There’s been a lot of media attention to a report that iPhones track your movements. It’s even reached the U.S. Senate. I’m underwhelmed. I think that the threat is overhyped.
What is happening is that these devices create a hidden file with your location. This can be determined by cell phone tower and/or WiFi access points encountered. It does not seem to include GPS data.
Fundamentally, the location file created is a log file. As I tell my students, log files are useful operationally, but also represent a privacy threat if misused. There are two bad things here: the operational purpose of this file has not been made clear, and users are unaware of its existence. (They also can’t clear the file if they’re willing to forgo the putative advantages, assuming that they knew what those were.)
But who has access to that file? Someone who has access to your phone or your backup device — your PC or Mac — can read it; however, if they have that sort of access, they can get at far more sensitive things, like your email passwords. Encrypt the backups? That isn’t a bad idea, but who has access to the keys? File encryption is only useful when the threat is physical rather than over-the-air, and does nothing to protect against someone who obtains custody of the phone rather than the backup device. It helps in some situations, but it’s hardly a panacea. (I note that whether or not one can refuse to disclose an encryption key is an unsettled question under U.S. law. Under British law, one must disclose such keys.) In fairness, I should add that there is one situation where encryption does help: if you’re backing up the iPhone to a folder stored on a network share controlled by others.
The threat, then, is that someone who wants to track your detailed movements will get hold of your phone and/or backup device. Certainly, this can happen. It’s not likely to happen if your gadgets are lost or stolen; most thieves are more interested in having a hot item to resell. It might be of interest to law enforcement, though for large-scale movements, such as airplane trips, credit card receipts will give them all the data they need. The new data is an advantage for tracking detailed movements within a city, though the increasing prevelance of license plate scanners may soon render that irrelevant.
There’s one wild card: is this data ever sent to Apple? Thus far, there have been no allegations that this happens. If it should turn out that Apple is receiving the data, the privacy threat becomes very great. It is also highly likely that Apple will suffer a major PR problem and probably legal consequences as well. Again, thus far there have been no allegations, let alone proof, that this has happened; I sincerely hope that the files are staying on their home machines.
By Steven Bellovin, Professor of Computer Science at Columbia University. Visit the blog maintained by Steven Bellovin here.
Related topics: Mobile, Privacy, Security, Wireless
You must be logged in to post a comment.