Path Intelligence – Phorm for shopping centres?

phorm.jpgSpy Blog | Just in case you thought that Phorm was the only threat to your privacy, here is an example of similar “no opt out” snooping technology being installed in the infrastructure of a public space, a shopping centre, which secretly snoops on individuals, without their informed prior consent, in the hope that advertising and sales revenues can be maximised.

There is no way, short of switching off your mobile phone, of opting out or avoiding this snooping scheme.

The Times has a story:

From Times Online May 16, 2008Shops secretly track customers via mobile phone

Signals given off by phones allow shopping centres to monitor how long people stay and which stores they visit

Jonathan Richards, San Francisco

Customers in shopping centres are having their every move tracked by a new type of surveillance that listens in on the whisperings of their mobile phones.

The technology can tell when people enter a shopping centre, what stores they visit, how long they remain there, and what route they take as they walked around.

All the same issues about the lack of informed, prior consent of members of the public who have been, or are now being snooped on in secret, for the commercial benefit of others, apply to Path Intelligence Ltd. (technology provider), the shopping centres (public infrastructure providers), and retailers (profit makers), just as they do to Phorm (technology provider), the Internet Service Providers (public infrastructure providers) and web advertisers (profit makers).

If you look at the demonstration (needs Flash) of the interactive mapping and reporting software which Path Intelligence seem to have developed for this snooping technology, you will see that it could also be easily applied to display and analyse inputs from other “spy on the public without their knowledge or consent” technologies which exploit things which large numbers of people might be carrying on their persons, like BlueTooth or unkilled consumer product RFID tags, or “Biometric” Passports or ID Cards.

It should be relatively simple to link such a system to the existing CCTV surveillance camera networks which modern shopping centres all employ.

Sharon Biggar, the company’s chief operating officer, said that one of the stores which had already deployed the receivers did not want its name revealed for fear of alarming its customers.

Who is this snooping retailer ? Why should we not boycott them ?

The company that makes the dishes, which measure 30cm (12 inches) square and are placed on walls around the centre, said that they were useful to centres that wanted to learn more about the way their customers used the store.

A shopping mall could, for example, find out that 10,000 people were still in the store at 6pm, helping to make a case for longer opening hours, or that a majority of customers who visited Gap also went to Next, which could useful for marketing purposes.

10,000 people in a store sounds positively dangerous. Perhaps they mean within the shopping centre.

Why would large crowds of shoppers still milling around at closing time not be utterly obvious to human staff, without the need for this snooping technology ?

It has already been installed in two shopping centres, including Gunwharf Quays in Portsmouth, and three more centres will begin using it next month, Times Online has learnt.

The other shopping centre may well be newly refurbished The Cascades, also in Portsmouth – there appears to

In the case of Gunwharf Quays, managers were surprised to discover that an unusually high percentage of visitors were German – the receivers can tell in which country each phone is registered – which led to the management translating the instructions in the car park.

Why could none of the shopping centre staff or retail shop staff determine that there were lots of German speaking visitors ?

The Information Commissioner’s Office (ICO) expressed cautious approval of the technology, which does not identify the owner of the phone but rather the handset’s IMEI code – a unique number given to every device so that the network can recognise it.

But an ICO spokesman said, “we would be very worried if this technology was used in connection with other systems that contain personal information, if the intention was to provide more detailed profiles about identifiable individuals and their shopping habits.”

Errr… it is a shopping centre stuffed full of CCTV cameras and private security guards – who seriously believes that this FootPath(tm) snooping will never be used in conjunction with CCTV ?

Only the phone network can match a handset’s IMEI number to the personal details of a customer.

Path Intelligence, the Portsmouth-based company which developed the technology, said its equipment was just a tool for market research. “There’s absolutely no way we can link the information we gather back to the individual,” a spokeswoman said. “There’s nothing personal in the data.”

Nonsense ! Path Intelligence lists a long list of possibly commercially useful benefits of their system to shopping centre operators and retailers, most of which can and should only be accomplished through the use of anonymous aggregated statistics.

However, if you read the last section of the list of claimed benefits for the FootPath(tm) product, they admit that it is capable of identifying individuals


* Identify unauthorized individuals in ‘no go’ areas of the centre
* Identify suspicious ‘left’ luggage

How is it possible to do this with truly anonymous data ? Either there is a “whitelist” of individual authorised staff phones or a “blacklist” of alleged individual “troublemaker” phones, or there is one watchlist database with different status flags.

This visualisation graphic screenshot clearly shows that shoppers can be tracked individually. The apparent “walking through walls” effect is an artifact of the path that the software uses to join the periodic data points, which are probably about 5 to 10 minutes apart, i.e. when your mobile phone makes a handshake with the network, to check signal strength with the neighbouring mobile phone cell tower base stations.

