Technocreep (11 page)

Consumers found the idea of a smart kitchen interesting, but not worth the extra money. The promotional videos for the Samsung T900 and LG Smart Thinq™ refrigerators provides a somewhat creepy demonstration of how engineers imagine people might use refrigerators, but with little connection to real family life.

LG's $3,500 monster fridge boasts an 8” LCD screen where you can laboriously log the products you intend to buy, or have bought, along with their expiration dates. Or you can simply toss the milk in there and smell it once in a while. It seems that people will incorporate new technologies into their lives if they see clear and desirable benefits that outweigh any downside. Smartphones, GPS units, and applications like Google Maps clearly fit into the “benefits outweigh the negatives” category.

Sometimes, however, the risks of sensor technology may be hard to discern. Especially when the devices are going on, or even inside, our bodies.

I had the opportunity to advise the organizers of the 1988 Winter Olympic Games about ways to make their television coverage really unique. “You could put cameras on the athletes and sensors inside their bodies,” I suggested. “Not only could we see the event from their viewpoint, the sensors could tell the audience in real time about their pulse, blood pressure, and other biological parameters.”

“OK, as long as they stay above the waist,” laughed an Olympic gold medalist swimmer, who was there representing the athletes. Today, it is trivially easy to monitor all kinds of physiological parameters of athletes, or anyone else.

Nike's Fuelband exercise monitor wristband uses oxygen kinetics to measure activity and can even track minute movements during sleep. It connects to your smartphones to upload its data. Gizmodo writer Adam Clarke Estes caught a lot of people's attention with a piece titled “Your FuelBand Knows When You're Having Sex,” even suggesting “they could also tell when you fake an orgasm and possibly alert your spouse or significant other if you're having an affair.”
128

Writing on TechCrunch, Gregory Ferenstein muses along the same lines: “were I married, my wife might like to know why I burned 100 calories between 1:07 to 2:00 am, without taking a single step, and fell asleep right afterwards.”
129

You
could
take the device off before leaping into the sack. But that would produce a telltale and potentially incriminating “data gap.” As we start to accept devices that are intended to be “always on,” turning them off starts to raise questions.

Seeing an opportunity to lead the world, after being racked by successive earthquakes, Christchurch, New Zealand is planning to spend billions to rebuild itself, and, in the process, to become one of the world's first “Sensing Cities.” Getting an early warning of the next big earthquake is clearly very high on the priority list for Christchurch; but they intent to go far beyond seismic sensors.

Although they claim they do not intend to track individuals, the project's webpage has the creepy suggestion that “Arguably the technology to track an individual is already widely accepted by society, with cellphones carried by the majority of the population.”
130

Sensors are creepy in many ways. They are surreptitious, often invisible, persistent, always on, and always monitoring. Often, they work for the highest bidder, and may show no allegiance to their owners.

There certainly is potential for objects in our lives to interact in helpful ways. A smart scale, or a toilet that does an instant analysis of your bodily fluids, could tell the toaster “no more bagels” if you are trying to reach a diet goal. The question is—do you want it to? What has been missing so far is a kind of meta-language and social norms to effectively tell our electronic servants which features we think are cool, and which are creepy.

Increasingly, though, you will have no choice—the surveillance will be automatic, continuous, silent, pervasive, and non-consensual. Even if you only want to buy a loaf of bread or some razor blades, as people in a Tesco store discovered.

For a short while in 2003, the possible future of retail shopping was revealed in all its creepy glory in a Cambridge, U.K. food store. Supermarket giant Tesco set up a clandestine system that, according to a newspaper account, “triggered a CCTV camera when a packet of Mach3 blades was removed from the shelf. A second camera took a picture at the checkout. Security staff then compared the two images, raising the possibility they could be used to prevent theft.”
131

The company claimed they were just trying to improve customer service by keeping track of inventory, but when the store's manager provided photos of a shoplifter to authorities, privacy advocates condemned the system. There were protests outside the store and in the media. Gillette, the manufacturer of the blades, was also taken to task for facilitating the scheme by putting RFID tags in individual product packages.

Now, a decade later, if you buy a book or an electronic gadget, you will probably see a mysterious small paper square with an embedded antenna fall out of the packaging. RFID chips are even sewn into designer clothing. High end fashion retailer Burberry has implemented RFID tagging to “enhance the customer experience in selected stores.”
132
Their website also explains that if you do not want to walk around with a tracking tag in your clothing, you can deactivate it by “simply removing the textile RFID label”—as if that's the most natural thing to do to an $1,895 cashmere sweater you just bought.

A report in
The Economist
describes Burberry's “Customer 360 plan” which will allow the company to record the “buying history, shopping preferences and fashion phobias” of customers “in a digital profile, which can be accessed by sales staff using hand-held tablets.”
133
The article notes that the database might prove to be a source of embarrassment, “for example if a customer who has bought racy gifts for his mistress enters a Burberry store with his wife and is enthusiastically ushered to the skimpy bikinis.”

Mondelez International, whose “brand family” includes Chips Ahoy and Oreo cookies, is planning a 2015 launch of “smart shelves” which, according to the
Washington Post
, will work out your gender and approximate age in order to sell you products calculated to appeal to your demographic group.
134

The shelf sensors will not take your picture, but that does not mean your privacy will be protected. By the time these devices arrive at your grocery store, the chances are good that you may have been convinced to carry a personal RFID chip, or link up your smartphone, to get a discount or loyalty club points. You are liable to be under electronic surveillance from the moment you enter the store. The retailer will be able to gather information on where you linger, what you pick up, what you put back, and of course, what you ultimately buy.

