[LINK] RFI: 'Footpath' Customer Phone Tracking

Roger Clarke Roger.Clarke at xamax.com.au
Fri Oct 14 09:00:09 AEDT 2011

A UK company is hawking a customer surveillance service that claims 
to detect an anonymous, randomly generated, frequently changing 
signal from mobile phones.

There's a media flurry today.

Extracts from the company's web-page are below.

Can the Link Institute offer 'sanity-check' guidance on this?

Much appreciated!  ...  Roger

At 8:42 +1100 14/10/11, Katina Michael wrote:
>Interesting- the claim is that the number is not even revealed... so 
>random number associated to the cell phone.

"FootPath works by detecting a randomly generated, frequently 
changing signal from your mobile phone. This random signal is 
detected by a number of our units within the premises. We combine the 
information detected from the mobile phone signal with a proprietary 
mathematical algorithm developed by us. This allows us to determine 
your path through premises equipped with our receiver units".

[Randomly generated and frequently changing, eh?  But it seems to be 
either not all that frequent, or so frequent that the new number can 
be linked to the old one on the basis of the location in physical 
space of the old signal and the new one.]

"FootPath detects only a regularly changing, random number which 
contains no personal information. As we do not access this 
information in real time, or divulge this information to any third 
parties, it is not practicably possible for you to be identified by 
the operation of FootPath.
We have consulted with various privacy groups and the Office of the 
Information Commissioner to ensure that our operating procedures 
protect your privacy. In particular we ensure that your privacy is 
protected by the following means:
*    Security - our detector units are secure and are accessible only 
by our highly trained personnel. Staff at shopping centres do not 
have access to our detector units. This ensures that information 
detected by our units cannot be combined with other information from 
other systems that may allow you to be identified (for example, a 
CCTV camera in a shopping centre).
*    Aggregation - Aggregated data is collected from our detector 
units and sent off to our offices the evening following the day in 
which the data was collected. Accordingly, it is not possible to 
match your individual movements with the aggregated data collected by 
the detector units. By way of example, we may inform a client that 
500 people that visited John Lewis also went on to visit Marks and 
Spencer on a particular day.
*    Anonymised data - The analysis of the path information obtained 
by FootPath is provided to each client in anonymised, aggregated 
form only. It is therefore impossible for a client to identify you by 
linking the contents of our analysis with, for example, images from 
their CCTV system.
*    Commitment to privacy - as a voluntary 'fail-safe' mechanism, we 
have also agreed, as a company, not to access any information that 
would allow us, or a third party to link any path information with 
any other data or information that would allow you to be identified."

>Shopping centres' Big Brother plan to track customers via their phones
>By Karen Collier, consumer reporter
>HeraldSun, 14 October 2011
>SHOPPING centres will monitor customers' mobile phones to track how
>often they visit, which stores they like and how long they stay.
>The technology, brought to Australia by a UK-based company, has
>prompted a call for an investigation by privacy or telephone
>intercept regulators.
>One shopping centre is due next month to become the first in the
>nation to fit receivers that detect unique mobile phone radio
>frequency codes to pinpoint location within 1-2m.
>The company behind the Footpath system says it is also having
>discussions with major Melbourne sites.
>Path Intelligence national sales manager Kerry Baddeley stressed that
>no mobile phone user names or numbers could be accessed.
>``All we do is log the movement of a phone around an area and
>aggregate this to provide trend data for businesses. It's much less
>intrusive or invasive than existing people-counting methods, for
>instance CCTV cameras,'' Ms Baddeley said.
>Australian Privacy Foundation chairman Dr Roger Clarke said emerging
>retail tracking techniques were ``seriously creepy'' and should be
>thoroughly investigated. Prominent signs should notify and seek
>consent from customers, he said. The Herald Sun this week reported
>that some shops were already using separate image monitoring to log
>the direction customers walk, how long they stop in front of
>products, or if they are male or female.
>Federal Privacy Commissioner Timothy Pilgrim said the Privacy Act
>applied only if collected information identified individuals. He
>encouraged organisations to be open with customers.
>Ms Baddeley said that mobile phone monitoring, which was already
>operating in the UK and the US, would help the struggling retail
>sector develop marketing campaigns and identify the best mix of
>outlets in big shopping centres. She said the small receivers
>attached to walls picked up Temporary Mobile Subscriber Identity
>Data was then fed to computer servers to create weekly reports
>outlining popular customer routes and their length of stay.
>The debut Australian shopping centre planned a public announcement
>once the system was running.
>collierk at heraldsun.com.au

Roger Clarke                                 http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list