Apple, Google Under Fire at Hearing

Senate Panel Focuses on Mobile Location Services' Privacy Threat

By , May 10, 2011.
Apple, Google Under Fire at Hearing

A

See Also: POS Security Essentials: How to Prevent Payment Card Breaches

shkan Soltani, sitting on a bench in the lobby of the Hart Senate Office Building on Capitol Hill, conducted an experiment on whether files stored on smartphones can identify the location of their users.

An independent privacy researcher and consultant, Soltani accurately recorded his whereabouts within 20 meters using GPS. Then, using Wi-Fi geolocation from a database maintained by Google, the application found Soltani at nearly the exact location (see blue circles in maps below). "Since Wi-Fi is a short-range communication, knowing even one nearby Wi-Fi signal can typically pin the user within 100 feet," Sotani testified Tuesday at Senate hearing held in the Hart building.

Sen. Al Franken, D-Minn., chairman of the newly formed Senate Judiciary Subcommittee on Privacy, Technology and the Law, called the panel's inaugural hearing after reports last month that Apple and Google maintained hidden files on their mobile devices that tracked locations visited by users (see Apple Denies It Tracks iPhone Users).

At the hearing, Apple and Google officials reiterated earlier statements from their companies that hidden files don't show where users visited. Guy Tribble, Apple vice president for software technology, told the committee that the location data collected represented Wi-Fi hotspots and cell towers that help the smartphone rapidly and accurately calculate its location when requested by an application on the device. "Apple does not track users' locations; Apple has never done so and has no plans to ever do so," Tribble said.

Sontani didn't dispute Apple's and Google's contention they don't intentionally collect location data on specific individuals, but said much information can be construed from the trails of historical location data stored on mobile devices. "People are creatures of habit, and it would often be easy to deduce where an individual works from her location on weekdays from 9 a.m. to 5 p.m. or, from the same nightly location, where she sleeps," Sotani said. "These two pieces of information start to form a picture of who the device owner is."

That information can be used to do harm, despite the vendors' intent, prompted Franken to observe: "Information on our mobile devices is not being protected in the way it should be."

Value of Location Services

Alan Davidson, Google director of public policy, said a balance must be reached between protecting individuals' privacy - something he contends Google does - and allowing the use of technology that provides the mobile services customers want. "Mobile services are creating enormous economic benefits for our society," he said, citing a recent market report that predicted that the mobile applications market will be worth $25 billion by 2015. "At Google," he said, "we have seen an explosion in demand for location-based services."

Davidson listed a wide variety of services mobile devices offer such as identifying traffic jams to where to get a cup of coffee as well as helping locate a missing child through Amber alerts and warning people of a coming tsunami. "None of these services or public safety tools would be possible without the location information that our users share with us and other providers, and without the mobile platforms for businesses and governments to effectively reach the appropriate audience," Davidson said.

Franken said it's not Congress' intent to pass laws to end location-based services. "No one up here wants to stop Apple or Google from producing their products or doing the incredible things that you do," he said. "You guys are brilliant. When people think of the word brilliant, they think of the people that founded and run your companies. No, what today is about is trying to find a balance between all of those wonderful benefits and the public's right to privacy. And I for one think that's doable."

But Franken lamented that existing federal law does little to protect individuals privacy. Makers of mobile applications can freely disclose individuals' locations and other sensitive data to nearly anyone without letting their customers know.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE APT Cyber Extortion - Who's At Risk

Despite high-profile attacks and publicity, advanced persistent threats continue to strike...

Latest Tweets and Mentions

ARTICLE APT Cyber Extortion - Who's At Risk

Despite high-profile attacks and publicity, advanced persistent threats continue to strike...

The ISMG Network