The City of London has told a bin company to keep its nose out of people’s business.
The rubbish and recycling bins, from the company Renew, were set up to identify and remember people’s smartphones, and thereby the movements and habits of their owners, as they walked by – kind of like how web pages monitor site traffic.
The online magazine Quartz was the first to report on the tracking technology, which, it says, was installed in a dozen bins around London’s Square Mile.
Set up in the Cheapside area of central London, the bins recorded phones’ media access control (MAC) addresses – unique identification numbers that act like a device’s digital fingerprint.
If you walk around with WiFi enabled on your phone then it will broadcast its MAC address indiscriminately and, unlike an IP address which changes over time or when you switch networks, a MAC address is constant for the lifetime of a device. (OK, they aren’t quite unique and they can be changed but they are reliable enough).
The tracking was designed to enable advertisers to target messages at people whom the bins recognized.
Prior to the 2012 Olympics, Renew installed 100 recycling bins with digital screens around London.
Advertisers were able to buy space on the internet-connected bins, with the city getting 5% of the airtime to display public information.
According to Quartz, it was only recently that Renew rigged the bins with gadgets to sniff passing smartphones.
Quartz’s coverage sparked public alarm, including, according to the BBC, concerns raised by the UK privacy group Big Brother Watch.
"We have already asked the firm concerned to stop this data collection immediately and we have also taken the issue to the Information Commissioner’s Office. Irrespective of what’s technically possible, anything that happens like this on the streets needs to be done carefully, with the backing of an informed public."
Renew chief executive Kaveh Memari said in a statement that this has all been blown out of proportion, that the data being collected in initial trials – since concluded – is anonymized, and that the company is no longer counting devices that pass by:
"During our initial trials, which we are no longer conducting, a limited number of pods had been testing and collecting annonymised and aggregated MAC addresses from the street and sending one report every three minutes concerning total footfall data from the sites.
"A lot of what had been extrapolated is capabilities that could be developed and none of which are workable right now. For now, we no longer continue to count devices and are able to distinguish uniques versus repeats. However, the process is very much like a website, you can tell how many hits you have had and how many repeat visitors, but we cannot tell who, or anything personal about any of the visitors on the website. So we couldn’t tell, for example, whether we had seen devices or not as we never gathered any personal details."
Memari told the BBC that the current technology was just being used to monitor local footfall and that while more capabilities could be developed in the future, the public would be made aware of any changes.
According to the BBC, the collection of anonymous data through MAC addresses is legal in the UK, though it exists in a grey area.
That’s because the UK and the EU have strict laws about mining personal data using cookies – small bits of data sent from a website that can be used to uniquely identify people and then monitor their behaviour across different websites.
Nick Pickles, director of Big Brother Watch, told the BBC that the City of London’s spying-bin shutdown is welcome, but it’s a bit concerning that this “blatant attack on people’s privacy” was allowed in the first place:
"Systems like this highlight how technology has made tracking us much easier, and in the rush to generate data and revenue there is not enough of a deterrent for people to stop and ensure that people are asked to give their consent before any data is collected."
How much of a threat to privacy does sniffing our MAC addresses entail?
In this case Renew says the collected data was anonymized and encrypted, describing the bins as little more than “glorified people counters”.
But the fact is that this was just an initial trial by a marketing firm.
An array of MAC address detectors in a busy town or street could easily be used to harvest useful real world information about an individual and their commuting and shopping habits. Information that marketing companies would love to get their hands on.
Simply knowing where somebody is and how long they spend there might be used to infer where they work, what shops they visit, where they eat lunch and all manner of other useful things that could be used for individually targeted advertising.
In other words, these snooping bins sound like the tip of a privacy iceberg.
I’m glad to hear the City of London is on the case and that the ICO isn’t far behind.
Given the ICO’s track record with, for example, Google’s privacy transgressions, let’s hope we can look forward to the office once again putting a lid on (heh, heh) privacy trespassing.
Image of bin courtesy of Renew.