Risk
8/12/2013
06:27 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Spying Trash Cans Banned

Foot-traffic counting scheme spooks London city managers.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
London officials have demanded that a handful of recycling and waste bins equipped with mobile device tracking technology stop collecting data about the cellphones of pedestrians.

The City of London Corporation, an 800-year-old elected body tasked with making the city attractive to businesses, issued a statement on Monday directing Renew London, a media technology company, to halt its wireless device monitoring project, intended to count foot traffic.

"We have already asked the firm concerned to stop this data collection immediately and we have also taken the issue to the Information Commissioner's Office," said a spokesman for the group in a statement. "Irrespective of what's technically possible, anything that happens like this on the streets needs to be done carefully, with the backing of an informed public."

London incidentally has more than 50,000 closed-circuit TV cameras recording its residents on a daily basis.

[ Learn more about cloud reliability. Read Microsoft Office 365 Reveals Uptime Figures. ]

In June, Renew London, a media startup that installed 100 Internet-connect trash bins with display screens in the city for the 2012 Summer Olympics, turned 12 of its bomb-proof receptacles into wireless data collectors. The purpose of the experimental units, which ingest trash and expel ads, is to obtain analytics data of interest to local businesses.

The firm's "Renew Pods" track the proximity, speed, duration and manufacturer of passing mobile devices using their MAC addresses. Renew touts the data as a tool for corporate clients and retailers that can associate the past behavior of unique devices -- "entry/exit points, dwell times, places of work, places of interest and affinity to other devices" -- with predictive analytics about "likely places to eat, drink [and] personal habits," among other things.

This data is supposed to be anonymous, though numerous studies have demonstrated that anonymous data can often be used to identify individuals. The U.S. National Institute of Standards and Technology said in 2010 that MAC addresses may be considered personally identifiable information.

Renew CEO Kaveh Memari, who previously described the technology as a way to "cookie the street," dismissed concerns about the technology in a statement released on the company blog.

"[T]he process is very much like a website," Memari explained. "[Y]ou can tell how many hits you have had and how many repeat visitors, but we cannot tell who, or anything personal about any of the visitors on the website. So we couldn't tell, for example, whether we had seen devices or not as we never gathered any personal details."

Memari insists the pilot project is simply "a glorified counter on the street" and promises to consult with privacy groups like the Electronic Frontier Foundation as the technology is refined. Given recent revelations about the extent of data gathering by the National Security Agency around the globe, however, Renew may have a hard time overcoming public skepticism about the need for more tracking technology.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
8/14/2013 | 9:48:00 PM
re: Spying Trash Cans Banned
I agree. I can opt to allow cookies to track my presence on a website for access to free content. But the option is lacking here.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
8/13/2013 | 10:43:22 PM
re: Spying Trash Cans Banned
I'd have no trouble with this if it were opt-in.
Michael Endler
50%
50%
Michael Endler,
User Rank: Apprentice
8/13/2013 | 9:43:58 PM
re: Spying Trash Cans Banned
If using MAC addresses in this fashion isn't copacetic, then let's see...

What if the trash can tracked passersby using an image sensor? CCTVs are basically already everywhere in London, and the right to photograph public places is very clear in the U.S. (though the right to do so at infinite scale might not be). As Lorna said, cameras are already watching everything you do-- especially if you live somewhere like London.

Image sensors that can recognize people and contribute to analytics are getting more and more sophisticated. I've heard about sensors that specifically counts people as they pass, records how long they linger in one place, and so forth. Same aim as this project, but a different method.

I'm curious-- would people think their civil liberties are being violated if image sensors perform this sort of surveillance/ analytics gathering? Or would many people find it just as objectionable as the MAC method?
ChrisMurphy
50%
50%
ChrisMurphy,
User Rank: Apprentice
8/13/2013 | 9:18:11 PM
re: Spying Trash Cans Banned
I don't think it's irrational to resist this. What do we get in return for the trash can tracking our movement? We accept surveillance cameras to keep crime and costs down. At a website we accept registration/cookies in exchange for free content. I don't have that kind of relationship with my neighborhood trash cans.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
8/13/2013 | 7:26:56 PM
re: Spying Trash Cans Banned
This is simply proof that people are irrational. They have cameras watching their every move!
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3587
Published: 2014-08-22
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists bec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.