NPI's Cascadia Advocate

Offering commentary and analysis from Washington, Oregon, and Idaho, The Cascadia Advocate is the Northwest Progressive Institute's unconventional perspective on world, national, and local politics.

Wednesday, April 20th, 2011

Researchers’ discovery demonstrates that Apple users don’t really own their devices

Two secu­ri­ty researchers inves­ti­gat­ing visu­al uses for geolo­ca­tion data revealed today that gad­get giant Apple has been secret­ly ship­ping spy­ware inside of its mobile oper­at­ing sys­tem (iOS) that con­stant­ly records its cus­tomers’ where­abouts.

The dis­cov­ery, which has ignit­ed a firestorm of crit­i­cism, was first made pub­lic at O’Reil­ly Radar by the researchers (Alas­dair Allan and Pete War­den) pri­or to being announced onstage at Where 2.0, a con­fer­ence about the “busi­ness of loca­tion”, present­ly tak­ing place in San Fran­cis­co.

To us and oth­er crit­ics of Apple, the dis­cov­ery is a grim con­fir­ma­tion of our long­stand­ing sus­pi­cions about the com­pa­ny’s busi­ness prac­tices and poli­cies.

Over the years, we have repeat­ed­ly con­demned Apple for mar­ket­ing and sell­ing gad­gets which its cus­tomers can­not ful­ly con­trol, except by jail­break­ing (which voids the war­ran­ty). Now we find out that Apple has pro­grammed all of its devices to track its users’ move­ments.

And to be clear, we’re not talk­ing about a list of gen­er­al loca­tions. No, we’re talk­ing coor­di­nates for lon­gi­tude and lat­i­tude, plus pre­cise time­stamps, near­by Wi-Fi net­works, and oth­er infor­ma­tion.

Shock­ing­ly, all of this infor­ma­tion that Apple’s devices col­lect­ing is being stored in an unen­crypt­ed file, which means a thief with hack­ing skills can eas­i­ly map the move­ments of any per­son they can steal an iPhone or iPad from.

(War­den has released an open-source appli­ca­tion that allows iPhone users to map the infor­ma­tion that their device is record­ing about them. It’s pret­ty amaz­ing).

The researchers stress that at this time, it does­n’t appear that iOS devices are “phon­ing home” to Cuper­ti­no with this data. But that’s no con­so­la­tion. Undoubt­ed­ly, Apple has the capa­bil­i­ty to remote­ly com­mand any device that has this infor­ma­tion to trans­mit it to servers under its con­trol.

If what Apple is doing isn’t ille­gal, it should be. No doubt who­ev­er designed and imple­ment­ed this spy­ware checked with Apple’s lawyers to make that it is cov­ered under the “end user license agree­ment”, or EULA, that a user must agree to after pur­chas­ing and acti­vat­ing one of Apple’s devices. If true, it does­n’t mean Apple is com­plete­ly pro­tect­ed against lit­i­ga­tion over this, but it will make it dif­fi­cult for any out­raged cus­tomers to get jus­tice in a court of law.

The time has come for Con­gress to step in and act to ensure that Amer­i­cans’ right to pri­va­cy is pro­tect­ed from unac­count­able cor­po­ra­tions like Apple, Google, and Face­book, which con­tin­ue to invent new excus­es to jus­ti­fy their unac­cept­able busi­ness prac­tices. These com­pa­nies are wag­ing war on the very idea of a right to pri­va­cy. They are mak­ing the Inter­net, and all of us, less secure in the process.

Apple’s deci­sion to join Google and Face­book in this race to the bot­tom is espe­cial­ly iron­ic con­sid­er­ing that Apple is respon­si­ble for one of the most famous cul­tur­al ref­er­ences to the works of George Orwell: the famous 1984 ad.

Less than thir­ty years after pro­duc­ing that ad, Apple increas­ing­ly resem­bles the Big Broth­er-esque enti­ty it once appealed to Amer­i­cans to reject.

Legal­ly, the hard­ware that Apple sells belongs to the peo­ple who buy it. Prac­ti­cal­ly, how­ev­er, the hard­ware that Apple sells remains under its con­trol well after a cus­tomer takes pos­ses­sion of it, because the soft­ware answers to Apple, not the user. And Apple’s poli­cies are dra­con­ian.

For instance, only non-free soft­ware that Apple approves of can be down­loaded and installed on its devices. Apple’s terms even pro­hib­it the dis­tri­b­u­tion of soft­ware released under copy­left through its App Store.

The Library of Con­gress has ruled that jail­break­ing an iPhone or iPad is legal, but less than ten per­cent of Apple’s cus­tomers report­ed­ly jail­break their devices.

