Apple Lays Out Location Collection Policies

itwbennett writes "In a 13-page reply (PDF) to questions from Congressmen Ed Markey of Massachusetts and Joe Barton of Texas, Apple said iPhones running OS 3.2 or iOS 4 collect GPS data and encrypt it before sending it back to Apple every 12 hours via Wi-Fi. Attached to the GPS data is a random identification number generated by the phone every 24 hours. The information is not associated with a particular customer and Apple uses the data to analyze traffic patterns and density, it said. Apple collects such data from customers who have approved the use of location-based capabilities on the phone and who actually use an application that requires GPS."

Intelligence test

[Concern]

Wow, a new ID every 24 hours, huh? Am I supposed to be impressed? What do you think, are they deliberately creating "anonymizing" measures they can circumvent, or are they just retarded?

Let's just assume it actually works as they say and there isn't some easy way to link the random ID the real phone. Say, by web server logs. Duh.

If I get 24 hours, I get where you woke up this morning and where you'll go to bed tonight. I almost certainly know where you live, and then I know where you were all day. The lat/long itself during stationary periods especially at night is an identifier.

If you guys are comfortable letting Apple or anyone else have this, it's just because your brain hasn't digested what it means yet. Don't worry, wait for the first few scandals. It will take a few years - maybe long enough for every asshole company to start doing this. But it will get easier to understand.

This response by apple is an intelligence test for Congress and for the American public. Sharpen your pencils, let's see if you pass...

Re:Intelligence test

[oodaloop]

Um, they already know where I live. That would be the address where my phone bill arrives. It's also the billing address of the credit card I used to sign up with iTunes. But holy shit, now they know the same thing with GPS! It's like 1984 or something! AAAGGHHHH!!!

Re:Intelligence test

[PseudonymousBraveguy]

They know where you live, but now they also know (and STORE) where you work, where you hang out after work, and to which medical institutions you may go to regulary.

Re:Intelligence test

That's right. But now they ALSO know how much time you spend at home, how you get to work, where you work, where you buy coffee, the stores you frequent,,,, the list goes on. What a lucrative trove of information they now have to parse and analyze.

It sure sounds like a great compliment to iAdd.

You have something to sell? Dog food you say? Well I just happen to know a whole bunch of people who frequently visit pet stores and also happen to take walks in the park three times a day.

Unethical and nefarious applications are not hard to imagine.

And just wait until all that shiny data gets broken into, say because of a badly written api? That will never happen, right?

http://gizmodo.com/5564262/apple-iphone-4-order-security-breach-exposes-private-information

Oh. Nevermind.

Re:Intelligence test

[openfrog]

You have missed the point.

Having your address in a client database in one thing, collecting your whereabouts is an entirely different one. Thus the claim by Apple and their studied reply to congressman Markey that they dutifully anonymise such information. The grandparent points out that this claim is entirely invalid, and you have done nothing to disprove him.

The grandparent interestingly posits this as an intelligence test for Congress and the American public. Despite your brashness, you seem to have failed it.

Re:Intelligence test

[tokul]

Um, they already know where I live. That would be the address where my phone bill arrives. It's also the billing address of the credit card I used to sign up with iTunes.

you don't have to live in location where your phone bill arrives. Any sane service provider might try to reduce billing costs and deliver bills electronically. I haven't received bill for my cell in last 6 years. No paper bill for land line in last 2 years.

Re:Intelligence test

[duguk]

Sorry, Slashdot somehow thought I wasn't logged in, despite posting fine lower down!

If you have a problem with it then - and I'll even bold the text so you don't miss it - TURN IT OFF!

Sure, you can turn it off on an app-by-app basis, but nowhere in that document (yes, I read it), does it say that they won't still collect data for Apples' own use. Nor does it say that disabling it stops them collecting this data, or selling it on.

Just because you've disabled GPS doesn't mean they can't use AGPS or cell-tower triangulation to collect your location. It simply says that "location services capabilities" can be disabled. Collecting the data isn't a service; it doesn't say anywhere that the data is not collected by them if location services is disabled - plus you've explicitly allowed them to do so in the terms.

If AT&T are collecting it all the time, Apple can easily do it too. Does disabling it mean your privacy is fine? You simply cannot be sure, and this document doesn't clear that up.

I wouldn't let my Government install a tracking device to me, why let Apple do it? They already charge enough! There's no chance of stopping them, at least until someone has the money to take them to court.

I've actually written an email to Apple, suggesting a way we could work together to use this data (slightly humourously, but the theory seems sound - and legal!) you can read it here [monkeyboi.com]. Would be interested to hear any comments or any other uses this could be put to.

