The network technology giant Cisco offers to turn Wi-Fi access points installed in offices and other buildings into a system that tracks the location of employees, customers, smartphones, laptops and other devices for a wide range of purposes #workersurveillance
I took a deep dive 
[thread]
My new case study published today explores behavioral monitoring and profiling in the workplace, with a focus on indoor location and desk occupancy tracking. It's part of a larger research project on employee surveillance.
Read the full 25-page study here:
https://crackedlabs.org/en/data-work/publications/indoortracking
To illustrate wider practices, I examined Cisco's 'Spaces' system.
It allows organizations to leverage Cisco's wireless access points and other networking infrastructure to analyze how employees "move throughout their physical spaces" and track their behavior, location and movement patterns.
Employers can see the current location of each device in the building on a map, access data on past movements and search for devices in order to locate them.
Employees who carry these devices can be identified via device IDs and usernames.
The system can also use Bluetooth/BLE for location tracking.
The system provides reports that display aggregate information about people currently located in a building.
In addition, it can categorize people based on their movements and behavioral profiling, and makes it possible to single out and target individuals in several ways.
Cisco promotes a wide range of applications that affect both customers and employees.
Companies can use the system to track and profile customers, make decisions on buildings or staff deployment, or to implement indoor navigation, patient tracking or student attendance tracking at universities.
As employers, companies can use it for occupancy monitoring or meeting room management. They can view aggregate 'behavior metrics' on entry and exit times, or they can profile employees, send them notifications based on their movements and track internal campaigns that aim to change their behavior.
Cisco describes many applications related to safety and security, e.g. detecting 'unusual asset usage' or employee equipment leaving the facility.
Hospitals can use it to monitor 'hand hygiene compliance'.
Cisco also suggests to use it for performance monitoring in manufacturing.
The system processes indoor location data on a massive scale and frequency.
Cisco claims that it has so far processed 24.7 trillion 'location data points' on almost 100,000 devices collected via 3.8 million Wi-Fi access points installed in offices and other buildings.
The fact that Cisco is able to provide these numbers raises the question about how the company processes the data for its own purposes.
I briefly address this question in section 3.2.6 of my case study, alongside Cisco's claims about privacy, data protection and 'GDPR compliance':
https://crackedlabs.org/en/data-work/publications/indoortracking
To make things worse, the system can also turn Cisco’s WebEx video conferencing devices and even its security cameras (!) into sensors.
Video camera data can be utilized to analyze the "behavior of people within physical spaces", including employees, students, customers or patients.
Third-party vendors can also offer applications that are integrated with Cisco data:
https://spaces.cisco.com/store/apps/
IBM, for example, offers an application that uses Cisco data to analyze how employees use offices and desks and how they move in buildings:
https://spaces.cisco.com/store/product/ibm-tririga-building-insights/
Generally, repurposing data collected from an employer's networking infrastructure or even from video surveillance systems for indoor location tracking and profiling raises serious concerns about the normalization of intrusive behavioral surveillance, privacy and data protection in the workplace.
Juniper, another large network technology vendor, offers a similar indoor location tracking system.
Its access points can locate people either via their devices or via Bluetooth/BLE badges carried by them.
Juniper suggests to use the system to "locate key human resources such as nurses, security guards, and sales associates".
Together with third-party vendors, Juniper offers “tailored workflow applications” that utilize its location tracking system and “enable data-driven decision making”.
Juniper also provides employers with reports that show how employees move between different 'zones' in the office.
An example report in Juniper’s technical docs shows how 551 employee devices were located in a zone labeled 'break area / kitchen', with an average duration of 13.5 minutes per visit.
The report also provides records about each tracked activity, including the “device name” and the exact “enter” and “exit” times.
In my case study published today, I examine a second category of systems that enable employers to profile employee behavior in physical spaces.
Several technology vendors provide systems that use motion sensors installed under desks or in the ceilings of rooms to track desk and room occupancy.
https://crackedlabs.org/en/data-work/publications/indoortracking
The Belgian-German vendor Spacewell offers a system for “real-time office space monitoring” and “workplace analytics” that tracks how employees use desks, meeting rooms and entire offices.
It uses, for example, motion sensors that detect heat emitted by humans and 'low-resolution' cams that utilize computer vision.
According to Spacewell, employers can use the system to “get a detailed picture of how the building is used during the day”, “identify underused areas”, “reduce underutilized space”, “save on rent, energy and cleaning” and “optimize workplace experience”.
An additional module allows employees to book meeting rooms, or, in cases where flexible seating is used, also desks. The booking system can show where specific named employees are currently seated on the floorplan.
Note: The research in my case study refers to products offered by Spacewell in September 2023.
Back then, the company explained that employers can "watch changes that occur over a longer period at an accelerated rate" and then “sit back and watch it as a movie” in order to “get a feeling of how presence, utilization, and comfort parameters evolve during the day”.
Spacewell provides additional functionality, such as a 'smart' cleaning application.
