Risk
8/12/2013
06:27 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Spying Trash Cans Banned

Foot-traffic counting scheme spooks London city managers.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
London officials have demanded that a handful of recycling and waste bins equipped with mobile device tracking technology stop collecting data about the cellphones of pedestrians.

The City of London Corporation, an 800-year-old elected body tasked with making the city attractive to businesses, issued a statement on Monday directing Renew London, a media technology company, to halt its wireless device monitoring project, intended to count foot traffic.

"We have already asked the firm concerned to stop this data collection immediately and we have also taken the issue to the Information Commissioner's Office," said a spokesman for the group in a statement. "Irrespective of what's technically possible, anything that happens like this on the streets needs to be done carefully, with the backing of an informed public."

London incidentally has more than 50,000 closed-circuit TV cameras recording its residents on a daily basis.

[ Learn more about cloud reliability. Read Microsoft Office 365 Reveals Uptime Figures. ]

In June, Renew London, a media startup that installed 100 Internet-connect trash bins with display screens in the city for the 2012 Summer Olympics, turned 12 of its bomb-proof receptacles into wireless data collectors. The purpose of the experimental units, which ingest trash and expel ads, is to obtain analytics data of interest to local businesses.

The firm's "Renew Pods" track the proximity, speed, duration and manufacturer of passing mobile devices using their MAC addresses. Renew touts the data as a tool for corporate clients and retailers that can associate the past behavior of unique devices -- "entry/exit points, dwell times, places of work, places of interest and affinity to other devices" -- with predictive analytics about "likely places to eat, drink [and] personal habits," among other things.

This data is supposed to be anonymous, though numerous studies have demonstrated that anonymous data can often be used to identify individuals. The U.S. National Institute of Standards and Technology said in 2010 that MAC addresses may be considered personally identifiable information.

Renew CEO Kaveh Memari, who previously described the technology as a way to "cookie the street," dismissed concerns about the technology in a statement released on the company blog.

"[T]he process is very much like a website," Memari explained. "[Y]ou can tell how many hits you have had and how many repeat visitors, but we cannot tell who, or anything personal about any of the visitors on the website. So we couldn't tell, for example, whether we had seen devices or not as we never gathered any personal details."

Memari insists the pilot project is simply "a glorified counter on the street" and promises to consult with privacy groups like the Electronic Frontier Foundation as the technology is refined. Given recent revelations about the extent of data gathering by the National Security Agency around the globe, however, Renew may have a hard time overcoming public skepticism about the need for more tracking technology.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
8/14/2013 | 9:48:00 PM
re: Spying Trash Cans Banned
I agree. I can opt to allow cookies to track my presence on a website for access to free content. But the option is lacking here.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
8/13/2013 | 10:43:22 PM
re: Spying Trash Cans Banned
I'd have no trouble with this if it were opt-in.
Michael Endler
50%
50%
Michael Endler,
User Rank: Apprentice
8/13/2013 | 9:43:58 PM
re: Spying Trash Cans Banned
If using MAC addresses in this fashion isn't copacetic, then let's see...

What if the trash can tracked passersby using an image sensor? CCTVs are basically already everywhere in London, and the right to photograph public places is very clear in the U.S. (though the right to do so at infinite scale might not be). As Lorna said, cameras are already watching everything you do-- especially if you live somewhere like London.

Image sensors that can recognize people and contribute to analytics are getting more and more sophisticated. I've heard about sensors that specifically counts people as they pass, records how long they linger in one place, and so forth. Same aim as this project, but a different method.

I'm curious-- would people think their civil liberties are being violated if image sensors perform this sort of surveillance/ analytics gathering? Or would many people find it just as objectionable as the MAC method?
ChrisMurphy
50%
50%
ChrisMurphy,
User Rank: Apprentice
8/13/2013 | 9:18:11 PM
re: Spying Trash Cans Banned
I don't think it's irrational to resist this. What do we get in return for the trash can tracking our movement? We accept surveillance cameras to keep crime and costs down. At a website we accept registration/cookies in exchange for free content. I don't have that kind of relationship with my neighborhood trash cans.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
8/13/2013 | 7:26:56 PM
re: Spying Trash Cans Banned
This is simply proof that people are irrational. They have cameras watching their every move!
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8243
Published: 2014-11-01
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote a...

CVE-2014-8244
Published: 2014-11-01
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote a...

CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.