U.S. senator demands suspension of phone-tracking system

After a shopping binge at Macy’s, is a mallgoer more likely to refuel at Cinnabon or Cold Stone Creamery — or both? If the latter, will said customer then head to Brookstone to recover in a massaging chair, or will he make a beeline to the mall’s first aid station? Malls and retailers had hoped to start gleaning information about shoppers’ movement by discretely tracking them through their mobile devices — but their plans are now on hold after a U.S. senator raised privacy concerns about the practice.

The value of this technology is evident: Retailers can use that data to better understand shopping patterns, which in theory means they can make improvements based on their finding to enhance the customer experience while boosting sales. Inevitably, though, it raises the question as to whether this type of system represents an invasion of privacy or a potential security risk for mobile device users. U.S. Senator Charles E. Schumer raised the privacy flag Monday after reports emerged last week about malls and retailers rolling out a tracking system from Path Intelligence, based in the United Kingdom.

Two malls — Promenade Temecula in southern California and Short Pump Town Center in Richmond, Va. — had announced plans to test Path Intelligence’s FootPath Technology system through the end of the year, whereas Home Depot and JC Penney were reportedly considering the system as well. According to The Register, the mall owners suspended deployment of FootPath after receiving letters from Schumer over the weekend.

Schumer’s specific concern stemmed from the notion of third parties discreetly using shoppers’ own personal cellphones to track their movements without permission, and the New York senator went so far as to call on the Federal Trade Commission to explore how the technology fits into regulatory controls dealing with consumer privacy. Whether Schumer’s specific concerns about PI’s FootPath are warranted or overblown is debatable, but the emergence of this type of technology deserves closer scrutiny, and privacy advocates will no doubt watch closely to see where it all leads.

Mobile device tracking 101

First, a primer on Path Intelligence’s FootPath technology: Deploying the system entails installing monitoring units around the properties. These monitoring systems, according to Path Intelligence, detect randomly generated, frequently changing signals from users’ phones, specifically the TMSI, or Temporary Mobile Subscriber Identifier. The system then combines that information with a proprietary mathematical algorithm to determine a user’s path.

For the system to function, customers must have their cellphones powered on — and there is no way for users to know when or if their devices are being tracked unless they are informed by an outside source, such as a sign hanging in the mall. Schumer cited that fact as a point concern about the FootPath system: “To add insult to injury, this company says the only way to opt-out is to turn off your phone. But shoppers shouldn’t have to turn off their phones just to protect their privacy, and asking parents or children to turn off their phones when they rely on them to stay connected is simply unacceptable,” he said in a statement issued Monday by his office.

Path Intelligence stresses that it does not capture any personal information about an individual user: “Our detector units do not allow us to obtain your telephone number, to listen to any of your calls, read any SMS messages read or sent by you, or to log details of any calls or SMS messages made or received by you. Neither does any of the information received allow us to identify you or any group of individuals.”

The monitoring units also do not capture and store mobile device’s unique identification numbers, according to Point Intelligence. “The unique ID numbers that we collect from the phones are not stored anywhere. We change (hash) them as we receive them and only store the changed number in our database, so at no time would it be possible for someone to look at our data and match it with any other data source,” Point Intelligence representative Sharon Biggar told InfoWorld via email.

The PI rep clarified that the hashed ID is a completely random string, unlike the password hashes hackers swipe for pass-the-hash attacks. “The ID will not be the same the next time they enter the store. So it is not possible for us to use cellular signals to understand that the same shopper has re-entered the store,” Biggar wrote.

That fact may come as a relief to privacy buffs, as unique phone IDs are of value to cyber criminals. If hackers get their hands on them, they can correlate the data with other user-specific info they’ve acquired, such as location, carrier, shopping and spending habits; mobile payment information; and more. In other words, a phone’s identifier can be transformed into a personal identifier in the way a PC never could.

Biggar did note that PI’s system does detect Bluetooth and Wi-Fi signals if a user has them enabled or set to discoverable on his or her device. “As these IDs do not change, it is possible for us to identify a repeat visitor from these signals, but this is a smaller sample of shoppers — and there are many providers offering Bluetooth/Wi-Fi detection,” she said.

The monitoring systems transfer the user movement data they collect to a Path Intelligence data center. There, the data is audited and analyzed in real time, and retailers can automatically view reports via the company’s secure Web-based reporting system. Reports provide information about the flow of shoppers through the malls, detail information such as the number of footfalls per store; the amount of time people spend in a given store; sales turnover by retailer as well as general business category (cafes, fashion/jewelry/giftware, services); and how many shoppers who, for example, visited the Gap also visited Nordstrom on a given day.

Stepping down a slippery slope From a retailer perspective, there’s plenty to like about this sort of system: It gives businesses a way to effectively, discretely, and inexpensively track the individuals movements of hundreds customers from the moment they enter a mall or a store to the moment they leave. Thanks to the cloud, they can quickly access reports about shopper behavior and make adjustments to store layout to boost sales and better service shoppers.

The technology may look less rosy to the public, though, as evidenced by Schumer’s response to the news about the technology being deployed. Being told (directly or otherwise) “if you are going to keep your personal mobile device on, we are going to track your every movement in our store. But don’t worry; we’re not going to misuse that info” might not sit well with some users — especially those who have opted to entrust their data with other businesses, such as financial institutions, only to see it stolen by hackers or sold to third parties. Retailers, businesses, and Point Intelligence can swear up and down that the technology is fully secure and that user data remains private and protected, but ultimately, a user has no real way of knowing that for certain.

Further, this technology reveals just what is possible in this age of mobile computing. The mall owners had planned to post signs to alert customers about the system, and Point Intelligence offers some level of transparency and detail as to how it protects user information. But it’s entirely possible that other organizations, whether corporate, governmental, or criminal, wouldn’t be as forthcoming as they used less-secure mobile-device-tracking technology to slurp up data from people’s devices for any number of purposes.

InfoWorld Security Adviser Roger A. Grimes alluded to the potential security and privacy risks of this type of technology, particularly in the context of systems being capable of grabbing the unique identifiers from users’ devices. “If you have a unique identifier of any time, and people are able to track it at different locations and sites, it can become a privacy issue,” he said. “History has shown that vendors telling us not to worry about the this type of thing have ‘somehow’ been able to convert the unique identifier into a real identity later on, often because a person visits a location that doesn’t have a strong security policy. That second site can collect the real identity information, then sell it to other people who just collect the unique identifier.”

This story was updated on Nov. 28, 2011.

This story, “U.S. senator demands suspension of phone-tracking system,” was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.