Re:Turn the tables!

[imamac]

Amen, Barton. Obfuscation through walls of text is a scummy way to slip clauses past consumers.

Too bad congress does it every day with Federal legislation.

Seems a little dirty to me ...

[pablo_max]

Apple collects such data from customers who have approved the use of location-based capabilities on the phone and who actually use an application that requires GPS."

So basically there is a 13 page document that someone should read when prior to initially powering on the GPS?
Most folks and if I'm honest, myself included would not assume that my using and navigation program would have in any way constituted my intention to let Jobs know where I am and what I am doing.

What's interesting to me is how much this company lies to people and yet so many folks defend them. Take this situation for example, is it true that Apple has buried a "technically" accurate description of that they are doing in their T&C's? Most assuredly. It is also assuredly true that it's written in such a way that the laymen would be oblivious to the fact.
Based on that, there will be many out there who say, Jobs didn't then and fuck you if you ever call him a liar!" To these people I must ask, where do you come from?
I was raised to know that deliberately trying to deceive a person for group of people, whether I use technically accurate information or not, is still lying. I recon these are the same folks who discipline their children with a harsh time-out and no PS3 for 6 hours.
Still, it is indicative of our culture.

Re:Turn the tables!

[morgan_greywolf]

I just read a story about exactly why Apple would want to collect that data. Seems there's been a bit of a tug-of-war between Apple and AT&T on that very subject and it looks like iPhone customers are caught in the middle of it.

Re:Just large enough to bust bandwidth cap?

[morgan_greywolf]

No. It transfers the data via WiFi. Don't tell me you didn't even read the summary?

Re:Turn the tables!

[vague+disclaimer]

Longer documents, or documents using longer words, are not necessarily any more protective or beneficial to a company than shorter documents ***snip*** I am in favour of reducing documentation put before consumers (and suppliers, for that matter) to that which is absolutely necessary in a given situation.

True enough, but Apple is in a market that is rapidly evolving and what is "absolutely necessary" is far from settled.

Breathe deeply

[Concern]

When did it become so fashionable to become so vehemently confused?

They know where you live, so they can correlate it with your GPS coordinates at night. Then they know every single step everyone takes all day long.

And yes, in case you read the book and were wondering, that actually is worse than anything Orwell imagined Big Brother could have in 1984.

Missing the point

[dachshund]

Um, they already know where I live. That would be the address where my phone bill arrives. It's also the billing address of the credit card I used to sign up with iTunes. But holy shit, now they know the same thing with GPS! It's like 1984 or something! AAAGGHHHH!!!

You seem to be missing the point. Apple specifically indicated to Congress that they anonymize location data by assigning a unique random ID every 24 hours. Presumably the goal is to disassociate your location information from the details that Apple already knows, i.e., your name and home address. That way Apple can claim they're not collecting data that would actively violate a user's privacy. More specifically, the theory is to prevent Apple (or someone malicious who obtains the database) from associating "a phone at some series of locations throughout the day" with "John K. Oodaloop at 4945 Spring Place". If this anonymization actually works, then customers can rest easy that they're not carrying an active tracking device with them all day that's recording their movements into a long-lived and possibly ill-secured database.

Clearly this is what Apple would like Congress to believe, anyway, and that's why they're "anonymizing" the data in the first place.

The grandparent poster is pointing out that Apple's anonymization really stinks, and that with some very minimal data mining you should be able to easily de-anonymize it and link those phone movements with the phone's owner. As you point out, Apple already has your billing address (which is likely to be your home or work), so this de-anonymization should be especially trivial. Therefore one can't really credit Apple with anything significant when they say they anonymize your data.

In my mind the fear is /not/ that Apple will track me and sell ads (hey, non-stupid advertising would be an improvement). It's that this data will never ever go away, and will eventually find its way into the hands of third parties who aren't so interested in my well being. For example, it might wind up someday being sold to third party "marketing" agencies, and then eventually to firms that do credit reporting, private investigation, background checks, etc. Mobile phone companies already seem perfectly content to sell my call logs this way, so this isn't without precedent. Or else it will be written to a hard drive that might someday be carelessly thrown away without being properly wiped (after all, the data is "anonymized", so why worry?). While my movements are generally pretty uninteresting, I don't love the idea that by carrying an iPhone I'll be constantly leaving a trail of potentially long-lived breadcrumbs that may never, ever go away.

And no, this isn't limited to Apple. Once it becomes accepted practice, you can be more or less certain that any device with an Internet connection and GPS (which will be a lot of devices in the future!) will be doing the same thing.