Is An Overhaul of People Counter Technologies Required?
Unique Identifiers vs. Ethics, Privacy and Risk
While IoT and people counter technologies present positive opportunities for both consumers and businesses, increased global backlash has prompted a much needed review into technologies which store unique identifiers.
Written by the Nola Team. 12th of October, 2022
The rise of people counter technologies, and other IoT in retail and hospitality spaces, presents positive opportunities for both consumers, and businesses.
These include opportunities for improved city infrastructure and motorways, more seamless shopping experiences and enhanced safety in venues.
The motivation for businesses to collect data is mainly driven by their ability to aid decision making when:
Providing customers with a better user experience
Streamlining business processes and improving efficiency
Improving product or business marketability by understanding consumers
However, increased global concerns around data retention and surveillance have prompted a much needed review of some people counter technologies which have been in use for decades.
In 2022, Bunnings and Kmart were investigated by the (OAIC) for their use of facial recognition technology, while Officeworks received online backlash for the use of bluetooth tracking technology. At the same time, the Optus Data Breach has raised concerns around the retention of identification-related documents.
The red thread in these stories about Wi-Fi, Bluetooth and Facial Recognition technologies is their collection and storage of data which identifies individuals. While businesses do not intend to be malicious by using these technologies, there is insufficient consideration around the potential risks and ethical implications of using technologies which rely on identification, even when they claim to de-personalise it.
In this article we will focus on the importance of ‘de-identification’, as a component for ethical data collection and risk management. Transparency over technology use in public spaces, and security requires a deeper discussion and will be covered in future articles.
What is considered an identifier?
According to the Electronic Frontier Foundation, an identifier could be “a name, an email, or a phone number”. It might also be a “name” that the tracker itself assigns to you, like “af64a09c2” or “921972136.1561665654”. What matters most to the tracker is that the identifier points to you and only you. Over time, a rich profile can be built about the person known as “af64a09c2”—where they live, what they read, what they buy - a conventional name is no longer necessary.
Credit: Electronic Frontier Foundation, Behind The One-Way Mirror: A Deep Dive Into The Technology of Corporate Surveillance
3 Reasons To Re-Evaluate People Counter Technologies Which Use Identification
1. Wi-Fi, Bluetooth and Facial Recognition Technologies May Operate in a Grey Area of The Law
Retailers typically use Bluetooth or Wi-Fi Beacon technology to track mobile phones. These beacons actively monitor signals from hardware devices nearby, and use a smartphone’s (MAC) address to identify and record the location of a device.
Surprisingly, MAC Addresses of personal devices are considered to be “non-personally identifiable information”, and therefore technically comply with Australia’s Privacy Act. However this is now in question because when they are matched with third party data, it is possible to uncover the owner’s identity, and build a profile over time.
While this may comply with Australia privacy laws right now, there are strong signals that this may be reviewed in the near future. In Europe, there are already strict laws being imposed that limit the use case of Wi-Fi Tracking. If Australia adopts the same, many retailers would have to review their use of people counter infrastructure.
2. Research Finds ID Hashing or ID Encryption is Not A Fix For Privacy
While “hashing” is a technique used by analytics vendors to protect businesses from attackers and misuse, it’s unreliable. According to Threat Post, Stanford University researchers found that it’s quite easy to take a hash value and reverse it. "Hashing is not a silver bullet for electronic privacy. As we have seen, it is possible to test retail analytics data against every possible device. If data is associated with a particular device, it is always linkable back to an individual”. While “salting” may be used by big vendors to prevent rainbow table attacks as described in the article by Threat Post, the effectiveness would be limited to how it is implemented.
3. The Risk Is Real For Businesses, Employees and Consumers
This is not a ‘what-if’ situation. The negative outcomes have already been documented on a global and local (Australia) scale:
Brand damage due to growing public backlash, and demand for ethical practices from their consumers.
Data being reused for something other than its original use. An example is when the initial data is linked with third party data, and is used to influence offline and online behaviour. As detailed by VOX, there are clear examples of this occurring.
Employees become anxious in an environment where they feel monitored.
Data being resold by the vendor, to a third party broker.
Laws in Australia will evolve, which will require businesses to review the use of these technologies.
How You Attain Data Matters. Is Your Current People Counter Technology Compliant?
In our opinion, privacy and ethics is no longer something you can trade away for the richness of data. Organisations need to be able to effectively weigh up if collecting identification and storing this information is necessary to reach your outcomes, in the context of retail analytics.
While MAC randomisation in some newer devices may reduce risk of long-term tracking, the overall risk is not eliminated. This is because it has not been deployed cleanly or consistently across a range of modern devices.
We suggest asking your people counter/in-store analytics vendors to disclose:
If they store any unique identifiers (storage of CCTV, hashed or unhashed MAC Addresses)
If they use “salting” to prevent against rainbow table attacks and how this has been implemented
How they protect the information
The risk for your business and visitors if information is leaked
If the concerns in this article apply to you, we suggest assessing the requirement for identification against the benefits and identifying alternative methodologies for tracking visitor experience. Downloading the “Guiding Principles for Surveillance” checklist from the OVIC will assist you to methodically answer these questions.
The checklist is designed to complement a Privacy Impact Assessment (PIA). It is not a substitute for completing a PIA. Completing this checklist alongside a PIA will assist organisations to address privacy, human rights and ethical issues that can arise from surveillance activities.
Nola is a no-install visitor and queues & wait times solution for retail and hospitality venues. Nola is an anonymous-by-design solution that enables venues to improve visitor experience without compromising personal privacy.
Get in touch with us here for a demo, or to check if your system is compliant.