Risk
8/12/2013
06:27 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Spying Trash Cans Banned

Foot-traffic counting scheme spooks London city managers.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
London officials have demanded that a handful of recycling and waste bins equipped with mobile device tracking technology stop collecting data about the cellphones of pedestrians.

The City of London Corporation, an 800-year-old elected body tasked with making the city attractive to businesses, issued a statement on Monday directing Renew London, a media technology company, to halt its wireless device monitoring project, intended to count foot traffic.

"We have already asked the firm concerned to stop this data collection immediately and we have also taken the issue to the Information Commissioner's Office," said a spokesman for the group in a statement. "Irrespective of what's technically possible, anything that happens like this on the streets needs to be done carefully, with the backing of an informed public."

London incidentally has more than 50,000 closed-circuit TV cameras recording its residents on a daily basis.

[ Learn more about cloud reliability. Read Microsoft Office 365 Reveals Uptime Figures. ]

In June, Renew London, a media startup that installed 100 Internet-connect trash bins with display screens in the city for the 2012 Summer Olympics, turned 12 of its bomb-proof receptacles into wireless data collectors. The purpose of the experimental units, which ingest trash and expel ads, is to obtain analytics data of interest to local businesses.

The firm's "Renew Pods" track the proximity, speed, duration and manufacturer of passing mobile devices using their MAC addresses. Renew touts the data as a tool for corporate clients and retailers that can associate the past behavior of unique devices -- "entry/exit points, dwell times, places of work, places of interest and affinity to other devices" -- with predictive analytics about "likely places to eat, drink [and] personal habits," among other things.

This data is supposed to be anonymous, though numerous studies have demonstrated that anonymous data can often be used to identify individuals. The U.S. National Institute of Standards and Technology said in 2010 that MAC addresses may be considered personally identifiable information.

Renew CEO Kaveh Memari, who previously described the technology as a way to "cookie the street," dismissed concerns about the technology in a statement released on the company blog.

"[T]he process is very much like a website," Memari explained. "[Y]ou can tell how many hits you have had and how many repeat visitors, but we cannot tell who, or anything personal about any of the visitors on the website. So we couldn't tell, for example, whether we had seen devices or not as we never gathered any personal details."

Memari insists the pilot project is simply "a glorified counter on the street" and promises to consult with privacy groups like the Electronic Frontier Foundation as the technology is refined. Given recent revelations about the extent of data gathering by the National Security Agency around the globe, however, Renew may have a hard time overcoming public skepticism about the need for more tracking technology.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
8/14/2013 | 9:48:00 PM
re: Spying Trash Cans Banned
I agree. I can opt to allow cookies to track my presence on a website for access to free content. But the option is lacking here.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
8/13/2013 | 10:43:22 PM
re: Spying Trash Cans Banned
I'd have no trouble with this if it were opt-in.
Michael Endler
50%
50%
Michael Endler,
User Rank: Apprentice
8/13/2013 | 9:43:58 PM
re: Spying Trash Cans Banned
If using MAC addresses in this fashion isn't copacetic, then let's see...

What if the trash can tracked passersby using an image sensor? CCTVs are basically already everywhere in London, and the right to photograph public places is very clear in the U.S. (though the right to do so at infinite scale might not be). As Lorna said, cameras are already watching everything you do-- especially if you live somewhere like London.

Image sensors that can recognize people and contribute to analytics are getting more and more sophisticated. I've heard about sensors that specifically counts people as they pass, records how long they linger in one place, and so forth. Same aim as this project, but a different method.

I'm curious-- would people think their civil liberties are being violated if image sensors perform this sort of surveillance/ analytics gathering? Or would many people find it just as objectionable as the MAC method?
ChrisMurphy
50%
50%
ChrisMurphy,
User Rank: Apprentice
8/13/2013 | 9:18:11 PM
re: Spying Trash Cans Banned
I don't think it's irrational to resist this. What do we get in return for the trash can tracking our movement? We accept surveillance cameras to keep crime and costs down. At a website we accept registration/cookies in exchange for free content. I don't have that kind of relationship with my neighborhood trash cans.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
8/13/2013 | 7:26:56 PM
re: Spying Trash Cans Banned
This is simply proof that people are irrational. They have cameras watching their every move!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4973
Published: 2014-09-23
The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call.

CVE-2014-5392
Published: 2014-09-23
XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.

CVE-2014-6646
Published: 2014-09-23
The bellyhoodcom (aka com.tapatalk.bellyhoodcom) application 3.4.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6647
Published: 2014-09-23
The ElForro.com (aka com.tapatalk.elforrocom) application 2.4.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6648
Published: 2014-09-23
The iPhone4.TW (aka com.tapatalk.iPhone4TWforums) application 3.3.20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio