iGeneration

Charlie Osborne
Home / News & Blogs / iGeneration

Apple responds to Congress: Questions still remain over users' location data

By | May 10, 2011, 12:07pm PDT

Summary: Apple responds to Congress regarding the iPhone and iPad location tracking controversy. But pertinent questions still remain to be answered.

Apple has responded with a hand delivered letter to Rep. Ed Markey (D-Mass) regarding the iPhone and iPad location tracking controversy, which kicked off last month.

In the letter (available here), Bruce Sewell, general counsel and senior vice president of legal and government affairs at Apple, details answers given by Markey which were subsequently published by Apple.

As one of the biggest privacy stories of the year, it sparked a wide-ranging debate about location based privacy and what our phones collect about us without the users’ direct knowledge.

It also came to light that Microsoft through its Windows Phone devices and Google with its Android-based phones also collected data from its users.

Since the imbroglio began, Apple has now ‘fixed’ a flaw which allowed location based content to be uploaded even when the feature was disabled through an iOS patch last week, which it hoped would solve the issue.

But there are questions that still remain to be answered.

1. How will Apple encrypt location based data?

Will it be in such a way that Apple holds the encryption keys, and if requested by law enforcement can decrypt that information, or will it be encrypted ‘automagically’ based on the unique properties of the device? I suppose it would be the former and not the latter, as the data needs to be sent back to Apple to be read.

But it does make me wonder whether encrypting the location data on the handset will do any good. Sure, it means that anyone who steals your phone won’t be able to find out where you’ve been, but not much good otherwise.

2. Who is the third party involved in sharing “subsets of the anonymous location”?

This is the major one. Apple shares some of the location data sent by users with a “development partner”.

Apple cites “non-disclosure restrictions” and “contractual confidentiality” to protect the anonymous location information from being shared with others beyond this development partner, but it does not explain which information is passed on.

Granted, with the location based data being anonymous, it does suggest that this development partner cannot track your data, as Apple continues to push the “we do not track users’ location” line.

But if Congress wants to know more details on this sharing arrangement, then so should the wider public.

3. If users had their data collected by Apple even when they turned it off, will users be told (or Apple investigated)?

It’d be funny if they did tell individual users that they had their locations collected even when they had turned it off — whether it was a result of a bug or otherwise — because then it would prove that individuals could be identified by Apple.

Probably won’t happen though. But even though the Federal Trade Commission made it clear that it “didn’t comment on individual cases”, perhaps only time will tell if Apple will be investigated by the authorities for any number of reasons relating to the location tracking scandal.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “iGeneration”

Topics

U.S. Congress, Apple Inc., Zack Whittaker

Zack Whittaker, a criminologist who studied at the University of Kent, Canterbury, is a journalist, writer and broadcaster.

Disclosure

Zack Whittaker

I worked briefly with Microsoft UK in 2006 but no longer have any connection with the company. Regardless, I remain impartial and unbiased in my views.

I don't hold any stock or shares, investments or industrial secrets in any company, but have signed confidentiality agreements with a number of UK and U.S. organisations, whose names I am not at liberty to disclose.

I was involved with Kent Union, the University of Kent's student union, undertaking voluntary, non-salaried, elected positions between early 2009 and mid-2010.

No other company, body, government department, non-governmental organisation or third sector organisation employs me or pays me a salary in any capacity whatsoever.

As a freelance journalist, whenever expenses are given and taken by a company that is not CBS Interactive, these will be disclosed in each relevant post to ensure transparency.

I currently work with a UK law enforcement unit, but this is an entirely separate position which bears no connection to other work.

(Updated: 23rd October 2011)

Biography

Zack Whittaker

Zack Whittaker, criminologist who studied at the University of Kent, UK, is a journalist, writer and broadcaster.

After studying criminology at university, though still in his early-20's, he has already had a series unconventional work and voluntary positions. He has worked with researchers studying neurological illnesses like Tourette's syndrome (which he suffers from), has given lectures on the nature of disabilities in the public community, and occasionally ends up speaking on television and radio discussing the events of the day.

