Posts tagged tracking

Hawaii’s legislature is weighing an unprecedented proposal to curb the privacy of Aloha State residents: requiring Internet providers to keep track of every Web site their customers visit.

Its House of Representatives has scheduled a hearing this morning on a new bill (PDF) requiring the creation of virtual dossiers on state residents. The measure, H.B. 2288, says “Internet destination history information” and “subscriber’s information” such as name and address must be saved for two years.

H.B. 2288, which was introduced Friday, says the dossiers must include a list of Internet Protocol addresses and domain names visited. Democratic Rep. John Mizuno of Oahu is the lead sponsor; Mizuno also introduced H.B. 2287, a computer crime bill, at the same time last week.

Last summer, U.S. Rep. Lamar Smith (R-Texas) managed to persuade a divided committee in the U.S. House of Representatives to approve his data retention proposal, which doesn’t go nearly as far as Hawaii’s. (Smith, currently Hollywood’s favorite Republican, has become better known as the author of the controversial Stop Online Piracy Act, or SOPA.)

Democrat Jill Tokuda, the Hawaii Senate’s majority whip, who introduced a companion bill, S.B. 2530, in the Senate, told CNET that her legislation was intended to address concerns raised by Rep. Kymberly Pine, the first Republican elected to her Oahu district since statehood and the House minority floor leader.

“I was asked to introduce the Senate companions on these Internet security related bills by Representative Kymberly Marcos Pine after her own personal experience in this area,” Tokuda said. “I would defer to her on the origins of these bills as she has done the research and outreach, and been the main champion of this effort.”

Pine, who did not immediately respond to queries, has been targeted by a disgruntled Web designer, Eric Ryan, who launched KymPineIsACrook.com and claims she owes him money, according to an article last summer in the Hawaii Reporter. Her e-mail account was also reportedly hacked around the same time. The article said Pine would advocate for “tougher cyber laws at the Hawaii State Capitol” as a result.

“We must do everything we can to protect the people of Hawaii from these attacks and give prosecutors the tools to ensure justice is served for victims,” Pine said at the time.

Whatever its sponsors’ motivations, the bill isn’t exactly being welcomed by Hawaiian Internet companies.

“This bill represents a radical violation of privacy and opens the door to rampant Fourth Amendment violations,” says Daniel Leuck, chief executive of Honolulu-based software design boutique Ikayzo, who submitted testimony opposing the bill. He adds: “Even forcing telephone companies to record everyone’s conversations, which is unthinkable, would be less of an intrusion.”

Mizuno’s proposal currently specifies no privacy protections, such as placing restrictions on what Internet providers can do with this information (like selling user profiles to advertisers) or requiring that police obtain a court order before perusing the virtual dossiers of Hawaiian citizens. Also absent are security requirements such as mandating the use of encryption.

Because the wording is so broad and applies to any company that “provides access to the Internet,” Mizuno’s legislation could sweep in far more than AT&T, Verizon, and Hawaii’s local Internet providers. It could also impose sweeping new requirements on coffee shops, bookstores, and hotels frequented by the over 6 million tourists who visit the islands each year.

“H.B. 2288 raises all of the traditional concerns associated with data retention, and then some,” Kate Dean, head of the U.S. Internet Service Provider Association in Washington, D.C., which counts Verizon and AT&T as members, told CNET. “And this may be the broadest mandate we’ve seen.”

Even the Justice Department has only lobbied the U.S. Congress to record Internet Protocol addresses assigned to individuals—users’ origin IP address, in other words. It hasn’t publicly demanded that companies record the destination IP addresses as well.

In Washington, D.C., the fight over data retention requirements has been simmering since the Justice Department pushed the topic in 2005, a development that was first reported by CNET. Proposals publicly surfaced in the U.S. Congress the following year, and President Bush’s attorney general, Alberto Gonzales said it’s an issue that “must be addressed.” So, eventually, did FBI director Robert Mueller.

(Source: CNET)

NEW YORK (CNNMoney) — Attention holiday shoppers: your cell phone may be tracked this year.

Starting on Black Friday and running through New Year’s Day, two U.S. malls — Promenade Temecula in southern California and Short Pump Town Center in Richmond, Va. — will track guests’ movements by monitoring the signals from their cell phones.

While the data that’s collected is anonymous, it can follow shoppers’ paths from store to store.

The goal is for stores to answer questions like: How many Nordstrom shoppers also stop at Starbucks? How long do most customers linger in Victoria’s Secret? Are there unpopular spots in the mall that aren’t being visited?

While U.S. malls have long tracked how crowds move throughout their stores, this is the first time they’ve used cell phones.

But obtaining that information comes with privacy concerns.

The management company of both malls, Forest City Commercial Management, says personal data is not being tracked.

“We won’t be looking at singular shoppers,” said Stephanie Shriver-Engdahl, vice president of digital strategy for Forest City. “The system monitors patterns of movement. We can see, like migrating birds, where people are going to.”

Still, the company is preemptively notifying customers by hanging small signs around the shopping centers. Consumers can opt out by turning off their phones.

The tracking system, called FootPath Technology, works through a series of antennas positioned throughout the shopping center that capture the unique identification number assigned to each phone (similar to a computer’s IP address), and tracks its movement throughout the stores.

The system can’t take photos or collect data on what shoppers have purchased. And it doesn’t collect any personal details associated with the ID, like the user’s name or phone number. That information is fiercely protected by mobile carriers, and often can be legally obtained only through a court order.

“We don’t need to know who it is and we don’t need to know anyone’s cell phone number, nor do we want that,” Shriver-Engdahl said.

Manufactured by a British company, Path Intelligence, this technology has already been used in shopping centers in Europe and Australia. And according to Path Intelligence CEO Sharon Biggar, hardly any shoppers decide to opt out.

“It’s just not invasive of privacy,” she said. “There are no risks to privacy, so I don’t see why anyone would opt out.”

Now, U.S. retailers including JCPenney (JCP, Fortune 500) and Home Depot (HD, Fortune 500) are also working with Path Intelligence to use their technology, Biggar said.

Home Depot has considered implementing the technology but is not currently using it any stores, a company spokesman said. JCPenney declined to comment on its relationship with the vendor.

Why Apple and Google need to stalk you

Some retail analysts say the new technology is nothing to be worried about. Malls have been tracking shoppers for years through people counters, security cameras, heat maps and even undercover researchers who follow shoppers around.

And some even say websites that track online shoppers are more invasive, recording not only a user’s name and purchases, but then targeting them with ads even after they’ve left a site.

“It’s important for shoppers to realize this sort of data is being collected anyway,” Biggar said.

Whereas a website can track a customer who doesn’t make a purchase, physical stores have been struggling to perfect this kind of research, Biggar said. By combining the data from FootPath with their own sales figures, stores will have better measurements to help them improve the shopping experience.

“We can now say, you had 100 people come to this product, but no one purchased it,” Biggar said. “From there, we can help a retailer narrow down what’s going wrong.”