A Case Study of User Privacy based on WiFi Data in a Campus Setting

Abstract

In many walks of life, data recording/capture and its subsequent use can be of benefit to society and businesses alike. In many cases, users are fully willing to share data about themselves as part of getting access to some perceived benefit through this sharing, e.g. using the geo-location of their mobile device to obtain local information for route planning. However in other cases, information is captured on individuals where they have little choice. This might be CCTV images of pedestrians walking down the streets, or as presented in this paper: WiFi data from individuals at a given educational organisation. Individuals at the University of Melbourne often depend on having access to University wireless to undertake their courses/degrees or their jobs respectively. The terms and conditions that they agree to when they sign up to WiFi access include a description of how the data can be used by the University, e.g. to assist in understanding the use of the WiFi network and/or the physical University campus for space/infrastructure management. The University also has stringent privacy policies that prevent the tracking of individuals. In this context, the need to provide services that can use WiFi data for business purposes, but protect the information so that individuals cannot be re-identified is paramount. There are also many researchers that wish to access safe versions of this data for research purposes, e.g. way-finding. This paper explores case studies exploring this data based on WiFi data analytics. We show how (consenting) individuals can be re-identified with minimal external and seemingly innocuous (i.e. non-identity-revealing) data.