When Will Mall Tracking Make Sense? When It's <i>Not</i> Anonymous

Maybe using mobile phone signals to track customers isn't looking so sweet after all. On Monday (Nov. 28), two U.S. shopping malls said they stopped using a people-tracking system that used mobile signals, after the malls' developer got letters from U.S. Sen. Charles Schumer (D-NY), who threatened to call in the Federal Trade Commission to investigate the privacy issues. That's despite the fact that the system is designed to be anonymous—and the system's legality is untested.

There are some ironies in all this. One is that, with all the genuinely invasive customer-tracking technologies online and even in malls, the mobile signals used in this one really are anonymous to everyone but the mobile phone operators. Another is that if the system were actually targeting individual customers and the data were used by store associates, it might actually be more palatable to shoppers. After all, when location data is anonymously collected, it feels creepy. But when an associate knows you've already been to Wet Seal and Nordstrom, that just means she knows your tastes and can serve you better—or at least it feels that way.

The uproar is over the FootPath system from U.K. vendor Path Intelligence, which began use on Black Friday in the two malls: Promenade Temecula (halfway between Los Angeles and San Diego) and Short Pump Town Center in Richmond, Va. The owner of both malls said it received letters from Schumer (fortuitously, just after Black Friday) warning about the FTC investigation.

In a statement, Schumer said, "A shopper's personal cell phone should not be used by a third party as a tracking device by retailers who are seeking to determine holiday shopping patterns. Personal cell phones are just that—personal. If retailers want to tap into your phone to see what your shopping patterns are, they can ask you for your permission to do so. It shouldn't be up to the consumer to turn their cell phone off when they walk into the mall to ensure they aren't being virtually tailed."

Of course, third-parties Apple and Google routinely track phone users' locations in detail for location-based services. (Google just announced a service that tracks each Android user's location to within a few meters inside stores, shopping malls and airports.) Other third-party app developers have also been accused of tapping into smartphone geolocation data in real time without making it clear to the user exactly what's being tracked—even if users have nominally given permission via a click-through license agreement when the app is installed.

Sorry, senator, but requiring an opt-in for location tracking is no defense of privacy, at least as long as nobody actually reads those click-through licenses.

Then there are the legal questions.Then there are the legal questions. StorefrontBacktalk Legal columnist Mark Rasch has pointed out that existing wiretapping laws prohibit anyone but a mobile operator from collecting information on cell-phone calls, and even that information can't be released without a court order. The key language that was added to wiretap laws with the USA PATRIOT Act bars capturing "signaling information reasonably likely to identify the source of a wire or electronic communication."

"Several courts have concluded that the term 'signaling information' includes things like signal strength data used to determine the location of an individual," Rasch notes.

That certainly raises legal uncertainty. It also runs contrary to what some commercial entities that aren't mobile carriers (Apple and Google) have been doing unchallenged for years. Exactly how a judge and jury would decide on the legality of Google Maps for Android is very much up in the air.

But let's leave all that aside. Let's suppose that instead of posting signs telling customers they could opt out by turning off their phones, mall owners or retailers somehow could reach those customers and tell them how to opt in.

(In practical terms, that's impossible on the fly. Those mobile signals really are anonymous—they just contain temporary identifiers that are only useful to mobile operators—who also constantly track mobile users' locations whenever the phone is turned on. But let's imagine there's a practical way to do it anyway.)

Why would shoppers choose to opt into an anonymous traffic-tracking system? Not to help out mall operators who want to track overall traffic patterns. (Besides, mall operators have been able to do that sort of thing—even tracking individual customers—for years.)

And customers aren't likely to opt in to help feed retailers information about their buying habits at other retailers—at least not if it's put to them exactly that way. Customers think CRM is an invasion of privacy. Loyalty programs? They're fine—just not that creepy CRM stuff.

Why would customers be willing to opt in? For the same reason those customers don't mind if an associate looks at the bags they're carrying from retailers they've already visited, and adjusts the sales pitch accordingly. In fact, that's just good service.

A customer may end up giving an associate plenty of information anyway: where the customer has looked for a particular item, price range, what items the customer has already bought, shoe size, dress size, waist size, underwear size and other embarrassingly personal details. And customers don't hesitate to hand over this information to the human being who's trying to help them find the right item to buy at the right price.

That kind of information clearly goes beyond anonymous location tracking, and customers offer it up willingly because there's a benefit: an immediately better shopping experience. It's only seen as creepy, stalker-like information collection when there's no human face on either end: anonymized information that goes into a corporate database, rather than an associate who's face-to-face with a customer.

And that's true whether the information comes from a traffic tracking system, a CRM database or the immediate observations of a really sharp associate.