[LINK] apple phone data collection - just a bug

Jan Whitaker jwhit at janwhitaker.com
Thu Apr 28 17:33:03 AEST 2011 

Apple promises fix for location tracking 'bugs'
  Asher Moses
April 28, 2011 - 9:43AM
http://www.theage.com.au/digital-life/mobiles/apple-promises-fix-for-location-tracking-bugs-20110428-1dxj1.html

Apple denies intentionally tracking iPhone 
locations and has promised that new software will 
be available to fix the bug in the coming weeks.

Apple has admitted that software "bugs" in its 
iPhone resulted in unencrypted user location data 
being stored for up to a year even if location 
services were switched off - a week after reports 
surfaced that iPhones were tracking users' every move.

The statement, in which Apple admits it has not 
previously provided enough information about its 
location tracking practices, comes as the 
Australian Privacy Commissioner, Timothy Pilgrim, 
told this website yesterday that his office was 
"making enquiries into the iPhone matter with Apple".

Apple CEO Steve Jobs said the industry had not 
done a good enough job educating users about 
location-based services. Photo: Reuters

A spokeswoman for the Communications Minister, 
Stephen Conroy, said the government was aware of 
the issue and consumer concerns about the way 
companies share and protect their personal 
information. "The government is currently 
examining the impact of location-based services 
and software and continues to watch industry 
developments in this area closely," the spokeswoman said.

But while Apple admitted to certain location 
tracking bugs, it denied it was tracking the locations of iPhone users.

"Apple is not tracking the location of your 
iPhone," the California-based company said in its 
first response to privacy questions raised by a 
pair of researchers. "Apple has never done so and has no plans to ever do so."

With the iPhone tracker, researchers were able to 
map out the location data their phones were collecting.

Apple said the iPhone was not logging a user's 
location but maintaining a database of nearby 
Wi-Fi hotspots and mobile towers to "help your 
iPhone rapidly and accurately calculate its location when requested."

According to the British researchers, iPhones and 
iPads running iOS 4, the latest operating system, 
were storing latitude and longitude coordinates 
in a hidden file along with a time stamp and the data was easily retrievable.

"By passively logging your location without your 
permission, Apple have made it possible for 
anyone from a jealous spouse to a private 
investigator to get a detailed picture of your movements," they said.

Apple stores locations of towers, not phones

Apple said the location data the researchers were 
seeing on the iPhone is "not the past or present 
location of the iPhone, but rather the locations 
of Wi-Fi hotspots and mobile towers surrounding 
the iPhone's location, which can be more than one 
hundred miles away from the iPhone."

"Calculating a phone's location using just GPS 
satellite data can take up to several minutes," 
Apple said. "iPhone can reduce this time to just 
a few seconds by using Wi-Fi hotspot and cell tower data."

"This data is sent to Apple in an anonymous and 
encrypted form," Apple said in a 10-point 
statement presented in question-and-answer 
format. "Apple cannot identify the source of this data."

Promised bug fixes

Apple said the location data cache will be 
encrypted on the iPhone in a free iOS software 
update in the next few weeks and can be deleted 
when the Location Services feature is turned off on the device.

Apple also said it planned to reduce the amount 
of time the Wi-Fi and cell tower data is stored 
on the iPhone from as much as a year to seven days.

"The reason the iPhone stores so much data is a 
bug we uncovered and plan to fix shortly," Apple 
said. "We don't think the iPhone needs to store 
more than seven days of this data."

Questions have been raised over whether the 
tracking issues are the result of a "bug", 
considering the location tracking features were 
described in a 2009 Apple patent.

Google, similarly, has said all location sharing 
no Android is opt-in by the users and any 
location data sent back to Google's servers is 
"anonymized and it not tied or traceable to a specific user".

Questions raised over 'anonymous' data

But David Vaile, executive director of the UNSW 
Cyberspace Law and Policy Centre, said that even 
if your name isn't sent back to Apple or Google's 
servers it is still not necessarily anonymous 
data. He said the location data could still be 
considered personal information under the Privacy Act.

