Government wants answers from Apple on location tracking

Sen. Al Franken, (D-Minn) wrote a two-page open letter to Apple CEO Steve Jobs, asking nine questions about the news that iPhones and iPads running iOS 4 record and store users locations in unencrypted files.

Boing Boing editor/partner and tech culture journalist Xeni Jardin hosts and produces Boing Boing's in-flight TV channel on Virgin America airlines (#10 on the dial), and writes about living with breast cancer. Diagnosed in 2011. @xeni on Twitter. email: xeni@boingboing.net.

MORE: Gadgets • security • Technology

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

jtegnell

Cue the cult stud youth “expert” telling us that young people just have a different concept of privacy from the oldsters, and to get over it.
igzabier

info…

http://alexlevinson.files.wordpress.com/2011/04/photo.jpg?w=584&h=436
- SonOfSamSeaborn
  
  That’s interesting. Is it from developer documentation or is it internal, do you know? If it’s in a dev handbook then I’m surprised it hasn’t come to the fore yet, and I’m less inclined to think of it as a sneaky hidden file.
- SonOfSamSeaborn
  
  In either case, I think by the time you’re on that page of whatever it is, helping the reader “navigate to the directory” with the “using the cd (change directory) command. For more information on the syntax, type man cd at the Terminal prompt.” is a little redundant.
Anonymous

If you’re not guilty of anything offensive to Steve Jobs, then you’ve nothing to be worried about. you-all should be honored that Apple takes an intimate interest in their customers… *honored* i say!

(letsee, what else?)

Privacy is an outmoded concept. Progress is now. Privacy was then. Go dig your grave with your blackberry.

(uhm, how about…)

meh, the NSA (cf. classic “Dr Fun” comic) has been tracking us for years with our cell-phones. this is *nothing new*.

(etc)
Anonymous

Really, this is what passes as “good work” by our senators? This is what makes us feel “proud”? The bar has fallen low. How about the debt? How about health care?

I’d like to address a few of the numbered questions at the end of his letter.

1. Why does Apple collect and compile this location data? Why did Apple choose to initiate tracking this data in its iOS 4 operating system?

It’s misleading to say that Apple is collecting and compiling this data. There is zero evidence that this data is transmitted to Apple, which would seem to be a definition of “Apple [..] collecting and compiling this location data.” The data stays on my iPhone (and any backup I choose to make). No one would claim that Apple is collecting and compiling all of the websites I visit on my computer, yet that data exist too.

Using the word “tracking” is plain sensationalist, if not wrong, yet Sen. Franken (mis)uses it repeatedly in the letter. Logging would be the appropriate word, but it’s not sexy enough.

If the senator wants to make himself useful, he can ask the telecoms (e.g. AT&T and Verizon) what they do with the location data that they actually do “collect and compile” from users. I think my location data is safer on an unencrypted phone than it is in the hands of AT&T where its available for marketing, criminal investigations, and interested hackers.

2. Does Apple collect and compile this location data for laptops?

You forgot to ask about iPads Senator, they’re much sexier and would get you more press.

3.-5. Most of this has already been figured out. Do some research Senator. Some of the specific details you don’t really need to know and are proprietary.

6. Why is this data not encrypted? What steps will Apple take to encrypt the data?

Maybe the only reasonable question you’ve asked. Of course you already know that users can encrypt their backups, right? After all, phones have much more valuable private information in them than a log of imprecise cell tower locations. Do you know what other data on your phone isn’t encrypted? Almost all of the good stuff.

7.-8. It’s permissible because no one’s privacy is being violated. I suppose Apple should just release all of their source code and reveal all of their trade secrets when someone’s panties might get in a bunch.

9. To whom, if anyone, including Apple, has this data been disclosed? When and why were these disclosures made?

See #1 above. Ask your friends at the telecoms. They don’t need Apple to get the data and do what they will with it.
- grimc
  
  1. If you’ve got to resort to arguing the semantics of “collecting and compiling” and “tracking”, you’re probably just wanting to show off your l33t tek knowledge. Speaking of “tracking”, it only appears twice–once as part of a URL to an O’Reilly page. That’s “repeatedly”, huh?
  
  2. If you actually read the letter, he refers to “iPads or iPhones” throughout.
  
  3 – 5. It’s been figured out by outside researchers–Apple, true to form, hasn’t said anything. And how do you know whether it’s proprietary or not?
  
  6. “There’s other stuff that’s not encrypted.” So what? The other stuff isn’t at issue.
  
