Bluetooth is a global de facto standard for wireless connectivity, which is based on a low-cost, short-range radio link. When two Bluetooth equipped devices come within ten meters range of each other, they can establish a connection together using a radio-based link. A Bluetooth-enabled laptop computer can send information to a printer in the next room, or a microwave oven can send a message to one's mobile phone announcing that that the meal is ready. Bluetooth will become the standard in mobile phones, PCs, laptops and other electronic devices, enabling users to share information, synchronize data, access the Internet, integrate with LANs or actuate electromechanical devices, such as unlocking a car. A passenger can write e-mails on his/her laptop on an airplane and then, after landing, the messages can be automatically forwarded to the Internet by Bluetooth devices that are ubiquitously located around the airport terminal. In another example, while waiting in an airport lounge, a the passenger can receive interesting duty-free offers directly on his/her mobile phone or play multiplayer games with friends.
Bluetooth devices are designed to find other Bluetooth devices within their ten meter communications range and to discover what services they offer, using a service discovery protocol (SDP). To accomplish this, a Bluetooth device sends out an inquiry message searching for other devices in its vicinity. Any other Bluetooth device that is listening by means of conducting an inquiry scan, will recognize the inquiry message and respond. The inquiry response is a message packet containing the responding device's Bluetooth Device Address (BD_ADDR). The Bluetooth device address is a unique, 48-bit IEEE address which is electronically engraved into each Bluetooth device. The address is virtually guaranteed to be completely unique, so much so that it can be reliably associated with the device's user, much as can the user's passport number or social security number.
As the user carries his/her Bluetooth device about, traveling among other Bluetooth devices, a trail is left in the form of the user's Bluetooth Device Address (BD_ADDR), which the device has given out at each transmission of an inquiry response packet. The user's routes and activities can be tracked by logging the times and locations of the observance of his/her device's Bluetooth Device Address. To the extent that the user is identified with his/her device's Bluetooth Device Address, it is almost as if the user were giving out his/her personal identity number to each inquiring Bluetooth device. This realization will certainly be exploited in the future by market researchers, and possibly by more sinister observers, thereby seriously compromising the user's privacy and possibly the user's safety.
What is needed is a way to provide a pseudonym for a Bluetooth device so that the user's identity, routes, and activities cannot be correlated with his/her device's address.