He first had academic work published at the age of 22, then still an undergraduate, and has been cited by a wide range of publications: from the Huffington Post, Business Insider, AllThingsDigital, The Atlantic Wire and CBS News.

17
Comments
Add Your Opinion

Join the conversation!

Just In

Wrong Again!
richdave 13th May 2011
@Briuzer

>>>I am stating an aera and not linear distance. Remember that pi are NOT round but squared.

Actually, Pi are round. Corn Bread are squared.
View in thread
0 Votes
+ -
On #3.
Bruizer 10th May 2011
There is no indication that ANY data was sent back to Apple about the users location when sharing data with Apple was disabled.

#3 is such a red hearing it is not funny unless you consider "they had their locations collected" being accurate to within 50 to 2000 square miles "their location collected".

The complete ignorance in the blogging community about this issue is simply stunning.
0 Votes
+ -
Yes, funny how this is centered around Apple
MacCanuck 10th May 2011
and it's data collection when Google has admitted it's similar "guilt" and stated outright it requires such data.

Google's whole business case (and the reason it developed Android and gives it away for free) is to collect user data and make money from Adwords and click thrus.
0 Votes
+ -
Agree; especially funny that Google also responed to congress and questions
DeRSSS 10th May 2011
@MacCanuck: ... still remain about their activities, yet this blog entry does not discuss that at all.
0 Votes
+ -
That's very true
iPad-awan 10th May 2011
@MacCanuck
Google is also being investgated but its hardly ever mentioned by the media. One again, Google gets a free pass.
0 Votes
+ -
Accurate from 50 to 2000 miles? That's a load of BS
Bill Pharaoh 10th May 2011
@Bruizer
or a typo.
0 Votes
+ -
RE: Apple responds to Congress: Questions still remain over users' location data
msalzberg 10th May 2011
@Bill Pharaoh

The data on my phone shows that there was a lot of activity in places I haven't been near in 20 years, about 50 miles from where I actually have been.

So, I don't know if it can be off by 2000 miles, but it certainly can be off by 50.
0 Votes
+ -
Nope. consolidated.db is accurate to 50 to 2000 square miles.
Bruizer 10th May 2011
@Bill Pharaoh

That is what the idiot tech bloggers are concerned with. The data collected in the consolidated.db file can pinpoint your position within an area of 50 square miles if you are in the city to 2000 square miles if you are in rural locations.

The entire topic is a bunch of whiney cry babies unwilling to actually do any data collection themselves to see the impact of the data they are talking about. Instead they talk out of their backside spewing lies and mis-information about the web. This means you Zack.

Take point #1:
Will it be in such a way that Apple holds the encryption keys, and if requested by law enforcement can decrypt that information, or will it be encrypted ?automagically? based on the unique properties of the device?

Who cares? First, the data does not prove the phone was actually with you. Second, it cannot pinpoint your location accurately enough to link you with a crime. The best it could do is say you were in town or not but it still limits your position, at best, to a 50 square mile area.

What if a criminal gets it? They have lots and lots and lots of houses to search to find your house based on the consolidated.db file. Now the contact database? Now that is a different story.
0 Votes
+ -
NOTE: Note the units. Not miles but square miles.
Bruizer 10th May 2011
@Bill Pharaoh

I am stating an aera and not linear distance. Remember that pi are NOT round but squared.
0 Votes
+ -
Contributr
Erm.
zwhittaker 10th May 2011
@Bruizer Fanboy, me thinks.
0 Votes
+ -
@ zwhittaker: A bad blogger me thinks?
Bruizer 10th May 2011
@zwhittaker

Seriously. What relevance does issue #1 have if the data is accurate to an area of 50 square miles to 2000 square miles?

Answer that? I really want to know.

What honesty does item #3 have if the data is accurate to within 50 to 2000 square miles?

