My phone at your service

Anyone can setup wireless sensors to record the appearance of your mobile phone’s Wi-Fi and Bluetooth probes to track where you are and where you have been –say, where you are when you're ambling through store or mall, or when you're walking or driving down a street. Some retail stores are experimenting with this technology to track your whereabouts, so FTC held a public hearing on the topic on February 19, 2014. Consumers and retailers already engage in loyalty programs. Should mobile phone tracking be part of loyalty programs? Retailers want to learn more about consumer shopping habits and mobile analytics companies  can track mobile phones without consumer knowledge. Where are possible “sweet spots” –those arrangements where consumers and retailers can enjoy benefits without adverse consequences? In this blog post, I introduce the technology and issues and ignite brainstorming on the best integration of technology, policy and business that maximizes benefits to stores and consumers while minimizing potential harms.

Before I go any further, let me advise you that I am solely responsible for this blog’s content, characterizations, ideas and choice of topic. This blog may not reflect the views of the FTC or any of its Commissioners.

What is the latest technology related to loyalty programs and in-store purchases? Your mobile phone. As you carry your phone throughout the day, it is constantly emitting wireless probes to find local networks with which to connect. These probes, more formally known as “probe requests”, include a unique number – called a media access control address or “MAC address” (having nothing to do with Apple Inc). Manufacturers install unique MAC addresses in each phone during fabrication. Anyone can setup wireless sensors to record the appearance of your phone’s probes to track where you are and where you have been –say, where you are when you're ambling through store or mall, or when you're walking or driving down a street. Some retail stores are experimenting with this technology to track your whereabouts. Stores currently use loyalty programs to link your purchases together. By tracking your MAC address, stores can also learn your shopping and in-store browsing patterns, even if you do not sign-up for a loyalty program or make a purchase. Therefore, the time seems ripe to brainstorm on the best integration of technology, policy and business that maximizes benefits to stores and consumers while minimizing potential harms.

Retailers could use the technology to modernize their loyalty programs so that your phone's probes replace the assortment of tokens and cards you may currently carry to earn discounts and rewards. Or, because your phone's probes are freely available, stores could just use them to learn more about your shopping habits to improve store layout. As one proposal posits, if you don’t want to be tracked, you can turn off your phone while shopping, or enter your phone’s information in a “do not track” registry. Under this proposal, you would not have the option of signing up like you do with a loyalty program nor would you necessarily receive discounts or rewards. Of course, countervailing technologies exist that can change a phone’s MAC address to made-up aliases and that can cease probing while shopping.

The key stakeholders are consumers, brick and mortar retailers, and mobile analytics companies. Consumers and retailers already engage in loyalty programs and retailers want to learn more about consumer shopping habits using mobile location tracking technology offered by mobile analytics companies. Negative impacts may occur when a MAC address relates to you by name.

Where are possible “sweet spots” –those arrangements where consumers and retailers can enjoy benefits without adverse consequences? Perhaps you will construct a solution, comment below, or attend the FTC Mobile Device Tracking seminar on February 19.

Loyalty Programs

Many retailers spend marketing dollars on loyalty programs and most of us participate in them using our phone numbers, tokens, cards, and even mobile phone apps to identify our purchases as belonging to us over time. In exchange, we get discounts and other benefits.

According to an industry watchdog group, there were 2.65 billion loyalty card memberships in the United States last year [1]. That is the highest number ever reported by the group since it began tracking in 2006. Still, many consumers are getting weary of the cards and tokens, and retailers have mixed reactions. Some grocery chains that started the trend more than a decade prior have recently dropped their programs, citing the data is not as useful as one might think [2]. Other grocers have reportedly intensified efforts to relate shopping histories to more personalized deals and pricing [3].

This may be a quality versus quantity proposition. By creating a meaningful and engaging loyalty program, where the benefits of membership are transparent and relevant to consumers, can a business generate more dedication among customers and improve its bottom line?

Consider Starbucks. According to an article in a leading trade magazine, there are more than 6 million loyalty card members registered at Starbucks, with about 80,000 joining each month. Members use loyalty cards in about 25 percent of all purchases [4]. Starbucks expanded its loyalty program to include a small program (“app”) that can run on some phones. The app features direct pay for purchases and offers rewards of free drinks and other benefits. The company reported a stellar 9% increase in sales for the quarter ending June 30, 2013, which its executives attributed to its loyalty program with mobile app payment capabilities [5].

