“Path intelligence,” indeed

I want you to go take a look at this Times Online piece, which comes my way via Chris Heathcote’s del.icio.us. (If you’re in a hurry, the gist of it is that a UK-based company called Path Intelligence is using mobile-phone microtriangulation to pinpoint customer behavior inside malls.) I cannot imagine a better-timed demonstration of so many of the facets of so-called “reality mining” that concern me.

The utility of gathering this information is clear, at least from the perspective of a retail establishment:

A shopping mall could, for example, find out that 10,000 people were still in the store at 6pm, helping to make a case for longer opening hours, or that a majority of customers who visited Gap also went to [competitor] Next, which could useful for marketing purposes.

In this case, information gathered from you without your knowledge (let alone your consent) is being used to build models of behavior from which real financial value can be derived. Do you participate in enjoyment of that value? You do not. Not unless you consider the “longer shopping hours” a plus, anyway.

That’s only one of my concerns, and at that, probably the less important one. The other and greater is that given enough data, these traces can be tied to individuals with relative ease. In this context, the assertion by a Path Intelligence spokeswoman that “[t]here’s absolutely no way we can link the information we gather back to the individual” strikes me as risible, given everything we now know about retrieving unique signatures from large data sets. Relying on the fact that a great many people use the mall, in such a comparatively limited number of ways, to disguise your particular activities – what we might call a “security through obscurity” strategy – is not a sustainable way of doing things. If anything, from what I’m told, it gets easier to extract individual records the more data you have.

Even accepting that you might well choose to give this data away if you were somehow compensated for it, how would you go about placing an appropriate value on it? It’s not at all clear to me. Some people object that, since such use data has worth only in the aggregate, any one person’s contribution is insignificant, and should be valued accordingly. I have to disagree: even as one small trace in a very large aggregate, you’re assisting in (e.g.) anomaly detection – that is, your choices as you move through the space of the mall help to establish what a statistically “normal” trajectory looks like, and that’s presumably what retailers are most interested in. Unless I’m missing something, then, each new record of individual spatial choices has a value that is disproportionate to its actual contribution, and most especially so if you can be further identified as a member of a desirable (or highly undesirable) demographic.

So we’re at a point where your own actions, sensed, recorded, and aggregated, create an informational asymmetry by way of which some party who is not you primarily benefits. Am I out to lunch in thinking that this isn’t such a great way for things to be set up?

11 responses to ““Path intelligence,” indeed”

  1. david says :

    It seems that the crux of this debate again falls to distinctions between public (communal) space, and private (commercial) space.

    This is not actually an example of the fading of the possibility of anonymity within the public realm. These are shopping centers, which are privately owned. Legally, the owner of a shopping center can demand that shoppers wear RFID bracelets. That is the same right that you have to know which room of your home visitors are in. Shoppers need not agree – they can go to a different store or mall.

    Internet shopping, which makes this sort of data mining much easier, has posed the same proposal to citizens – with a far blurrier threshold between public and private.

    For many – me included – malls are unappealing places not because they mine data from my actions, but because they seem like the sorts of places where that type of thing might happen. In other words, the distastefulness of the corporate attempt to recreate public space is worse than the ends to which those spaces are created.

    That might be why the generation that has embraced the internet, etc, has also to some degree embraced an urban commercial ideal which can appear finer-grain and less corporate.

  2. AG says :

    This is not actually an example of the fading of the possibility of anonymity within the public realm.

    Not sure than anyone was implying that is was…

    Your broader point – that malls are by definition private spaces in which users may not enjoy the full panoply of rights they would otherwise – is surely valid.

    There are important exceptions to your observation, however. Here in the United States, at least some jurisdictions (the states of NJ, Colorado, Oregon, Massachusetts, Washington, and Pennsylvania) have recognized that malls essentially constitute contemporary town commons, and therefore extend significantly the scope of First Amendment protection available to users. You’d be arguing from a fairly strong precedent, then, in any of these jurisdictions, if you held that mall users deserve other sorts of protection they might conceivably enjoy in public space, including the right to consent to data-gathering operations.

