{"id":576,"date":"2009-01-30T16:22:28","date_gmt":"2009-01-31T00:22:28","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=576"},"modified":"2009-01-30T16:22:28","modified_gmt":"2009-01-31T00:22:28","slug":"security-review-advertisements-that-watch-you","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2009\/01\/30\/security-review-advertisements-that-watch-you\/","title":{"rendered":"Security Review: Advertisements That Watch You"},"content":{"rendered":"<p>The <a href=\"http:\/\/www.google.com\/hostednews\/ap\/article\/ALeqM5gtt0GDVKp2kUEw39aEGal9yfYmjgD961JH500\" target=\"_blank\">Associated Press reports<\/a> that there is a growing chance that, while watching an advertisement on a video screen in a public place, the advertisement may also be watching you.\u00a0 Following a trend of increasingly prevalent automatic public monitoring, from security cameras to red-light cameras, advertisements may now attempt to identify the people watching them.\u00a0 This is done with small cameras that can be embedded either in or around the advertising video screen.\u00a0 The output from the cameras is feed into software which attempts to identify certain characteristics about the watcher.\u00a0 This includes both personal characteristics such as age, gender, and ethnicity and behavioral characteristics such as the amount of time spent watching the advertisement.<\/p>\n<p><!--more--><\/p>\n<p>Some advertisers like the technology as it provides them with a way of targeting advertisements to consumers based on that individuals characteristics.\u00a0 Further, being able to analyze how long consumers watch a specific advertisement gives advertisers feedback on the effectiveness of their targeted advertisements.<\/p>\n<p>The are currently significant limitations to the technology.\u00a0 It is best suited at identifying gender, which it determines correctly about 85-90% of the time.\u00a0 It is somewhat effective at identifying age, and less effective at identifying ethnicity.\u00a0 It is (supposedly) capable only of identifying some characteristics about an individual and cannot be used to associate a person with a specific identity.<\/p>\n<p>Assets<\/p>\n<ul>\n<li>Consumer information: This technology is capable of determining an individual\u2019s outward characteristics.\u00a0 It converts this information from visual data to an electronic representation (say, a constant that represents \u201cfemale\u201d), which can be stored or made use of by the rest of the system.<\/li>\n<li>Consumer demographics.\u00a0 This technology is capable of determining characteristics of many individuals within a single location at different times of day.\u00a0 This is essentially an aggregation of consumer information which can be statistically analyzed easily since it is already in electronic format.<\/li>\n<\/ul>\n<p>Adversaries\/Threats<\/p>\n<ul>\n<li>People who wish to use the data collected to maliciously target a specific group of people.\u00a0 For example, a pedophile may wish to make use of consumer demographic knowledge by being present when and where there is a high concentration of children.<\/li>\n<li>People who wish to use the video collected for their own purposes.\u00a0 Though the software cannot identify a person, people still can.\u00a0 This could allow stalkers a way of video taping their victims during everyday activities.<\/li>\n<\/ul>\n<p>Potential Weaknesses<\/p>\n<ul>\n<li>By being placed in public places, these video screens are likely to be physically insecure.\u00a0 An attacker will almost certainly be able to get close to the device, if not actually touch it.\u00a0 Any defects in the case could allow physical access to the hardware.\u00a0 Similarly, any defect in the communications protocol (such as unsecured wireless) could provide the data to network sniffers.<\/li>\n<li>Significant trust is being placed on the manufacturers of this technology.\u00a0 They maintain that this information is not being stored, but a rogue employee could add storage \/ transmission capabilities to the device.\u00a0 Also, this claim of lack of storage seems at odds with other claims of allowing for demographic analysis: how can the data be analyzed if it isn\u2019t stored anywhere?<\/li>\n<\/ul>\n<p>Potential Defenses<\/p>\n<ul>\n<li>When targeting an advertisement, do not record how often an advertisement is shown or what characteristic prompted the display.\u00a0 This will help defend consumer information, as there is no database of data to steal.<\/li>\n<li>Ensure that the case of the technology is sturdy, and ideally include mechanisms designed to automatically notice if the case has been opened (at which point, operations should cease).\u00a0 This will help against some physical attackers.<\/li>\n<\/ul>\n<p>Evaluate Risks<\/p>\n<ul>\n<li>A big concern for this technology is its possible evolution.\u00a0 Whatever one thinks of the current version, a version that could associate a person with a specific identify would be incredibly scary.\u00a0 There are reasons to doubt the possibility of this: after all, face scanning technology seems to be very difficult.\u00a0 But the fact of the matter is that this risk remains as long as their recording and attempting to identify consumers in public.\u00a0 Perhaps more worrisome is the potential use of high-definition cameras with another form of identification (perhaps iris scanning, which is seeing gains).<\/li>\n<li>As long as the technology remains in its present form, the only real added risk seems to be in the aggregation of data.\u00a0 All of the data obtained by this technology could be just as easily obtained at a single location by employing a person to sit there changing advertisements based on whomever was nearest and recording these changes.\u00a0 This person would have a higher accuracy than the machine.\u00a0 However, it is the aggregation of data which is more worrisome.\u00a0 This provides the advertisers with an incredible amount of information about many different locations simultaneously and at a high refresh rate.<\/li>\n<\/ul>\n<p>In its current form, I think this is a technology that sounds considerably more invasive than it is in practice.\u00a0 However, future iterations have significant potential to reveal important personal information about individuals, which is a genuine cause for concern.\u00a0 Moreover, if we accept the current iteration as \u201cacceptable\u201d, we may be more likely to accept future, more invasive iterations without objection.\u00a0 And that is scary.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Associated Press reports that there is a growing chance that, while watching an advertisement on a video screen in a public place, the advertisement may also be watching you.\u00a0 Following a trend of increasingly prevalent automatic public monitoring, from &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2009\/01\/30\/security-review-advertisements-that-watch-you\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":112,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-576","post","type-post","status-publish","format-standard","hentry","category-miscellaneous"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/576","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/112"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=576"}],"version-history":[{"count":7,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/576\/revisions"}],"predecessor-version":[{"id":583,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/576\/revisions\/583"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}