The iPhone and Location Data

News came to light in the past day or so that the iPhone (actually iOS 4) tracks the device’s location, and stores it in an unencrypted file on the device. That data is backed up to a user’s PC. While this could be seen as alarming, is it really a big deal? Perhaps. Yes, the data should have been encrypted. That’s a pretty stupid oversight, to be blunt. Sure, someone could try to use the data against you in court, but that would bring up all kinds of issues around the validity and legality of the evidence. It could be seen as a form of self-incrimination, and therefore not admissible. This same argument is being made about black-box data in modern cars.

What bothers me is a so-called expert working for the Federal Government claiming this is an “invasion of privacy”. He accuses Apple, specifically, of gathering the data deliberately.

So, let’s see if I get this straight: my phone gathers my location information and stores it on my computer. According to this expert, since Apple makes the phone and its software, it is Apple that is gathering this information. That’s like saying Honda is consuming the gasoline I buy, because it makes my car. Sorry, but I don’t buy the argument.

This data isn’t sent to Apple. Apple cannot and does not obtain this data, so Apple isn’t gathering it. That would make his accusation of Apple deliberately gathering this data something akin to libel. To be an invasion of privacy, someone has to gather the data and have it in their possession. Apple doesn’t have it in their possession. I do. On my phone and on my computer.

But, our friendly expert goes further, claiming that part of the problem is that people haven’t given informed consent to gather the data. Let’s back up a bit: has anyone who has purchased a new car in the past decade given informed consent on gathering personal information? Not likely. Apparently this so-called legal expert is unaware that cars gather data that could be considered personal and private: vehicle speed, distance driven, etc. Cars come with a black box that gathers this data, originally meant for use in diagnosing problems with the vehicle, and gathering data during collisions. However, few have squawked about “invasion of privacy” and “lack of informed consent”. And the admissibility of data in court? Not clear at this point, and arguments could be made that it represents a form of self-incrimination. And just to point a fine point on it: the government has allowed and encouraged the car manufacturers to include these devices on new vehicles, and some governments (like the U.S.) continue to look at making them mandatory.

Should Apple have done something to secure this data? Most certainly. I agree completely that this is a pretty big oversight on Apple’s part. Could this turn into a thorny issue if someone tried to use this data as evidence? Most certainly, since there likely isn’t a lot of case law to go on as to admissibility, and would fall into the same category as blackbox data from a car. Could someone use the data for other nefarious purposes? Possibly, but I’m not sure what value there is in knowing I bought gas at the Co-op a few days ago. Is this an invasion of privacy? Sorry, I don’t agree with that. If Apple regularly received this data, then yes, it would be an invasion of privacy and violation of privacy laws in various places. But if the information stays on devices I control, Apple itself has done nothing wrong on the privacy front. They’ve blundered on the general “this is sensitive data and should be protected” front, and they need to look at fixing this one pretty quick. To leave it unchanged now would be irresponsible on Apple’s part. But throwing around inflammatory statements based on specious arguments doesn’t help the situation.