    FWIW, david, while I understand you’re engaging in a touch of devil’s advocacy, I also tend to think it’s facile to say that people can “simply choose to go to another store or mall.” When there is no notification that data-gathering is being conducted, users have no meaningful ability to choose alternatives that might not expose them to such activities. More importantly, though, there are also real-world – economic and physical – constraints on the freedom people have to choose alternatives. In many an exurb or hollowed-out inner city, the local mall is literally the only game in town. (As I understand it, this recognition was at the heart of the state supreme court decisions I mentioned above.)

  3. Larry Irons says :

    Reality mining…hmmm…those pesky MIT research scientists sure don’t lack for humility, do they? I tend to agree with your premise Adam, though I remain skeptical that those “reality miners” really have the ability to accomplish what they claim when they say,

    “By leveraging recent advances in machine learning we are building generative models that can be used to predict what a single user will do next, as well as model behavior of large organizations.”

    Just look at R. Keith Sawyer’s book, Social Emergence, for insights into what these efforts are up against. Sawyer details the difficulties from the point of view of social science as well as anyone, though he ultimately drinks the koolaid of the artificial intelligence offsprings currently parading under the rubric of intelligent agents in social networking and complexity theory.

    Personally, I can’t see much use for the type of database models you are referring to, unless the customers who visited Gap and then went to Next received “personalized” communications about some killer sales at Next that fit their previous purchase patterns. Now, if those “reality miners” can predict who will be offended and who won’t be offended by such an intrusive marketing pitch I’ll eat their terabytes of data ;-)

    Very risk marketing in my opinion. However, perhaps I’m missing something.

  4. Toby Oliver says :

    I work at Path Intelligence, and I thought I had better add a couple of points that didn’t come out in the Times article.

    Firstly we hash the ids as soon as we get them so that it is extremely difficult for anyone who gets our data to combine it with other data sets. Secondly we don’t use the permanent IMEI, we mainly use the TMSI, which is a temporary id which changes so we can’t link repeat visits up.

    We are very aware of the concerns that people have, and indeed we have spoken to a number of people to try to ensure we are doing things the right way (EFF, Information Commissioner etc).

    At the end of the day we are just trying to collect information to help improve the shoppers experience (which we hope will mean the shops revenue increases). In many ways we are just trying to provide tools like google analytics to the offline world.

    If you have any specific questions you can email me directly at toby @ pathintelligence . com

  5. Julian Bleecker says :

    Most of me agrees in principle, as I did back when, at Organic, one of our hottest selling items was this box that did what was an intractable problem back when it was too soon to think about web analytics. In hardware, it sniffed packets and created stats that nowadays people do routinely. There were privacy concerns — there always seem to be. But, often enough the people doing the analytics compromise to the pressures of a general, usually overly cautious (for good reason) lobby of privacy advocates.

    To my mind real world analytics is what will undergird what will become a searchable, more knowable world. I’m not a zealot, but I can see great possibilities for such a thing — some of the underlying firmware for an Everyware world.

  6. Todd Levinson says :

    I think the issue is mainly about transparency. If people know their coordinates are being monitered, and they don’t want them to be, they can turn their phones off.

    Also, I don’t think it will be long before the option to mask your GPS coordinates becomes standard as an option or as a phone application. I wouldn’t be surpirsed if someone has already built it on the Android platform.

    From a less practical standpoint, it’s obvious that we can all say goodbye to the way we think about privacy. On the web, you can monitor every click and action, this is good and bad, but I think, for the average consumer, this is good. They like Amazon reccommendations.

    And, in the same way that people take their expectations of the web from site to site, they also take those expectations into physical spaces. Meaning, they expect the mall to know that they want to shop later, and probably don’t care if their GPS data is being monitered to figure that out.

  7. Joseph Barnes says :

    Just a question? Isn’t the radio frequency that is masked in ‘airoplane mode’ on a mobile devised, the same technology you would use to mask your phone from something like this?

Trackbacks / Pingbacks

  1. Omar Elsayed - 21 May 2008
  2. Digitalia - 25 May 2008
  3. 7.5th Floor - 26 May 2008
  4. Symbian Foundation Security Blog - 25 June 2009

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s