Two shopping malls, Promenade Temecula in California and Short Pump Town Center in Richmond, VA, recently announced plans to install a FootPath shopper tracking system to keep tabs on shoppers as they move around the stores. The technology, from the U.K. company Path Intelligence, is a way for brick-and-mortar retailers to keep up with online retailers, who can already track every click a customer, or even a casual window-shopper, makes in cyberspace.

Using customers' own cell phones, Path Intelligence tracks movement patterns of shoppers and, according to their web page, “can accurately locate how those devices are moving around the store or mall.” Their data is used to evaluate things like whether or not large anchor tenant stores such as Sears, who usually get a rental discount in shopping centers, actually attract customers to the smaller stores in the mall.

Path Intelligence has found, for example, that less than 40% of the people who visit an Apple retail store subsequently proceed to another mall tenant. Instead, most appear to simply take their new gadgets home and start buying stuff online. Critics, including U.S. Senator Charles E. Schumer, expressed concerns about shopper privacy. As a result, plans to implement Path Intelligence in those malls were shelved, at least temporarily.
135

An even creepier test was carried out in London, UK, in June 2013. Marketing firm Renew London planted sensors in trash cans that tracked the unique signature of every smartphone that passed by. According to a chirpy press release from the company, their Renew ORB system “provided a concise breakdown (to the 50th of a second) of the movement, type, direction, and speed of unique devices that the Renew Network gather across Renew ORB test sites, and help identify peak footfall times from key hotspots in the City of London.”
136
The number they are capturing, the phone's MAC (Media Access Control) address, is a fingerprint that is specific to that device. In just one week, they grabbed over four million MAC addresses, over 500,000 of them being unique.

The company insisted in a statement that the addresses it collected are “anonymized and aggregated” but that is a bit misleading.
137
If the phone is activated on a network, the telecommunications provider has to know information about the device and usually about the owner.

As we are starting to realize from disclosures of Edward Snowden and other sources, information at the telecom company doesn't always stay at the telecom company. In addition, by simply tracking a phone, deductions can be made about the person carrying it. Visiting the ladies' or men's room provides your gender. Entering a bank branch may disclose where you have your accounts. What does twice weekly visits to a sexual diseases clinic signify?

Further evidence of the real commercial purpose of Renew ORB comes from a creepy video the company has posted.
138
The video's narrator explains that, in the online world, “cookies tell marketing teams about the kind of things that Jack (the animated person in the video) finds interesting.” The cheery voice goes on to lament that “Cookies don't exist in the offline world—until now.” By tracking Jack's ­movements as he innocently walks around, marketers in the physical world can claim some of the advantages their online competitors already have.

Another important piece of data that your smartphones is leaking is the list of every network it has been connected to. The phone keeps reaching out, looking to see if that network is in range, until you specifically clear it from its list.

Speaking at Black Hat Asia 2014 in Singapore, Glenn Wilkinson of SensePost's U.K. office showed how this information could be used to made inferences about the phone's owner. “If I see somebody whose phone is looking for the British Airways First Class Lounge network, I know he's probably a high roller,” he said. “If his phone is seeking the employee network of the RBS (Royal Bank of Scotland), I have a pretty good idea about where he works. If his phone is also seeking the WiFi network at Hooters, well that's a problem.”
139
Putting all this information together is getting easier and easier, and no laws are being broken by plucking information out of the public airwaves.

Wilkinson warned the audience that “we are all carrying around the most perfect surveillance device ever invented, completely voluntarily, right in our pockets.” To dramatize the vulnerabilities, he deployed “Snoopy,” a drone helicopter that can fly around taking pictures and intercepting wireless signals.
140
Using data collected at the conference, he was able to tell an audience member what part of Singapore he lived in and even show him a Google Maps photo of his street.

While it crosses onto the wrong side of the law, this technology can also be used to hijack wireless connections, and even insert false data. Wilkinson explained how it was possible to attack someone using a coffee shop's Wi-Fi. “You could replace every image on someone's smartphones with a picture of a cat,” he suggested, “or continually flip their images upside down so you'd see them frantically turning their phones over and over.”

Loose-lipped smartphones certainly give retailers new ways to track customers. However, many shoppers will probably be delighted to pin identification tags on themselves, in return for discounts or loyalty points. Walmart, which pioneered the use of RFID tags for inventory tracking, has been putting them on individual socks and underwear, supposedly so store staff can quickly replenish missing sizes. It is only logical that retailers would like to put chips on customers too.

In an alarming book called
Spychips: How Major Corporations and Government Plan to Track Your Every Purchase and Watch Your Every Move,
Katherine Albrecht and Liz McIntyre point out that even after you toss RFID product tags in the trash they can still be analyzed.

Albrecht also suggested in a radio interview that stores with RFID readers might also be able to read the chip in your passport or your enhanced driver's license, though there is no evidence retailers are actually doing that.
141
She worries that shoppers will be tracked “like rats in a maze” and she even suggests that as you approach a store display, the prices might change based on the neighborhood where you reside.

Many of Albrecht's speculations have already become reality. The
New York Times
reported that in the fall of 2012, the Seattle-based retailer Nordstrom, Inc. “started testing new technology that allowed it to track customers' movements by following the Wi-Fi signals from their smartphones.” The company-posted signs about this in its stores and customers quickly raised privacy concerns. While consumers may be made aware of retail tracking data, usually they have no control over how it is collected and used, aside from avoiding certain stores completely.

Lending even greater credence to Albrecht's speculation is a United States patent filed in 2006 and assigned to IBM Corporation.
142
The patent lays out a chilling near-future shopping scenario: “The RFID tag information collected from the person is correlated with transaction records stored in the transaction database according to known correlation algorithms. Based on the results of the correlation, the exact identity of the person or certain characteristics about the person can be determined. This information is used to monitor the movement of the person through the store or other areas.”