I really don't understand why companies still feel it is a better long term move to do these types of activities covertly. The first principle in the EU Data Protection Directive is Notice. "Ensure the end user is clearly informed when data is being collected". I have so many arguments with the marketing people on projects about this exact point. To me it is really simple, if you are performing a legitimate activity and it provides benefit to the user there should be no problem for clearly and explicitly asking for permission not burying it in a 100 page document no one is every going to read.
On both iOS and Android devices collecting this information on the device provides significant performance benefits. Just try using location in just GPS only mode on Android. Welcome back its been about 10 minutes! I'm not sure if this the direct cause but there was a massive improvement in the accuracy and speed of GPS when the iPhone 4 and the corresponding iOS version was released. I'm sure most users would be to happy provide their location information to Apple for better location services if they were open about it and asked upfront. I mean look at how many millions use check-in services providing this information for free just to be major and how many geo tag photos, tweets etc.
The third principle is Onward Transfer. One would hope that Google or Apple would only turn over this information with a warrant and never directly to advertisers. Hopefully it is also truly annonimized as they say be of no use as a historical location tracking of individuals; I am a bit suspicious of device ID's and unique random identifiers
Then there is the principle of Security. Why is this information being stored in an un-encrypted format? Is there any good reason for this? Apple especially should know better - in the 13-page letter sent by Apple’s general counsel Bruce Sewell in July 2010, he states the information is transmitted over secure wireless. If they recognise the information is sensitive enough to require encryption in transit then why not storage?
If there is a reason like they need to access the database when the phone is locked, surely something like a one way hash of the information that needs to be read would be a lot better design.
Purpose is another principle to be considered. The data should only be collected, stored and used for the specified approved purpose. Apple's general council states in the same letter "these databases must be updated continuously to account for, among other things, the ever-changing physical landscape". This basically implies that there is little value holding a large amount of historical data and it should not be stored locally on a device nor by Apple. Steve Jobs in his usual verbose style stated "We don't track anyone". I think the point he is missing is that this data, especially the historical data, allows the possibility of tracking any iOS user. Clearly if that is not the purpose this data should not have been kept. A positive for Google is at least they do not store this large cache of historical location data.
Finally there is the principle of access. From the kings of design and user experience, how hard would it be to add a button to wipe the information on an iOS device, opt-in or out of it being collected and select how far back it goes?
The collection, storage and transmission of personal location information by Apple and Google violates some basic privacy principles set out in the EU Data Protection Directive being:
- Notice and consent - users should have been clearly informed and their permission explicitly obtained, like they are informed an APP contains over 18 content. Google does this better than Apple but it could still be improved
- Security - the data should have been encrypted or one way hashed on the device
- Purpose - if historical information was not required it should not have been kept
- Access - users should have a simple option to delete the information collected
27/04/2011 - Adding Microsoft to this also now. Apparently no data stored locally but it is collected and transmitted.
27/04/2011 - Apple provides official press release response. Firstly this is written in really clear language and very little marketing speak +1 for Apple. It is good they acknowledge that while the data is transmitted in an encrypted form it is not encrypted on the phone and will only be encrypted in backup if you enable backup encryption (we all do right? right?). Major point: "The reason the iPhone stores so much data is a bug we uncovered and plan to fix shortly (see Software Update section below). We don’t think the iPhone needs to store more than seven days of this data". Good that they acknowledge they are collecting far more data that is required for the purpose and plan on fixing it. This is also very good and validates what I hoped regarding the onward transfer principle: "location is not shared with any third party or ad unless the user explicitly approves".
The patch I was asking for:
"Sometime in the next few weeks Apple will release a free iOS software update that:
- reduces the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,
- ceases backing up this cache, and
- deletes this cache entirely when Location Services is turned off."
- Google circles - many ways to do identity?
- Obama Cyber ID = bad idea
- Privacy in an Age of Augmented Humanity
- The Register - Apple iPhone tracking analysis
- Wired - Why and How Apple is collecting your location data
- Google says it collects location data
- Android secretly stores location data too -- though less of it, and with less detail
- IPhone Stored Location in Test Even if Disabled
- Apple official response
Like this post? Get updates via RSS or follow me on Twitter @rakkhis
Share this, that's how ideas spread