The iPhone tracking scandal has been a revelation to most, and has made national news. But the fact that iPhones can be used to collect huge amounts of data on their owners apparently is not news at all to cops, feds, or the Department of Defense.
Alex Levinson, a college student and researcher for Katana Forensics, published a blog post this morning criticizing the two British researchers who publicized the iPhone tracking file, referring to their “discovery” in quotation marks. The file they found isn’t new nor a secret, writes Levinson. He says he’s has been helping cops grab these vast locational datasets for some time: “Through my work with various law enforcement agencies, we’ve used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices.”
In an era when various organizations retain giant storehouses of data on people, why is the revelation about the iPhone such a big deal? Because the iPhone data pile is so large, so persistent, and so easy to access. Your location information is, for example, already held by cellphone companies; but a court order is needed to get it. And Apple (NSDQ: AAPL) itself has millions of iPhone users already sending it a bunch of locational data twice daily, as a writer on the F-Secure blog pointed out today. But that info, too, would stay protected unless a court ordered otherwise-and in any case, Apple said that data isn’t connected to particular devices. (It’s used to update its own locational and mapping services.)
The data located in the consolidated.db file that’s now been revealed by these two British programmers is simply much easier to get at. It’s not encrypted and can be scanned using a simple program (which they’ve already built.) A private detective or nosy spouse could easily have access to an extremely detailed map of an iPhone user’s movements going back months or even years. And of course, if you’re using a phone given to you by your employer, they are almost certainly going to be able to access this data set.
Perhaps most importantly, law enforcement will be able to readily get at this data. Law enforcement can perform certain types of searches when they arrest someone-without any court order-and increasingly that has included going through cellphone information. If someone is arrested for a DUI or marijuana possession, should police really be able to see everywhere they’ve been in the past year? That seems to raise obvious privacy concerns.
Even folks who don’t always view data collection through a conspiratorial lens-like these two researchers, one of whom worked for Apple for years-are raising questions about why this data collection is so wide-ranging, why it’s kept for so long, and why it isn’t encrypted or hidden. At the presentation, Alasdair Allen and Pete Warden opened the file on one of their phones and found more than 21,138 data points collected over 293 days-that’s more than 70 times a day that the iPhone recorded locational data. Users clearly don’t know this is happening, and there’s no clear way to delete this data without hacking your iPhone.
Strangely, Levinson seems to be a little frustrated that Allan and Warden are getting credit for putting this out into the public. Levinson writes: “I have no problem with what Mr. Warden and Mr. Allan have created or presented on, but I do take issue with them making erroneous claims and not citing previously published work.” He notes that he’s published a paper and presented his findings at two computer forensics conferences this year. But bringing an issue into the sphere of public debate often involves moving beyond academic or scientific circles. Levinson talks about how he’s been helping law enforcement agencies understand this, and even notes that he spoke at a Department of Defense conference. His employer’s flagship product, Lantern 2.0, is a product that helps slice and dice data in iOS products in all kinds of ways, and it appears to be primarily marketed to government investigators.
Well, guess what? If you’re selling your ability to track people and analyze their data to feds and spooks, you aren’t going to get credit for making the public aware of the tracking — even if you did mention it on page 335 of your textbook (which Levinson took a photograph of.) That credit goes, rightly, to Allan and Warden, whose concerns have now been echoed on every major news outlet.
Sometimes the public freaks out when it realizes just how bad a privacy issue is. Remember the Firesheep scare? People have been able to use sophisticated software to spy on open WiFi networks, like those at coffee shops, for years. But it wasn’t until last year, when someone released a simple program called Firesheep, that everyone realized just how easy it would be to tap into someone’s Facebook account. Now that scare has spurred Congressional calls for action.
Similarly, one could say that everyone knew that iPhones performed some type of tracking-after all, the nifty location services come from somewhere, right? But clearly no one realized how accessible that data was, or how wide-reaching the records being saved are.