Doug Levin reflects on the introduction of ‘smart badges’ at ISTE. Really just a Bluetooth tracking device that then allowed vendors (and anyone for that matter) to collect data on attendees. Levin hacked a badge
to unpacking their use
. He explains that with little effort they could be used by anybody to track somebody:
Downloading a free mobile app, as I did, an attacker could easily track a specific badge and be notified when it goes out of or comes into range. With little technical skill, an attacker could use it to approach someone outside of the convention center (at a bar or restaurant or tourist attraction) and by employing social engineering techniques attempt to gain their trust. I myself was able to identify that there were over a dozen ISTE conference participants on my train platform on Wednesday morning bound for Chicago O’Hare. When one ISTE participant entered my train car at a later stop, that was trivial to identify. While there were no other ISTE participants on my flight back to the DC area, I located two badges in the baggage claim area (likely packed in someone’s luggage or carry-on).
Audrey Watters suggests that, “ISTE has helped here to normalize surveillance as part of the ed-tech experience. She suggests that it is only time that this results in abuse. Mike Crowley wonders why in a post-GDPR world attendees are not asked for consent? If this is the future, then maybe Levin’s ‘must-have’ guide will be an important read for everyone.