AirPatrol Information Collection Practices
100% Privacy, 100% of the Time. Guaranteed.
The AirPatrol Unified Real Time Locationing platform provides the industry’s most accurate mobile device and asset locationing without compromising the privacy or anonymity of the device owner. As a technology originally developed for security purposes, AirPatrol’s mobile device detection and locationing platforms adhere to best practices and standards when it comes to data protection and privacy. Nonetheless, many people have questions about the type of information AirPatrol technology gathers and how it is used. Below you’ll find answer to the most frequently asked questions.
How does AirPatrol Technology Work?
Mobile devices – cellphones, tablets and the like – regularly broadcast a short radio burst to notify cellular towers and/or wireless (WiFi) access points when they are in the area. This burst, called a “ping” or a “probe” is broadcast over public airwaves. Based on the strength of the ping a cell tower or WiFi access point can tell within a 360 degree radius approximately how close the mobile device is. This is called proximity.
AirPatrol uses a group of passive sensors that “listen” for these public pings. Based on the signal strength each sensor hears, the AirPatrol system performs a calculation called “trilateration” to determine the location of the device broadcasting the ping within two to three meters. Because these devices ping at regular intervals, when the AirPatrol sensors hear a series of pings, the system can also determine direction of travel (similar to sonar on ships).
Because most adults now carry a cellphone with them, counting pings is both a highly accurate way of counting people and measuring traffic flows, and much less intrusive than other technologies such as video cameras.
What Information Does AirPatrol Collect from Mobile Devices?
AirPatrol technology is a passive technology that collects the minimum amount of information necessary to detect and locate a mobile device for the purpose of headcounts and traffic flow. Unlike mobile apps and other technologies, AirPatrol has no registration mechanism and therefore cannot uniquely identify and/or associate a person with a device. Here is the information AirPatrol collects:
- Cellular — For cellular AirPatrol only collects unencrypted information publicly broadcast by the device. This includes the cellular band (GSM, CDMA, etc.), and a broadcast frequency (e.g., 800mhz). Additionally, AirPatrol logs the length of the transmission and strength of the device’s broadcast signal as observed by each sensor. While this information can be used to detect the presence of a cellular device in a location, it cannot be used to uniquely identify a person.
- WiFi and Bluetooth — For WiFi and Bluetooth devices, AirPatrol only collects unencrypted information publicly broadcast by the device. This includes the device’s broadcasted MAC address (which may not be the device’s true MAC address), the broadcast channel, and in some cases, the manufacturer of the radio chipset(s). This information, along with a code specific to the facility in which AirPatrol is operating, is combined to create a unique, encrypted “token” which is used to log the device’s location, journey, and length of stay within the monitored area. The original information broadcast by the device, including the MAC address, is discarded and cannot be used to either uniquely identify a person, or identify the device at another location.
Is the AirPatrol Information Secure?
Yes. At its core, AirPatrol is a security technology and as such follows best practices when it comes to the collection and storage of data. The AirPatrol platform is segmented from public networks and the AirPatrol sensors communicate with the AirPatrol server platform using high grade SSL encryption. The AirPatrol server itself uses a security-enhanced operating system and follows “least privilege” security protocols with no services or software other than those necessary to run the AirPatrol software. Access to the AirPatrol administrative interface requires either direct physical access to the server itself or remote access via high grade SSL encryption, as well as high grade user/password authentication. The system can be further secured using dual factor authentication and data-at-rest encryption minimizing the risk of unauthorized access and data leakage. Additionally, the AirPatrol system stores only encrypted, “tokenized” sensor data used to identify a device during its stay within a monitored area. This data cannot be decrypted, reverse engineered, or used in any way to unique identify an individual or collect any personal information about an individual.
Does AirPatrol Share Information With Other Parties?
No. The information collected by AirPatrol technology is owned by the organization that licenses the AirPatrol system. While that organization is free to share the information with other parties, AirPatrol does not and cannot.
Does AirPatrol “Track” Visitors?
AirPatrol is a detection and location technology, not a “tracking” technology like GPS or WiFi tracker systems such as Google, Apple and Cell carrier location services. AirPatrol technology can anonymously monitor visitor travel patterns through a building or sensor-equipped “zone” during a single visit, and in the case of WiFi-enabled devices, log when a device makes a return visit to the same location. AirPatrol cannot, however, uniquely identify the person carrying the device, nor can it track a device once it leaves a monitored area.
Can Visitors “Opt Out” of AirPatrol Technology?
While AirPatrol has no mechanism of identifying people based on their devices, AirPatrol does have a mechanism that allows licensors of AirPatrol technology to offer their visitors the ability to remove their device’s MAC address from the AirPatrol system logs. Because most smartphones manufactured in the past several years change or “spoof” a random MAC address when they are not connected to a WiFi network, this feature is available is available only for WiFi-enabled devices that actively connect to a WiFi network and reveal their “real” MAC address. Cellular devices have no public unique identifier and thus do not need to “opt out.”
What are Best Practices for Notifying Visitors When AirPatrol Technology is in Use?
Even though AirPatrol technology, unlike video, mobile apps and other systems, does not collect any personally identifiable information, we recommend that facilities equipped with AirPatrol technologies disclose the use of the system and its purpose. Generally this is in the form of signage posted at the entrances of a building with language similar to those disclosing that closed circuit video cameras are in use. AirPatrol can also provide customers with information that can be printed or posted to a website detailing in plain language how the technology works, what information is gathered and why, as well as how to opt out. To request the public disclosure language and information, please contact your AirPatrol Support Representative.
What if I have Additional Questions?
AirPatrol is happy to answer any additional questions you might have regarding AirPatrol technology, security and privacy and implementation of best practices. Please direct any additional questions you might have to your AirPatrol Support Representative and they will provide answers promptly.