Bluecasting, Bluespamming and Seeking Permission

When Filter-UK started hyping the idea of “Bluecasting” (the “broadcasting” of messages to people’s Bluetooth enabled devices, like cellphones and PDAs), a number of people that I know became concerned — concered that we were witnessing something else: the birth of Bluespam. Alasdair Scott dropped by Aunty Spam’s blog and left a defense: a defense that raises new questions about what counts as permission (and provides another great opportunity to shoot fish in a barrel.)


Alasdair wrote in that comment on this article:

 

“By making your handset discoverable you are permissioning ANYONE to send you something. It’s like putting your number in the phone book [...] So if you don’t want it, don’t [a] turn bluetooth on [b] make handset discoverable and [c] walk into the zone and [d] accept the content.”

 

Welcome to what I think is the one of the new battlegrounds in privacy and marketing: your cellphone and PDA.

During a recent campaign, we explored the potential of doing “bluecasting” (inside the context of a game) and were surprised to discover that there were people to partner with that could provide Bluetooth transmitters with a kilometer broadcast radius. Think about that for a second: a kilometer radius is goodly chunk of Manhattan or LA. It would even fit in the trunk of a car, so you have a mobile transmitter if you really want it.

We intended to use it entirely on a permission basis: people with Bluetooth devices would be able to find our transmitter as a discoverable device. It is true, however, that this exact same system could have done the discovery and tried to push a handshaking packet to every device it could find.

Yes, to every cellphone with Bluetooth where someone who had left the device on as discoverable (perhaps from when they were actually using Bluetooth for what it is designed for: build links between their own devices) in a kilometer radius. The user would have had to authorize that connection, true enough, but discoverable is not the same thing as “permission for anybody to call”.

Aunty Spam describes Alasdair’s comment as invoking the dubious “She Asked For It” defense.

I agree with her: Bluecasting can be a very cool tool, when it is clearly used as a way to provide interactive services with permission. Being able to use my Treo to browse a catalog in a bookstore … or even choose to receive messages from Filter … is a great avenue to explore. It would just be entirely too sad if we had to fight the whole “permission marketing” fight again just because it is some new protocol for delivering that message. No matter how cool a new technology is, someone will always try to make a weak argument that a passive action implies consent to unsolicited messages.

About Brian Clark

Brian Clark of GMDStudios (http://www.gmdstudios.com/)

Website: http://
  • http://www.vitalsecurity.org Paperghost

    Ahaha! The joke’s on Alasdair, I smashed my PDA up and threw it in the bin. Try bluespamming me now!

  • http://www.revenews.com/brianclark/ Brian Clark

    Paper, we’re totally going to need you on this issue, you know. Welcome to the new greynet.

    A good Bluespammer could just as easily set up nodes that are updated with new payloads all the time via the Internet.

    Once you have a Bluetooth connection established, you really have access to all kinds of potential for nastiness if you don’t trust the source.

    There’s going to be some major busting to do.

  • http://www.vitalsecurity.org Paperghost

    Ghost-busting? I rather like the sound of that. Bluebusting? Even better!

  • Meet us at Affiliate Summit West 2014