By Nate Anderson, Ars Technica
April 21, 2011 7:38 a.m. EDT | Filed under: Mobile
Sen. Al Franken's letter to Steve Jobs says he "would appreciate your prompt response to these questions."
(Ars Technica) -- Sen. Al Franken (D-MN) wants answers. Security researchers Wednesday revealed the existence of a file on iPhones and on their computer backups that logs detailed cell phone triangulation data -- and has ever since iOS 4 was released last summer.
The information is stored unencrypted by default, and is simple to access. That announcement led Franken to fire off a two-page letter (PDF), asking nine pointed questions of Apple CEO Steve Jobs.
Franken first outlines scenarios in which the release of this data could pose a problem.
"Anyone who gains access to this single file could likely determine the location of the user's home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken over the past months or even a year," he writes.
Which raises the obvious question: how would an attacker get access to the data?
Ars Technica: How Apple tracks your location and why it matters
"It is also entirely conceivable that malicious persons may create viruses to access this data from customers' iPhones, iPads, and desktop and laptop computers," the letter continues. "There are numerous ways in which this information could be abused by criminals and bad actors. Furthermore, there is no indication that this file is any different for underage iPhone or iPad users, meaning that the millions of children and teenagers who use iPhone or iPad devices also risk having their location collected and compromised."
The letter concludes with a list of questions.
1. Why does Apple collect and compile this location data? Why did Apple choose to initiate tracking this data in its iOS 4 operating system?
2. Does Apple collect and compile this location data for laptops?
3. How is this data generated? (GPS, cell tower triangulation, Wi-Fi triangulation, etc.)
Ars Technica: September launch for iPhone 5?
4. How frequently is a user's location recorded? What triggers the creation of a record of someone's location?
5. How precise is this location data? Can it track the users location to 50 m, 100 m, etc.?
6. Why is this data not encrypted? What steps will Apple take to encrypt the data?
7. Why were Apple consumers never affirmatively informed of the collection and retention of their location data in this manner? Why did Apple not seek affirmative consent before doing so?
8. Does Apple believe that this conduct is permissible under the terms of its privacy policy?
9. To whom, if anyone, including Apple, has this data been disclosed? When and why were these disclosures made?
Franken "would appreciate your prompt response to these questions."
COPYRIGHT 2010 ARSTECHNICA.COM
Credit: CNN (www.cnn.com)
No comments:
Post a Comment