"The problem for Apple here is that your mobile 
phone number, SIM, IMEI and other device related 
data can and is easily connected to your identity in various ways," he said.

"Apple have the data components and operational 
functionality designed routinely to re-identify 
you as needed. They are attempting to rely on a 
legal fiction, that the information is 
'non-personal' until they want to use it as though it is.

"I think the only solution here is the obvious, 
for Apple to set the default to not collect or 
share this number in any secret store on device, 
to not send and share it to themselves and 
others, and if they want to create this sort of 
personal information security risk for you, to 
ask your permission, untied to other services, 
and give you full and understandable information 
about what and how they propose to do this."

But Vaile crticised Australian regulators and law 
enforcement agencies for "weak enforcement" 
against global technology firms that "take 
advantage of 'cloud' models to export data 
outside the Australian jurisdiction, thus 
stripping our protections from the he data but 
retaining the data itself, and their commercial exploitation options".

"Australians have little remedy if a complaint 
about the Privacy Act is not dealt with 
vigorously, as there is still no private right to 
take legal action to enforce your privacy rights, 
and no easy way to force regulators to do so if 
they are not inclined to act on your behalf," he said.

"In the iPhone case, it may not be just the 
Privacy Act. Depending on what data is actually 
collected, and what is transmitted, when and to 
whom, offences against the Telecommunications 
Interception Act, Cybercrime Act and the like may 
need to be investigated if, as appears likely, 
they have not properly obtained your 
authorisation to deal with data on your phone (by 
failing to provide accurate information in their terms document)."

Apple commended for breaking silence

Matthew Powell, editor of MacTheMag.com, 
commended Apple for breaking its silence and clarifying the issue.

"Apple has long been accused (rightly, for the 
most part) of being too uncommunicative about 
problems with its products, and in particular 
security issues — it won't admit a problem, 
generally, until it has already fixed it," he said.

But Powell said he believed the uproar over the 
location tracking issue was a "tempest in a 
teacup" and while he did sometimes lament the 
reduced privacy people had in the modern world, 
"it's an inevitable by-product of living in an always-connected world, really."

"The generation hitting their teens and twenties 
now don't care about such things, by and large. 
It's just the fogies who remember a time before 
Google Earth who have a problem," he said.

Apple said it was using location data to help 
target advertising but was not sharing it with 
third parties unless it has explicit approval from a user.

Jobs interrupts sick leave to speak up

In an indication of how seriously Apple takes the 
privacy allegations, chief executive Steve Jobs 
interrupted his medical leave of absence to address the question.

"We haven't been tracking anyone," Jobs said in a 
telephone interview with the All Things Digital blog Mobilized.

"The files they found on these phones, as we 
explained, it turned out were basically files we 
have built through anonymous, crowdsourced 
information that we collect from the tens of 
millions of iPhones out there," Jobs said.

US lawmakers this week invited Apple and Google 
to attend a hearing on privacy next month 
following the claims that the iPhone and Android 
devices were regularly tracking a user's location and storing the data.

The House Energy and Commerce Committee also sent 
letters to Apple, Google, Microsoft, Nokia, 
Research in Motion and Hewlett-Packard asking 
whether their devices are tracking, storing, and sharing users' locations.

Jobs said Apple would likely send a representative to the Senate hearing.

"I think Apple will be testifying," he told 
Mobilized. "They have asked us to come and we 
will honor their request, of course."

Jobs also said technology companies have done a poor job educating users.

"As new technology comes into the society there 
is a period of adjustment and education," he 
said. "We haven't, as an industry, done a very 
good job educating people, I think, as to some of 
the more subtle things going on here.

"As such, (people) jumped to a lot of wrong conclusions in the last week."

[the commenters aren't buying it either]


Melbourne, Victoria, Australia
jwhit at janwhitaker.com
blog: http://janwhitaker.com/jansblog/
business: http://www.janwhitaker.com

Our truest response to the irrationality of the 
world is to paint or sing or write, for only in such response do we find truth.
~Madeline L'Engle, writer

_ __________________ _

More information about the Link mailing list