There's been a lot of media attention to a report that iPhones track your movements. It's even reached the U.S. Senate. I'm underwhelmed. I think that the threat is overhyped.
What is happening is that these devices create a hidden file with your location. This can be determined by cell phone tower and/or WiFi access points encountered. It does not seem to include GPS data.
Fundamentally, the location file created is a log file. As I tell my students, log files are useful operationally, but also represent a privacy threat if misused. There are two bad things here: the operational purpose of this file has not been made clear, and users are unaware of its existence. (They also can't clear the file if they're willing to forgo the putative advantages, assuming that they knew what those were.)
But who has access to that file? Someone who has access to your phone or your backup device — your PC or Mac — can read it; however, if they have that sort of access, they can get at far more sensitive things, like your email passwords. Encrypt the backups? That isn't a bad idea, but who has access to the keys? File encryption is only useful when the threat is physical rather than over-the-air, and does nothing to protect against someone who obtains custody of the phone rather than the backup device. It helps in some situations, but it's hardly a panacea. (I note that whether or not one can refuse to disclose an encryption key is an unsettled question under U.S. law. Under British law, one must disclose such keys.) In fairness, I should add that there is one situation where encryption does help: if you're backing up the iPhone to a folder stored on a network share controlled by others.
The threat, then, is that someone who wants to track your detailed movements will get hold of your phone and/or backup device. Certainly, this can happen. It's not likely to happen if your gadgets are lost or stolen; most thieves are more interested in having a hot item to resell. It might be of interest to law enforcement, though for large-scale movements, such as airplane trips, credit card receipts will give them all the data they need. The new data is an advantage for tracking detailed movements within a city, though the increasing prevelance of license plate scanners may soon render that irrelevant.
There's one wild card: is this data ever sent to Apple? Thus far, there have been no allegations that this happens. If it should turn out that Apple is receiving the data, the privacy threat becomes very great. It is also highly likely that Apple will suffer a major PR problem and probably legal consequences as well. Again, thus far there have been no allegations, let alone proof, that this has happened; I sincerely hope that the files are staying on their home machines.
By Steven Bellovin, Professor of Computer Science at Columbia University. Visit the blog maintained by Steven Bellovin here.
To post comments, please login or create an account.
MobileSponsored bydotMobi | |
DNS SecuritySponsored byAfilias | |
SecuritySponsored byVerisign | |
DNSSponsored byNeustar UltraDNS | |
Top-Level DomainsSponsored byMinds + Machines | |
IPv6Sponsored byNominum |
I can't figure out what the explosion was yesterday. Cellphone operators know where you are, every single minute of the day, and yes, they track it. http://www.nytimes.com/2011/03/26/business/media/26privacy.html?_r=2 Cripes, we see t.v. crime/detective shows ostensibly showing the use of this tracking technology, constantly.
Every freaking app on the iPhone wants me to enable geo-tracking. THEY know where you are.
And, as you say, the file under discussion is stored locally.
So what precisely is the big deal, and why are people shocked, SHOCKED about it?
Leaving aside the GPS functions and so forth, how people thought the cellular telephone system operated WITHOUT knowing where you were, prior to now, is what leaves me dumbstruck on the panic reaction here.
Sure, the wireless providers already know where you are all the time anyhow. I see the *big* issue as being tools like Cellebrite, which is apparently being used by Michigan state troopers during traffic stops. If that data wasn't on the device, the trooper couldn't hoover it out of there.