06:27 PM
Connect Directly

Spying Trash Cans Banned

Foot-traffic counting scheme spooks London city managers.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
London officials have demanded that a handful of recycling and waste bins equipped with mobile device tracking technology stop collecting data about the cellphones of pedestrians.

The City of London Corporation, an 800-year-old elected body tasked with making the city attractive to businesses, issued a statement on Monday directing Renew London, a media technology company, to halt its wireless device monitoring project, intended to count foot traffic.

"We have already asked the firm concerned to stop this data collection immediately and we have also taken the issue to the Information Commissioner's Office," said a spokesman for the group in a statement. "Irrespective of what's technically possible, anything that happens like this on the streets needs to be done carefully, with the backing of an informed public."

London incidentally has more than 50,000 closed-circuit TV cameras recording its residents on a daily basis.

[ Learn more about cloud reliability. Read Microsoft Office 365 Reveals Uptime Figures. ]

In June, Renew London, a media startup that installed 100 Internet-connect trash bins with display screens in the city for the 2012 Summer Olympics, turned 12 of its bomb-proof receptacles into wireless data collectors. The purpose of the experimental units, which ingest trash and expel ads, is to obtain analytics data of interest to local businesses.

The firm's "Renew Pods" track the proximity, speed, duration and manufacturer of passing mobile devices using their MAC addresses. Renew touts the data as a tool for corporate clients and retailers that can associate the past behavior of unique devices -- "entry/exit points, dwell times, places of work, places of interest and affinity to other devices" -- with predictive analytics about "likely places to eat, drink [and] personal habits," among other things.

This data is supposed to be anonymous, though numerous studies have demonstrated that anonymous data can often be used to identify individuals. The U.S. National Institute of Standards and Technology said in 2010 that MAC addresses may be considered personally identifiable information.

Renew CEO Kaveh Memari, who previously described the technology as a way to "cookie the street," dismissed concerns about the technology in a statement released on the company blog.

"[T]he process is very much like a website," Memari explained. "[Y]ou can tell how many hits you have had and how many repeat visitors, but we cannot tell who, or anything personal about any of the visitors on the website. So we couldn't tell, for example, whether we had seen devices or not as we never gathered any personal details."

Memari insists the pilot project is simply "a glorified counter on the street" and promises to consult with privacy groups like the Electronic Frontier Foundation as the technology is refined. Given recent revelations about the extent of data gathering by the National Security Agency around the globe, however, Renew may have a hard time overcoming public skepticism about the need for more tracking technology.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cara Latham
Cara Latham,
User Rank: Apprentice
8/14/2013 | 9:48:00 PM
re: Spying Trash Cans Banned
I agree. I can opt to allow cookies to track my presence on a website for access to free content. But the option is lacking here.
Thomas Claburn
Thomas Claburn,
User Rank: Ninja
8/13/2013 | 10:43:22 PM
re: Spying Trash Cans Banned
I'd have no trouble with this if it were opt-in.
Michael Endler
Michael Endler,
User Rank: Apprentice
8/13/2013 | 9:43:58 PM
re: Spying Trash Cans Banned
If using MAC addresses in this fashion isn't copacetic, then let's see...

What if the trash can tracked passersby using an image sensor? CCTVs are basically already everywhere in London, and the right to photograph public places is very clear in the U.S. (though the right to do so at infinite scale might not be). As Lorna said, cameras are already watching everything you do-- especially if you live somewhere like London.

Image sensors that can recognize people and contribute to analytics are getting more and more sophisticated. I've heard about sensors that specifically counts people as they pass, records how long they linger in one place, and so forth. Same aim as this project, but a different method.

I'm curious-- would people think their civil liberties are being violated if image sensors perform this sort of surveillance/ analytics gathering? Or would many people find it just as objectionable as the MAC method?
User Rank: Strategist
8/13/2013 | 9:18:11 PM
re: Spying Trash Cans Banned
I don't think it's irrational to resist this. What do we get in return for the trash can tracking our movement? We accept surveillance cameras to keep crime and costs down. At a website we accept registration/cookies in exchange for free content. I don't have that kind of relationship with my neighborhood trash cans.
Lorna Garey
Lorna Garey,
User Rank: Ninja
8/13/2013 | 7:26:56 PM
re: Spying Trash Cans Banned
This is simply proof that people are irrational. They have cameras watching their every move!
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-05
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and d...

Published: 2015-10-05
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and d...

Published: 2015-10-05
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value...

Published: 2015-10-05
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by lev...

Published: 2015-10-05
Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.