Layouts of Retail Stores

Local retailers are in intense competition with online retailers, so brick and mortar stores really need to think about how they differentiate themselves. We live in an information-rich environment, where we can know the reviews, features and prices of a product before we ever touch it, but whether the product is “right” remains unknown until we actually handle it. We try on clothes to see how they fit and we want to know how a laptop feels in our hands. Once we travel to a store, we have made more of an investment than visiting a web page, so local retailers may be able to compete with online merchants by taking advantage of the physical act of shopping.

A recent paper in the academic journal, Marketing Science, points out that a retailer can affect the way a consumer searches for products in a store, and by strategically controlling the consumer's travel costs within the store, the retailer may influence a consumer's purchase decision [7]. For example, displaying all television brands side by side in one place allows shoppers to easily inspect various brands and make fully informed choice decisions. In comparison, placing one brand of sweaters in one place, together with the other clothes of the same brand, and displaying other brands’ sweaters elsewhere is likely to get shoppers to inspect additional kinds of items by the same brand before investigating other sweaters.

In comparison, an online merchant can customize a product's web page to suggest related products the merchant believes may be of interest to you. No two pages for the same product may have the same suggestions depending on what the online merchant thinks it knows about you. The brick and mortar merchant cannot dynamically change the store layout for each person. Instead, the local retailer seeks to have a store layout that optimally boosts point-of-sale and impulse purchases across all shoppers. Having detailed travel patterns of physical shoppers should help a retailer improve its layout.

The New Technology

Some retailers and mobile analytics companies propose to track the unique MAC addresses your mobile phone emits when it searches for nearby local wireless networks (Wi-Fi) or Bluetooth devices to learn more about your shopping patterns. Wi-Fi sensors would cover the area of the store, sidewalk or mall. When your mobile phone emits probes to discover which Wi-Fi networks are available, the WI-Fi sensors record the unique MAC address associated with your phone. The sensors use the strength of your phone's signals to compute your location within the space, with greater accuracy than global positioning systems (GPS). By tracking your phone's MAC address, a store can learn how often you visit and where in the store you roam, regardless of whether you make a purchase.

How Tracking MAC Addresses Works

During manufacture, a mobile phone gets its own unique MAC addresses, one for communicating over local wireless networks (Wi-Fi) and the other for communicating with Bluetooth devices like wireless earphones. When you connect the phone to the Internet, you may use its cellular connection through your telephone company or you might use a local wireless Wi-Fi network. If you connect your mobile phone to the Internet using Wi-Fi, you will see a list of available networks. To generate this list, your phone sends probes that include the MAC address of the phone. Depending on your phone's settings, your phone may automatically connect to a network that is open to anyone that doesn't require a password or purchase to join. In both cases –actively locating available networks and connecting to networks– your phone sends and receives packets of information that includes your phone’s unique MAC address. The open Wi-Fi network and any parties eavesdropping on local Wi-Fi communications can learn the MAC address of your mobile phone (e.g., [8] and [9]). The full technical specifications for Wi-Fi communication are publicly available [10]. The MAC address, which is unique to your phone, is not the same as an IP address. The latter is unique to your phone while it connects to the Internet on a particular Wi-Fi or broadband network. Your phone's IP address changes from one Wi-Fi network to another, but your phone’s MAC address remains the same regardless of the network and transmits even without actually connecting to the Internet.

Trial Runs

A company reportedly put the technology in recycling bins in London to record the unique addresses of smartphones carried by pedestrians and displayed responding ads on the sides of the bins; authorities subsequently halted the system [11]. Last year a leading newspaper reported that Nordstrom tested the technology in some of its stores in the United States but ended the experiment due to concerns raised by its customers [12]. Other stores are experimenting with the technology to track customer visits and roaming patterns.

Future Benefits and Risks

If tracking MAC addresses in retail spaces becomes common, then an obvious benefit to retailers would be tracking MAC addresses across stores. Then, a store could learn which of its customers also visit competing or complementary stores and how often.

Another benefit to stores may be to identify the person associated with the MAC address by associating MAC addresses with purchases. If associated with identifying information, tracking retail purchases can cause harm. According to a press report, one major retail chain that did not have a consumer-facing loyalty program realized its customers tended to make purchases using the same credit or debit card, Therefore, it organized its analysis of purchases around profiles it constructed from data associated with payments and enriched its data with supplemental information it purchased from data brokers [13]. Analysts learned many generalizable habits of its customers; some allowed the company to predict pregnant customers. The store sells everything for new parents, from formula to toys, so the company sent coupons to people its analysts determined were likely to be expecting a child. One of these coupons arrived at the house of a man who prior to receiving the coupon did not know his teenage daughter was pregnant [13].

