Location apps (geek-speak for applications) are little computer programmes which tell you where things are in the real world. They get the information that enables them to do this from many different sources, including you. The problem is the you bit.
Turns out a lot of people were not aware they had been co-opted. If they were sources of information about anything it was involuntary. Not only that, they didn’t know exactly how the co-option was working. Might this be information about the location of themselves? On the face of it from initial coverage in the press it seemed like this was at least possible. All in all everyone was feeling a little spooked.
This much and more recently started to be picked up by mainstream media editors and it has created quite a storm. In the past week to ten days location apps have become big news. They are now being talked about not just by nerdy privacy guys and child safety campaigners. Oh dear.
Apple and Google in particular are in the frame. A wider world is now learning that location data are being broadcast from some of their famous branded gizmos.
- Ink has been spilt
Politicians are picking up on it. The US House Energy and Commerce Committee despatched letters to Google and Apple asking them a series of questions. This is a standard preliminary for a Congressional Hearing, now set for 10th May. The epistles went not only to the dynamic duo but also to Blackberry, Nokia and others. The replies are likely to form the starting point of the Hearing.
Down in Florida and up in Michigan people are suing. Elsewhere a State Attorney General is hitting the airwaves. Even the South Korean telecoms regulator is getting agitated. Enigmatically we are are told
there is disquiet in Europe
- Data for the past year are being collected and stored
Starting with Apple, it seems newer iPhones are routinely storing unencrypted information about where they have been in the world. Since phones normally travel in our pockets that is pretty close to being a record of where we have been. The data normally stay on the phones for up to twelve months.
These location data also get laid down on your computer when you synchronise with iTunes. Because the data are unencrypted anyone who had possession of your iPhone, or your computer for that matter, however briefly, could check it out. Hmm. Since people lose or misplace mobile phones a lot more frequently than they do their computers the focus, and the anxiety, not unnaturally has centred on the portable devices.
Following the recent publication of some research about the operation of location apps on the iPhone Apple was slow to respond to questions from technology correspondents. The extended silence fuelled all sorts of speculation. Why was Apple collecting this information at all? What were they doing with these data about our movements? No one appeared to know. Nature abhors a vacuum. So do the Twittering classes.
A Wall Street Journal staffer turned off the location capability on their iPhone to see what effect this had. They reported back the answer. None. The location file just kept on growing, kept on recording where the phone was. No escape. This revelation spurred the blogosphere into a frenzy.
Pundits not unreasonably assumed because the data were on the phone, being synchronised and everything it was because Apple designed things that way. The absence of any comment was seen as a tacit admission, if not of any sort of guilt then at least of some kind of corporate uncertainty, and a sign that they were hunkering down to prepare a PR counterblast.
In the end it wasn’t. It was something much more surprising.
Several days into the furore a curt email from Apple CEO Steve Jobs emerged in which he denied that Apple is tracking anyone.
Never Have. Never will.
That’s pretty clear. But incomplete. It still didn’t tell us why the location data were being created and stored. What purpose were they serving? As we have seen, Jobs was also being a little misleading. Let’s hope it wasn’t intentional. If you know where phones are you know where people are.
- All this and the Renaissance too!
Prompted by the excitement an enterprising chap with the obviously made up name of Alexis Madrigal (no doubt a distant cousin of Hermione Plainsong) decided to investigate. He opened a forensic application and used it to interrogate his iPhone. He was shocked. So was I. Here is what Mr Madrigal says he found
About 14,000 text messages, 1,350 words in my personal dictionary, 1,450 Facebook contacts, tens of thousands of locations pings, every website I’ve ever visited, what locations I’ve mapped, my emails going back a month, my photos with geolocation data attached and how many times I checked my email on March 24 or any day for that matter. Want to reconstruct a night? Lantern has a time line that combines all my communications and photos in one neat interface. While most of it is invisible during normal operations, there is a record of every single thing I’ve done with this phone, which also happens to form a pretty good record of my life.
Clearly worried, Alexis has set his phone so if there are ten consecutive failed attempts to enter a password to open it all the data will self-destruct. Very Mission Impossible but very understandable.
Actually what Mr Madrigal was exposing was not directly apropos the headline issue but it is a neat reminder of how, once a media ball gets rolling, it can start to pick up and conflate approximate topics which muddy the waters and make the rebuttal task or the business of explaining that much more challenging.
Anyway finally on Wednesday of this week, three days ago, Apple came back with the full story. They gave it to us with both barrels. Roll of drums.
It was a mistake
According to the New York Times
Apple acknowledged that it had made mistakes, which it attributed to programming errors, in storing the data for a long time, keeping the file unencrypted and storing the data even when users had chosen to turn off location services.
Big anti-climax. They really only needed one barrel for that.
