London’s Recycling Bins Don’t Do Mobile Tracking Anymore. (Until This Week, They Did.)
Written by Frank HayesAt a time when many retail chains are trying to navigate the public-relations minefield of customer tracking, disclosure and data use, a story from London is a useful reminder that nobody is getting this right. On Monday (Aug. 12), the government told a startup called Renew to stop using its recycling bins in London’s financial district to track passers-by by way of their phone signals.
Wait, recycling bins? Yes, 100 very high-class recycling bins outfitted with large, Internet-connected digital screens that show advertising (the financial district’s government—yes, it has its own government—gets 5 percent of the airtime to display public announcements). But recently Renew added a new feature to a dozen of the bins: the ability to capture any passing smartphone’s unique MAC address if it has Wi-Fi turned on. (Which, these being financial-district yuppies, is pretty much a given.) You can see the possibilities—but not necessarily all the possibilities that Renew sees.
Let’s be clear: Renew wasn’t putting up warning signs, but it didn’t keep the tracking a secret either. It promoted the phone-tracking capability in its marketing materials, with scenarios like being able to spot the same customers whose phones had been spotted in, say, a coffee shop previously, and flash them an ad that would nudge them back toward their caffeine provider.
And in context of London security—layer upon layer of surveillance, built through decades of first IRA and then al-Qaeda terrorism—it all sounded pretty innocuous to its creators. “From our point of view, it’s open to everybody, everyone can buy that data,” Renew CEO Kaveh Memari told the online news magazine Quartz. “London is the most heavily surveillanced city in the world…As long as we don’t add a name and home address, it’s legal.”
Technically, yes, but that’s mainly because those laws haven’t been written yet. Given that in the first month after it installed the MAC-grabbers Renew says it tracked more than a million unique devices, and that it identified 106,629 individual people by way of 946,016 MAC grabs, the idea that this isn’t the real-world equivalent of a web cookie is pretty specious. And those require opt-in (though enforcement of the requirement hasn’t ramped up yet).
And that’s the real problem, the one that retailers are grappling with: The problem isn’t what’s technically legal. Lawyers can find you safe passage on that. The problem is that no matter how legal it may be, if people feel violated, they’ll take it out on whoever is electronically stalking them.
Consider a more elaborate Renew scenario, one that Memari says it’s still trying to get a bar signed up to try: The bar would install five tracking devices—by the entrance, one in each bathroom, one at the POS and one on the roof. Then each customer, tagged by a unique MAC address, could be identified by gender (which bathroom did they use?), how much time they spent in the bar, what they bought, how much they spent and who they left with.
Of course, that MAC address could also be linked to the plastic card the customer paid the tab with, and thus identified by name, address and credit rating, but Memari thinks that would be too much. What wouldn’t be too much? Using that behavioral data to flash targeted ads at the customer all over the financial district.
This is actually a lot more elaborate (and stalkerish) than any proposal we’ve heard from a U.S. retailer. In some ways, that’s heartening—retailers have figured out that there are limits to what customers will put up with.
It’s also at least a little heartening that Renew backpedaled furiously once its talkative CEO’s comments were reported. It’s no longer collecting MAC addresses, and says it will take a much slower pace going forward, complete with consultations with organizations like the Electronic Frontier Foundation.
Then again, instead they could try something that some retailers testing tracking-by-mobile have considered: Tell everyone about it. Make the warning signs so bland and ubiquitous that after the first few weeks, no one will take any more notice of them than they would a surveillance camera. Renew (like any retailer) would still have to navigate the legal minefield. But at least no one could claim he hadn’t been warned.
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
