Privacy Concerns

Bluetooth Traffic Monitoring Technology - Privacy and Legality Concerns

May 17, 2008

Bluetooth Traffic Monitoring (BTM) technology commercialized by Traffax Inc. provides unprecedented capability to sample vehicular traveltime by observing Bluetooth MAC IDs of consumer electronic devices at two different locations. The time difference of a unique MAC ID recorded between two BluFAX stations provides a sample traveltime. Using Bluetooth technology provides greater privacy protection than any comparable system that relies on matching unique identifiers.

The use of MAC addresses as identifiers is the key to the anonymity of this monitoring technology. MAC addresses are not associated with any specific user account (as is the case with cell phone probes) or any specific vehicle (as with automated toll tags). The MAC address is not linked to a specific person through any type of central database, thus minimizing privacy concerns. MAC addresses are assigned by the Bluetooth electronic chip manufacturers, and are not tracked through the sales chain. Additionally, people can control whether their Bluetooth-enabled device can be detected. Users concerned with privacy can set the discovery option of their device (referred to as 'Discovery Mode' or 'Visibility') so that it will not be detectable.

Traffax Inc. implements Bluetooth traffic monitoring technology in full compliance with the IEEE international standards. The method of detection and information recorded does not circumvent any security or privacy protocols. Rather, the method complies fully with existing protocols. Traffax’s patent pending technology relates to the efficient implementation so that it is effective to measure traveltime on roadways, transit and pedestrian facilities.

The inherent protection provided by Bluetooth prevents tracking a person based on their Bluetooth device without first isolating the device in order to determine and record its MAC ID. Only with this step could this information be used in a way that would jeopardize an individual’s privacy. To provide yet further protection, Traffax Inc. recommends additional measures to prevent any potentially unauthorized use of data. These are explained in further detail below.

1. Data use and retention policies:

            Any public entity dealing with sensitive personal information has established policies for its use and dissemination. Similar policies should be implemented for retention and dissemination of the Bluetooth MAC IDs. Such policies include:

  • Destroy any base level MAC ID information after processing. The MAC IDs are needed only to obtain traveltime samples. After processing, discard or permanently encrypt any base level MAC ID data.
  • Use industry standard encryption and network security. Access to sensitive data is not a new problem. Proper security protocols, passwords, encryption and other methods should be incorporated into the data systems that store and process the MAC ID data.

2. Randomization and/or encryption of the data at its source:

            In addition to establishing data processing safeguards, the sensors may be configured to prevent the recovery of unique MAC IDs. These methods include encryption and randomization. The general processes are described below.

  • Encryption includes methods that transform MAC ID data into an output form that requires special knowledge (such as an encryption key) to recover the original information. It also includes hashes and other methods intended to make it difficult for a casual observer to be able to recover the original information. Standard encryption may be introduced at the sensor level to encode the MAC ID. This would preserve the uniqueness of the tag, so that matching could be performed (even on the transformed value), without exposing the MAC ID.
  • Randomization includes methods that deliberatively degrade the data, so that individual observations are no longer globally unique. This means that the ability to track individuals based on their MAC ID is theoretically impossible. A simple example of this would be to truncate the final 3 numbers of the MAC ID. For the purpose of determining traveltime, even a truncated MAC ID is sufficiently unique to sample traffic data, yet it is not sufficiently unique to identify a single Bluetooth device from the global population of Bluetooth devices. The methods for randomization are numerous. A sample of some methods is provided below.
    • Truncation of the MAC ID address (as previously explained) or any method that omits any particular digit of the original MAC ID address.
    • Numerical ordering of the MAC ID address digits. For example, a 12-digit MAC address of 08:79:AC:34:21:BA could be recorded as 01:23:47:89:AA:BC. Again, this is unique enough to determine traveltime, but prevents the ability to associate a signal observation to a particular device.
    • Quotient method. All MAC IDs are divided by an integer divisor. The quotient of the division is used for traveltime matches. This introduces uncertainty in determining the possible range of original MAC IDs that resulted in the quotient. The uncertainty scales with the integer divisor.
    • Any combination of the above methods.

Any of the above methods are implemented at the level of the sensor, not at the central processing station. By implementing encryption and randomization measures at the sensor level, it becomes virtually impossible to obtain the complete and globally unique MAC address of any particular device. Such measures increase privacy protection.  

 

Home | Support | Contact Us
© 2009 Traffax Inc. - 800-767-7480 - traffax@traffaxinc.com