Sunday, August 11, 2013
Private company spies on smartphones in London by bugging trash bins
by Larry Geller
The unique identifying numbers of over half a million smartphones have been recorded by a network of recycling bins in central London.
Hundreds of thousands of pedestrians walking past 12 locations unknowingly had the unique MAC address of their smartphones recorded by Renew London.
Data including the "movement, type, direction, and speed of unique devices" was recorded from smartphones that had their Wi-Fi on.
[Wired (UK), Tracking devices hidden in London's recycling bins are stalking your smartphone, 8/9/2013]
Who would think: Big Brother in the recycling bins?? And what is described by Wired is only a beta test.
If it can happen in London, it can happen here. Or maybe it is already happening here, how would we know?
From the website of the company gathering the data:
Renew have accumulated results on the initial beta testing of the recently installed Renew ORB technology – an inbuilt hardware device that captures smartphone data in real-time.
The results provided a concise breakdown (to the 50th of a second) of the movement, type, direction, and speed of unique devices that the Renew Network gather across Renew ORB test sites, and help identify peak footfall times from key hotspots in the City of London.
The network figures accumulated over the week reached a total of 4,009,676 devices captured with over 530,000 uniques acquired.
This data was captured from approximately 10% of the Renew Network (8% at Monday and up to 12% by Friday).
Friday 7 June saw the highest activity with network figures reaching 946,016 devices captured, followed by Thursday 6, which gathered 750,836 MAC addresses. This was the very first time Renew had all 12 of the test Renew ORBs capturing data over a 24-hour period.
There are significant commercial applications for this data, including highlighting leading handset manufacturers dominating the smartphone market along with abridged impressions of the Square Mile’s most popular commuter destinations.
Renew are also working on proposals for clients to combine the Renew ORB technology both within the Renew Pods on the street and their venues in the City of London.
This will allow us to map the total footfall percentage within a 3-4 min walking distance of the shop. Further, we can identify which streets are not being captured and use the screens on the Renew Pods to drive further traffic into the shops. We will see all MACs that currently shop at the stores and we will be able to measure any new MACs arriving into the venue and the route they take.
Here are just two of a short list of “analytics” that the company says it is capable of tracking:
• Journey to and Linger time in store
• Areas in store visited
So if your phone is on in London, and you go to a certain section in a bookstore and linger there, this can become part of your permanent record, as our third grade teacher used to tell us. If you visit a certain address, your phone knows all and is happy to tell on you.
It’s not clear whether the trash bins can also collect data from passing cars. It did say that they can collect data down to a 50th of a second, so perhaps this is possible—in which case they also can know the direction and the speed of the vehicle.
Your MAC address is unique to the phone and known to the carrier that supplies your services. It is easily tied to you personally. Some apps know both your MAC address and may access your accounts and contacts.
Now, you may say, but this is a private company, not the government, grabbing my data. In today’s world, that doesn’t matter much, does it. Companies in the US readily turned over the most intimate data on us to the NSA, so if the British (or the NSA?) wanted data from this company, I have no doubt they might receive it.
A good share of the blame should be placed on the shoulders of the smartphone industry, in my view. An Android phone is not a good steward of the personal information it keeps, which is quite a bit. In fact, if you don’t want that data taken from you, there’s not much choice except to carry a separate cell phone for calling and never use that phone for anything involving sensitive data. Even so, your whereabouts (to the footfall!) can be traced unless you take out the battery.
Advocacy groups call for greater transparency in government. Certainly the Snowden revelations demonstrate that we are massively deprived of sunshine. Our government has been spying on us for many years so far.
Transparency is good, but while it is necessary, it is not sufficient. Advocates want to know which corporations contribute to which politicians and that’s important, but the companies still contribute. Similarly, the NSA has no intention of stopping its spying on each of us just because we now know they are doing it.
The London data collection is being done with (apparently) full transparency (in truth, we really don’t know…), it’s out there on the company’s web site. And they are still gathering the data. Nor are smartphone manufacturers moving, as far as we know, to protect the data from this kind of intrusion. Our identity is simply exposed for any refuse bin we walk past to collect (sheesh).
Keeping personal data personal is hard to do
Google turns up several articles with advice to avoid getting hacked while at a conference or even in a coffee shop. This one has some extreme advice on how to avoid being hacked (which would mean that your personal data is gone, gone gone). I was saddened to see that even public charging stations are to be avoided—but on the other hand, I do carry the recommended external charging battery in case my phone runs low away from home.
It may sound extreme, but taking a smartphone out in the world or using a laptop in a coffee shop is a security risk, which may only be avoidable by having an alternative device for such excursions. Best to buy that latte with cash, not your credit card—just a reminder that more than just phone calls are being tracked.
And again, NSA still knows where you are, and they have your emails anyway… (sigh).
At least there is now some talk about encryption and using Internet servers located outside of the USA. In time, perhaps some path to privacy will appear.
Finally, this last word snipped from the press info of that trash bin spying company:
The consolidated data of the beta testing highlights the significance of the Renew ORB technology as a powerful tool for corporate clients and retailers. It provides an unparalleled insight into the past behavior of unique devices – entry/exit points, dwell times, places of work, places of interest, and affinity to other devices – and should provide a compelling reach data base for predictive analytics (likely places to eat, drink, personal habits etc.).
Note: “affinity to other devices” can mean whom you met for coffee or at a “place of interest.”
Wouldn’t Britain's GCHQ, MI5 or the NSA like to have all that? Now they can.
(The Renew snips are reproduce here under fair use. To their credit, they make their information available under a Creative Commons license: (CC) BY-NC-ND 3.0.)