Peo­ple who buy Apple’s gad­gets are thus more like renters than own­ers.

And Alas­dair Allan and Pete War­den’s dis­cov­ery just affirms that. Apple’s track­ing is being con­duct­ed invol­un­tar­i­ly. The only way to opt out is to not use iOS at all. So much for free­dom from con­for­mi­ty.

Adjacent posts

  • Donate now to support The Cascadia Advocate


    Thank you for read­ing The Cas­ca­dia Advo­cate, the North­west Pro­gres­sive Insti­tute’s jour­nal of world, nation­al, and local pol­i­tics.

    Found­ed in March of 2004, The Cas­ca­dia Advo­cate has been help­ing peo­ple through­out the Pacif­ic North­west and beyond make sense of cur­rent events with rig­or­ous analy­sis and thought-pro­vok­ing com­men­tary for more than fif­teen years. The Cas­ca­dia Advo­cate is fund­ed by read­ers like you: we have nev­er accept­ed adver­tis­ing or place­ments of paid con­tent.

    And we’d like it to stay that way.

    Help us keep The Cas­ca­dia Advo­cate edi­to­ri­al­ly inde­pen­dent and freely avail­able by becom­ing a mem­ber of the North­west Pro­gres­sive Insti­tute today. Or make a dona­tion to sus­tain our essen­tial research and advo­ca­cy jour­nal­ism.

    Your con­tri­bu­tion will allow us to con­tin­ue bring­ing you fea­tures like Last Week In Con­gress, live cov­er­age of events like Net­roots Nation or the Demo­c­ra­t­ic Nation­al Con­ven­tion, and reviews of books and doc­u­men­tary films.

    Become an NPI mem­ber Make a one-time dona­tion

3 Comments

  1. Andrew, cell phone companies–all cell phone companies–record the same infor­ma­tion for all cell phone. It is eas­i­ly avail­able to police agen­cies, and prob­a­bly not all that hard for crim­i­nals to get at, as well.

    Con­gress, in its defense of police author­i­ty (ter­ror­ism! think of the chil­dren!), is unlike­ly to act in these cas­es until major changes in US pol­i­tics occur.

    # by The Raven :: April 21st, 2011 at 6:17 AM
    • There are impor­tant dif­fer­ences between what Apple is doing here and what mobile car­ri­ers have been doing for years.

      First, it’s gen­er­al­ly under­stood that mobile car­ri­ers have the abil­i­ty to record the posi­tion of devices on their net­work… and do so. The car­ri­ers have pri­va­cy poli­cies in place which gov­ern what they do with the infor­ma­tion they col­lect. Apple, in con­trast, start­ed ship­ping this spy­ware back in June with­out say­ing any­thing about it to its cus­tomers. Until the researchers dis­cov­ered what Apple was doing, nobody except for peo­ple inside the com­pa­ny knew what was going on.

      Sec­ond, Apple is stor­ing the infor­ma­tion it is pro­gram­ming its devices to col­lect in an unen­crypt­ed file, *on the device*. That means any­one who gets hold of the device can ascer­tain the where­abouts of the per­son it belonged to. That’s very dif­fer­ent than a car­ri­er like Ver­i­zon or AT&T log­ging loca­tion data and stor­ing it in one of its dat­a­cen­ters. We obvi­ous­ly don’t know how secure all of the car­ri­ers’ dat­a­cen­ters are, but the car­ri­ers at least make an effort to secure the data they have. Apple obvi­ous­ly isn’t.

      As MoveOn’s staff — who are self-pro­fessed Apple fans — say:

      It’s as though you’re wear­ing a GPS ankle bracelet every day, and Apple nev­er told you about it, or asked you to opt in, or even let you opt out.

      […]

      As it is today, anybody—a jeal­ous spouse, a nosy employer—with access to your phone or com­put­er can get detailed infor­ma­tion about where you’ve been.

      And if and when Apple starts look­ing at where you go, they will also be able to guess with a great deal of accu­ra­cy your age, gen­der, race, income lev­el, etc. Sus­pi­cious­ly, Apple began this track­ing around the same time they launched a major new pro­gram to sell ads in iPhone and iPad apps—are they plan­ning on sell­ing the data to mar­keters?

      Many Apple fans and cus­tomers chose Apple because it’s gen­er­al­ly more secure. Apple has real­ly bro­ken our trust, and hope­ful­ly when they hear how upset we are, they’ll change their prac­tices.

      I’m not hold­ing my breath. I don’t trust Apple any more than I trust Google.

      # by Andrew :: April 21st, 2011 at 1:48 PM
  2. Look at their patent — it is much more dia­bol­i­cal.

    # by BugMagnet :: April 22nd, 2011 at 1:28 AM