Sen. Franken asks Apple for answers on data privacy.
WASHINGTON, DC – Your iPhone, iPad or Android phone know where you are, where you go to the gym, and what restaurants you eat at. And the mobile devices can tell anyone who gets ahold of your phone or tablet.
Sen. Al Franken wants to know why.
Franken, chairman of a newly formed Senate Technology and Privacy Subcommittee, said Friday he may call a congressional hearing soon to examine why smartphones and other mobile devices are tracking and storing users' locations. He sent a letter to Apple CEO Steve Jobs this week laying out his privacy concerns on the tracking data.
Franken, along with a growing chorus of lawmakers and privacy watchdogs, called for answers from Apple after two researchers released a report this week that said Apple products compiled location data from users, stored it on their phones and computers, and left the data unencrypted, meaning it is not password-protected.
The Wall Street Journal reported Friday that Google's Android phones gather similar location data. It is unclear whether other smartphones do the same.
"Let's say your child loses the iPhone that she uses, or someone steals it from her," Franken said in an interview Friday. "The person who gets that phone can find out everything about where your child goes: Her school, where she goes to soccer practice, where she hangs out with friends.
"I don't think any parent wants that," he said.
Data stored for months
Franken said he didn't want to alarm consumers, echoing the same sentiment as the two researchers who issued the report, Alasdair Allan and Pete Warden. But Franken also laid out several scenarios — an abusive husband, a harassing coworker, a child — where the location data could be used for harmful purposes. The devices track the information going back months.
The outcry has raised questions about how smartphones should be collecting and storing data about individual users. Cellphone companies have long had the location data, but a court order is required for law enforcement to gain access.
There is no evidence that the data stored on mobile devices are sent to the parent companies or anyone else. But detailed information about where an individual visits, eats or shops could be invaluable to advertisers, who often use global positioning data through mobile applications in order to target consumers.
What has sparked much of the concern is that neither Apple nor Google informed users that data about their locations were being stored in such large quantities.
"Mobile phones have been transformed into commercial surveillance devices," said Jeffrey Chester, executive director of the Center for Digital Democracy, a consumer advocacy group.
Apple did not respond to requests for comment by e-mail and phone from the Star Tribune. Google released a statement Friday, saying: "All location sharing on Android is opt-in by the user."
The file Allan and Warden discovered that stores location data, called "consolidated.db," was included on the release of the iPhone's new operating software, iOS 4, last year.
While cellphone tracking is not new — it was included on previous versions of the iPhone operating system — the newest software made the data file easier to locate.
"We're not sure why Apple is gathering this data, but it's clearly intentional, as the database is being restored across backups, and even device migrations," Allan and Warden wrote. "Anybody with access to this file knows where you've been over the last year, since iOS 4 was released."
The data file, which is on both the mobile devices and any "sync'd" computer, stores tens of thousands of data points. "The coordinates aren't always exact, but they are pretty detailed," the report by Allan and Warden said. The researchers said there was no evidence to suggest hackers could acquire the file remotely.
Users who are concerned about their location data falling into the wrong hands are able to encrypt the Apple file with a password through iTunes.
'Wild West of the Internet'
Reaction to the reports of mobile tracking has spread across the Internet in a mix of outrage and intrigue. Along with their report, Allan and Warden created an app that visualizes the location data in a map with colored dots, allowing iPhone users to see where they traveled over the past year.
Though Congress is on recess through next week, lawmakers and advocacy groups responded swiftly.
Franken's letter to Jobs posed nine questions about the data collection, seeking explanations for why Apple collects the information, if it has been given to anyone, how precise it is, and why it isn't encrypted.
Sen. Amy Klobuchar, D-Minn., said Friday the issue "raises numerous privacy questions to which consumers deserve clear and complete answers."
John M. Simpson, director of advocacy group Consumer Watchdog's Privacy Project, said this is the latest sign there should be an online "do not track" list. "These aren't smartphones; they are spy phones," Simpson said. "The mobile world is the Wild West of the Internet where these tech giants seem to think anything goes."
Franken said he has yet to receive a response from Apple. While he wants to hear Apple's answers before moving forward, the Minnesota Democrat said he could envision legislation that would strengthen mobile privacy laws.
"It's going to happen continuously as the pace of technology outstrips the law," he said. "Laws are going to have to keep up with technological changes."
The Associated Press contributed to this report. – Jeremy Herb – 202-408-2723
TIPS TO PROTECT YOURSELF
Apple's iPhone and iPad store users' location information on the mobile devices, but there are ways to protect the information from being stolen.
What it is: Apple's iPhones and iPads have a file called "consolidated.db" that stores data location for users.
Why it matters: The file can show where users live, eat and work with detailed location information. In the wrong hands, privacy advocates warn, the information could be dangerous.
What you can do: The only way others can access your location data is to physically have the mobile device or a "synced" computer. Users can further protect themselves by encrypting the file with a password. To do so, go to iTunes, and plug in the mobile device. Under "Options" check the box that says "Encrypt iPhone backup."