As Tracking Opt-Out Platform Starts, Industry, Privacy Advocates Clash on In-Store Tracking
Smartphones have multiple, unchanging unique identifiers that retailers and analytics firms are constantly collecting in stores and malls to track user location, said panelists at an FTC workshop Wednesday. The near-ubiquity of some types of collection raises the need for industry collection standards and enhanced consumer notification principles, industry representatives said. Consumer advocate Seth Schoen, senior staff technologist at the Electronic Frontier Foundation, said he had “quite a different paradigm.” Instead of focusing on consent and notice, what should be first addressed is the “underlying problem” of smartphones having “a persistent unique identifier,” which gives people a device “in their pocket shouting where they are to everyone who sets up a laptop to look at them,” he said. The workshop was the first of the FTC’s three short privacy-focused spring workshops (http://1.usa.gov/1jY27hV).
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Smartphones communicate location through four antennas: Bluetooth, Wi-Fi, GPS and GSM, said Ashkan Soltani, an independent researcher and former staff technologist in the FTC’s Division of Privacy and Identity Protection. “Each of those emits signals” that include each phone’s “globally unique identification,” he said. “No other person, no other device has that same number.” While Bluetooth, Wi-Fi and GPS are not always activated on a smartphone, GSM -- which AT&T and T-Mobile use -- is constantly communicating with one’s wireless provider as long as the phone is turned on, he said. Two large carriers use GSM technology.
An industry has built up around companies intercepting this location data, Soltani said. Two of those companies were present Wednesday -- iInside and Mexia Interactive. “We're not in the business of looking at individual consumers,” said iInside CEO James Riesenbach. “We're in the business of providing aggregated views that help our clients compete more effectively.” Mexia President Glenn Tinley agreed. “We help our clients understand what is happening within their location,” he said. “We analyze that behavior and anonymize it in multiple fashions so there’s no combining or profiling.”
Large-volume retailers and malls are typical customers, Tinley and Riesenbach said. Location data are analyzed to look at three main areas: pathing, or how shoppers move around the store; dwell time, or how many shoppers enter particular departments and how much time they spend there; and wait time, or the time shoppers wait to check out, Riesenbach said. More efficient floor layouts, product arrangements, staffing schedules and real estate decisions can result from this data, affecting millions of dollars, Tinley said. These changes benefit consumers too, saving shoppers time and money, said Tinley and Riesenbach.
But shoppers aren’t aware when, and how, these location data are being used, said Ilana Westerman, CEO of Create with Context, a digital strategy consulting firm. In studies, she found only 8 percent of consumers were aware of signs in retail stores alerting them to location tracking. Shoppers tend to have a “get-in, get-out” mentality, she said, and focus only on the products. Retailers need to focus on notification through the three elements of awareness: implicit, explicit and ambient, she said.
Implicit awareness is when consumers use an app, such as Google Maps, that they expect to collect location information, Westerman said. Retailers could accomplish this through well-designed apps such as a “wish-list app” that notifies users when they are in a store stocking that product, she said. Explicit awareness is some kind of tactile, visual or auditory way to get the shoppers’ attention, she said. For example, shopping carts could have built-in phone mounts so users can receive notices to their phones while they are in front of their faces. Ambient awareness is icons, such as the recycle logo, that over time become associated with a specific activity. Westerman said her company has tested more than 300 icons in an attempt to develop something similar for in-store tracking.
The Future of Privacy Forum (FPF) launched a location tracking opt-out platform Tuesday to coincide with the workshop (http://bit.ly/McAkgy). Last fall, FPF -- an industry-backed group supported by companies including Google, Facebook, Microsoft, Apple and Amazon, data brokers like Acxiom and retailers like Walmart -- launched a code of conduct for in-store data collection (WID Oct 23 p1) . Sen. Chuck Schumer, D-N.Y., supported the code, which included enhanced in-store notifications, opt-in commitment if personal information was collected, and an opt-out platform. Eleven companies are currently participating in FPF’s opt-out list, including iInside and Mexia, according to FPF’s opt-out website.
The opt-out platform drew criticism from privacy advocates including the Center for Digital Democracy (CDD) and the Electronic Privacy Information Center. “Look at the bizarre approach the opt-out takes, requiring a consumer to become a data scientist before they can protect their privacy,” said CDD Executive Director Jeff Chester. Soltani, the independent researcher, said the opt-out requires a user to put a phone’s unique identifier -- known as a MAC address -- on FPF’s opt-out list. “But people don’t really know what their identifiers are,” he said. FPF said the platform and code of conduct put “data protection standards in place to ensure that [mobile location analytics] technology is used responsibly."
EFF’s Schoen doesn’t believe industry best practices or an opt-out platform necessarily address the underlying problem. Even when MAC addresses are hashed -- a term for anonymizing them -- it is still possible to “crack them and tell you what the MAC addresses were,” he said. “The problem is the space of possible MAC addresses is too small,” he said. He challenged any of the industry representatives to “send me a bunch of hashed MAC addresses you've collected.” Given a week of time on a laptop, he could de-anonymize those addresses, he said. Armed with those addresses, people could tie each one back to a phone and create a long-term pattern of where that phone has traveled over time, potentially revealing sensitive personal information, Schoen said. More “concretely useful” than an opt-out platform “would be a button that says ‘Change my MAC address.'"
The companies represented on the panels have committed to not de-anonymizing MAC addresses, they stressed. “We don’t do that in any way, shape, or form,” Tinley said. Mexia never ties a MAC address back to a specific phone. Schoen countered: “But I think there are other parts of the industry that would say, ‘If we have the capability to do this, why not?'”