Risk
8/12/2013
06:27 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Spying Trash Cans Banned

Foot-traffic counting scheme spooks London city managers.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
London officials have demanded that a handful of recycling and waste bins equipped with mobile device tracking technology stop collecting data about the cellphones of pedestrians.

The City of London Corporation, an 800-year-old elected body tasked with making the city attractive to businesses, issued a statement on Monday directing Renew London, a media technology company, to halt its wireless device monitoring project, intended to count foot traffic.

"We have already asked the firm concerned to stop this data collection immediately and we have also taken the issue to the Information Commissioner's Office," said a spokesman for the group in a statement. "Irrespective of what's technically possible, anything that happens like this on the streets needs to be done carefully, with the backing of an informed public."

London incidentally has more than 50,000 closed-circuit TV cameras recording its residents on a daily basis.

[ Learn more about cloud reliability. Read Microsoft Office 365 Reveals Uptime Figures. ]

In June, Renew London, a media startup that installed 100 Internet-connect trash bins with display screens in the city for the 2012 Summer Olympics, turned 12 of its bomb-proof receptacles into wireless data collectors. The purpose of the experimental units, which ingest trash and expel ads, is to obtain analytics data of interest to local businesses.

The firm's "Renew Pods" track the proximity, speed, duration and manufacturer of passing mobile devices using their MAC addresses. Renew touts the data as a tool for corporate clients and retailers that can associate the past behavior of unique devices -- "entry/exit points, dwell times, places of work, places of interest and affinity to other devices" -- with predictive analytics about "likely places to eat, drink [and] personal habits," among other things.

This data is supposed to be anonymous, though numerous studies have demonstrated that anonymous data can often be used to identify individuals. The U.S. National Institute of Standards and Technology said in 2010 that MAC addresses may be considered personally identifiable information.

Renew CEO Kaveh Memari, who previously described the technology as a way to "cookie the street," dismissed concerns about the technology in a statement released on the company blog.

"[T]he process is very much like a website," Memari explained. "[Y]ou can tell how many hits you have had and how many repeat visitors, but we cannot tell who, or anything personal about any of the visitors on the website. So we couldn't tell, for example, whether we had seen devices or not as we never gathered any personal details."

Memari insists the pilot project is simply "a glorified counter on the street" and promises to consult with privacy groups like the Electronic Frontier Foundation as the technology is refined. Given recent revelations about the extent of data gathering by the National Security Agency around the globe, however, Renew may have a hard time overcoming public skepticism about the need for more tracking technology.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
8/14/2013 | 9:48:00 PM
re: Spying Trash Cans Banned
I agree. I can opt to allow cookies to track my presence on a website for access to free content. But the option is lacking here.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
8/13/2013 | 10:43:22 PM
re: Spying Trash Cans Banned
I'd have no trouble with this if it were opt-in.
Michael Endler
50%
50%
Michael Endler,
User Rank: Apprentice
8/13/2013 | 9:43:58 PM
re: Spying Trash Cans Banned
If using MAC addresses in this fashion isn't copacetic, then let's see...

What if the trash can tracked passersby using an image sensor? CCTVs are basically already everywhere in London, and the right to photograph public places is very clear in the U.S. (though the right to do so at infinite scale might not be). As Lorna said, cameras are already watching everything you do-- especially if you live somewhere like London.

Image sensors that can recognize people and contribute to analytics are getting more and more sophisticated. I've heard about sensors that specifically counts people as they pass, records how long they linger in one place, and so forth. Same aim as this project, but a different method.

I'm curious-- would people think their civil liberties are being violated if image sensors perform this sort of surveillance/ analytics gathering? Or would many people find it just as objectionable as the MAC method?
ChrisMurphy
50%
50%
ChrisMurphy,
User Rank: Apprentice
8/13/2013 | 9:18:11 PM
re: Spying Trash Cans Banned
I don't think it's irrational to resist this. What do we get in return for the trash can tracking our movement? We accept surveillance cameras to keep crime and costs down. At a website we accept registration/cookies in exchange for free content. I don't have that kind of relationship with my neighborhood trash cans.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
8/13/2013 | 7:26:56 PM
re: Spying Trash Cans Banned
This is simply proof that people are irrational. They have cameras watching their every move!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7402
Published: 2014-12-17
Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.

CVE-2014-5437
Published: 2014-12-17
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php,...

CVE-2014-5438
Published: 2014-12-17
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php.

CVE-2014-7170
Published: 2014-12-17
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

CVE-2014-7285
Published: 2014-12-17
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.