Apple responds to Congress: Questions still remain over users' location data

Apple responds to Congress: Questions still remain over users' location data

Summary: Apple responds to Congress regarding the iPhone and iPad location tracking controversy. But pertinent questions still remain to be answered.

SHARE:
TOPICS: Apple
17

Apple has responded with a hand delivered letter to Rep. Ed Markey (D-Mass) regarding the iPhone and iPad location tracking controversy, which kicked off last month.

In the letter (available here), Bruce Sewell, general counsel and senior vice president of legal and government affairs at Apple, details answers given by Markey which were subsequently published by Apple.

As one of the biggest privacy stories of the year, it sparked a wide-ranging debate about location based privacy and what our phones collect about us without the users' direct knowledge.

It also came to light that Microsoft through its Windows Phone devices and Google with its Android-based phones also collected data from its users.

Since the imbroglio began, Apple has now 'fixed' a flaw which allowed location based content to be uploaded even when the feature was disabled through an iOS patch last week, which it hoped would solve the issue.

But there are questions that still remain to be answered.

1. How will Apple encrypt location based data?

Will it be in such a way that Apple holds the encryption keys, and if requested by law enforcement can decrypt that information, or will it be encrypted 'automagically' based on the unique properties of the device? I suppose it would be the former and not the latter, as the data needs to be sent back to Apple to be read.

But it does make me wonder whether encrypting the location data on the handset will do any good. Sure, it means that anyone who steals your phone won't be able to find out where you've been, but not much good otherwise.

2. Who is the third party involved in sharing "subsets of the anonymous location"?

This is the major one. Apple shares some of the location data sent by users with a "development partner".

Apple cites "non-disclosure restrictions" and "contractual confidentiality" to protect the anonymous location information from being shared with others beyond this development partner, but it does not explain which information is passed on.

Granted, with the location based data being anonymous, it does suggest that this development partner cannot track your data, as Apple continues to push the "we do not track users' location" line.

But if Congress wants to know more details on this sharing arrangement, then so should the wider public.

3. If users had their data collected by Apple even when they turned it off, will users be told (or Apple investigated)?

It'd be funny if they did tell individual users that they had their locations collected even when they had turned it off -- whether it was a result of a bug or otherwise -- because then it would prove that individuals could be identified by Apple.

Probably won't happen though. But even though the Federal Trade Commission made it clear that it "didn't comment on individual cases", perhaps only time will tell if Apple will be investigated by the authorities for any number of reasons relating to the location tracking scandal.

Topic: Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

17 comments
Log in or register to join the discussion
  • On #3.

    There is no indication that ANY data was sent back to Apple about the users location when sharing data with Apple was disabled.

    #3 is such a red hearing it is not funny unless you consider "they had their locations collected" being accurate to within 50 to 2000 square miles "their location collected".

    The complete ignorance in the blogging community about this issue is simply stunning.
    Bruizer
    • Yes, funny how this is centered around Apple

      and it's data collection when Google has admitted it's similar "guilt" and stated outright it requires such data.

      Google's whole business case (and the reason it developed Android and gives it away for free) is to collect user data and make money from Adwords and click thrus.
      MacCanuck
      • Agree; especially funny that Google also responed to congress and questions

        @MacCanuck: ... still remain about their activities, yet this blog entry does not discuss that at all.
        DDERSSS
      • That's very true

        @MacCanuck
        Google is also being investgated but its hardly ever mentioned by the media. One again, Google gets a free pass.
        iPad-awan
    • Accurate from 50 to 2000 miles? That's a load of BS

      @Bruizer
      or a typo.
      Bill Pharaoh
      • RE: Apple responds to Congress: Questions still remain over users' location data

        @Bill Pharaoh

        The data on my phone shows that there was a lot of activity in places I haven't been near in 20 years, about 50 miles from where I actually have been.

        So, I don't know if it can be off by 2000 miles, but it certainly can be off by 50.
        msalzberg
      • Nope. consolidated.db is accurate to 50 to 2000 square miles.

        @Bill Pharaoh

        That is what the idiot tech bloggers are concerned with. The data collected in the consolidated.db file can pinpoint your position within an area of 50 square miles if you are in the city to 2000 square miles if you are in rural locations.

        The entire topic is a bunch of whiney cry babies unwilling to actually do any data collection themselves to see the impact of the data they are talking about. Instead they talk out of their backside spewing lies and mis-information about the web. This means you Zack.

        Take point #1:
        <i>Will it be in such a way that Apple holds the encryption keys, and if requested by law enforcement can decrypt that information, or will it be encrypted ?automagically? based on the unique properties of the device?</i>

        Who cares? First, the data does not prove the phone was actually with you. Second, it cannot pinpoint your location accurately enough to link you with a crime. The best it could do is say you were in town or not but it still limits your position, at best, to a 50 square mile area.

