• United States



Bluetooth Surveillance?

Dec 04, 20072 mins
Data and Information Security

While this is not a “real” current threat, the experiment conducted during the International Symposium of Electronic Arts in San Jose last year raises some chilling issues. During the Symposium, a network of Bluetooth sensors were deployed throughout the city (see for more information). Once established, the network tracked cell phone users who had their Bluetooth set to “discoverable.” The network was able to track and record the movements of these users around the city.

Attendees at the conference could visit a particular booth, present their cell phone, and receive a printout of every location the attendee visited, as recorded by the network of Bluetooth sensors. To say the least, attendees were taken aback by the volume and detail of the information recorded about their movements. The information could be used to identify which hotel the attendees were staying at, where they had lunch, which shops they visited, etc.

The potential for use and misuse of this information is mind boggling. Marketers could use the information to create more targeted ads, send text messages when a cell phone user is in the proximity of a particular store, and, of course, collect and sell the information to other marketers. Others might use the information to track the movements of an individual involved in a civil dispute, say a divorce proceeding, to show the individual visited a particular hotel or home of an alleged lover. The list goes on.

I realize this was just an interesting “proof of concept” and extensive networks of Bluetooth sensors are currently not widely deployed. The problem is that they could be in the not too distant future. For now, cell phone users should take a second look at the settings on their phones.


Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law.

Mr. Overly is a member of the Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices. Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC) and Certified Outsourcing Professional (COP) certifications.

The opinions expressed in this blog are those of Michael R. Overly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author