Blog Post

Sen. Al Franken Wants Answers From Steve Jobs

Sen. Al Franken (D-Minn.) wants to know why Apple’s iPhone (s aapl) collects and stores device location data in an unencrypted file. Franken penned a two-page letter (via Ars Technica) asking nine questions of Apple CEO Steve Jobs in response to yesterday’s news regarding the “consolidated.db” file.

As Bobbie reported earlier, the iPhone’s location data logging actually isn’t a new thing. Law enforcement has been using the data for quite a while, according to researcher Alex Levinson, who told GigaOM that the iPhone’s location tracking file isn’t new to iOS 4 (it just changed file locations) and it has been public knowledge in security circles for quite some time now.

That law enforcement knows how and where to access this info may provide partial answers to some of Sen. Franken’s questions. For example, he asks first “Why does Apple collect and compile this location data? Why did Apple choose to initiate tracking this data in its iOS 4 operating system?” Well, first we now know that this isn’t new to iOS 4 thanks to Levinson. And second, if legal authorities are making use of the data for forensic investigation purposes, isn’t it possible that might be one of the reasons behind its inclusion?

While it’s possible, I doubt actually Apple intended the location data log as a breadcrumb trail for use by the authorities, but the fact that it can be used in that capacity will no doubt be troubling to many, especially since the data is relatively easy to access without a court order, which is required when canvassing carriers for similar information.

Even though there’s no evidence to suggest that the location data is being transmitted to or used by any other party, including Apple itself, Franken clearly isn’t content to just let that assumption lie. Citing the fact that “[i]t is … entirely conceivable that malicious persons may create viruses to access this data from customers’ iPhones, iPads, and desktop and laptop computers,” he presses Jobs for more info about the nature and purpose behind the preservation of this sensitive information. Here’s the full list of all nine questions, in the order presented by Franken:

  1. Why does Apple collect and compile this location data? Why did Apple choose to initiate tracking this data in its iOS 4 operating system?
  2. Does Apple collect and compile this location data for laptops?
  3. How is this data generated? (GPS, cell tower triangulation, Wi-Fi triangulation, etc.)
  4. How frequently is a user’s location recorded? What triggers the creation of a record of someone’s location?
  5. How precise is this location data? Can it track the user’s location to 50 m, 100 m, etc.?
  6. Why is this data not encrypted? What steps will Apple take to encrypt the data?
  7. Why were Apple consumers never affirmatively informed of the collection and retention of their location data in this manner? Why did Apple not seek affirmative consent before doing so?
  8. Does Apple believe that this conduct is permissible under the terms of its privacy policy?
  9. To whom, if anyone, including Apple, has this data been disclosed? When and why were these disclosures made?

Apple has yet to make any statement regarding the iPhone and iPad’s location tracking practice. And there are, as of yet, no definite answers to the questions above, beyond the one provided by Levinson regarding the file’s presence prior to iOS 4 mentioned above. I’m curious as to the answers, and I’m sure many others are, too.

8 Responses to “Sen. Al Franken Wants Answers From Steve Jobs”

  1. More importantly is – what would you – as a reporter – and other thought leaders like you (e.g. Kevin) – and the rest of the community – DO?
    Isn’t it a case where we truly need to act? Or would everyone just continue to march like lambs to the Apple parade music.

  2. Paul Gans

    Who cares what Al Franken wants! He’s an idiot. Who does he think he is anyhow. He is a representative of the people not a ruler of the people!

  3. Richard Garrett

    While my initial reaction to the news that a location log was being recorded was “what in the hell?” (and I wondered if I could short Apple’s stock) 24 hours later I am no longer concerned. My guess is that every smartphone with location based services and apps has a similar log. The fact that the iPhone’s is unencrypted is only barely relevant. As for Trojans accessing the file, I would guess that an enterprising hacker could create a log file and access it anyway once having gained access to the phone’s internals. Finally, I remembered that, as an Android user, I have long described to others that by using the phone and Google software I’ve given my life to Google. So as much as I like Franken, respect his position and his humor, I say give it up and welcome to the interconnected 21st century. We’ve been digitally stalked for a long time now (for example through a browser’s history). Its no great leap to realize and accept that our devices are tracking us as well.

  4. You mean a digital device with GPS capabilities, and the need to switch between cell towers might record location data? Shocking. FYI, the network operators know where you are too, they have to.

    • Network operators know where you are but can’t release info without a court order. Anyone,a Trojan maybe, can pick it off your phone or the computer you sync with, Or Apple could, theoretically, use it to target Ads to your phone.