Ratings volunteers to be spied on by mobiles
Blowers to rat out guineapigs 24-7
You know how you can volunteer to be a TV ratings guinea pig? And then they - Nielsen or whoever - attach kit to your telly so that they can tell everything you and all your thousands of fellow guineapigs watch, and so the ratings get compiled.
Well, that system is flawed. It can't measure the telly you watch at the pub, the radio you hear at work etc etc. It doesn't usually know if you're actually there; the box could be blaring away to an empty room. It is often confused by PVRs or other timeshifting tech.
Now, however, a Californian company called IMMI (Integrated Media Measurement Inc.) has decided to change all that. Most people are now aware that mobile phones can be used to locate their users; and the reasonably well-informed are aware that they can also be used as remote bugging devices, even when apparently switched off. (Some people have a struggle believing this; but it's not exactly aliens-at-Roswell stuff. This is a small computer with a microphone and a data radio. Who says the display has to light up for it to be working? Seriously: your phone can be used as a bug, though the necessary skills aren't common outside government agencies. Yet.)
When you become an IMMI ratings person, the company gives you a mobile phone with special software in it. Every thirty seconds or so, the phone - without intervention from you - records a ten-second audio clip. Sending that off to IMMI via GPRS, EDGE, UMTS or whatever would be a tad expensive - not to mention having fearful privacy implications - so the phone processor boils the clip down to a 1.5kB "fingerprint." Every quarter-hour or so the phone datalinks to the IMMI servers and sends off all the fingerprints, time-slugged.
Meanwhile, the IMMI servers are doing this with all the broadcast media the company is interested in. When your fingerprints come in, they are compared with the server data, and matches are recorded. The servers can look back a couple of weeks into the past, too, so TiVo or whatever isn't an issue.
Voila! IMMI knows what you watch and listen to, while saving bandwidth and dumping what it considers "noise" - your conversations and so on. Or so they say, anyway.
Amanda Welsh, IMMI's COO, was keen to emphasise that their phones are not bugs as such. She told MIT Tech Review:
"If you're carrying our phone and you're planning a bank robbery while listening to a radio, all we know is what radio station you're listening to."
IMMI is adamant that the "fingerprints" can't be turned back into useful audio.
Similarly, though the company admits it would like to use GPS or mobile-network location tech to know where its guineapigs are when they hear things, it currently doesn't. Rather, you plug in a Bluetooth beacon in your home, and the phone knows if you're in or out; but, for now, that's all.
"Although he would like to use GPS, [IMMI CTO] Al Alcorn says that it's currently cost prohibitive to buy this information from the cell-phone companies, which control it," according to Tech Review.
Presumably what's meant by this is that IMMI can't afford mobile-mast location data; obviously cell networks have diddly to do with GPS satnav as such. Handsets with actual GPS receivers - which could send the location data to IMMI - are still rather expensive at the moment; often need cell-tower data to help them out; and they don't like it inside buildings, either.
A cell phone is well adapted to IMMI's needs anyway. On top of that, the company reckon the fact that it's useful to the guineapig will mean it stays within reach.
"The question is, 'If you forgot to take [the tracking device] with you when you went to work, would you go back and get it?'" according to Alcorn.
"If it was your cell phone, you would. If it was just a passive brick that didn't do anything [else], you wouldn't."
Clever stuff. But there still seem to be some gaps. Phones get left around the house, not necessarily within earshot (mike-shot?) of what their users are listening to.
And several possibilities for abuse spring to mind. If this audio fingerprinting is as good and reliable as its cracked up to be, it surely wouldn't be hard to make up some unique, task-specific fingerprints and so monitor an IMMI subject using the company data.
For instance, you could perhaps fingerprint the automated announcements on the London Underground trains, and thus know wherever your target went on the Tube. Or you might record a person of interest saying a commonly-used phrase such as "Hello darling," and thus, perhaps, be tipped off whenever someone met up with their illicit lover.
And so on. If one weary Vulture can think of that much in five minutes on a Monday morning, it seems fair to say that the thing's riddled with loopholes. Still, you can't expect to be a guineapig and not suffer some horrible invasive experiments.
The Tech Review piece is here.®
Sponsored: Global DDoS threat landscape report