Homing in on Apple's location-data response
This past week, my Twitter stream was flooded with people discussing whether or not a giant malicious technological force was tracking their every move.
But enough about Portal 2.
I’m speaking, of course, of the furor that has erupted over the iPhone’s location logs. Information has come out somewhat piecemeal over the past few days, with some people pointing out that this isn’t new and that Apple even discussed its location-collecting habits with Congress last year. You might think that things would have subsequently calmed down a bit—but only if you’ve haven’t spent much time on the Internet.
On Wednesday, Apple finally broke radio silence to publish a series of questions and answers about the location components of iOS, in which it admitted failures of both the technological and educational flavors, and spelled out how it would correct these issues moving forward.
Apple CEO Steve Jobs also gave a rare interview to All Things Digital’s Ina Fried, in which he mainly reiterated what the company said in its statement. He also added that Apple would likely participate in a Congressional hearing about mobile privacy on May 10, at the behest of Senator Al Franken (D-MN).
But amid all the explanations and the talking points, there are a few tidbits in Apple’s statement that are worth expanding upon.
What we’re talking about when we talk about location: The biggest point here is that the location information on your phone isn’t really your location. Rather, it’s a database that contains the locations of Wi-Fi hotspots and cell towers in your general vicinity, that helps the iPhone quickly establish your location and can also be used when GPS isn’t available (indoors, for example). That database is a subset of a larger collection of location information, combed from millions of iPhone users—anonymously, of course (see below).
There are those who will argue that this is a semantic point, that your location can still be derived from the information provided. Again, as I said in my first editorial on the subject, it depends how much precision you’re worried about. Sure, they might be able to determine that I was around the Somerville, MA area on most weekdays, or that I took a trip to San Francisco—but you could probably also determine that from my Twitter feed.
Here a bug, there a bug, everywhere a bug bug: Apple says it found two bugs, one responsible for the iPhone storing a year of location data and one that means the iPhone continues to update location data even when location services are turned off. Now, I can hear you thinking (because of the crowd-sourced psychic database I’ve assembled, you see): “Sure, Apple says it’s a bug, but isn’t that just a bit convenient?” But come now, you won’t find anybody outside or inside Apple who claims that software ships without bugs. As I once paraphrased that Occam guy, “Dude, sometimes the simplest explanation is the most likely one.”
Encryption Anonymous: As Apple pointed out (and mentioned in its response to U.S. politicians when quizzed last year), it does collect some information about location to assemble that aforementioned database, but all of that data is both encrypted and anonymized. So, yes, some information about your location does make it back to Apple. That data is used to make iOS features that rely on having your location—like getting directions, or geotagging pictures—faster and more efficient.
Still, by both anonymizing and encrypting the data, Apple seems to be making a good faith effort to ensure that it can’t be easily accessed and used for unseemly purposes. As so often, there’s a trade-off between convenience and security—if Apple didn’t cache the location information, it could take a lot longer to pull up your location. And if everybody opted out of the location collection, then owners of iOS devices without GPS—Wi-Fi iPads, iPod touches, and earlier iPhones—wouldn’t be able to take advantage of any the great apps and features that rely on location services.
Jamming with Traffic: In an even more unprecedented move than simply admitting a mistake, Apple also tipped its hand with regards to future functionality, saying that it’s collecting anonymized traffic data to help build a crowd-sourced traffic database. The company says that this will mean a better traffic service for iPhone users “in the next couple of years,” so don’t hold your breath (especially while driving). Still, that’s an interesting development, as the company currently relies on data from Google for its Maps app, despite having reportedly acquired a mapping company or two in the past few years. Given the rise of tensions between Cupertino and Mountain View, could a wholesale change for Maps be in the cards?
Software updates for all: We may not know exactly what future features Apple is planning, but the company has at least dished on how it plans to fix things going forward. A software update coming to your iOS device in the next few weeks will reduce the window of the location cache to a week, stop backing up the cache to your Mac, and delete the entire cache when the iPhone’s location services are deactivated. That would seem to allay the vast majorities of concerns about the data’s accessibility; to plug the final lingering (if minor) hole, the next major release of iOS will encrypt the cache on the phone as well. No word, however, on whether this will apply to all iPhones, such as those that don’t run iOS 4 and, presumably, won’t be eligible for iOS 5.
Bonus question: Finally, extra points to Apple for the very last question in its document: “Does Apple believe that personal information security and privacy are important?” I mean, what are they going to say: “Nahhhhh”? This is like the teacher giving you 10 points for spelling your name correctly.
So, will Apple’s missive lay the matter to rest? I’d like to think so, but I’m guessing that even publishing a lengthy document won’t quell those who are convinced that something nefarious and conspiratorial is going on.
The best I can say is that I, personally, am satisfied with the answers Apple has given and the manner in which the company has ultimately handled the problem; while it might have taken a few days, Apple has produced a straightforward document that answered the common questions and lays out exactly how they plan to address the situation going forward. So, I guess I’m not any more worried about people knowing my location than I was last week. Now, my only remaining concern is whether or not an artificial intelligence is plotting my demise.
Whoops, that’s Portal 2 again.
[Senior Associate Editor Dan Moren actually managed to beat Portal 2 while at his Somerville, MA home if you really must know.]