The company provides some functions and information on data security, employee privacy and data protection. But in my view, Spacewell does not adequately engage with the risks posed by behavioral monitoring and profiling.
The 'workplace analytics' system offered by the Swiss vendor Locatee combines motion sensors with badge data and device location data, for example, collected via Cisco Spaces.
Locatee provides reports on “people behavior metrics” and “people presence enriched with team information”.
@wchr i remember a previous employer investigating the use of this for purposes of "find a colleague" in a large office space, some 5-10 years ago. Being in Sweden, the project was shut down for privacy reasons. And that was even before the GDPR.
Laws. They matter.
@wchr A few years ago I looked into similar systems for customer tracking in shopping malls. It turned out, they had no real customers in Germany, only a few experiments that never went somewhere.
@wchr Huh? "'hand hygiene compliance'" ? how does that work over wifi?
@chewie They mention it, but don't know details. Probably based on BLE beacons carried by employees rather than Wi-Fi.
@wchr
Maybe, but that's still a stretch.
Is it good enough to know if someone has has a shit and washed their hands, or had a shit and not washed their hands???
.... Or just loitered near a washing station for a few seconds because they used the rubbish bin nearby....
Seems tenuous to me 
@chewie @wchr (I'm not into the topic at all and just combine)
Maybe there are wifi connected hand sanitizer dispenser, which can send time stamps of usage which can be linked with movement / location of people / employees?
E.g. with hygiene protocol in medical environment, employees should use hand sanitizer dispenser after entering special areas.
Fuck it, just go all out on "AI" like the chinese: https://www.theverge.com/2017/3/20/14986640/china-toilet-paper-theft-facial-recognition-machine 
I totally agree people should follow the rules when it comes to sanitation in shared spaces, but that gets a bit ridiculous!
Meanwhile what companies will *actually* do is rank-stack employees for firing based on who takes the most dumps at work. Incentivizes folks to snag their boss’s phone and hide it in the restroom, which could be fun…
@wchr interesting, knowing that Cisco et al can track and geolocate weithin a sites wifi infrastructure. To sad they dpnt use it for good esp. #indoorosm and indoor geolocation for everybody 
@wchr Shipol Airport actually also seems to have Bluetooth device tracking installed.
@wchr how is this monitoring allowed by the GDPR?
could the employers simply include a clause on the employment contract that doesn't allow an employee to object to this unnecessary surveillance?
@xinayder It depends on the exact use cases and purposes, and labor law can also play a role, which means it differs widely across Europe. In any case, it is very unlikely that employee 'consent' can be 'freely given' in the workplace (power imbalance between employers and workers).
@wchr Desk occupancy tracking. Jesus fuck...
@wchr
What is new?
thank you for sharing this in depth info.
to employers who are against this type of surveillance.
@wchr that's really creepy 
@wchr Man I just wanted wifi 6 indoor navogation. Big tech can fuck all the way off
@wchr
I just got a recruitment message from a company in SF, Density, making these kind of tracking devices...
Thanks for this thread. Truly dystopian
@wchr I've been quite interested in the idea of comparing energy intensity per person rather than per m² of floor and being able to shut down parts of a building to save energy based on where people aren't.
The ability to use the same systems for surveillance and behavioral monitoring has been a bit of a blind spot for me, some of the applications for employee and customer profiling are quite worrying.
@Ixo If at all, it requires rocket-solid safeguards that prevent misuse for other purposes (technical, legal, worker co-determination).
@wchr In addition to the fact that the employer knows where everyone is and what they're doing at all times, so does the network installation company, and Cisco, and all those companies' "trusted partners" and subcontractors, and any current or former employee of those companies with a bit of knowledge or luck, and anyone who has managed to hack into one of those systems... Could easily be used by, say, a private detective working on behalf of a jilted lover.
@wchr @tsherrygeo Can't help but sing, "take this worker surveillance, and shove it, I ain't working here no more "!!!
Now, imagine espionage operatives hacking such a system for locating individuals for a "fall out of a window" assassination
Or thieves knowing when the vault is unattended
Or lawyers using it to impeach witness testimony
Or an employer identifying union organizers for firing
Or a domestic abuser or stalker tracking a victim
Or metrics that reward staff for unhealthy habits like eating at their desk, never taking a break to rest their eyes or hands, or for living sedentary lives.
@wchr Well that can't possibly be used against people 
@wchr if I worked for a company which implemented that, I'd quit.
It's one thing to know *they can*
It's quite another to see the marketing plans behind it.
@wchr
Thank you for sharing! This is super interesting. With ultra-wideband chip in every iPhone 11+ these practices can escalate and scale very quickly.
@wchr How well that my #GrapheneOS phone turns everything Wi-Fi off when I leave home. Track that.
Wonder if anyone noticed how forcing the poor to use Wi-Fi (because flat mobile plans are too expensive) makes them more exposed to being tracked. (Mobile plan users are primarily exposed to their mobile operator and apps, but they can turn off their Wi-Fi/BT beacons)
@yacc143 Unfortunately in many cases nowadays privacy comes at a monetary cost 