Security Market Segment LS
Monday, 28 November 2011 09:54

Your every move will be tracked (updated)


Imagine walking around a shopping centre and having your every move tracked; by software that has latched onto your mobile phone's unique ID.

Well-known privacy researcher Roger Clarke has labelled this technology 'seriously creepy.' Others call it an invasion of privacy.

What is it?  Path Intelligence (from the UK-based company of the same name) is a method of tracking people in any reasonably confined space (a shopping mall is perfect) by their mobile phone.  It appears that the mobile phone doesn't even need to be turned on for this technology to work as there is enough low-level processing happening in a phone even when (supposedly) turned off; it will certainly respond to ID number requests.  Your only option is to pull the battery out.  Which means the only way to avoid being tracked is to remove the battery from your phone; hardly convenient. (Update: Path Intelligence CEO Sharon Biggar has since asserted that the system will not track a phone that's turned off)

According to the Path Intelligence web site a set of aerials is installed throughout the facility which are able to latch on to every mobile phone within range and track its movement with an accuracy of two metres. 

A recent report indicated that the technology has been installed in two US shopping malls and it would appear that an as-yet unidentified Queensland-based mall will have the technology soon.

Despite the fact that the company is emphatically insistent that all privacy is maintained, that only the phones are tracked (not the users), the technology is ripe for abuse. 

Read on for all manner of possible ways this system could be misused in the future with a few simple changes to the storage and reporting of data.

First we have the problem of attribution.  How easy would it be to link this to the building's video surveillance system to identify (at the very least) whether the person is male or female; or whether they are tugging a flock of kids around with them?  With more sophisticated systems, individual people could be identified and followed.  This would especially be true if it could be linked to a credit card in a store - that way, it wouldn't matter how many different cards you used, you'd be tracked all the way.

Although the company claims that it is simply to identify traffic flow, there is nothing to stop them tracking people across multiple visits to the mall; allowing them to build up a long-term profile of exactly which stores specific people go to.  Or, more importantly, when they go to an unexpected store.

In addition, there's nothing to stop the tracking of store employees for totally different reasons.  It would be very useful to know when the employees of one's competitors are in your store, would it not?  Why are they there?  Are they buying or snooping?

Despite all hopes of privacy, any such collected data is subject to Police 'request.'  They might want to know as much as possible about all people in the vicinity of the jewellery store when it was robbed (for instance).  If you should never have been in the mall at that time (for whatever reason) you're suddenly caught up in the dragnet.

What of consent?  Some of the reports previously linked show images of seemingly hastily posted signs that talk of an "anonymous mobile phone survey" and suggest that if participants have questions, they should contact the management office; no indication that it is possible to opt-out.

According to the Federal Privacy Commissioner Timothy Pilgrim, the Privacy Act would only apply if the information collected was able to identify individuals.  iTWire would argue that tracking the phone ID is tantamount to "identifying individuals" as the phone and the person are seldom apart.

Which brings us to the final problem - that of permission.  It seems rather odd to this writer that a system such as this, which is entirely to the benefit of the shopping centre and its retailers should piggy-back on the functionality of the mobile phone in the pocket or purse of every visitor.  As a phone owner, I have an expensive device in my pocket for which I should be rewarded should someone else attempt to 'borrow' its functionality.  The assumption of access to my phone seems to be entirely backwards.  Even Google seeks permission to use my phone as a source of road traffic data.

The expectation that some third party should be permitted to 'borrow' the use of my phone, and then turn that use against me seems wrong. 

What do the readers think about this?  Path Intelligence has been contacted for response.



You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.



Recent Comments