  7 – 8. “Proprietary” doesn’t mean “I don’t have to tell anybody anything.”
  
  9. He already knows what the telecoms can do with data, and who and how they can release it, i.e. law enforcement with a court order.
  
  Jeebus save us from fanboys.
  - Anonymous
    
    Yes, I suppose I’m a fanboy for thinking that semantics matter, for thinking that this whole matter is sensationalist, silly, and pandering to the media, for thinking that senators have more important things to do, for agreeing that encrypting or otherwise purging the data might be a good idea, for noting the huge distinction between this and what telecoms already do, for being perfectly fine with Apple’s closed source approach. At least I didn’t discredit myself by lowering the level of discourse and calling someone a fanboy and making fun of them for having technical knowledge.
- jetsetsc
  
  “How about health care?”
  
  You are aware that the Senate passed a sweeping if imperfect health care overhaul bill that was signed into law last year? I still can’t believe they actually pulled it off, after a year+ of wrangling. But they did, and I give them mad props for doing so.
pmocek

People are very worked up about Apple selling machines that include software that stores information about the machine’s location on the machine. Why is there so little concern for the fact that the very same cell towers the machine uses to determine its location are also tracking its location? Is there any reason for AT&T not to store that location information somewhere?
Anonymous

Bastards!
CSMcDonald

Well as soon as the MPAA or RIAA wants this data good old Al will switch sides.

Ain’t no good guys kids, it’s all just a matter of who they were bought by.

Al doesn’t have the same sense of constitutional sense when it comes to due process when the entertainment industry desires something – http://www.techdirt.com/articles/20110301/01385813308/senator-franken-defends-censoring-internet-because-he-doesnt-think-hollywood-should-have-to-change-biz-models.shtml

Just another grandstanding twit.
Donald Petersen

You’re there for a good reason, Al. Keep up the good work.
commenter312n

Why doesn’t some smart person make a “hack your geolocation file” application/service and put people randomly, or help people share/swap these files?
–pollute the data!

Also doesn’t Google maps, foursquare, yelp, facedbook and just about any place with “check in” or mapping functionality already collect, aggregate and use this information for marketing?

boo! Besides asking why they want this information, let’s make it worthless.
- EpilepsyWarning
  
  There was an interview on NPR involving those same questions. “Does it matter if we track these locations? Users are just going to report where they are on Facebook, Twitter, Foursquare etc… anyways so we may as well just take it anyway.” That was one opinion in a nutshell.
  
  It matters.
  
  There is a very large difference between volunteering information, and having it mined from you without your consent/knowledge.
  - Anonymous
    
    but you do know that your telco collects your location data together with whom you called and when and for how long, right?
    I wonder if you think they do so as a customer service.
Random_Tangent

If you’re running a Jailbroken iPhone, you can get ‘untrackerd’ from the Cydia store. It should wipe your file (which may end up just being a geolocation cache that never got cleared), and prevent it from saving the data ever again.

Huzzah.
Andrew W

I’m inclined to think this is a bug. It’s just a cache for location services, I would imagine it’s an oversight that it’s not purged like the identical Android one. I don’t like that it’s there, but it’s hard to get to on my phone, and I encrypt my backups. I also imagine that it’ll be gone by the time the next update rolls around.
- Jack
  
  Who cares if itâ€™s a mistake or not? A major computer manufacturer and smart-phone seller has tons of staff across the globe looking out for their interests but something like this happens? What is their development model? Scrum, Agile or Just Plain Stupid?
Jack

I donâ€™t understand people who donâ€™t know what the issue is: If you are being tracked without permission itâ€™s not only creepy, it violates privacy.

Also, I donâ€™t share any geolocation info with anyone on any service. Why should I have this info stored and potentially shared with Apple?

Love my dumb Motorola F3 phone!
caipirina

I honestly do not get the big hoopla … I finally got that app to work and what found was rather meh … a trip to Japan is unrecognized … a trip to Germany (where I used the phone a bit for SMS) dito) …. . the data I see looks rather random scattered around my usual area .. nothing to see here ..

They should sell that as a feature … I have been thinking about some GPS tracking tool to finally figure out kiddo’s bus route …

Sometimes a cigar is just a clverly hidden , but not that well working location device …
- EpilepsyWarning
  
  I think it’s less about what it does and more about the precedent that it sets in terms of information mining. Commentary on the subject should be taken with a grain of salt, including mine, as Apple has yet to respond and we have no idea what the information is used for, if it is used at all.
  
