[LINK] RFI: 'Footpath' Customer Phone Tracking

[Richard Chirgwin]

Roger,

With such thin information provided by the company, I am forced to guess!

As far as I can tell, the best candidate for a random number used to 
communicate between the mobile and the base station is described here:
http://en.wikipedia.org/wiki/Network_switching_subsystem

Look under "Authentication Centre", "Procedures Implemented" subsection:
"When a particular IMSI requests access to the GSM core network, the MSC 
sends the RAND part of the triplet to the SIM."

That random number is generated by the Authentication Centre - for this 
discussion it can be treated as part of the base station. However, on 
its own it doesn't identify a mobile phone. So the answer to the first 
privacy question, "would this include personally-identifiable 
information?", is no.

In that sense, it's probably less intrusive in isolation than using 
cameras or - in an old world of retail path-watching - human watchers!

To a second question, "could this be correlated to a specific individual 
at a later date?" I have no answer. You would need two data sets - 
Pathfinder and the carrier's data - and I have no idea whether the 
carriers retain the random numbers used to set up phone-base station logins.

RC

On 14/10/11 9:00 AM, Roger Clarke wrote:
> A UK company is hawking a customer surveillance service that claims
> to detect an anonymous, randomly generated, frequently changing
> signal from mobile phones.
>
> There's a media flurry today.
>
> Extracts from the company's web-page are below.
>
> Can the Link Institute offer 'sanity-check' guidance on this?
>
> Much appreciated!  ...  Roger
>
>
> At 8:42 +1100 14/10/11, Katina Michael wrote:
>> http://www.pathintelligence.com/en/products/footpath/privacy
>> Interesting- the claim is that the number is not even revealed... so
>> random number associated to the cell phone.
> "FootPath works by detecting a randomly generated, frequently
> changing signal from your mobile phone. This random signal is
> detected by a number of our units within the premises. We combine the
> information detected from the mobile phone signal with a proprietary
> mathematical algorithm developed by us. This allows us to determine
> your path through premises equipped with our receiver units".
>
> [Randomly generated and frequently changing, eh?  But it seems to be
> either not all that frequent, or so frequent that the new number can
> be linked to the old one on the basis of the location in physical
> space of the old signal and the new one.]
>
> "FootPath detects only a regularly changing, random number which
> contains no personal information. As we do not access this
> information in real time, or divulge this information to any third
> parties, it is not practicably possible for you to be identified by
> the operation of FootPath.
> We have consulted with various privacy groups and the Office of the
> Information Commissioner to ensure that our operating procedures
> protect your privacy. In particular we ensure that your privacy is
> protected by the following means:
> *    Security - our detector units are secure and are accessible only
> by our highly trained personnel. Staff at shopping centres do not
> have access to our detector units. This ensures that information
> detected by our units cannot be combined with other information from
> other systems that may allow you to be identified (for example, a
> CCTV camera in a shopping centre).
> *    Aggregation - Aggregated data is collected from our detector
> units and sent off to our offices the evening following the day in
> which the data was collected. Accordingly, it is not possible to
> match your individual movements with the aggregated data collected by
> the detector units. By way of example, we may inform a client that
> 500 people that visited John Lewis also went on to visit Marks and
> Spencer on a particular day.
> *    Anonymised data - The analysis of the path information obtained
> by FootPath is provided to each client in anonymised, aggregated
> form only. It is therefore impossible for a client to identify you by
> linking the contents of our analysis with, for example, images from
> their CCTV system.
> *    Commitment to privacy - as a voluntary 'fail-safe' mechanism, we
> have also agreed, as a company, not to access any information that
> would allow us, or a third party to link any path information with
> any other data or information that would allow you to be identified."
>
>
>
>> Shopping centres' Big Brother plan to track customers via their phones
>> By Karen Collier, consumer reporter
>> HeraldSun, 14 October 2011
>>
>> SHOPPING centres will monitor customers' mobile phones to track how
>> often they visit, which stores they like and how long they stay.
>>
>> The technology, brought to Australia by a UK-based company, has
>> prompted a call for an investigation by privacy or telephone
>> intercept regulators.
>>
>> One shopping centre is due next month to become the first in the
>> nation to fit receivers that detect unique mobile phone radio
>> frequency codes to pinpoint location within 1-2m.
>>
>> The company behind the Footpath system says it is also having
>> discussions with major Melbourne sites.
>>
>> Path Intelligence national sales manager Kerry Baddeley stressed that
>> no mobile phone user names or numbers could be accessed.
>>
>> ``All we do is log the movement of a phone around an area and
>> aggregate this to provide trend data for businesses. It's much less
>> intrusive or invasive than existing people-counting methods, for
>> instance CCTV cameras,'' Ms Baddeley said.
>>
>> Australian Privacy Foundation chairman Dr Roger Clarke said emerging
>> retail tracking techniques were ``seriously creepy'' and should be
>> thoroughly investigated. Prominent signs should notify and seek
>> consent from customers, he said. The Herald Sun this week reported
>> that some shops were already using separate image monitoring to log
>> the direction customers walk, how long they stop in front of
>> products, or if they are male or female.
>>
>> Federal Privacy Commissioner Timothy Pilgrim said the Privacy Act
>> applied only if collected information identified individuals. He
>> encouraged organisations to be open with customers.
>>
>> Ms Baddeley said that mobile phone monitoring, which was already
>> operating in the UK and the US, would help the struggling retail
>> sector develop marketing campaigns and identify the best mix of
>> outlets in big shopping centres. She said the small receivers
>> attached to walls picked up Temporary Mobile Subscriber Identity
>> transmissions.
>>
>> Data was then fed to computer servers to create weekly reports
>> outlining popular customer routes and their length of stay.
>>
>> The debut Australian shopping centre planned a public announcement
>> once the system was running.
>>
>> collierk at heraldsun.com.au