Ever more complex tracking programmes are being used to analyse consumers’ internet habits. And the information gathered is not to your benefit. John Hearne investigates.
YOU’RE sitting at home watching TV. Your smartphone is lying on the couch beside you. An ad comes on the box. You watch for a few seconds, then pick up the remote and change channel.
That little act — deciding not to watch a particular ad — is one of the many fragments of consumer activity that make up our lives. Each day is filled with them.
Buying a particular brand of teabag, browsing a particular website, clicking off a pop-up ad, ordering a book on Amazon. The difference however, between these four actions and zapping away a TV ad is that where the former can be monitored, the latter cannot. Or at least, that used to be the case.
They’re called audio beacons. An ad comes on the TV and as it plays, it also emits an audio beacon set at a frequency which the human ear can’t pick up. However, if your smartphone has an app on which the relevant software is embedded, it can hear the beacon. And when it does, the marketing company responsible for this innovation gets access to a cluster of previously unrecordable data points. It knows what ad you watched, how long before you turned off and what kind of smart device you’re using.
This is just one example of a rapidly growing marketing phenomenon called cross- device tracking. It’s all about solving a major problem that the latest phase of the technology revolution has caused marketing companies.
Ten years ago, we had a golden age in marketing. Internet use snowballed, and as it did data mining became child’s play. As we logged on here and logged off there, browsed, emailed, and clicked, we left an indelible trail for marketers to follow, allowing them to build a heretofore unimaginably accurate profile of each consumer’s likes and dislikes.
If I browse Amazon’s French guidebooks, then subscribe to a literary magazine, then email someone about which wine should go with asparagus, I am creating a series of data points which taken together amount to an exceptionally detailed picture of how I interact with the world.
Hand this to a marketer and he knows not alone to hit me hit me with ads for high- brow books and asparagus, but also all of the other things that asparagus- loving, Francophile bookworms tend to go for.
That was great when all of our internet activity happened in the one place. But according to Google’s latest consumer barometer, almost a quarter of the population uses five or more connected devices regularly. So now, all of a sudden, that gloriously complete consumer profile starts to look patchy.
I browse the guidebooks on my laptop, but the marketer doesn’t know that that’s also me subscribing to the literary magazine on my phone, or emailing someone else about asparagus on my tablet. Reuniting all those disparate data points is what cross-device tracking is all about and it’s what’s fuelling high levels of innovation in marketing technology.
The market leader in the aforementioned audio beacon technology is an Indian company called SilverPush. Earlier this year, the Federal Trade Commission in the US issued a call for submissions on cross-device tracking of users by marketing firms.
In a lengthy and detailed response, the Centre for Democracy and Technology spelled out exactly what companies like SilverPush are up to.
“The user is unaware of the audio beacon, but if a smart device has an app on it that uses the SilverPush software development kit, the software on the app will be listening for the audio beacon and once the beacon is detected, devices are immediately recognised as being used by the same individual,” it said.
“The only factor that hinders the receipt of an audio beacon by a device is distance and there is no way for the user to opt-out of this form of cross-device tracking. SilverPush’s company policy is to not ‘divulge the names of the apps the technology is embedded’, meaning that users have no knowledge of which apps are using this technology and no way to opt-out of this practice. As of April of 2015, SilverPush’s software is used by 67 apps and the company monitors 18m smartphones,” it said.
This, however, is just the start. Because so much of our connected activity happens on the move, a whole new dataset — one that was never available before — has popped into the marketer’s crosshairs. Location.
Richard Tynan is a technologist at privacy advocacy group, Privacy International. He says data other than just content can be extremely revealing.
“Many devices know your two most visited locations and this roughly equates to where you work and live — an almost unique fingerprint of you that persists across devices. As more of our devices become connected to the internet of things, the potential of these being used to betray us becomes ever more likely,” he says.
