailers is hashed MAC addresses. Hashing is a process that puts data though a mathematical formula to encrypt digital signatures. This technique is often referred to as a way of rendering data anonymous, but it really only makes MAC addresses semi-anonymous at best.
Chief Technologist of the FTC, Ed Felton, asserts that “the casual assumption that hashing is sufficient to anonymize data is risky at best, and usually wrong.” Because the hashing process utilizes the same formula every time, it always produces the same result. Consequently, an analyst can quickly decipher a hashed MAC address with no more than a laptop.
Retailers currently require consumers to opt-out of being tracked through stores, rather than using a more transparent opt-in option.
Retailers currently require consumers to opt-out of being tracked through stores, rather than an opt-in. A criticism of this approach is that, without widespread awareness, a lack of consent to access detailed information of location and time is logged without users even being aware. Also, the process of opting out is inconvenient, requiring one to enter their MAC address into a website.
This can be especially significant in the context of a shopping mall, where multiple retailers and businesses may be collecting mobile location data in one area. There are a couple of ways to opt out that were mentioned at the Federal Trade Commission’s Mobile Device Seminar (pdf) last month. First, a site will potentially be available at which users can enter their MAC address if they do not want to be tracked. Another idea is for retailers to set up a WiFi opt-out network that you briefly join so that it can collect your MAC address, designating your device as opted out of every store’s device tracking scheme.
Largely emphasized at the FTC’s Mobile Device Seminar were the themes of transparency and consumer awareness concerning this data collection practice. Advocates of mobile tracking believe it will succeed as long as retailers are forthcoming regarding how this information is being used. As an example to the contrary, in 2011, security analyst Trevor Eckhart discovered his mobile phone had software installed that was capable of tracking almost any of its users’ activities. He did not download the software, and he could not turn it off. This software, created by analytics company CarrierIQ, was installed on over 140 million smartphones and was capable of tracking keystrokes or recording phone calls. Owners of these phones were unaware of the software’s existence, and several class action suits were filed as a result.
Collection of such data becomes much more intrusive when it is done unknowingly or without consent, as well as when the motive is purely commercial.
Though the CarrierIQ fiasco concerned more intrusive activity than that discussed here, the controversy provides some indication as to how the public will react if transparency is not emphasized throughout the growth of mobile consumer tracking. Many people opt-in to applications on their phones that provide services by location tracking—usually by GPS—for social media, weather forecasts, or restaurant reservations. Collection of such data becomes much more intrusive when it is done unknowingly or without consent, as well as when the motive is purely commercial.
Though a good start, the Mobile Analytics Code of Conduct is nothing more than a promise, and one that nobody is required to make or keep.
The biggest criticism of the Mobile Analytics Code of Conduct (pdf) is that there is no enforcement mechanism to hold retailers accountable. The Code of Conduct essentially serves as a pledge by retailers using mobile location tracking that they do not want to know who you are and will not make efforts to figure out your identity. Proponents of mobile tracking argue that retailers and other businesses are only interested in location data for commercial reasons, and, thus, do not need to know, nor have any interest in, mobile users’ offline identity to fulfill their goals. Though a good start, the code is currently nothing more than a promise, and one that no one is required to make or keep.
In September of 2012, largely in response to the CarrierIQ incident, legislation was proposed by Representative Ed Markey that would require “clear and conspicuous” disclosure to users of tracking software on their phones. Called the Mobile Device Privacy Act, it would also provide penalties for each incidence of a violation by whoever is responsible for the software. This includes applications downloaded. Many have seen examples of such disclosure on existing apps requesting permission to use your location. This bill was last referred to a House subcommittee.
If a bill like the Mobile Device Privacy Act is enacted, it is unclear whether it would apply to the mobile tracking of customers as described herein because of how it collects data through signals emitted from phones, as opposed to software that has been downloaded or purchased. However, it is certainly plausible that its protection could be extended to cover the practice at hand.
Proponents of locational data use argue that all retailers essentially want is to track trends for the purpose of improving sales. This would undoubtedly bring many benefits to both retailers and consumers, but that does not guarantee protection from misuse of this type of information. Understandably, some risks are required in the name of innovation, but risks taken for primarily commercial practices should be borne by retailers and other similar businesses that desire the change. When such practices put the public interest at risk, proper safeguards for those interests must come first.