Anyone can harvest probe requests for many possible uses. This is not just for retail stores or loyalty programs. Students in Italy organized a 3-month long campaign in a public plaza in Italy, during which they collected around 11M probes sent by more than 160K different mobile devices in order to construct social networks of co-locating MAC addresses [9]. The students also found that mobile phones may share a historical list of the other networks the phone has previously encountered, suggesting the list of known networks may help build location-based profiles.

What Current Actions Can Consumers Take

Not everyone will want to be included. What technical options exist for exclusion and how onerous are those options for consumers?

To stop your Wi-Fi MAC addresses from transmitting, you must change settings on your phone before you get too close to the store because the range of the sensor may extend beyond the store’s physical boundaries. Either you have to turn off Wi-Fi or turn the power off on your phone. Just because the screen is off does not mean the phone is off. Similarly, putting a phone in airplane mode does not turn off the Wi-Fi. Once Wi-Fi is off or the phone's power is off, your ability to use the phone while you are in the store diminishes and you have to remember to restore the settings after you are some distance from the store. This seems inconvenient for a phone you purchased and pay for its service. Why should shopping reduce the utility of your mobile phone?

AVG Technologies offers a free smartphone app that turns off Wi-Fi and Bluetooth to thwart Wi-Fi tracking [14]. With Bluetooth off, your external earpiece will not work, but having Wi-Fi disabled should not be too inconvenient. Mac Address Ghost is an app that replaces your MAC address with a made-up alternative [15]. This allows you to leave your phone settings untouched while shopping. Your phone still sends Wi-Fi probes, but the MAC address used in the probes is not the one installed on the phone. Later, when you want to use the Wi-Fi, you would want to make sure you turn this feature off, else you risk colliding with someone on the network whose machine has the same MAC address, thereby causing communication confusion.

Approaches

Wi-Fi tracking should be able to allow willing consumers and stores to enjoy many worthy benefits without the kinds of adverse consequences mentioned previously.

Below are four competing approaches to ignite discussion. The first stems from the Starbucks app. The second is a straw man approach of my own design, presented solely to round out discussion. These two provide examples of deploying the technology in a way in which consumers take an action to participate (“opt-in”). The third approach technically supports the first two by reversing the Wi-Fi communications default. The fourth approach assumes everyone participates and consumers must take an action to be excluded (“opt-out”). Together, these four approaches give you some initial thoughts for brainstorming.

Approach #1: Loyalty Apps

This approach encourages loyalty programs to replace the array of tokens, cards, and phone numbers we now use to participate in loyalty programs with store-specific apps or even shopping apps that work across multiple stores, providing a quid pro quo between consumers and stores. By running a “loyalty app”, you give permission to participate in the program. Store-specific apps with GPS location enabled can identify the store’s location and in large stores, roughly where in the store you may roam. Location tracking in small spaces using GPS is not as precise as using MAC address tracking. This approach allows the store to not only learn about your purchases, but also something about your shopping patterns. An advantage of using apps and GPS is that you can enable or disable them without reducing the utility of your phone.

Approach #2: Store Wi-Fi

In this approach, a store hosts its own open Wi-Fi network in the store. Promiscuous phones would automatically connect and phones set to ask you before joining Wi-Fi networks would need your permission. The store's Wi-Fi is not a pathway to the Internet; instead, it provides one-on-one communication between you and the store through your phone's web browser (or loyalty app). The store would display its policy about tracking, and if you proceed, the store will track your physical location and unique MAC address and provide perks and discounts to your phone directly. Because the tracking can be specific to items geographically near you in the store, the Wi-Fi can send targeted just-in-time specials. When used with a loyalty app, the store can learn about both your purchases and your detailed shopping patterns. This approach also features a quid pro quo advantage between consumers and stores, but unlike the prior approach that only works with smartphones, this approach would work with virtually all phones because it uses web browsers.

Approach #3: Passive Search for Wi-Fi Networks

Manufacturers of mobile phones, or possibly app developers, could provide an option to make mobile Wi-Fi “passive” in locating nearby Wi-Fi networks. Mobile phones actively emit probe requests to learn about nearby Wi-Fi networks so that you do not have to wait to discover available networks when you want to connect. However, the technical specification [10] also provides a passive option. Instead of actively sending probe requests, the mobile phone could wait to receive beacons from nearby networks. At timed intervals, Wi-Fi networks broadcast their presence by emitting beacons. A mobile phone that is passively accumulating a list of nearby networks does so by listening for beacons. Of course, not all Wi-Fi scanning should be passive, so a configuration setting could exist to allow consumers to select active or passive scanning. This approach requires your permission to participate, and therefore, can technically support the previous two approaches. An advantage of this approach is that it maintains the utility of phones of consumers who do not want to participate without inconveniencing those who do want to participate.

