There’s discussion on Slashdot and Spy Blog has some analysis.
Path Intelligence – the makers of the FootPath system – claim shoppers’ anonymity is preserved, but that doesn’t sit well with the technical details. FootPath doesn’t just aggregate anonymous data on shoppers’ movements. Use-cases promoted by the manufacturer include taking decisions and actions based on individual behaviour. Under “security” they list “identify unauthorized individuals in ‘no go’ areas” as a feature. Presumably the idea is that minimum-wage security guards can then be dispatched to escort the offending person from the premises. I wonder how anonymous those lucky shoppers will feel.
Individual phones are tracked using their IMEI, which is unique to each mobile regardless of the installed SIM. Path Intelligence don’t make clear whether this unique reference is preserved and recorded, or deleted in favour of an internal primary key. Apparently the system actually tracks TMSIs, which are “…hashed as soon as [the system receives] them to make it much more difficult to combine them with other data”. This provides greater anonymity than tracking IMEIs, however even given that the data is rendered pseudonymous, it could still be cross-referenced with other sources of information to personally identify shoppers: CCTV systems, cash register records, credit-card data, ANPR cameras and RFID stock-control tags all come to mind.
Mobile phone outlets are likely to be especially interested in the FootPath technology. These are the retail arms of the cellular networks so they may already be able to link people to their IMEIs using billing records. …but apparently this can’t be done if the system uses TMSIs. I (still) imagine they’d jump at the chance to see which of their existing customers are visiting their rivals so they could bombard them with special offers or incentives not to switch.
If the system were deployed across multiple retail sites, a retail chain with a presence at each could follow customers between locations, providing an even more detailed record of individual habits and behaviours. TMSIs change frequently as users roam between locations, so it shouldn’t be possible to associate tracks plotted in different localities.
It’s not just retailers and shopping centre managers who might be interested in the data collected by FootPath. Police and other law enforcement agencies will inevitably grok the system’s potential to track “persons of interest” – and the people whose company they keep – with a much greater level of accuracy than traditional cell-based triangulation. The long arm of the law would also be more able than commercial organisations to reach into and cross-reference other data systems. I bet they wouldn’t need a warrant to request this kind of data either! It would be easy to imagine customers being investigated for “shopping in the vicinity of a terrorist” given the current practice of snooping on people driving near a suspect vehicle.
Some commentators have raised the question of informed consent relating to this tracking activity. I agree it would be best practice to inform shoppers that their every move will being watched by an automated system, but as FootPath deployments have so far been restricted to private property (shopping centres and transport interchanges tend to be privately owned in the UK), there’s a question over whether the managers of such places have any obligation to notify the public. I think there’s a legal requirement to display warning signs about CCTV systems – at least, I’ve seen such signs being displayed – but FootPath might not be covered under the same rules. Does anyone know anything more on this point?
It’s also been mentioned that the system might either be illegally receiving radio signals or is somehow pretending to be a mobile phone network in order to obtain IMEIs TMSIs. I don’t have a good enough understanding of the GSM to comment on the latter, but I’d be interested to hear your opinions in the comments. On the former, it would appear that in the UK one needs a license to listen to wireless telegraphy signals not intended for public consumption (i.e. broadcasts). Perhaps there are sufficient grounds for reporting the matter to Ofcom here. Again, if anyone knows more, please drop me a line.
Spy Blog also provided chapter and verse on the legality of receiving wireless telegraphy signals where you are not an intended recipient.