Answer those questions. Knowing that the data that people are talking about is not even close (in human relative terms) to precise location data why even mention points #1 and #3?

Really bad research? Not understanding the issue? Making up issues where none exist? Fill in the gaps of my understanding how you dreamed up of issues #1 and #3 given the consolidated.db file has neither precise nor accurate position data of the phone?
0 Votes
+ -
Contributr
How about...
zwhittaker 10th May 2011
@Bruizer Why not start a blog, and write up your evidence? Or, email me and I'll guest post it.
0 Votes
+ -
lame post, overblown buzz
vzi 10th May 2011
Location data is used to provide location-based services. Recently I developed iPhone app which send user location to server to get weather forecast. Is it crime?
0 Votes
+ -
Wrong Again!
richdave 13th May 2011
@Briuzer

>>>I am stating an aera and not linear distance. Remember that pi are NOT round but squared.

Actually, Pi are round. Corn Bread are squared.
0 Votes
+ -
Fluff? Filler?
Pete "athynz" Athens Updated - 10th May 2011
The only truly relevant point is #2 - who is this mysterious third party and what are they using the data for. The rest is fluff, click baiting the ABAers, Apple Haters, Apple faithful, rabid frothing at the mouth fanboys of all stripes, and those who are (like myself) concerned about the sheer amount of FUD being spread by the above list... FUD not limited to posts about Apple BTW

Point #1 is not truly relevant because the location data is not exact - that database cannot place someone at the Starbucks on 5th and Main at 5pm during their happy hour. It cannot place someone at the adult bookstore grabbing a porno, the 7-11 getting some ice cold golden delicious beverages, the babysitter's house getting your groove on, your church to confess all of these sins, and at your home explaining to your wife why you are late AGAIN this week, or anywhere in specific (fortunately for the hypothetical scumbag in the above example). It can give one a general idea of your location at a certain time - within a mile of the corner of 5th and Main for example. Unless with your superior investigative skills you can prove me wrong... I'll wait.

That brings me to point #3 which is irrelevant because of the above WITH the added questions: Can you possibly explain just HOW the device is sending data while OFF? As in not being powered? As in NONE of the radios are capable of transmitting anything due to not being powered. Yeah, If users had their data collected by Apple even when they turned it off, will users be told (or Apple investigated)? How does that work? Oh, let me guess: Apple is of course remotely powering the device on so that this data can be mined and then remotely turning the device off before the user can catch them at it.

I also want to see your answers to Bruizer's questions. Hate to say it but your responses thus far seem to be right out of the ABAer playbook.
0 Votes
+ -
Re: Fluff? Filler?
Raju Das 10th May 2011
@athynz
"Can you possibly explain just HOW the device is sending data while OFF? As in not being powered?"

Modern day phones are not switched off when you switch it off. Remember the Alarm clock still work when switched off?? To really switch off a phone, you will need to remove the battery, which is not possible with Apple devices. When you call a switched off phone, the message you get is different from the message when you call a phone with the battery removed, which means the network knows that the phone is in the network area but switched off.
0 Votes
+ -
"Off" takes on different meanings. It is overloaded.
Bruizer 11th May 2011
@Raju Das

If you turn "Off" an iPhone VS "Stand by", these are two different things but are often confused.

When the phone is "Off" as in the "Slide to power off" is selected, the phone really is in an Off state and is not connected to any network in anyway shape or form. The parasitic power is measured in fractions of micro-amps when the phone is Off. Power to the processor, memory and radios is 100% removed.

Your other option is Stand By. This is entered when you simply push the wake/power button. In this mode, radios are still potentially active as is the processor. Power consumption is dialed way way down and the screen is off. The UILocationManeger objects in runnning software are fully active.
0 Votes
+ -
RE: Apple responds to Congress: Questions still remain over users' location data
dragon@... 13th May 2011
50 sq miles is accurate to just under 4 miles.
Point being, "they" don't need that datum.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix