Shared publicly  - 
Saw this today in a new shopping precinct near Victoria Station in London.

"Mobile phone technology in use to monitor visitor levels at this scheme. No personal data is captured"

It's a new one on me in the UK.

Anybody know the details of what's happening here?
John Wilson's profile photoJames Firth's profile photoTiemen Meerman's profile photorikhard fsoss's profile photo
It's a common technique in IoT projects (e.g. detecting congestion). I occasionally review proposals for EU funding for IoT research projects and it crops up a lot. As far as I remember they use tower data.

They don't have access to the towers so they must have a set of local receivers. This means they will be getting very fine grained location data. The bulk of the traffic will be encrypted, of course, and they won't be trying to break that. I don't know what data, if any, is available in clear. Looks like I need to do some research!
My acronym finder is broken, what's IoT?
+Jason Noiles Sorry. IoT is the Internet of Things. When more and more everyday objects (mobile phones, domestic power meters, buses, etc) become connected to the Internet new possibilities (and dangers) emerge
A UKCrypto member says that Bluewater might be doing this too. The theory is that they capture the TIMSI (which is the temporary phone id negotiated with the tower). If this is so then the statement about not capturing personal data is true only up to a point. No doubt the tower has a timestamped log of the TIMSI allocations and can map that back to the IMISI and the telephone number. So anybody having access to both logs has access to fine grained location data which is associated with an individual's mobile phone.
Interesting. Not that impressed with the contact info, either - are we supposed to send a postcard?
Actually the contact info is wrong :) It's 5 Strand not 5 Stand.
Thanks to @antonyslumbers on Twitter seem to be the people supplying the technology. Now I recall seeing some of their very impressive demos before.

Their explanation on their web site seems to confirm that they capture the TIMSI and are able to plot an individuals through the precinct with quite a high degree of precision.

This raises a couple of questions:

1/ Is the TIMSI actually personal information, given that it is, at least in principle, combined with information logged elsewhere to give the telephone number?

2/ Is this interception as defined under RIPA?

I don't know the answer to either but I'll try to find out.
Ah, very interesting. Doesn't RIPA exclude communications that don't actually carry the message itself, so call set-up, DNS look-ups and routing information isn't protected? It's been a while since I looked at that, so I could be conflating that with other, similar distinctions.
I'm not a big fan of being monitored for any reason but I guess if I was on the other end of this trying to figure out how my shopping centre was working, I'd be interested if it worked. The concern is always how the technology will be pushed and expanded in the future. Who are new customers and who are returning customers? Can you tie it in with sales? Can you identify shoplifters or trouble-makers?
Well, the privacy statement is here - - including

"In developing FootPath™ we have ensured that you cannot, at any time, be personally identified as a result of your travel through premises in which FootPath™ operates.

FootPath™ detects only a regularly changing, random number which contains no personal information. As we do not access this information in real time, or divulge this information to any third parties, it is not practicably possible for you to be identified by the operation of FootPath™.

We have consulted with various privacy groups and the Office of the Information Commissioner to ensure that our operating procedures protect your privacy. In particular we ensure that your privacy is protected by the following means:

Security - our detector units are secure and are accessible only by our highly trained personnel. Staff at shopping centres do not have access to our detector units. This ensures that information detected by our units cannot be combined with other information from other systems that may allow you to be identified (for example, a CCTV camera in a shopping centre).

Aggregation - Aggregated data is collected from our detector units and sent off to our offices the evening following the day in which the data was collected. Accordingly, it is not possible to match your individual movements with the aggregated data collected by the detector units. By way of example, we may inform a client that 500 people that visited John Lewis also went on to visit Marks and Spencer on a particular day.

Anonymised data - The analysis of the path information obtained by FootPath™ is provided to each client in anonymised, aggregated form only. It is therefore impossible for a client to identify you by linking the contents of our analysis with, for example, images from their CCTV system.
Commitment to privacy - as a voluntary 'fail-safe' mechanism, we have also agreed, as a company, not to access any information that would allow us, or a third party to link any path information with any other data or information that would allow you to be identified"
Which certainly leaves a lot of open questions...
+Rupert Goodwins I asked them which "privacy groups" they consulted. They said they "touched base" with the EFF and Liberty International. I've no idea who Liberty International are, perhaps they mean Privacy International I'll check.
I'm beginning to crystallise my concerns here.I don't think I have a problem with Path Intelligence per se. They seem a small entrepreneurial company who have thought through at least some of the privacy implications of their technology and have, it appears, made reasonable attempts to anonymise the data they provide to their clients.

The problem I have is that it appears to be perfectly legal to collect this data and that it is not considered to be personal data under the DPA. It therefor follows that any use of such data is unregulated. Despite Path Intelligence's claims to the contrary, turning this raw data into fine grained location data isn't rocket science. It's therefor perfectly possible that people with fewer scruples that Path Intelligence will find other used for this technology. That's my worry.
Update: they consulted Liberty - a rather strange choice to my mind.
I think this comes down to principles of Privacy by Design; basically, is it feasible to integrate a path (precise time stamp and location) with other data sources (such as car park gate entry with ANPR, CCTV, facial recognition, etc). It's a tough call because nearly all modern technology has the capacity for harm - as well as good. I'm through with opposing for opposition's sake, but still want to do something to ensure ethical use of data gets rewarded by consumers. I've had a chat with the fledgling board of Open Digital about this and will be posting something next week. Interestingly such technology might fall foul of one or two laws even if it represents minimal harm compared to other technology and data retention.
I'd be happy enough if this data was just covered by the DPA. When face/body recognition gets a bit better (and maybe it's good enough now) you'll be able to do this with CCTV.

To use a relational database analogy:

If you have one row with personal data and another with non personal data and you can do a join then effectively the second row has personal data in it.

This needs to be recognised by the DPA in some way.
That's a very good point - the path data falls into the category of potentially personally identifiable data. Just like CCTV footage (without facial recognition) and IP addresses. The DPA might be updated to recognise the risks associated if such data is ever linked with other sources...
Add a comment...