
JFK Displays Actual Wait Times Using Beacons That Monitor Mobile Phones - brentjanderson
http://www.blipsystems.com/jfk-displays-actual-wait-times-using-beacons-that-monitor-mobile-phones/
======
forgottenpass
_When a device passes the beacons, its non-personal unique ID—called a MAC
address—is recorded, encrypted and time-stamped._

Blip, you make me laugh. You know this will raise privacy concerns and say the
sweet nothings that placate the general public, but inspire no confidence in
people who know what those words mean.

I'm not here to say that as a JFK traveler I'm unhappy with the privacy
considerations. I just want to point out you're pretending your design is good
on privacy when simple tweaks would show the security minded you gave half a
shit. I don't mind this monitoring if it is limited to the uses described,
your maneuvering simply makes me giggle.

A MAC may not be in whatever bucket you're calling "personal" but is certainly
more personal than "non-personal" implies. Encryption is effectively a "we're
doing it right" buzzword to the general public. What are your authorized uses
for the data? What's your KMI? What data minimization techniques are employed?
Do you purge old records? Replace the MAC with an identifier that can't be
tied back to MAC once the target has left the line? Hash MACs on entry in a
way that is both time-costly to bruteforce and results in a different hash
every day?

~~~
heatish
Yeah that same line made me laugh a bit as well. "Your non-identifying, SUPER
personal, burned onto your phones hardware, is never going to change Mac
Address is recorded as you walk by."

I think the idea is a great one, it's unfortunate there isn't a better way
(that I can think of atm) to do it, or like you said just some transparency on
what they do with it. As simple as: "At the end of each day the encrypted mac
addresses are completely erased from our system."

Seems like they do keep the info though, it says the Cincinnati airport kept
it and used it for data analysis. In the end, I think this kind of thing most
people will be okay with foregoing a bit of privacy for.

Edit: Interesting article on mobile MAC addresses down the comments:
[https://news.ycombinator.com/item?id=10097882#up_10098108](https://news.ycombinator.com/item?id=10097882#up_10098108)

~~~
mlaretallack
I work in the traffic industry and over the last 8 years I have seen the rise
of WIFI and Bluetooth journey time monitoring kit and after looking at every
solution, I have found that the method of "encrypting" the data has always
been just a MD5 hash, or SHA if you are lucky. With with result Hash just been
http'ed over to a server on the internet. This usually leads to to question,
"OK, so I can just hash the victims MAC address and the look for that in the
data stream to find out where the person is instead of just using the MAC
directly?" The same is done for ANPR based systems. The word "encrypted" seems
to be added to some how make it secure without the solution being secure.

------
tedchs
Nitpick: these are not "beacons", they are "sensors". The product page linked
from the article doesn't even contain word "beacon". Beacons are
unidirectional. But, beacons are hot right now, which presumably the author
sought to capitalize on.

------
joaq
Awesome, this kind of technology should be used in ALL waiting lines. I read
that the average person spends months of their lives just waiting in lines.
This is ridiculous and should be fixed. Every store should have an average
waiting time and they should try to minimize it.

------
RobotCaleb
Of what use is this information to the people standing in line? "Oh, it's 30
minutes. I guess I'll hurry."

~~~
spigoon
In Austin's airport there are several security lines that you can choose from.
Each line shows its average wait time as well as the average wait time for the
other lines. It's helpful to be able to see that the lines closest to you is
20 minutes but the line just down the terminal is only 5 minutes.

~~~
dopamean
I love that feature. It's also incredible to me how many people either ignore
it or don't know it's there.

~~~
rince
I have never noticed it before Where is the wait time information at
Bergstrom?

~~~
dopamean
Sort of at the front of the security line. Right before you get to the area
where you load up the conveyor belt. It is visible from the back of the line.

------
amenod
I wonder how long before they can do the same with cameras? A bit of computer
vision and you have more complete data... Not sure if there is still need for
better completeness though.

~~~
joaq
Should be quite easy to implement, actually. Some stores have this kind of
technology to track traffic. I think the problem is installing the cameras and
the software, but that's trivial for an airport.

------
vigneshv_psg
I am just curious. Wouldn't it be more easier to do this with specific devices
than using the phones?

Each passenger can be given a smart card along with the boarding pass (or
embedded in the boarding pass). The sensors could merely check for the smart
card at certain points and determine how long it took for the passenger to
clear security, etc. The airline can then collect the smart card back just
before boarding when they scan the boarding pass. Seems like a simple solution
that would work without much privacy concerns.

~~~
hammock
I've seen this done in airports before, only using a plain laminated card that
you carry through the line - the low-tech solution. The card was used by the
TSA to internally track wait times

~~~
evan_
They used to do this at theme parks as well

~~~
tdfw
Disneyland in Anaheim still does. They use it to update the wait time signs at
the entrance to each ride and, just recently, their official wait time mobile
app.

------
MasterScrat
From [http://www.blipsystems.com/indoor-
sensor/](http://www.blipsystems.com/indoor-sensor/):

> When a device passes the sensors, its non-personal unique ID, called a MAC
> address, is recorded, encrypted and time-stamped. By re-identifying the
> device from multiple sensors, travel times, average speeds, dwell times and
> movement patterns become available.

