Hmmm… interesting question, and one many of you may have in mind as you pass through the airport on your way to and from IRISSCON later this week.
The query in question came about following a piece in the Irish Independent about a man who ‘erroneously’ carried a sharp-bladed implement onto a plane.
As part of that write-up, author Emaa Jane Hade wrote:
The DAA [Dublin Airport Authority] uses an “automated technology” system to ensure passengers spend no longer than half an hour in the queue for security checks.
It is understood this technology tracks the length of time that passengers carrying Bluetooth- and wifi-enabled devices spend in the queue.
A member of the security team at Dublin Airport revealed there are sensors placed in the roof of the security area that record the time the device and the passenger enters and leaves the queue.
On the face of it, a quick run through security checks may sound appealing, though perhaps slightly less so right now in the wake of the Paris attacks, but what does it mean for passenger privacy?
If you have Wi-Fi or Bluetooth switched on, which I guess many travellers probably do, at least up until the point where they board the aircraft, then Dublin Airport has the capability to track your devices through either or both, irrespective of whether they are actually connecting to anything or not.
And that obviously relates not only to your mobile phone but also your smart watch, tablet, fitness tracker, etc.
The corresponding Wi-Fi and/or Bluetooth MAC address will be hoovered up and, under normal circumstances, both will act as a sort of fingerprint on account of the fact that they are unique to every device.
With that information, the airport can track passengers in much the same way some shops already do, building profiles of where they go.
Given the size of the airport and the relative lack of shopping facilities, it doesn’t appear to be that big a deal but Dublin Airport caters for a large volume of traffic each year, and we know how security services are attracted to bulk data like bees to honey.
Again, possibly not too much for the average passenger to become overly concerned about but there is still an important question at the heart of all this: when did Dublin Airport ask permission to collect this data in the first place?
According to the DAA, the data it collects is not “personal” even though it is obviously personally identifying, and is used only to:
measure and check queue/dwell times at the airport, and the only parties who have access to the data are DAA and the company which operates the system.
Fortunately, the airport appears to be listening though, recently saying that it is in the process of upgrading its system to encrypt collected MAC addresses in such a way that they won’t be able to be linked back to the original MAC address.
Sounds good… but, once again, when and where did Dublin Airport reveal it was collecting such data in the first place?
The answer to that question is something I cannot find.