The Slow Boil of Privacy Erosion

As the Apple iPhone personal tracking database brouhaha rolls on, it's becoming increasingly clear that Apple isn't exactly tracking iPhones -- though there are many shades of gray -- and that reactions to the idea or practice of tracking has a surprisingly wide range of feeling.

Some seem to think that having their iPhones track their locations is cool, like a personal journal, while others see it as just another way for big brother to watch over our shoulders and help put down the uprising when the distribution of wealth becomes untenable for an open society to thrive. Then there's already a new lawsuit against Apple in Tampa for violating customer privacy, and there's a decent chance we'll see some profit-hungry lawyers launch a class-action suit. Plus, our senators are getting involved by sending along some invitations to Apple for a question-and-answer session.

As near as I can tell, despite the alarmist television news spots and massive online and blog coverage of the topic, most people don't seem to care. And even though the iPhone is a highly personal device, held or carried during most waking hours, the privacy issues with Google Buzz a while back seemed to generate more serious public frothing-at-the-mouth action.

Maybe iPhone users simply love their iPhones so much that they are willing to let most anything slide as long as the iOS love fest can continue.

(I actually think this last point is pretty true.)

Just More of the Same?

Perhaps part of the reason this tracking issue is seemingly failing to piss off your average user is that it's might not be particularly clear what's going on and how it's different. Right now, I think most people know their cellular service carriers have a lot of data on where they've been, at least based on cellphone towers they've accessed for voice or data use. Getting this information out of the cellphone companies usually requires a court order from law enforcement, and I think most people think this information is essentially secure and difficult to get hold of. And because of billing -- and terror-plot or murder-mystery TV shows -- they see this tracking and record keeping as inevitable.

Then there's MobileMe. Apple is the best technology company at explaining techno-gizmos and how to use features therein. Consequently, I think a decent number of iPhone users know they can use an app called \u201cFind My iPhone\u201d or Apple's MobileMe service to locate either a missing iPhone ... or a missing teenager with an iPhone. And both of those latter two scenarios seem like pretty good things.

So what gives?

The reason I'm still disappointed in Apple and the database that stores location information ... forever ... is that it's not just an instant moment in time. Apple has been storing this information on our iPhones for months, and while the company isn't using it to track our iPhones in particular, Apple stores and backs up the information on the computer that you sync your iPhone with. Once on your computer, it stays there indefinitely.

Why is this a problem? First, it's not secure. Then again, most information isn't secure on your personal computer. There's family photos, trips, receipts, bills, access to bills, maybe passwords that you wrote on a virtual sticky note ... lots of potentially problematic information. So if some dude swipes your MacBook, you've probably got bigger issues to worry about than having him predict your next move and get to a special coffee shop minutes before you arrive.

Of course, there's the chance that your spouse could access the file and use it, along with some help from an application that security researchers created, to figure out that you where having lunch across town, perhaps with someone your shouldn't have been with. Whatever on that score. If your spouse is hacking into files on your laptop to catch you cheating, you've got bigger issues to worry about than privacy.

Still, creating a database-like file is a far cry from an immediate location of your current position. But Apple didn't bother to notify or explain to users that this file was being created and that this information was being transmitted, stored and backed up. Furthermore, this wasn't something that users could opt into with any sort of real understanding. And it most certainly was not like an app like Foursquare that broadcasts your location -- on purpose -- to friends and like-minded users.

Apple Explains

Apple, which tends to be silent when issues crop up, actually responded to most of the concerns fairly quickly with decent explanations. Apple CEO Steve Jobs, who has been on a sort of working medical leave, even got on the phone with at least one highly placed tech reporter to echo the publicly published explanation. Here are the key messages:

• Apple is not tracking the location of your iPhone. Apple has never done so and has no plans to ever do so.
• The iPhone is not logging your location. Rather, it's maintaining a database of WiFi hotspots and cell towers around your current location, some of which may be located more than 100 miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone's location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using WiFi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just WiFi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of WiFi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby WiFi hotspots and cell towers in an anonymous and encrypted form to Apple.
• This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.
• This data is not the iPhone's location data -- it is a subset (cache) of the crowd-sourced WiFi hotspot and cell tower database which is downloaded from Apple into the iPhone to assist the iPhone in rapidly and accurately calculating location. The reason the iPhone stores so much data is a bug they uncovered and plan to fix shortly. It says it doesn't think the iPhone needs to store more than seven days of this data.

It all sounds pretty reasonable, doesn't it? More importantly, I very much liked the recognition that the iPhone doesn't need to store location data beyond seven days, and that Apple is planning on releasing a software update to reduce the size of the crowd-sourced WiFi hotspot and cell tower database cached on the iPhone and cease backing up this cache. Even better yet, this cache of location data will be erased entirely when Location Services is turned off by an iPhone user.

This is pretty freaking awesome.

One of the reasons why I was so upset last week is that I expected far better from Apple. I don't buy the excuse that this file and tracking mechanism is just a "bug," partially because Apple employs some very smart people. Oh, and it turns out that this sort of location history was actually in a patent application filed by Apple.

I do, however, buy that Apple does care about privacy, because the company has often irritated many other players in the tech industry by refusing to give up customer data, time and time again, if not dictating how companies that play in Apple's ecosystem alert customers to what their apps do. From the explanation, Apple published this last question and answer:

Does Apple believe that personal information security and privacy are important?

Yes, we strongly do. For example, iPhone was the first to ask users to give their permission for each and every app that wanted to use location. Apple will continue to be one of the leaders in strengthening personal information security and privacy.

Despite this stumble, I still believe in Apple. I do, however, still lament the ways in which technology is changing and encroaching on the mysteries of human behavior and freedom of thought.

And this last bit brings up a cultural issue that's tough to articulate, but I'll give it a shot: As the movement, freedom and privacy of a populace becomes increasingly tracked and recorded, I think the very nature of the country's environment dampens imagination, creativity and joy. This is an incremental thing that builds and adds up, and the erosion of privacy and mystery surrounding cellphone usage is just one element.

Consider this: Think about the most oppressive countries with the most powerfully restrictive regimes in the world -- do we really expect or see any major new innovations from the people of these countries? Is it because they are all stupid and uneducated? I don't believe that. We only use a portion of our brains -- but it's the wide-open ability to let them run free that helps foster acts of amazing and magical creation in humans.

These ideas get pretty deep -- and I'm out of practice when it comes to cultural criticism -- but think about this: As you go to the airport and get herded toward the security checkpoints, as you wait in line, shuffling along, so that you can take off your shoes and be scanned and watch our nation's toddlers get frisked by strangers with rubber gloves, is your mind really thinking about anything great? Are you happily thinking about the trip ahead? Nope. You're stuck in the moment, in a gooey stasis.

Big concepts, these, and they're damn hard to articulate. That's why there's a brouhaha about iPhone tracking and why the general public outcry is muted. I think freedom is far more powerful than we truly realize, and as we chip away it in all these myriad ways, I worry that we're like frogs sitting in a pot of water slowly heading for a boil, not realizing that there's any danger at all.

---

MacNewsWorld columnist Chris Maxcer has been writing about the tech industry since the birth of the email newsletter, and he still remembers the clacking Mac keyboards from high school -- Apple's seed-planting strategy at work. While he enjoys elegant gear and sublime tech, there's something to be said for turning it all off -- or most of it -- to go outside. To catch him, take a "firstnamelastname" guess at Gmail.com.