Airport: “We’re tracking every single footstep you take and can connect it to your mail address, but your privacy is safe because we say so”

schiphol-1

A sign on the revolving entrance to a European airport, one sign among many, says “the airport employs wi-fi and bluetooth tracking; your privacy is ensured”. The vast majority of people have no idea what this is, and just see it as one sign among many like “no smoking”. But this cryptic term is an indoor mass real-time positioning for every individual in the area at the sub-footstep level, and the airport knows who many of the individuals are.

When your mobile phone has wifi activated, it transmits a network identity signal – a MAC address – continuously in asking its environment for which Wi-Fi networks are available in the area, looking for known networks to connect to. It is possible to use a network of wi-fi base stations in a limited area to pinpoint the exact physical location of your phone in that physical area – by comparing the signal strength of your phone’s identity ping from multiple stations receiving it, and knowing where those stations are, your phone’s location can be calculated in microseconds with sub-footstep accuracy. And as your phone keps pinging its environment to search for wi-fi networks, the end effect is that your movements are tracked basically down to the footstep level in physical space and the second level on the timeline.

We know this because it caught some rare attention when the sub-footstep individual realtime tracking was rolled out citywide in a mid-size town in Europe, and was cracked down on by that state’s Privacy Board (thankfully).

Let’s take that again: sub-footstep-level identified realtime tracking has already been in place in major cities at the city level.

That’s why it’s positively infuriating to see this vague statement on an airport door, and knowing what it means, but also knowing that it has been deliberately worded to make 99% of people even reading it not understand what it means. And most people won’t even read it.

"This terminal uses a Wi-Fi and Bluetooth-based tracking system. Your privacy is ensured." Also, war is peace, freedom is slavery, and ignorance is strength.
“This terminal uses a Wi-Fi and Bluetooth-based tracking system. Your privacy is ensured.” Also, war is peace, freedom is slavery, and ignorance is strength. My privacy is “ensured”? Am I supposed to be grateful because you’re not yet demanding a blood sample?

Your privacy is ensured “because we say so”, apparently.

It gets worse. Your phone is continuously broadcasting its MAC address, right? But the airport has no way of knowing which MAC address belongs to which person, right? So even though this is bad, the airport doesn’t know how you moved, when, and where, and how fast, and with whom… right?

Except, the tracking is done with a Wi-Fi network, remember? Which you can and will connect to, because it broadcasts the name “Free Airport Wi-Fi”. And the only thing you need to provide this network in order to get free and fast net access, thereby connecting with the very MAC address which has been tracked, is your email address.

…and suddenly the airport can connect your physical movements to your email address, and therefore most likely to your identity. It now has the ability to know how you moved through the airport, where you ate, whom you met with, for how long, the list that goes on, a list that shouldn’t be there. The only safeguard against it not doing so and using it against you is a vague “trust us”.

It’s not a random small countryside airport, either. It is Amsterdam-Schiphol, which is the 12th largest airport in the world, and the third largest in Europe after London-Heathrow and Paris-Charles-de-Gaulle.

Your privacy remains your own responsibility.

Syndicated Article
This article has previously been published at Private Internet Access.

Rick Falkvinge

Rick is the founder of the first Pirate Party and a low-altitude motorcycle pilot. He works as Head of Privacy at the no-log VPN provider Private Internet Access; with his other 40 hours, he's developing an enterprise grade bitcoin wallet and HR system for activism.

Join the Discussion

Your email address will not be published.

Since I'm not a robot spammer I'm also answering this easy question:

Discussion

  1. Thijs

    Thank you for this post. I’ll keep in mind next time I go to Schiphol that I should make sure our cellphones are turned off.

  2. Colin

    So you hovered near the perfume counter in Terminal E but then had a coffee in terminal D. I guess Schiphol is selling this information to airport retailers, but of course they might be passing it on to the police. “That Falkvinge shit stirrer passed through a few minutes ago heading for Gate D16. Wonder why he forgot to turn his phone off?”. “D16, they are boarding flight SK418 to Oslo, departure due in 15 minutes.”
    Don’t you just love the surveillance state?

  3. Darkhog

    10minutemail, problem solved. Or fake e-mail address altogether if there’s no validation.

  4. Ninja

    Aside from using disposable e-mail as suggested above, keeping the WI-fi/Bluetooth signals turned off when not in use is another good way of avoiding it while simultaneously saving battery. They can still track you using the mobile network signal if they want but it’s harder to identify you. Sadly Android devices are very bad at MAC randomization, obfuscation but I expect this will become more and more common as people inevitably get more privacy conscious in this ever increasing surveillance world.

    We have yet to see the tipping point where all this idiocy is scaled back to sane levels. Meanwhile we have to take proactive steps to protect ourselves.

arrow