Last week there was a big flap in the US about Footpath by Path Intelligence, a tracking software that detects the signal coming out of your mobile phone and uses it to track your path through a location, typically a mall but also potentially in a large format retailer. It requires the location to install hardware to do the tracking, but nothing is installed on the shopper’s mobile phone, not even a chance to opt out of the tracking. Theoretically, the location is supposed to put up signs notifying shoppers that this is happening, but it’s not exactly a requirement.

The signal that comes out of the mobile phone does include identifying information about the phone itself, but Path Intelligence says that it scrambles that data right away so that no one ever knows anything personally identifiable about the person carrying the phone or whoever the phone may belong to (odds are that’s a one-to-one correlation except in the case of children).

There’s the usual back-and-forth over the matter: nothing personally identifiable ever gets used, it benefits shoppers ultimately because retailers can be better at serving them from the insights they get from the data, vs. shoppers don’t get to opt out except to turn off their phones, the only benefit you really want is to get better at selling us more stuff, how long before you’re tempted to use that information you say you don’t keep anyway?

I live in a state (Colorado) that has its fair share of off the grid type people — black helicopter people, someone once called them to me (as in, the black helicopter is sitting right over the horizon just waiting to spy on you doing something). So I fully understand the impetus behind the outrage. If you have an expectation of privacy, and someone is doing something that tracks you without your knowledge, then you have every right to be upset about that.

The problem is that whole expectation thing. An example: Google provides an easy search of the web — for free. In exchange, it collects information about you that it uses to make money off of advertisers and really, just about anyone who has a website that they want people to find. If you’re searching the web using Google and you have some kind of expectation of privacy, then in all likelihood it’s because you’ve completely forgotten how this particular value exchange works. If Google couldn’t make money off of your data, then there wouldn’t be Google. The truth is, no one ever really wants to pay what it costs to provide these kinds of benefits. I once saw an analysis of what it would cost the consumer to buy TV content without advertising, and it was way more than consumers said they were willing to spend. And that industry still struggles with how to deal with that gap in the Internet age.

And truly, if you wanted to be completely private online, it’s increasingly easy to do so. Used to be you had to find some proxy that would hide your real presence (and I will rapidly get beyond my depth when talking about this stuff because I am resigned to the fact that there are many companies that know a lot more about me than I am probably aware of and certainly comfortable with). Today all it takes is to hit the private browsing button on your browser of choice.

Okay, that’s the online space, you say. What has that got to do with mobile phone sniffing and the evil things that may be done with that information? Well, it goes back to expectations. Is it reasonable for an individual to have an expectation of privacy when they’re in a public space? I never have understood that objection. If I’m in a retail store or a mall, I’m not in my house. I’m not on my own private property. I am out in the world where anyone could see me. Someone who knows me could easily recognize me and flag me down — should I object that she waved at me because she’s invading my privacy? I can’t opt out of friend or acquaintance recognition when I’m standing in a food court at a mall.

The real problem here doesn’t seem to me to be Path Intelligence. People walk around with their mobile phones on and broadcasting personally identifiable data all the time. If you have the right scanner, can you sniff out mobile phone numbers? Hack call encryption to hear their conversations, intercept their text messages? My knowledge about that is shaped more by Hollywood than reality, but I strongly suspect the answer is yes. So kudos to Path Intelligence for taking all of that freely broadcasted data from mobile phones and turning it into something useful for somebody. It’s not like they’re turning around and selling mobile phone numbers to retailers to suddenly become the targets of SMS campaigns (yet, the skeptics of you emphasize, and I won’t deny that particular uncomfortable truth). But again, the problem isn’t them — it’s with the mobile phones themselves. It’s not that Path Intelligence or anyone else shouldn’t use the data that is freely floating out in the air out there. It’s the phones that need to adapt to a world where data of any kind — and particularly mobile shopper data — is increasingly valuable, just like browsers responded with private browsing buttons. For Path Intelligence, it might even make their job easier if that data came already masked. As long as each phone is uniquely identifiable, they can still do their job, same as a video-based technology, and then they don’t have the risk associated with touching personally identifiable information.

But should a consumer, in a public venue like a mall, have the ability to opt out of footpath tracking? I think the answer is no. If a mall really wanted to (and has done in the past), it could achieve the same end with people following you around and you could have no objection to that. As long as they’re not harassing you, they have just as much right to be there as you do — more so, since they’re acting on behalf of the location’s owners. They can do it with cameras, and while there are people who object to that, the objection is increasingly difficult to get to stick given security concerns. So why not mobile phones? If you’re out and about and letting your phone spill its unprotected data everywhere all the time, where anyone can see your face just as easily, it seems difficult to me to make a case for an expectation of privacy.

If you don’t like it, don’t take it out on Path Intelligence and their breed of analytics. Don’t get me wrong — I don’t really know what’s right or wrong here. How much information is too much? How much of it really has value or is just taking up megabytes and making people paranoid? All I’m saying here is to direct your outrage where it belongs: the handset manufacturer and your wireless carrier. The solution begins at the source of the problem — your mobile phone.

Or, you could always buy some tin foil.