Nike+iPod = surveillance?

by Jerry Brito on December 4, 2006 · Comments

I’m a happy user of the Nike+iPod Sport Kit. It’s an add-on for iPods that tracks your running: how far, how long, pace, calories burned, etc. It also lets you track your progress toward a goal or challenge other Nike+iPod users to races. It works by paring a radio receiver attached to your iPod and a radio transmitter placed in your shoe.

However, as those of us who follow such things know, there’s nothing that perks up the ears of privacy activists more than the words “radio transmitter” and “shoe” in the same sentence. Their ears must be at their perkiest as researchers at the University of Washington have issued a report claiming that the Nike+iPod kit can be used to track its wearer. Wired News reports in its usual alarmed tone,

If you enhance your workout with the new Nike+iPod Sport Kit, you may be making yourself a surveillance target.

A report from four University of Washington researchers to be released Thursday reveals that security flaws in the new RFID-powered device from Nike and Apple make it easy for tech-savvy stalkers, thieves and corporations to track your movements. With just a few hundred dollars and a little know-how, someone could even plot your running routes on a Google map without your knowledge.

Below the fold I’ll explain why there are no security “flaws” and you shouldn’t be worried if you own one of these devices.


What the report basically says is that the RFID device you put in your shoe transmits a unique identifier for up to 60 feet and that a stalker could use this to “track” you. The researchers built a receiver device that picks up the Nike+iPod signal and alerts its owner. My critique isn’t that this sort of thing isn’t possible to do–it most certainly is as the researchers have shown–but that 1) it’s not really “tracking” under a reasonable definition of the word, and 2) it’s impractical.

As I’ve explained before, using the word tracking conjures up scenes from “Enemy of the State” or other such movies where a blip on a screen pinpoints the tracked person’s location in real time. That’s not what this is. RFID tracking is more like “tracking” a FedEx package. You can know the location where a package was last scanned, but you really don’t know its current location. In order to really track someone using Nike+iPod a stalker would have to put up a receiver every 60 feet in a metro area. There are also more practical ways to stalk someone. The Wired News article notes,

In their report, the researchers detail a scenario in which a stalker who wants to know when his ex-girlfriend is at home taps into her Nike+ iPod system. He simply hides the gumstix device next to her door, and it registers her presence as she passes by in her Nike shoes. If he adds a small “wifistix” antenna to the device, it can transmit this information to any nearby Wi-Fi access point and alert him to her presence via SMS or by plotting her location on Google Maps.

That’s true, but another tried-and-true tool of stalkers that lets them surveil their targets at over 100 feet is called a pair of binoculars. My point is that this hack might tell you whether a person is home or not, but so can the naked eye. “A thief could use a similar set-up to case several houses at once, figuring out when Nike-wearing owners are at home and when they aren’t,” Wired News says. A thief, I would think, would more likely just stake out the place than rely on what a hacked laptop-wifi-SMS device is telling him.

UC Berkeley RFID researcher David Molnar told Wired News: “This shows a need for independent oversight and investigation of these technologies before they go to market. These things happen because the people building devices don’t think about privacy implications.”

Maybe Apple and Nike didn’t think about privacy or maybe they did. What I do know is that if the sports kit really did pose an unacceptable threat to personal privacy, my fellow consumers and I would be smart enough to recognize the problem and make purchasing decisions accordingly. Unlike REAL-ID compliant driver’s licenses, carrying a Nike+iPod device is voluntary. So, I trust consumer choice over the pre-filer of “independent oversight” by who-knows-who “before [a product] goes to market.” I, for one, will take the risk of radio stalking along with the incredibly cool features of this device. Really. It’s incredibly cool. Go see.

Comments Posted in: Privacy, Security & Government Surveillance

  • I haven't been up to anything today. I can't be bothered with anything recently. Nothing seems worth thinking about. I haven't gotten anything done recently, but oh well. Not much noteworthy going on worth mentioning.
  • I feel like a complete blank, but I don't care. Pfft. I've pretty much been doing nothing worth mentioning.
  • My life's been pretty dull recently. Shrug. My mind is like a void. I haven't gotten anything done lately. I can't be bothered with anything recently.
  • I just don't have much to say these days, but so it goes. Today was a total loss. I guess it doesn't bother me.
  • My life's been pretty dull recently. Shrug. My mind is like a void. I haven't gotten anything done lately. I can't be bothered with anything recently.
  • I've more or less been doing nothing worth mentioning, but eh. My life's been really bland today. I don't care. I've just been letting everything happen without me these days. That's how it is.
  • I haven't gotten anything done today. I feel like a fog, but what can I say? I've just been letting everything wash over me lately, not that it matters. Shrug.
  • I feel like an empty room, but eh. Nothing seems worth doing. I haven't gotten much done today.
  • I feel like an empty room, but eh. Nothing seems worth doing. I haven't gotten much done today.
  • My life's been basically bland today. More or less nothing seems worth thinking about. My mind is like an empty room. I've more or less been doing nothing to speak of. Not much on my mind recently.
  • I can't be bothered with anything these days, but shrug. I just don't have anything to say recently. I haven't gotten much done recently. Nothing seems worth thinking about.
  • I just don't have anything to say , but shrug. So it goes. Not much on my mind recently. I can't be bothered with anything recently.
  • Basically nothing noteworthy happening right now, but eh. Today was a complete loss. I haven't been up to much recently. I've pretty much been doing nothing worth mentioning.
  • I haven't been up to much today. I've just been letting everything happen without me. Basically nothing seems worth bothering with. I've just been hanging out doing nothing. I just don't have anything to say right now. More or less nothing happening.
  • I've just been staying at home waiting for something to happen. Whatever. Not much on my mind lately. I guess it doesn't bother me.
  • It sounds to me like the set-up does allow tracking (in the fairest sense of that word). Your objection to the story might be better focused on the claim that this gizmo "make[s] it easy".

    Makes it possible? Yes. But not easy.

    It's relevant to keep in mind that the availability of RF-reading technologies will grow, so it will get easier to track people - though it'll be a while before it's truly "easy."

    You're so right to call out the RFID researcher for demanding "independent oversight and investigation." What does he think the Wired story, this blog post, and all the other people poking around this question are? It's the market at work, baby!

  • Good post. I am in full agreement with you.
blog comments powered by Disqus

Previous post:

Next post: