Apple responds to Congress: Questions still remain over users' location data

Apple responds to Congress regarding the iPhone and iPad location tracking controversy. But pertinent questions still remain to be answered.
Written by Zack Whittaker, Contributor

Apple has responded with a hand delivered letter to Rep. Ed Markey (D-Mass) regarding the iPhone and iPad location tracking controversy, which kicked off last month.

In the letter (available here), Bruce Sewell, general counsel and senior vice president of legal and government affairs at Apple, details answers given by Markey which were subsequently published by Apple.

As one of the biggest privacy stories of the year, it sparked a wide-ranging debate about location based privacy and what our phones collect about us without the users' direct knowledge.

It also came to light that Microsoft through its Windows Phone devices and Google with its Android-based phones also collected data from its users.

Since the imbroglio began, Apple has now 'fixed' a flaw which allowed location based content to be uploaded even when the feature was disabled through an iOS patch last week, which it hoped would solve the issue.


But there are questions that still remain to be answered.

1. How will Apple encrypt location based data?

Will it be in such a way that Apple holds the encryption keys, and if requested by law enforcement can decrypt that information, or will it be encrypted 'automagically' based on the unique properties of the device? I suppose it would be the former and not the latter, as the data needs to be sent back to Apple to be read.

But it does make me wonder whether encrypting the location data on the handset will do any good. Sure, it means that anyone who steals your phone won't be able to find out where you've been, but not much good otherwise.

2. Who is the third party involved in sharing "subsets of the anonymous location"?

This is the major one. Apple shares some of the location data sent by users with a "development partner".

Apple cites "non-disclosure restrictions" and "contractual confidentiality" to protect the anonymous location information from being shared with others beyond this development partner, but it does not explain which information is passed on.

Granted, with the location based data being anonymous, it does suggest that this development partner cannot track your data, as Apple continues to push the "we do not track users' location" line.

But if Congress wants to know more details on this sharing arrangement, then so should the wider public.

3. If users had their data collected by Apple even when they turned it off, will users be told (or Apple investigated)?

It'd be funny if they did tell individual users that they had their locations collected even when they had turned it off -- whether it was a result of a bug or otherwise -- because then it would prove that individuals could be identified by Apple.

Probably won't happen though. But even though the Federal Trade Commission made it clear that it "didn't comment on individual cases", perhaps only time will tell if Apple will be investigated by the authorities for any number of reasons relating to the location tracking scandal.

Editorial standards