Approach #4: Do Not Track

The Future of Privacy Forum has created a voluntary Code of Conduct for companies that wish to track consumers' location in stores [16]. Participating stores post signs in stores to alert they are using mobile tracking technology and to offer instructions for how to opt-out using a website where you enter the MAC addresses of any phone you do not want tracked. The Future of Privacy Forum worked with companies that offer mobile location tracking technologies to develop an industry best practice [17]. A commentary noted that privacy-concerned consumers must locate and then enter their MAC addresses into a database in order for retailers to ignore their captured information (being listed in the database does not stop the information from being captured) [18]. An advantage of this approach is that it does not require any new technology or technical changes to implement.

In comparison, none of the approaches stop the local capture of MAC addresses completely, but approach 3 limits the capture to networks consumers elect to join. Otherwise, consumers may elect to power off Wi-Fi networks to avoid having MAC addresses captured or use MAC address spoofing to get different identities at stores in approaches 2 and 4. Approaches 1 and 2 allow stores to make a value proposition to consumers and they provide consumers control over being included (or excluded) without having to reduce the utility of their mobile phones. Approach 4 unto itself offers no value proposition to consumers, but a store could give coupons or rewards for participating. If approach 2 were widely adopted by stores, retrieving the phone's historical list of known networks would provide a list of stores visited.

What You Can Do

This inquiring mind wants to know what you think. Perhaps you have a proposal of your own design or a comment to make.

On February 19, 2014, as part of its Spring 2014 Seminar Series on Emerging Consumer Privacy Issues, the FTC will host a public seminar related to commercial tracking using Wi-Fi addresses on mobile phones. None of the parties or organizers of the seminar are responsible for the content or appearance of this blog. For more information, see the Seminar events page.

References

1. Berry J. Bulking Up: The 2013 COLLOQUY Loyalty Census. https://www.colloquy.com/files/2013-COLLOQUY-Census-Talk-White-Paper.pdf

2. Orgel D. Albertsons Move Sparks Great Loyalty Debate. Supermarket News. July 1, 2013. http://supermarketnews.com/blog/albertsons-move-sparks-great-loyalty-debate

3. Choi C. How loyalty programs can influence the way you shop. Associated Press. May 19, 2013. http://www.lowellsun.com/business/ci_23277858/how-loyalty-programs-can-influence-way-you-shop

4. Bhasin K. Starbucks Exec: 'We Know Who You Are, We Know How You're Different From Others'. Business Insider. March 25, 2013. http://www.businessinsider.com/starbucks-exec-on-loyalty-card-data-tracking-2013-3

5. Tierney J. Thanks to Loyalty Program and Mobile Capabilities, Starbucks Registers Record Q3. Loyalty 360. August 13, 2013. http://loyalty360.org/resources/article/thanks-to-loyalty-program-and-mobile-capabilities-starbucks-registers-recor

6. Wallace G. Starbucks app leaves passwords vulnerable. CNN Money. January 16, 2014. http://money.cnn.com/2014/01/15/technology/security/starbucks-app-passwords/

7. Gu Z and Liu Y. Consumer fit search, retailer shelf layout, and channel interaction. Marketing Science. Vol. 32, No. 4, July–August 2013, pp. 652–668. http://dl.acm.org/citation.cfm?id=2509090

8. Cunche M. I know your MAC Address: Targeted tracking of individual using Wi-Fi. International Symposium on Research in Grey-Hat Hacking - GreHack 2013. http://hal.archives-ouvertes.fr/docs/00/85/83/24/PDF/Wi-Fi_Stalking.pdf

9. Barbera M, Epasto A, et al. Signals from the Crowd: Uncovering Social Relationships through Smartphone Probes. Association of Computing Machinery (ACM) The Internet Measurement Conference 2013. http://conferences.sigcomm.org/imc/2013/papers/imc148-barberaSP106.pdf

10. IEEE Standard 802.11 for Wireless Local Area Networks (WLANS). 2012. https://standards.ieee.org/findstds/standard/802.11-2012.html

11. Datoo S. This recycling bin is following you. Quartz. August 8, 2013. http://qz.com/112873/this-recycling-bin-is-following-you/

12. Clifford S and Hardy Q. Attention, Shoppers: Store Is Tracking Your Cell. New York Times. July 14, 2013. http://www.nytimes.com/2013/07/15/business/attention-shopper-stores-are-tracking-your-cell.html?pagewanted=all

13. Duhigg C. How Companies Learn Your Secrets. New York Times. February 16, 2012. http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html