Once upon a time, the only geographic information a marketing company could hope to access was a residential IP address. With the advent of mobile phones, it became possible to determine a user’s location based on the mobile phone tower with which his device was connecting. Now however, positioning systems which use wifi signal strength to determine location can nail down a user’s exact address, or even the floor of a building he’s on.
This isn’t science fiction, this is happening now. Mobile location analytics, as the technology is called, is currently being deployed in Dublin Airport to track how long it takes passengers to get through security. If you move through the airport with any wifi or Bluetooth enabled device, sensors installed at strategic locations pick up the device’s unique media access control address. You don’t have to log onto the airport’s wifi for the airport to access the information, and critically, nor do you have to give your consent for it to be recorded.
The Dublin Airport Authority says it’s an anonymised protocol, that no personal information about the device’s owner is recorded, and that it exists solely to check queue and dwell times. Moreover, the practise has the imprimatur of the data protection commissioner.
Not everyone sees it in such a benign light. Privacy advocates have pointed out for example that a cache of documents retrieved by whistleblower Edward Snowden in January 2014 revealed that the Canadian intelligence service used this technology to track passenger movements through airport terminals.
Even if you discount the Big Brother angle, the basic issue of consent remains. Rory Byrne is founder and CEO of technology and physical security company, Security First.
“The first principle of anything related to tracking technology is being open with the people that you’re tracking. If you have CCTV in an area, you will see signs letting people know.
“That, in my opinion, is what should happen in Dublin Airport. If you stick a sign up that says we’re tracking your mobile phone for passenger queue purposes, I think people would think quite differently about it,” says Mr Byrne.
He goes on to ask that if this technology can be used without our consent in the airport, why not everywhere else? What if the local pub starts tracking and storing your data every time you enter and leave? Meta S Brown is a Chicago-based data analytics expert and author of Data Mining for Dummies. She has been monitoring the rapid evolution of this technology in the retail sector.
Firms like Shoppertrack and Nomi, she says, have been using old technology like video cameras to monitor shopper behaviour as they move through stores. Now, newer competitors like Euclid Analytics are using precisely the kind of tech used in Dublin Airport to gather even more powerful data on consumer behaviour.
Its proponents argue that as far as consumer research goes, this is the way forward. It’s subtle in that it doesn’t interfere with consumer activity, it’s unnoticeable and it’s powerful; signals can be detected throughout and even outside a store. Plus it’s a lot cheaper than video monitoring.
The privacy issue however will not go away.
“What matters is how the consumers themselves view tracking, and what they stand to get out of it. Most people see their mobile devices as tools for their own benefit, not means for others to trace their movements,” says Mr Brown.
Dermott Jewell of the Consumers Association of Ireland agrees. He sees these new data mining techniques as successors to supermarket loyalty schemes, which provide the multiplies with huge volumes of highly actionable data in exchange for discounts and special offers.
“Telecoms can facilitate data capture to a massive extent, but I don’t think that consumers are even remotely aware of the reality that this is what is happening. They might accept the loyalty card because they signed up for it and they know it’s being used, but they purchased a telephone to make calls, they didn’t buy it to get monitored,” he says.
He believes, as a result, that there is an urgent need for a legislative review of these technologies.
“In terms of data protection, in terms of privacy, rights and entitlements, a legislative response is needed as a matter of urgency,” he says.
While tracking methods like audio beacons and mobile location analytics are not widely deployed, marketing companies have already established very successful ways of keeping tabs on what you do.
“Deterministic tracking” begins when you log into an account. Everything you do while logged in can be tracked. So if you’re constantly signed in to, say, Google, on your laptop, tablet, and smartphone, Google can track your activity across all three devices.
However, you don’t log in to every site you browse. When you don’t, advertisers can use something called probabilistic tracking to try to figure out what you’re at. This is altogether more sophisticated than deterministic tracking, and relies for its success on aggregated information pulled from multiple devices, together with a suite of algorithms engineered use this info to figure out who is doing what where and when.