So what was Apple doing with the data and how did they get them off the iPhone?
iTunes again appears to be the chosen vehicle. iTunes transmits the location data back to Apple HQ, although in the transmission they are encrypted. Apple told us they were only using these data to map wifi hotspots and mobile phone cell towers for the purpose of developing things like traffic information systems and other location sensitive applications. They were not tying it to individuals in any way, shape or form. If only they had made all this clearer sooner.
It’s not obvious why iTunes should be mixed up in this. You could even say it looks a bit sneaky. Yes it’s in the small print and, in fairness, Apple had previously made public statements to that effect. But putting iTunes and this type of location data together is so counter intuitive you should either not do it all or, if you feel you must and you’re Apple, you should place a full page ad in every major newspaper in every country in the world to announce it. Not doing that means when, as now, the general public finally does hear any number of hares will start running.
In their attempt to explain the affair, a tad disingenuously Apple pointed out that when an iPhone picked up information about mobile phone cell towers the towers could sometimes be up to 100 miles away. That’s true. The mid-West farming community can breathe easy. Inhabitants of the Scottish Highlands need have no fears. For the rest of us who spend most of our time in cities the cell towers will frequently be about 100 feet away or less.
How can such a smart company make blunders like these? Pleading a mistake has a rather familiar ring. Sounds a bit too pat? It’s what another very large company also said when they were found doing something extraordinarily similar.
There will be more than a lingering suspicion that gliding into self-flagellatory confessional mode is the new all-purpose exit route from any embarrassment. Yes at one level Apple should be congratulated for owning up but I think, in view of their subsequent slipperiness and the time it took them to make a full statement, many will expect some sort of independent verification that we have the whole picture. All eyes will be focused on the Congressional Hearing, and beyond.
By the way Apple are releasing a free fix. It is going to be distributed next week. Phew!
- The Androids are coming
Google was in the firing line because their increasingly popular Android phones were also found to be doing the same as the iPhone. However, in Google’s case there was no denial or prevarication about the fact that data was going back to the Mothership.
All Google appear to have said on the record is the usual stuff about not tying any of the location data back to individuals and they reminded us we could turn off the location function on the Android phone. If you do, unlike with Apple the phone will stop recording your location but, sadly, you also knock out Google Maps and possibly other applications as well. Doesn’t seem right.
- Universally Unique Identifying Number
Lest we forget: most smartphones typically arrive in their owners’ hands with all the usual attributes that allow them to connect to the internet and be identified on the GSM network. These are the basic building blocks of location apps.
However, they are also very likely to have a Universally Unique Identifying Number (UUID) which I think only the company that made the phone can access. Maybe the GSM operator can as well if it has a partnership deal with the manufacturer.
Probably when you first registered your ownership of your shiny new smartphone you surrendered your name, address, telephone number, the birthday of your goldfish’s mother and whatever else they asked for. I believe all this info is linked to the UUID but could the UUID also be linked to location data of the type described in this blog? Is anyone in fact making that link and if so for what reason?
At the Congressional Hearing on 10th May let’s hope they find out.
- It has all been said before
Quite what view Apple, Google and others will take on the location issue when the dust has settled from the present contretemps only time will tell. The genie is now well and truly out of the bottle. Location data are uniquely sensitive. They need to be handled with great care and asbestos gloves, or whatever the healthier alternative is to asbestos gloves.
People get very jittery when it comes to other people knowing where they are, especially if those other people are big faceless corporations and the internet is involved. Hackers. Viruses. It all gets jumbled up together.
I’ll start to draw this missive to a close. Everything that needs to be said has been said and is obvious. As regular readers of Desiderata will know Google is now subject to a binding agreement with the FTC which means all of its privacy practices are going to be independently reviewed every two years for the next 20 years.
Presumably this means fairly soon all we need to know about the Google end of things will be laid bare. Indeed Google must be looking forward to being able to flash a certificate from Washington showing everything is tickety-boo.
Google. Licensed and approved by the Feds.
Now there’s a thought!
- Where does this leave children and young people?
Recently published research gives us a clearer indication about why Apple, Google and all the other companies are scrabbling to get into the location market. Money. That’s probably not a shock to some of you.
According to data published by Gartner, sales of location-based services are currently running at $2.9 billion a year. The market is expected to grow to $8.3 billion by 2014. These are extremely large sums but they are not an excuse.
I hope whoever does the Google reviews, or whichever regulator or enquiry looks further into Apple’s story, they will give some attention to the position of children, young people and other groups of actual or potential users of location-enabled devices.
There are people among us who cannot be safely assumed to understand fully some of the implications of turning on location apps, or of neglecting to turn them off. What duty of care is owed to them?
We need to look not just at the formal rules. We also need to look at how and by whom the apps are being used, including even by people who are not supposed to because they are too young or because they are theoretically disqualified for some other reason.
That fuller context is essential if we are to make sense of the brave new world that is hovering just in front of our eyes. Not everybody’s fears about the potential for the misuse of location data will always be completely rational. But they are still genuine fears. They should be treated with respect.
Being right is rarely enough. You also have to convince other people of it.