Wed., 9:23 pm: Stores can see where you go by tracking your phone
WASHINGTON – The Federal Trade Commission held a workshop today on the issue of smartphone tracking in stores, part of a series of privacy seminars looking at emerging technologies and the impact on consumers.
FTC attorney Amanda Koulousias says the commission wants to better understand how companies are using phone-location technology, how robust privacy controls are and whether shoppers are notified in advance.
Here’s how the technology works:
* Your smartphone has a unique identifier code – a MAC address – for Wi-Fi and Bluetooth. It’s a 12-character string of letters and numbers. Think of it like a Social Security or vehicle identification number, but this address is not linked to personal information, like your name, email address or phone number. The numbers and letters link only to a specific phone.
* When your smartphone is turned on, it sends out signals with that MAC address (for media access control) as it searches for Wi-Fi or Bluetooth. Those signals can also be captured by sensors in stores that could tell a department store how often shoppers visit, how long they stay, whether they spend more time in the shoe department, children’s clothing section or sporting goods, or whether they stop for the window display, take a pass and decide to move on.
Companies that provide “mobile location analytics” to retailers, grocery stores, airports, and others say they capture the MAC addresses of shoppers’ phones but then scramble them into different sets of numbers and letters to conceal the original addresses – a process called hashing. This is how they make the data they collect anonymous, they say.
Mall managers could learn which stores are popular and which ones aren’t. A retailer could learn how long the lines are at a certain cash register, how long people have to wait – or whether more people visit on “sale” days at a store.
Privacy advocates, though, argue that the scrambled or “hashed” MAC addresses aren’t completely secure. They can be cracked, says Seth Schoen, senior staff technologist at the Electronic Frontier Foundation.
And that could reveal data that people may not want to share.