This again from the Centre for Democracy and Technology’s FTC submission: “Modern web browsers are highly customisable. While many users may install a particular font, use a particular extension, access the web from a certain place, or visit a certain website, the chances that multiple users have the same fonts and the same extensions and visit the same site from the same connection are quite low, creating in essence a unique signal that websites can use to uniquely identify the user.”
Probabilistic tracking is particularly insidious because it’s completely invisible to the user, and so is extremely difficult to control. I can log out of Google or Facebook, and render their trackers inactive but as it stands there are no privacy enhancing technology that can circumvent this kind of digital fingerprinting. Again the same issue arises; the lack of consent, the lack of an opt-out.
However, a question: Does it matter? If the only result of all of this frenetic corporate sleuthing is more finely honed ads, should anyone be really that bothered about it? “Some people won’t mind. I think you should be entitled as an individual, and as a paying customer to be asked if you accept this scrutiny. That’s not happening. The whole idea of being a consumer is you have a choice, the idea of being a citizen is you have a choice. Choice has been extracted from this equation,” says Mr Jewell.
This, at root, is the Centre for Democracy and Technology’s beef. The centre continues to lobby the Federal Trade Commission for tighter controls of cross-device marketing.
It argues that this level of detailed and pervasive surveillance creates obvious privacy issues. At a basic level it is very difficult for a user to make sensitive purchases without companies logging and tracking their activity. And when a company combines the information from the different devices, an extremely detailed picture emerges.
Legislation, as always, has been very slow to catch up with the technology. So if you can’t rely on data protection and privacy laws to hide yourself from prying eyes, what can you do? Meta Brown says people often ask her how they can avoid being data mined.
“Data mining isn’t magic; if you give away enough information, no fancy analysis is needed to know your private business. If you really want privacy, I tell them, get rid of your smartphone. They don’t.”
Hiring a private detective is an expensive business. You’re usually looking at a day rate of €450.
Derek Noonan of Spy Ireland says that whenever the office gets a call about a cheating spouse, he refers the caller to their online shop.
“Someone who’s going through a matrimonial issue does not have money to pay a detective, so what we decided to do was take the tools that we use to the end user.” Unless you have the resources to invest in the kind of equipment the intelligence community uses, the only way to track someone’s phone is to install software on it. Your options here are vast. In fact, if the bewildering array of spying software packages available on the web is anything to go by, trust has become a very scarce commodity in human relations.
For $89, you can get a package called ‘Mobile Spy’. The website promises: “Mobile Spy will reveal the truth for any company or family. You will finally learn the truth about their call, mobile web, text message activities, and photo, videos and GPS locations by logging into your Mobile Spy account from any web browser.”
Another company, FlexiSPY claims to have the only software that works on 14 instant messengers. “Know everything” is the god-like invitation on site. It goes on: ‘Silently monitor all communications, locations and user behaviour of a smartphone from any web browser.’ This firm also has the parental paranoia angle covered: “Protect children”, we are instructed.
“Did your child make it to school or home from school? Where are they now? Who are their new friends? Spy on your kids (sic) mobile phone and understand their world.” Prices for this service start from $68 per month, or $149 for the year. The company also offers an Extreme service for $199 per quarter, including a password cracker and something called “spoofing tools”.
Not all detectives believe that technology is the way forward. Audrey Christie, the country’s only female private eye, is old school. “Everything is down to surveillance,” she says.
Technology is just time wasting. I find that the most effective way to get a result is to carry out physical surveillance on the subject, it’s just old fashioned private investigation.”
As she, and indeed the other private detectives are keen to point out, keeping within the law is of paramount importance in covert surveillance.
All eschewed the use of vehicle trackers in keeping tabs on a subject since deploying the device invariably involves some form of trespass. The same goes for keystroke trackers; to monitor someone’s web activity, you need to get access to their computer to install the monitoring software.
And of course, to monitor their phone, you need to get hold of that first too.
© Irish Examiner Ltd. All rights reserved