Aren't MAC addresses spoofed on most phones now?! I didn't expect a system
like that to still be usable.

~~~
digi_owl
Even if spoofed, a MAC has to be (locally) unique or else you run into all
kinds of network issues.

As for spoofed on phones, maybe if you have root. But i doubt it comes spoofed
out of the box (at least i have never heard of such a thing).

~~~
macNchz
As of last year iOS devices do randomize their MAC address when polling for
nearby WiFi, specifically to foil this kind of tracking. Here's an interesting
breakdown of what is actually happening:
[http://blog.airtightnetworks.com/ios8-mac-randomization-
anal...](http://blog.airtightnetworks.com/ios8-mac-randomization-analyzed/)

~~~
mikeash
Nice link! From what it describes, I don't think this will be too much of a
problem for a tracking system like this. The randomized MAC is only changed
when the phone is put to sleep for at least 120 seconds. It stays constant
while sleeping, or while active. So if you're on your phone from start to
finish (as a lot of people do) or if you leave it in your pocket from start to
finish, you'll be tracked fine. Only if you use your phone, put it to sleep,
and leave it asleep for at least two minutes all while in the line will you
defeat this. And while that's certainly something people will do, plenty of
people won't, so the tracking can use those.

This all sounds pretty good to me. Short-term tracking like this is useful and
not very invasive. The randomization will still defeat long-term invasive
tracking, like a store recognizing you from past visits and building up a
database of your individual activity from that.

------
Thriptic
Another simple thing that could be done to increase efficiency is have notices
upstream in the security line instructing people to remove their shoes / belts
and store their personal items like phones before they get to the conveyor
belt used to feed items into the x-ray baggage scanner (assuming this is still
a relevant bottleneck). A lot of time is needlessly wasted by people who start
this process when they first hit the front of the security line.

~~~
jschwartzi
I'm not going to take my shoes of in a common area until I absolutely have to.
I think it's a stupid law anyway, and my not disrobing early is a form of
protest at the indignity.

------
gorena
Serious question: if there is a 16 minute queue for "security", why wouldn't a
potential terrorist just wheel up a carry on sized bomb and detonate it in the
middle of the "security" line? Is this something that the TSA addresses (I
assume not), or do they just ignore the possibility? All they've done is move
the soft target further out.

~~~
harmegido
I think they're concern is not foremost for the safety of the passengers. The
main concern is airplanes going into buildings. Of course, this is definitely
an example of fighting the last war.

On a separate note, the TSA really pisses me off. Consider that UPS saves
millions by not taking left turns. Removing or adding very small
inefficiencies at a very large scale has tremendous cost implications. I don't
think these security lines add much security and I think they do that task at
a much higher cost than most people think.

~~~
MBlume
I agree that planes going into buildings is the major security concern, but we
fixed it. We've reinforced the cockpit doors and we've taught passengers not
to cooperate with hijackers (the latter we managed within hours of the first
attack)

~~~
UnoriginalGuy
Plus panic buttons & guns in the cockpit, new procedures for aircraft leaving
their scheduled route, and passenger's reaction to a hijacking (e.g. one "bad
guy" with a switchblade is nothing against 300 people who fear NOT doing
anything will endanger their lives).

~~~
tdfw
Pilots have a panic button. It's called squawking code 7500. Alerts ATC that
there is a hijacking situation (7700 is general emergency.) Guns in airplanes
are a bad idea for, well, quite a few reasons.

------
jonemo
One of the photos shows the system in use at the DHS immigration line. Aren't
there notices all over this place telling travelers that cellphone use is
strictly prohibited before passing the checkpoint? It seems strange that the
airport relies on people breaking the law to provide better service...

------
a-dub
Good. I suspect that many people aren't aware that most smartphones in
common/default configurations leak a unique identifier that can be passively
sensed and monitored. Products like this will help raise awareness as to how
privacy invasive simple consumer devices have become.

------
vvpan
I hope it didn't cost more than hiring extra people to get the mega-lines
through faster.

~~~
crusso
That definitely goes against my hacker instincts where if I can automate a
daily task with the amount of time that it would take me to do it in a few
days, I go ahead and automate it.

~~~
joaq
Yep, I think the same way. I always prefer to spend a lot of time upfront on
something and automate it instead of doing it over and over later. I try to
avoid repetitive tasks as much as I possibly can.

------
anonymousDan
London Luton was displaying similar wait times when I traveled through it last
week, and I was wondering how they did it. I thought they might be doing some
kind of face recognition using the cameras at entry/exit to the hall.

------
jazzyk
Perhaps, just perhaps... they should be spending money on additional stations
to NOT have lines in the first place?

You know, fight the cause rather than the symptom :-)

~~~
duderific
They will only spend enough money on staffing, to keep customer frustration
just below the boiling point. You see that in every industry, not just at the
airport. Although in industries with little or no competition (I'm looking at
you, USPS), I would say have even less incentive to care about customer
satisfaction.

------
csense
Based on the headline, I thought they were displaying the queue time on
monitors held by life-sized mannikins of the former President.

Read the article, was disappointed. It's still interesting tech though.

