Sen. Al Franken (D-Minn.) wants to know why Apple’s iPhone collects and stores device location data in an unencrypted file. Franken penned a two-page letter (via Ars Technica) asking nine questions of Apple CEO Steve Jobs in response to yesterday’s news regarding the “consolidated.db” file.
As Bobbie reported earlier, the iPhone’s location data logging actually isn’t a new thing. Law enforcement has been using the data for quite a while, according to researcher Alex Levinson, who told GigaOM that the iPhone’s location tracking file isn’t new to iOS 4 (it just changed file locations) and it has been public knowledge in security circles for quite some time now.
That law enforcement knows how and where to access this info may provide partial answers to some of Sen. Franken’s questions. For example, he asks first “Why does Apple collect and compile this location data? Why did Apple choose to initiate tracking this data in its iOS 4 operating system?” Well, first we now know that this isn’t new to iOS 4 thanks to Levinson. And second, if legal authorities are making use of the data for forensic investigation purposes, isn’t it possible that might be one of the reasons behind its inclusion?
While it’s possible, I doubt actually Apple intended the location data log as a breadcrumb trail for use by the authorities, but the fact that it can be used in that capacity will no doubt be troubling to many, especially since the data is relatively easy to access without a court order, which is required when canvassing carriers for similar information.
Even though there’s no evidence to suggest that the location data is being transmitted to or used by any other party, including Apple itself, Franken clearly isn’t content to just let that assumption lie. Citing the fact that “[i]t is … entirely conceivable that malicious persons may create viruses to access this data from customers’ iPhones, iPads, and desktop and laptop computers,” he presses Jobs for more info about the nature and purpose behind the preservation of this sensitive information. Here’s the full list of all nine questions, in the order presented by Franken:
- Why does Apple collect and compile this location data? Why did Apple choose to initiate tracking this data in its iOS 4 operating system?
- Does Apple collect and compile this location data for laptops?
- How is this data generated? (GPS, cell tower triangulation, Wi-Fi triangulation, etc.)
- How frequently is a user’s location recorded? What triggers the creation of a record of someone’s location?
- How precise is this location data? Can it track the user’s location to 50 m, 100 m, etc.?
- Why is this data not encrypted? What steps will Apple take to encrypt the data?
- Why were Apple consumers never affirmatively informed of the collection and retention of their location data in this manner? Why did Apple not seek affirmative consent before doing so?
- To whom, if anyone, including Apple, has this data been disclosed? When and why were these disclosures made?
Apple has yet to make any statement regarding the iPhone and iPad’s location tracking practice. And there are, as of yet, no definite answers to the questions above, beyond the one provided by Levinson regarding the file’s presence prior to iOS 4 mentioned above. I’m curious as to the answers, and I’m sure many others are, too.