Feeds

Malls suspend plan to track shoppers' cellphones

Privacy concerns rain on retailer's snoop fest

Internet Security Threat Report 2014

Two shopping malls have dropped plans to track shopper's movements after a US senator voiced privacy concerns about the practice, which involves monitoring individuals' cellphone signals.

The Footpath tracking system will no longer be used at the Promenade Temecula mall in southern California or the Short Pump Town Center mall in Virginia. An article published last week on CNN.com said both malls planned to deploy the system beginning the day after Thanksgiving, which is typically the busiest shopping day of the year.

The product of UK-based Path Intelligence, Footpath uses antennas to detect the TMSI, or Temporary Mobile Subscriber Identifier, of each cellphone in the vicinity to anonymously track shoppers as they move from store to store. The TMSIs, which are short-term numbers issued to a mobile device when it enters a cell tower's coverage area, are put through a one-way hash function to prevent them from being intercepted, and all data collected is encrypted and anonymized. The only way for users to stop the tracking is to turn their devices off.

The owner of both malls suspended the plans after receiving a letter over the weekend from US Senator Charles Schumer of New York. In a statement published on his website, he warned that the tracking service might be abused. He also called on the Federal Trade Commission to investigate if Footpath violates privacy laws.

“Personal cell phones are just that – personal,” Schumer wrote. “If retailers want to tap into your phone to see what your shopping patterns are, they can ask you for your permission to do so. It shouldn’t be up to the consumer to turn their cell phone off when they walk into the mall to ensure they aren’t being virtually tailed.”

A spokesman for Forest City, which owns and operates the malls, said the company is suspending the project until it offers shoppers a way to opt out of the tracking that doesn't require cellphones to be turned off.

For her part, the CEO of Path Intelligence defended Footpath as a system that allowed brick-and-mortar retailers to track customers in much the way e-commerce websites have been doing for years.

“Online retailers do not require you to 'opt-in' to being tracked,” Sharon Biggar told a reporter for The Hill. “Rather they observe/track behavior from the moment a shopper enters an online website. We are simply seeking to create a level playing field for offline retailers, and believe you can do so whilst simultaneously protecting the privacy of shoppers.”

We're guessing Biggar's PR handlers didn't tell her about the do-not-track and Right to be Forgotten directives under consideration in the US and EU respectively. The use of browser cookies to track web visitors, often without their consent, has turned out to be highly controversial, as a huge raft of lawsuits suggests. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.