14. Olson P. Security Firm AVG Launches First Service To Block Mobile Location Tracking. Forbes. December 9, 2013. http://www.forbes.com/sites/parmyolson/2013/12/09/security-firm-avg-launches-first-service-to-block-mobile-location-tracking/

15. diewland. Mac Address Ghost. February 11, 2013. https://play.google.com/store/apps/details?id=diewland.changemac

16. Mobile Location Analytics Code of Conduct. Future of Privacy Forum. October 22, 2013. http://www.futureofprivacy.org/wp-content/uploads/10.22.13-FINAL-MLA-Code.pdf

17. Schumer, Tech Companies and Privacy Leaders Announce Important Agreement to Ensure Consumers have Opportunity to “Opt-Out” before Stores can Track Their Moverment via Their Cell Phones – A Practice that is Becoming Increasingly More Common. October 22, 2013. http://www.schumer.senate.gov/record.cfm?id=346912&

18. Higgins P and Tien L. Mobile Tracking Code of Conduct Falls Short of Protecting Consumers. October 26, 2013. https://www.eff.org/deeplinks/2013/10/mobile-tracking-code-conduct-falls-short-protecting-consumers

The author’s views are his or her own, and do not necessarily represent the views of the Commission or any Commissioner.

Comments

This is a very useful analysis. The other side here is that companies that collect your information via your cell phone (or otherwise) can do anything with that information, keep it without limit, create vast personal profiles of your activities, and share the data as they please. In the US, these data activities are nearly totally unregulated. A merchant may use your information to offer or WITHHOLD a discount or a service. When merchants work together and share information, they can definitely use your information to their advantage and to your disadvantage. The notion that merchant just want the data to give discounts should not be taken at face value.
I wonder whether there is some public-accommodation requirement that should prevent a store from offering different customers different deals in a way that is not publicly disclosed. Loyalty programs describe their benefits and are opt-in, and grocery loyalty programs post both the regular and loyalty price of goods on the shelves, so there is full public disclosure. I would be very uncomfortable with programs that offer customers deals based on unspecified behavioral clues; e.g., a lower offered price on a Sony TV if I've been standing in front of a Panasonic one. Among the outlined approaches, I would prefer #3.
One issue that I think is important is what restraints should exist on the use, sharing, or reselling of data collected through these means. I think this makes an opt-in approach more important as it creates a place where consumers can accept a usage agreement. Even if the average person doesn't look to closely at these kinds of agreements, at least this would make them available for public scrutiny.
@Author I am wondering whether the author has replaced IMEI with MAC. MAC numbers can be changed easily using an Android App - see Link 15 above. The IMEI - the unique serial number of every cell handset - can also be changed but it is more complicated. I change mine weekly, along with the SIM, for avoiding tracking in the country I live in. Additionally. I wonder if there is confusion between WiFi and Bluetooth. though operating in the same frequency bands, WiFi channels are far wider, therefore only 13 of them, whereas Bluetooth channels are narrower and can get 70-80 in the same band width. The Apple iBeacon operates as Bluetooth. My Samsung Note 3 has to have Bluetooth and WiFi turned on - both suck battery - and Bluetooth has to be in 'Hooker' mode (Hookers - prostitutes) - troll for customers with open Bluetooth transceivers - for tracking to work. Near Field Communication - NFC - is good for buyer identification as a cash point - the other two technologies are far weaker for buyer identification where there might be several people awaiting service. Link 8 above is a very good primer in this technology. I am, and will remain, a non-radiator. I have a friend who is a technician for GCHQ (UK) and he confirms my cell handset configuration is not only dark, but black. I also pay C-A-S-H for everything I buy I am tired of being used, at my expense yet, as a sales target. As Senator Al Franken said mobile location tracking companies are violating people's "fundamental right to privacy." One of the very few US Senators who actually take an interest in today's technology.
This means that the new windowsphone is totally corrupted. Everything, every app, game, song and more is based upon giving permission for "them" to track your location. The social websites like Twitter and Facebook all track our locations'. Please take action.
There is a line in your presentation - "Similarly, putting a phone in airplane mode does not turn off the Wi-Fi". This is INCORRECT. Enabling Airplane mode DOES turn off Wifi.
From Latanya: Yes, it depends on the phone and version of the operating system. To be precise, putting a phone in airplane mode does not necessarily turn off Wi-Fi.
To support the privacy concerns raised in this excellent post, I'd like to bring to the attention of the reader a study that we've recently published. In this study, we analyse the technical aspects of the Wi-Fi trackers' privacy policies. One of its finding is that the process used for MAC address anonymisation can be reversed quite easily with off-the-shelf hardware and software. "Analysing the privacy policies of Wi-Fi trackers" http://hal.inria.fr/hal-00968585