  On a side note, instead of using a GPS locater on your child, I am sure you could work it out with the school to ride along on the route one day. It would be a good way to get involved, get informed, and maintain trust with your kid. 2 cents.
Major Variola (ret)

Hey Al F,

Its not the state’s business. Its between buyer and seller.

Not that the state respects any boundaries; they (and .il) have everything you do. Or are you naif?
How do you think they run Barak?
- ackpht
  
  The people ARE the state, if you read the Constitution. In this case the state is looking out for the rights of individuals, which sellers do not do unless someone forces them. If Apple (seller) made you (buyer) a promise and then broke it, what could you do about it (other than invoking the powers of the state, that is)?
EyeInHand

I would be willing to bet the legit reason relates to the “Find My ____” function, which allows you to locate on a map your iPhone or iPad in the event it’s lost or stolen, also allowing you to wipe the date if it can’t be recovered quickly. This is a legit use, and user activated.

Whether that very useful information is used for less forthright reasons is another question, as is whether that information is recorded even if the use has not selected that option.
Capissen

I don’t think I’ve ever been more proud of a vote than my vote for Franken. In him, we have someone who is still on our side.
franko

i can’t believe the internet is whipping this non-story up. it was already proven yesterday to be nothing but FUD, and yet here we are, with the older media just catching whiff of it and pushing it higher. way to go.
Anonymous

The issue can be resolved similar to the duct tape fix. Simply fashion a new case for your iOS4 device out of several folds of aluminum foil. So long as the case is in place, they won’t be able to track you or read your phone.
Anonymous

FYI, Android does roughly the same thing:

https://github.com/packetlss/android-locdump
- Anonymous
  
  No, not at all roughly. Cell records are limited to 12 hours (48 for wifi) and only up to 50 of them (200 for wifi). So Android barely keeps anything around.
  
  This may be because they’re paranoid, but they’ve probably also not done the hard work of optimizing for a much larger cache over multiple days. Some have suggested that Apple’s database could be used to improve battery life (and iPhones are noted for their battery life, despited their svelte proportions) and connection speed/reliability. People have regular transportation habits and their phones would tend to “see” the same cell towers in the same order for given days and times. Any such benefit from Android’s tiny cache would be wiped out after 12 hours, so your daily commute would need to be re-cached every day in each direction. Why bother. Of course, a log as long as the one in the iPhone database is probably overkill (or a bug). A week or a month would suffice.
- SonOfSamSeaborn
  
  You had me worried till I read it. That’s the location service that Google ask you if you want to use when you first boot a fresh ROM, and explain the implications of. I was unaware it was kept on the phone after it’s sent, though. I never enable it but luckily it looks like there are a million ways to clear it. I’m in a Python session now, so I might take a look.
- SonOfSamSeaborn
  
  As it turns out, I did have the cell/wifi location service enabled from when I used Maps a few days ago, and I hadn’t turned it off afterwards (presumably because I was using Maps to find a bar…). So that gave me a bit of data to play with.
  
  My first test was going to be to see if the files were pruned down when you disable the service, then see if they were pruned after a reboot, then see if they were pruned after a cache wipe, and so on. I needn’t have thought so far ahead: when you disable the service, the files are deleted. Google actually provide the tool to erase the information as standard!
  
  /fanboy
rebelrob

I just tested it. I can see almost every location i’ve been in the past 8 months? – from an outback town in Australia to the path on a Shinkansen train trip from Tokyo to Yokohama.

It’s quite cool to have this data on hand.. I’ll save the sqlite db and store it with other memories like my photo collection.

This has the potential to be misused and Apple should have disclosed this. My friend commented “i’ve suspected my gf is cheating on me. Now I have the chance to see exactly where she has been going.. since installing iOS 4″.
- peterbruells
  
  Frankly, I assume that you warned his girlfriend and recommended that she encrypt her backups, if he wasn’t speaking in jest.
  
  When the news broke and I suspected that those were celltower positions, cached based on the region I frequent, I needed a 2nd set of data. So I used my wife’s iPhone. Whom I trust totally. After asking for permission and explained what I was going to do.
romulusnr

Silly Apple, don’t they know they’re supposed to keep that data only on their own servers so they can hand it all over to the government upon demand?
Anonymous

These questions are worth asking. But if Franken actually cares about the broader issue of surveillance, then as a Democrat, he needs to come out against the Obama administration’s support for allowing police to secretly use GPS devices to monitor people without a warrant. That’s a far worse abuse than what Apple has done (that is, until we find out Apple has been working with fusion centers).