On 2017-09-09 09:47:23 +0000, Graeme Wall said:

On 09/09/2017 10:37, Someone Somewhere wrote:
On 08/09/2017 17:34, Sam Wilson wrote:
On 2017-09-08 14:40:46 +0000, Martin Coffee said:

On 08/09/17 15:00, Sam Wilson wrote:
On 2017-09-08 13:18:33 +0000, Martin Coffee said:

On 08/09/17 14:03, Recliner wrote:
[snip]
[TfL] said it was talking to the Information Commissioner’s Office about its
plans and passengers could opt out by switching their wifi off. It said
that the phone data was “de-personalised”, with nothing to identify
individuals.

The system works by using 1,070 wifi access points on the Tube network.
They pick up on a code that identifies each phone, the media access control
(MAC) address, and track them from point to point.

Each MAC address was “irreversibly” encrypted, TfL said. Prior to
encryption, a random code is added to each to ensure that the phone cannot
be identified even if the encryption could be reversed. No browsing data
was collected, meaning that emails and the internet habits of passengers
could not be shared with third parties.
[snip]
Let's face it.Â* Even if encrypted, you cannot anonymise a MAC address
as it is unique to each phone.

You can turn it into something that can't be (realistically) turned
back into a MAC address that can be used to identify the
phone/tablet/laptop/whatever.

You don't have to turn the "anonymised" back to a MAC address to
de-anonymise the data.Â* You just encrypt a MAC address and identify the
location data in just the same manner as the tracking occurs. Thus the
location can still be re-associated with the original MAC address.

Sure, if you know a particular MAC address and the encryption procedure
and access to the location data then you may be able (and I note Dr B's
comments in his response) to recreate the key and therefore track the
MAC address.Â* Most of us (and I again I bow to Dr B) probably can't do
that.

Surely the most likely people to want to do this would be criminals
anyway, so criminalising their activities seems slightly pointless.
Deterring casual peepers is probably worth doing.

Surely the problem is if this becomes widespread as eventually you'll
get enough data to identify not just the phone but the individual.

It's fine if it's kept to the tube,Â* but let's take the advertising
angle,Â* presumably the advertisers won't be satisfied with just knowing
what the busiest platform is but would prefer to target their adverts
to one or more groups of people on that platform.

By hooking up a similar system with retailers they work out that of the
group on the platform at 08:30 a significant proportion are e.g.
Waitrose shoppers.Â* And it then goes on and on until you end up pretty
much being able to identify the iindividual, what they buy, where they
live etc without actually ever using any personally identifiable
information.

I'm not sure of the relevant legislation but presumably the only way to
avoid this is that each entity having such a system has to have a
different algorithm (or at least key) for anonymising the MAC data so
each data set remains siloised (but would the supplier of the system
still be able to join the different datasets?)


Shopping malls have been doing a similar thing to send you "targetted
adverts" as you approach various shops.

Hello Mr Yakamoto, welcome back to GAP...

Sam

--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.