        What if a criminal gets it? They have lots and lots and lots of houses to search to find your house based on the consolidated.db file. Now the contact database? Now that is a different story.
        Bruizer
      • NOTE: Note the units. Not miles but square miles.

        @Bill Pharaoh

        I am stating an aera and not linear distance. Remember that pi are NOT round but squared.
        Bruizer
      • Erm.

        @Bruizer Fanboy, me thinks.
        zwhittaker
      • @ zwhittaker: A bad blogger me thinks?

        @zwhittaker

        Seriously. What relevance does issue #1 have if the data is accurate to an area of 50 square miles to 2000 square miles?

        Answer that? I really want to know.

        What honesty does item #3 have if the data is accurate to within 50 to 2000 square miles?

        Answer those questions. Knowing that the data that people are talking about is not even close (in human relative terms) to precise location data why even mention points #1 and #3?

        Really bad research? Not understanding the issue? Making up issues where none exist? Fill in the gaps of my understanding how you dreamed up of issues #1 and #3 given the consolidated.db file has neither precise nor accurate position data of the phone?
        Bruizer
      • How about...

        @Bruizer Why not start a blog, and write up your evidence? Or, email me and I'll guest post it.
        zwhittaker
  • lame post, overblown buzz

    Location data is used to provide location-based services. Recently I developed iPhone app which send user location to server to get weather forecast. Is it crime?
    vzi
    • Wrong Again!

      @Briuzer

      >>>I am stating an aera and not linear distance. Remember that pi are NOT round but squared.<<<

      Actually, Pi are round. Corn Bread are squared.
      richdave
  • Fluff? Filler?

    The only truly relevant point is #2 - who is this mysterious third party and what are they using the data for. The rest is fluff, click baiting the ABAers, Apple Haters, Apple faithful, rabid frothing at the mouth fanboys of all stripes, and those who are (like myself) concerned about the sheer amount of FUD being spread by the above list... FUD not limited to posts about Apple BTW<br><br>Point #1 is not truly relevant because the location data is not exact - that database cannot place someone at the Starbucks on 5th and Main at 5pm during their happy hour. It cannot place someone at the adult bookstore grabbing a porno, the 7-11 getting some ice cold golden delicious beverages, the babysitter's house getting your groove on, your church to confess all of these sins, and at your home explaining to your wife why you are late AGAIN this week, or anywhere in specific (fortunately for the hypothetical scumbag in the above example). It can give one a <i>general</i> idea of your location at a certain time - within a mile of the corner of 5th and Main for example. Unless with your superior investigative skills you can prove me wrong... I'll wait.<br><br>That brings me to point #3 which is irrelevant because of the above WITH the added questions: Can you possibly explain just HOW the device is sending data while OFF? As in not being powered? As in NONE of the radios are capable of transmitting anything due to not being powered. Yeah, <b>If users had their data collected by Apple even when they turned it off, will users be told (or Apple investigated)?</b> How does that work? Oh, let me guess: Apple is of course remotely powering the device on so that this data can be mined and then remotely turning the device off before the user can catch them at it. <br><br>I also want to see your answers to Bruizer's questions. Hate to say it but your responses thus far seem to be right out of the ABAer playbook.
    athynz
    • Re: Fluff? Filler?

      @athynz
      "Can you possibly explain just HOW the device is sending data while OFF? As in not being powered?"

      Modern day phones are not switched off when you switch it off. Remember the Alarm clock still work when switched off?? To really switch off a phone, you will need to remove the battery, which is not possible with Apple devices. When you call a switched off phone, the message you get is different from the message when you call a phone with the battery removed, which means the network knows that the phone is in the network area but switched off.
      Raju Das
      • &quot;Off&quot; takes on different meanings. It is overloaded.

        @Raju Das

        If you turn "Off" an iPhone VS "Stand by", these are two different things but are often confused.

        When the phone is "Off" as in the "Slide to power off" is selected, the phone really is in an Off state and is not connected to any network in anyway shape or form. The parasitic power is measured in fractions of micro-amps when the phone is Off. Power to the processor, memory and radios is 100% removed.

        Your other option is Stand By. This is entered when you simply push the wake/power button. In this mode, radios are still potentially active as is the processor. Power consumption is dialed way way down and the screen is off. The UILocationManeger objects in runnning software are fully active.
        Bruizer
  • RE: Apple responds to Congress: Questions still remain over users' location data

    50 sq miles is accurate to just under 4 miles.
    Point being, "they" don't need that datum.
    dragon@...