Beacons Do Pose a Privacy Threat — But It’s Not the One You’re Worried About

Share this:

2552386483_3271ecd6c3_bEarlier this week, Buzzfeed published a scathing report detailing an initiative by outdoor advertising giant Titan to install bluetooth beacons in hundreds of phone booths across New York City. But the report does more to underscore the shortcomings of the local technology industry in explaining the new technology than than it does expose a new, meaningful threat to the consumer privacy.

According to the report, Titan has installed 500 beacons over the course of the past year with the approval of the Department of Information Technology and Telecommunications (DoITT), the municipal authority that manages the city’s pay phones. The company told Buzzfeed that the system, which was managed and manufactured by Gimbal, the retail technology firm that spun out of Qualcomm last year, will be used largely to help the advertising firm streamline the upkeep of its signs and billboards.

The report is correct in being skeptical of the firm’s suggestion that the beacons would be primarily for non-advertising purposes. The marketing industry is pushing the outdoor advertising industry to provide the same types of metrics available on digital channels, leading many in the industry to search for new ways (such as beacons) to help prove the return on an investment of a given billboard.

But in an attempt to tie the technology into a broader narrative around privacy and intrusion by the technology industry, the report overstates the role of beacons and misses an opportunity to bring to light more meaningful threats to privacy. “The spread of beacon technology to public spaces could turn any city into a giant matrix of hidden commercialization — and vastly deepen the network of surveillance that has already grown out of technologies ranging from security cameras to cell phone towers,” the report argued.

The claims highlight the mainstream misconception about the way in which beacons work among the public, says Jules Polonetsky, executive director at Future of Privacy Forum. He says that bluetooth beacons, which transmit small packets of data to nearby devices, pose a lesser threat to consumer privacy than other, more commonplace technologies.

“People need to understand they track beacons; beacons don’t track them. That’s a world of difference,” Polonetsky told me in an interview Monday. “But the companies that use these technologies need to realize that if they do not get ahead of the curve, then every new feature is going to prompt a similar response.”

Bluetooth beacons are one point in a constellation of technologies that help devices understand their physical surroundings. At the center sits GPS, the two-decade old position system that forms the foundation of the local technology industry. But recently, a host of proximity technologies have emerged — of which beacons are one part — that use new censors on mobile devices to help transmit information between nearby devices, and in doing so can be used for positioning.

But these technologies remain largely nascent. What’s more concerning, says Polonetsky, are the already-ubiquitous technologies — as wi-fi, GPS or cellular carrier data that could be used indirectly for tracking users. The privacy implications are real, but they’re not dependent on an emerging technology like beacons.

“We clearly are in a place right now where that anything that involves location can spark a reaction publicly,” says Polonetsky. “The big picture is how do we help people understand that everything from wi-fi networks to location service enable tracking. The answer is empowering the consumer so that they are in control.”

In many ways, the more pressing priority in privacy policy is the proliferation of secondary markets for data — often, well beyond its original stated uses. For instance, location analytics companies have used wi-fi routing data, which a consumer shares with routers to locate a nearby wireless network, for an ancillary purpose  — counting the number of people in a room.

The industry has started to respond. Apple introduced new permissions with iOS8 that allow users to share location data with an application only while the app is open. Meanwhile, organizations such as Polonetsky’s have started to advocate for more granular messaging within permissions notifications to provide consumers with a more detailed explanation of the way in which their data will be used.

In many ways, the problem with the Buzzfeed report was that in overstating the privacy implications of beacons, it missed an opportunity to discuss the more meaningful threats that exists. It’s a sheep in wolf’s clothing — except the wolf is much closer than you think.

Steven Jacobs is Street Fight’s deputy editor.