The privacy-scare story arc

Please don’t stop me, but you have read this before: A widely-used tech product is found to have a privacy flaw, spurring consternation among users and calls for action in Congress–as well as panicked “we need something on this” story-assignment e-mails from editors. And then we learn that the situation isn’t as horrific as first portrayed.

The latest version of this tech trope involves the discovery that Apple’s iPhones and 3G-equipped iPads regularly save your location, as determined from nearby wireless transmitters, in a hidden but easily-accessed “consolidated.db” file, and do so without your notice or consent. O’Reilly and Associates researchers Alasdair Allan and Pete Warden summarized their “discovery”¬†yesterday and posted an iPhoneTracker application that lets you see these records on a map.

That quickly led to numerous blog posts illustrated with iPhoneTracker-generated maps portraying their authors’ wanderings in fascinating detail. (That was not the case when I ran this app:¬†Since it only shows data from the most-recently-synced iOS device, its map correctly indicated that the iPad 2 loaned by Apple PR had not left my house.) Congress and the FCC quickly began demanding explanations, while Apple engaged in its characteristic routine of not answering anybody’s questions. (FYI to Apple PR: That’s a good way to make your company look guilty.)

The massive Web traffic typically generated by pieces about Apple and the iPhone could not have hurt this story’s popularity among editors.

But… there’s no evidence that Apple is collecting this data from its users’ computers, an iPhone needs to save its location to help location-based apps function, iOS has always done this and people have known about the log in consolidated.db for months, as computing-forensics research Alex Levinson blogged today. Also, wireless carriers already track your location.

There are still serious issues: Why store this information in perpetuity instead of keeping only recent data? How does this conduct square with Apple’s insistence that third-party apps get your permission before tracking you? The answer to that first and most important question likely boils down to a programming oversight, perhaps fostered by the ever-lower price of flash memory–why bother automatically trimming a log file if you’ve got plenty of room for it?

That’s not nearly as outrageous as a headline like “Apple tracks your location” might suggest. Too bad.

I saw this kind of story arc play out repeatedly in my time at the Post. After two different Facebook privacy scares–each involving the Web’s standard “referrer” feature–turned out to be far less frightening on closer inspection, I wrote a column critiquing over-caffeinated coverage of data breaches.

The next time you see a story along these lines, remember two things. One, software development is rarely tidy. Two, companies exist to make money, preferably with less effort rather than more. Before you freak out over an alleged privacy issue, consider which factor provides a more plausible explanation for the problem.

4/22, 11:40 a.m. The Wall Street Journal’s Julia Angwin and Jennifer Valentino-Devries provide much more context in a story today. They write that both Apple and Google automatically collect data on nearby WiFi hotspots to build out databases that iPhones and Android phones can use to determine their locations faster than GPS would allow. But this doesn’t seem to be much of a secret: As I recall, the setup screens in Android clearly note that Google collects location information to improve its services, and Apple explained its conduct in a letter provided to Rep. Ed Markey (D-Mass.) last summer and posted on his site.

About these ads

9 thoughts on “The privacy-scare story arc

  1. Thanks for such an informative piece. No offense to other tech journalists, but your posting is better than just about anything else I’ve read on this topic.

  2. Can you get a better commenting system than this rudimentary feature? I can’t believe wordpress doesn’t offer something better, even blogger lets you comment without leaving your email address with the blog owner.

    Apart from that, I agree with most of what you say. But I think another reason this story has legs is because it involves Apple. Apple lover or hater, one can’t deny that Apple is very very popular these days. So is Google, Facebook, Foursquare and twitter. Any story remotely tantalizing about these companies will generate lots of press and readership.

    Still, Apple needs to be taken to task if this act (whether intentional or oversight) violates their public stance on user privacy.

  3. software development is rarely tidy.
    As a developer just let me say: Yes! I’m currently working on a project that started out as a demo about 7 years ago. The demo was so successful that the people it was demo’ed to said “Great! Put it in production right now!” and features have been added ever since. It’s rather crufty, with various bags bolted on in various places, to the point that building and displaying a web page sometimes takes several minutes… Doesn’t help that the backend data store is a petabyte, indexed (in effect, but it’s more than an index) by an Oracle database.

    Oh, and we’re moving the front end from XP to Windows 7, the Windows servers from Server 2003 to 2008, and the Unix/Oracle servers from Solaris to RedHat Linux. Simultaneously. Meanwhile, the dev environment is moving from VS2008 to 2010.

    But, since it’s an FBI project we do have to be careful about Personally Identifiable Information, and privacy in general, so we do lots of testing to ensure that Bad Things (of that sort) don’t happen. In our case the entire system crashing is not nearly as bad as inadvertently revealing PII, or “contaminating” digital evidence.

  4. “an iPhone needs to save its location to help location-based apps function”
    Several months ago, following an upgrade the Facebook for iPhone app started showing a popup every time I open it that says “Facebook would like to use your current location. Allow?” Since it never tells me for what it wants to use my location, I always say no. Despite that, the app seems to work fine. So why exactly does it need my location in order to function?

  5. Pingback: Weekly output: HDTV screen sizes, podcast, 10 defining gadgets of 2011, Carrier IQ | Rob Pegoraro

  6. Pingback: Connected w/ Rob: Why You Keep Reading These Privacy-Scare Stories | CEA Digital Dialogue

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s