Needed: Best (or At Least Better) Practices for Beacon Deployments

Everyone in the beacon ecosystem, from marketers to infrastructure providers to app developers, can find teachable moments in New York City's decision to pull a network of beacons from its phone booths.
Published: October 15, 2014

Last week, Buzzfeed ran a lengthy story about a large network of Bluetooth beacons deployed in Manhattan. The headline rang: “Hundreds Of Devices Hidden Inside New York City Phone Booths.”

Through an arrangement with the city’s Department of Information Technology and Telecommunications (DoITT), Titan—a company that sells advertising space in public spaces, such as transit terminals and phone booths-cum-information kiosks—late last year began installing beacons on phone booth kiosks around the borough. According to Buzzfeed, Titan said it was using the beacons, made by Qualcomm spinoff Gimbal, largely to see how well they worked.

The city gave Titan a green light to install the beacons without any public discourse or notification. In another investigation conducted by the New York Daily News, Donna Lieberman, the New York Civil Liberties Union’s executive director, characterized the beacon deployment as a “data-mining operation” that “has to be suspended pending an open process about what’s going on.”

Neither the Buzzfeed nor Daily News stories mentioned that beacons do not collect any data, but rather broadcast their unique identifiers, which only Bluetooth-enabled phones running third-party applications—which a user has downloaded—receives. Both articles elicited fears that Titan or the city, or both, have sinister aims. Reads the Daily News: “Privacy advocates warn the deal could turn the Big Apple into a giant data-mining matrix, and deepen the already vast network of surveillance tools used by law enforcement agencies.”

Unsurprisingly, the DoITT office quickly announced it was asking Titan to yank the beacons, despite Titan spokesperson Dave Etherington telling the newspaper his company “is ‘absolutely, categorically not’ collecting data from phones that pass by their booths.”

It would, of course, be impossible for Titan to collect data from phones anyway, unless it created an app using Gimbal’s software development kit.

Surely, these two sensationalistic news pieces will not be the death knell for beacon deployments. Yet, the city’s reaction and decision to pull the beacons are important because, as I learned from Gimbal’s chief operation officer, Kevin Hunter (with whom I coincidentally met the day the Buzzfeed story broke), public spaces are a big growth area target for beacons.

Already, tens of thousands of Gimbal beacons have been deployed, but most have landed in retail stores or sports stadiums. Looking ahead, Hunter told me, Gimbal sees opportunities in acting as a sort of conduit for all sorts of information being pushed through applications to a smartphone user strolling through a city. So, say I visit a new city. I download an app on my phone, check off some broad areas of interest, in terms of the types of experiences or commerce I’m interested in, and then give the application provider the green light to send me notices.

This information “doesn’t have to be deals or promotions,” Hunter stressed, though it would likely direct me to “key restaurants” in the city, or “key social” venues. Over time, he explained, the alerts I’d receive would become highly personalized. “This would be many parties joining in to one app,” he said, “and then using logic, based on past actions, to know what the individual is interested in and then sending them only those alerts.”

A coin cell beacon from Gimbal

Hunter said the value here, as beacon networks grow, will be that Gimbal will “filter out the noise digitally, to show you what you want to know.” To do that, the company will pull together an ecosystem of different parties to play together—which will obviously include retailers and application developers.

If there is one lesson to be gleaned from the Titan debacle, it is that the success of this kind of multi-party beacon application in public space is going to hinge on transparency. The point is not whether nefarious parties (or just marketers) were actually secretly collecting beacon transmissions, unbeknownst to citizens. The point is that this is the perception. Said the Buzzfeed article, “…the spread of beacon technology to public spaces could turn any city into a giant matrix of hidden commercialization—and vastly deepen the network of surveillance that has already grown out of technologies ranging from security cameras to cell phone towers.”

Gimbal requires any application developer whose software leverages Gimbal beacons to communicate with consumers to comply with three cardinal rules:

1: The apps must have transparent opt-in procedures.
2: The app user must have the ability to turn the app on or off.
3: The app user must be able to delete the app from the phone.

Gimbal must ensure its partners foster trust with users, Hunter told me, “because otherwise, that is the death of consumer relationships.” He noted that Gimbal has had to remove beacons from more than one deployment due to infringement of these rules.

Yet, all potential players in the beacon value chain—device manufacturers, software developers, retailers, transportation providers, marketers, city governments, schools, employers, the list seems infinite—ought to follow some basic codes of conduct.

Kevin Hunter

Last year, the Future of Privacy Forum, a think tank that promotes responsible data practices, partnered with U.S. Senator Charles Schumer to create a code of conduct for companies that analyze consumer data collected via mobile devices. Approximately 15 analytics services providers have signed onto this code of conduct, which includes a list of what I consider sensible data and privacy practices. It also includes a mobile location analytics opt-out registry, which consumers can join by providing their devices’ MAC address. Companies that sign the code of conduct must use this registry to no longer associate information about a signee’s presence at a venue with the MAC address of his or her device.

But regardless of whether it is in a public or private space, what about the act of merely installing a beacon? Should New York City or Titan have initiated, at least, some public education to explain how beacons work, the role that applications play in their use, and why they were being deployed across Manhattan? I think so.

Adam Thierer, a senior research fellow at George Mason University’s Mercatus Center, was spot-on when he told PBS NewsHour, in a January 2014 interview, “We need to understand that privacy is a very subjective value, and that some people will be very sensitive about it, others not so much. We need to make sure that people who are highly privacy sensitive have tools at their disposal [to block location awareness technologies]. And other people, if they are willing to, can trade off their privacy in exchange for more convenience, better services, cheaper goods, whatever it might be.”

Mary Catherine O’Connor is the editor of Internet of Things Journal and a former staff reporter for RFID Journal. She also writes about technology, as it relates to business and the environment, for a range of consumer magazines and newspapers.