See the original screenshot here.

The description of the features of the PI Explorer software which analyses the data from the snooping antennas includes:

Security alerts that send an SMS message should a security situation be identified

Just as with Phorm, it is up to Path Intelligence to prove and reassure the general public that it is impossible for their system to be abused. We will not simply take it on trust, from people with commercial or other motives for extending the surveillance capabilities of a system, which does not have any way for people to opt out of being snooped on.

Can you spot the IMEI snooping antennas ?

The Times article says that the first secret trials of this technology on the unsuspecting public are being conducted by this Portsmouth based company seem to be at the local Gunwharf Quay shopping centre, although we suspect that it may have also been tested, or is still in use, at the Cascades shopping centre, also in Portsmouth (there seems to be a Cascades demo on the Path Intelligence website, as well as a West Quay one)

We would welcome any photos and location reports from any Spy Blog readers who can spot the locations of the mobile phone signal snooping antennas – “30cm (12 inches) square “.


(original image from The Times article)

See the Gunwharf Quay shopping centre maps.

What is the density of the snooping antennas required in order to achieve a location accuracy of 1 to 2 metres indoors ?

The receivers together cost about £20,000 to rent per month. About 20 of the units, which are unobtrusive, cream-coloured boxes about the size of a satellite dish, would be needed to cover the Bluewater shopping centre.

Bluewater (near Dagenham in London), is a much larger shopping centre than Gunwharf Quays

Are there any Warning Signs or notices on display at these shopping centres, which warn their customers or potential customers and other members of the public that their mobile phones are being tracked ?

Can these systems also track IMEI signals from the neighbouring area outside of the shopping centre or its car parks ?

N.B. Similar location snooping results could be achieved by the Mobile Phone Networks, and their Location Based Data services, especially at, say, Airports, where there are lots of mobile phone micro-cells or pico-cells installed, to try to grab profitable business account customers and tourists with expensive call roaming charges on their network rather than on their rivals networks, when the visitors first switch on their mobile phones after landing.

Secure Web interface ?

Those Spy Blog readers who remember our criticisms of various Mobile Phone Location Based Services systems launched in recent years, will know that we are rightly sceptical when we see that such potentially sensitive data e.g. the location of your children, is not being processed and securely stored locally, but is happily being uploaded and then made available via the inherently insecure internet.

Path Intelligence Explorer is our secure, internet delivery solution. Your data can be accessed 24/7, allowing you the convenience to interrogate your information from anywhere in the world

What proof is there that such a web based system is not vulnerable to unathorised access from anywhere in the world ?

There is no indication that this data is strongly encrypted, either when it is being uploaded from the snooping antennas, nor when a customer downloads web based graphical or Excel spreadsheet reports.

Why not use it in Prisons instead ?

There is a place for this mobile phone location snooping technology, to operate without the informed consent of the people whose mobile phone locations are being tracked by the FootPath(tm) system , but that is not in any public shopping areas. It could and should be deployed in every prison, given the vast numbers of illegal mobile phones which are smuggled into British prisons every year.

See Thousands of Mobile Phones seized in UK Prisons – evidence of corruption ?

There have been attempts to use similar RFID badge based location tagging in a couple of US Prisons, so as to keep prison gang members under surveillance.

Please do not deploy such prison panopticon technology against the innocent public.

Illegal to spoof IMEI

The first reaction of some of our more technically proficient readers might be to start thinking of ways to devise IMEI (International Mobile Equipment Identifier) spoofing devices, to frustrate any such snooping system.

However, apart from probably disrupting the local mobile phone system for other users, including possible life saving calls to the Emergency Services, this would be illegal in the United Kingdom and punishable by up to 5 years in prison, a serious enough offence to invoke extradition proceedings from abroad, if necessary.
See Mobile Telephones (Re-programming) Act 2002

This badly worded Act criminalises the mere possession of equipment or software (i.e. a computer and a serial cable or BlueTooth connection) which may be used, or the actual act of changing an IMEI without the written permission of the (usually foreign) handset manufacturer (incredibly, not, the UK based mobile phone network operator),.-

This Act has been recently amended to also criminalise simply advertising or offering such an IMEI re-programming service or product.

Note that the stupid wording of this Act also criminalises any spoofing or changing of IP addresses or MAC addresses of BlueTooth or WiFi or internet data connected WAP phones, SmartPhones etc. which connect to the internet via GSM or 3G data services i.e. most modern mobile phones, PDAs and portable computers which can act as mobile telephones.