I’m a happy user of the Nike+iPod Sport Kit. It’s an add-on for iPods that tracks your running: how far, how long, pace, calories burned, etc. It also lets you track your progress toward a goal or challenge other Nike+iPod users to races. It works by paring a radio receiver attached to your iPod and a radio transmitter placed in your shoe.
However, as those of us who follow such things know, there’s nothing that perks up the ears of privacy activists more than the words “radio transmitter” and “shoe” in the same sentence. Their ears must be at their perkiest as researchers at the University of Washington have issued a report claiming that the Nike+iPod kit can be used to track its wearer. Wired News reports in its usual alarmed tone,
If you enhance your workout with the new Nike+iPod Sport Kit, you may be making yourself a surveillance target.
A report from four University of Washington researchers to be released Thursday reveals that security flaws in the new RFID-powered device from Nike and Apple make it easy for tech-savvy stalkers, thieves and corporations to track your movements. With just a few hundred dollars and a little know-how, someone could even plot your running routes on a Google map without your knowledge.
Below the fold I’ll explain why there are no security “flaws” and you shouldn’t be worried if you own one of these devices.
What the report basically says is that the RFID device you put in your shoe transmits a unique identifier for up to 60 feet and that a stalker could use this to “track” you. The researchers built a receiver device that picks up the Nike+iPod signal and alerts its owner. My critique isn’t that this sort of thing isn’t possible to do–it most certainly is as the researchers have shown–but that 1) it’s not really “tracking” under a reasonable definition of the word, and 2) it’s impractical.
As I’ve explained before, using the word tracking conjures up scenes from “Enemy of the State” or other such movies where a blip on a screen pinpoints the tracked person’s location in real time. That’s not what this is. RFID tracking is more like “tracking” a FedEx package. You can know the location where a package was last scanned, but you really don’t know its current location. In order to really track someone using Nike+iPod a stalker would have to put up a receiver every 60 feet in a metro area. There are also more practical ways to stalk someone. The Wired News article notes,
In their report, the researchers detail a scenario in which a stalker who wants to know when his ex-girlfriend is at home taps into her Nike+ iPod system. He simply hides the gumstix device next to her door, and it registers her presence as she passes by in her Nike shoes. If he adds a small “wifistix” antenna to the device, it can transmit this information to any nearby Wi-Fi access point and alert him to her presence via SMS or by plotting her location on Google Maps.
That’s true, but another tried-and-true tool of stalkers that lets them surveil their targets at over 100 feet is called a pair of binoculars. My point is that this hack might tell you whether a person is home or not, but so can the naked eye. “A thief could use a similar set-up to case several houses at once, figuring out when Nike-wearing owners are at home and when they aren’t,” Wired News says. A thief, I would think, would more likely just stake out the place than rely on what a hacked laptop-wifi-SMS device is telling him.
UC Berkeley RFID researcher David Molnar told Wired News: “This shows a need for independent oversight and investigation of these technologies before they go to market. These things happen because the people building devices don’t think about privacy implications.”
Maybe Apple and Nike didn’t think about privacy or maybe they did. What I do know is that if the sports kit really did pose an unacceptable threat to personal privacy, my fellow consumers and I would be smart enough to recognize the problem and make purchasing decisions accordingly. Unlike REAL-ID compliant driver’s licenses, carrying a Nike+iPod device is voluntary. So, I trust consumer choice over the pre-filer of “independent oversight” by who-knows-who “before [a product] goes to market.” I, for one, will take the risk of radio stalking along with the incredibly cool features of this device. Really. It’s incredibly cool. Go see.
Comments on this entry are closed.