Vinton Cerf, the co-inventor of the Internet, recently stated that: “Privacy may be an anomaly.” He was referring to the situation in small town America decades ago when, even though we thought that our lives were private, neighbors knew what we were doing and the local postmaster was aware of everyone who was sending and receiving mail. He suggested that the power to maintain privacy in a technology-oriented society will be increasingly difficult to sustain.
In our highly connected world where a vast majority of the population has a smartphone, and perhaps multiple other mobile devices, uses a computer, drives a car or voluntarily reveals the most intimate details of life through one or more social networks, any ability to be completely private about daily activities becomes untenable.
Virtually every time we connect to the Internet we produce data that are being recorded and tracked. These data are typically being collected and analyzed by mercantile organizations in order to target advertising to the individual consumer. The over one million mobile applications being used on smartphones provide a huge source of information about consumer habits and many of these applications have full access to all of the data contained on our phones, including email lists, telephone numbers, messages that we have sent and GPS coordinates that track where we have been over time.
Cellphones themselves are becoming increasingly more capable in their ability to monitor our activities. The new iPhone 5S uses a new chip called the A7 along with the M7 coprocessor that can constantly and automatically track location using an internal gyroscope, compass and accelerometer, all while using virtually no battery power. The Apple website states that “M7 knows when you’re walking, running, or even driving.” Activity details can be collected in the background and stored for extended periods.
Companies like Katana Forensics and Cellebrite can extract information from any smartphone in a matter of minutes and perform a detailed analysis of every aspect of its contents even if the phone has a password or is swipe-enabled protected. This analysis can quickly discover text messages (including ones that have been deleted), Facebook contacts, websites visited, location pings, emails, photos with geo-location data attached, and Wi-Fi connection history. These data can all be combined into a time line for a specific date. Analytic solutions developed by both companies are widely used by law enforcement.
Tracking to determine a general physical location is not performed by a single technique. It consists of a number of different methods that can be merged to determine a precise geographic fix. One of these is the Global Positioning System (GPS) which consists of orbiting satellites that are detected by a GPS receiver in a cell phone or other mobile device. In order to work properly the receiver must have a clear line of sight to four or more satellites. This means that it is best for determining positions outdoors. With a proper signal, civilian GPS systems can provide a location with an accuracy of about 10 to 20 feet. The federal government has developed augmentation systems that, combined with GPS, can boost accuracy significantly and permits real-time positioning to within a few centimeters.
Another modality uses Radio Frequency Identification (RFID) tags to determine location. Some tags are passive, meaning they do not incorporate power sources. These are relatively low range, on the order of 20 feet, and depend on the tag reader for their energy. Active tags have batteries to power their circuits (such as the EZ-Pass used to collect tolls) and can broadcast for several hundred feet. All EZ-Pass transactions are recorded making it relatively simple to obtain a history of where the tag (and presumably the car to which it is attached) has traveled via toll roads over an extended period of time. If more detailed information is needed there are readily available GPS tracking devices that can be attached to a vehicle to provide real time location information.
Cellphones can be located by determining their position in relation to cell phone towers which intercept the phone’s signal although this method is less precise than that using GPS. Wireless Local Area Networks (WLAN) can connect with a phone using radio waves over a relatively short distance and can be used indoors even when a cell phone signal is unavailable.
The desire to track devices, and thereby individuals, indoors has gained prominence because of a concept known as Place-Based or Location-Based Marketing. This is a form of advertising that combines mobile advertising and location identification. It provides consumers with specific advertising based on their proximity to a store and their known buying habits. For example, an individual who is known to be a runner might see an advertisement for a discount on new running shoes on their cellphone when they approach a shoe store, if they have opted into receiving such advertisements. Research has already shown that consumers will readily share certain types of information, such as their current location, in return for a tangible benefit, like a discount. However, it has also been shown that, by a wide margin, people are very reticent to share information about where they have been in the past.
Tracking customers while they are shopping will likely become the norm in the future. This capability has already been implemented online for years. We have all experienced ads that show up on our computer screens based on websites that we have visited. That traditional brick-and-mortar stores might wish to emulate this capacity is not surprising. Companies with mobile location analytic systems like ShopperTrak, Retail Next, Nomi and Prism Skylabs all offer solutions that can determine how many customers are drawn into the store, whether checkout lines are being managed effectively and even show the demographic characteristics of the shopper. It is possible not only for the analysis software to link to existing store cameras to identify the gender of the shopper and how long they browse at a specific location in the store, but also determine the distance from the display in the store that will trigger offers to be sent to the consumer’s phone.
Not surprisingly, there has been a reaction against what some consider to be an invasion of privacy. As a consequence, the Future of Privacy Forum has created a website where consumers can opt out of having their mobile devices tracked while in commercial locations. While this may address some cellphone tracking it does nothing to ameliorate tracking by other means such as video cameras or from tracking technology that may be unique to telecom providers. Verizon, for example, has established a Precision Marketing Insights Division that determines the location of their own cellphones based on proximity to cell phone towers. This information can be used to determine how many audience members using a Verizon cellphone at a sporting venue visited a specific restaurant following the game with the goal of determining what advertisements will be shown at the next event. Verizon has stated that all tracking data are “hashed” or anonymized before being provided to their clients.
But cellphones are only the tip of the iceberg when it comes to tracking. The New York Times reported that newly installed LED (light emitting diode) lighting fixtures in the Newark Liberty International Airport contain sensors and video cameras that can identify license plates and recognize suspicious activity. The port authority will own and maintain the data and has stated that, for the present at least, those data will not be shared with other agencies, including law enforcement, without a warrant.
Tracking license plates of course is not limited to the port authority. Local, state and federal law enforcement agencies have for years been using automated license plate scanners that are mounted on telephone poles, traffic signals and police cars. The ostensible purpose of these scanners is the ability to detect vehicles that have been stolen or those with outstanding traffic violations. But concomitant with that capability is the ability to build vast networked databases that could track cars wherever they go in the nation. The Department of Homeland Security (DHS) began to solicit bids for such a system that would be directed toward apprehending fugitive aliens until public outcry tabled the effort.
Another application that the DHS has tested is called the Biometric Optical Surveillance System which will utilize either video cameras to scan public venues for facial images or obtain these images from other sources. The goal would be to identify individuals via facial recognition by cross referencing established databases such as driver’s licenses or mug shots. Clearly, this technology would be beneficial for valid law enforcement purposes, although it has not yet proven to be sensitive or accurate enough to be deployed. Advocates for this technology state that no one has a reasonable expectation of privacy in public, but those who take issue with the technology would argue that everyone should not be subject to having all of their movements tracked without probable cause.
Nonetheless, federal and state agencies, as well as private corporations have already implemented facial recognition systems for their own purposes. In 2002 the U.S. Department of State established a facial recognition system for visa applicants and in 2012 the Federal Bureau of Investigation began to collect facial recognition photographs of all suspects arrested and booked. Ohio’s facial recognition system was designed to identify suspects by matching images from security cameras, photographs from the Ohio driver’s license database or police mug shots. The NEC Corporation is deploying a VIP identification application designed to identify important visitors in hotels or businesses so that they can be provided with preferential service. FaceFirst uses facial recognition to help businesses identify shoplifters and send appropriate warning messages to security staff. Many of these recognition systems are completely unregulated and without usage guidelines. However, the National Telecommunications and Information Administration, part of the U.S. Department of Commerce, began in February 2014 to convene a series of meetings "to develop a voluntary, enforceable code of conduct that specifies how the Consumer Privacy Bill of Rights applies to facial recognition technology in the commercial context."
But is it so bad that we can be tracked so precisely? There can be advantages to having accurate location data. Criminals and terrorists might be able to be identified more quickly. Consumers might be able to obtain beneficial rewards and obtain personalized service in businesses. But the potential for abuse is always present.
Given the public’s current propensity for carrying cellphones and other mobile devices, combined with the desire of merchants to increase their profitability and the legitimate needs of law enforcement in today’s security climate, it seems unlikely that the ability to be tracked will diminish. Rather, it is inevitable to be even more prevalent. But we need to be aware of the tradeoffs inherent in this technology and insist on safeguards to limit access to tracking data and insist on as much transparency and in the process as possible.
About the Author: Dr. Steven Hausman is President of Hausman Technology Keynotes (www.HausmanTech.com). He speaks professionally and conducts briefings on a wide array of topics related to technology, science and security that include nanotechnology, robotics, 3D printing, bionics (artificial limbs and organs) and radio frequency identification (RFID). He can be contacted via his website or his LinkedIn profile at http://www.linkedin.com/in/stevenhausman