Today, Alasdair Allen and Pete Warden announced that “[e]ver since iOS 4 arrived, your device has been storing a long list of locations and time stamps.” Your device’s longitude and latitude have been recorded hundreds of thousands of times with timestamps getting backed up to iTunes, transferred to new devices and restored across backups. It’s not encrypted, it’s not protected, and it’s pretty easy to access.
Let’s recall US v. Maynard, a 2010 case where FBI agents planted a GPS tracking device on a car when the car was on private property, and then recorded its location every ten seconds for a month without obtaining a warrant. The US Court of Appeals for D.C. held that obtaining such information required a search warrant, and rejected the Bureau’s claims that their actions didn’t constitute a search. The Bureau cited US v. Knotts, in which police used a beeper device to track the discrete movements of a suspected conspirator’s car over a limited period of time. In this case’s opinion, the court only addressed the use of such tracking technology for a single car trip–not limitless access to GPS data, regardless of previously specified time or place.
Accessing aggregated GPS data in an investigation constitutes a search and requires a warrant. However, we’re only familiar with this situation when a third party is seeking that location data. What’s unique about Apple as the original collector? They’re not going after data collected by another party–it’s a function built into the software, and it’s covered in the terms of service.
Indeed, Apple’s iOS 4 TOS says
To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.
So what’s next? The blogosphere is feeling squeamish, but is that the extent of the response? Thoughts, guys?
As an aside, Apple’s capitalizing upon the buzz with advertisements on Google, perhaps employing the same publicity tactics that BP did, post-oil-spill (I blogged about it here). I’d be interested to see if the content of these word-triggered ads changes to be more actively positive in Apple’s favor as more eyebrows are raised in response to this latest discovery.
Yale Law Tech 
1. Every single cell phone collects this data, as the creators of the application note. The major difference here is that users have access to their own data with iPhones, whereas most people are unaware and cannot access data that phone companies collect and law enforcement use.
2. This is not GPS. GPS collects your latitude and longitude with good resolution. Users of this application are sure to note the data can be off by hundreds of miles: hardly GPS quality.
3. You drop off the grid every time you have no signal. And you were using AT&T anyway, so you’re effectively missing half the time. Or turn your phone off. This is a far cry from the police sticking a GPS tracker on your car.
I’m disappointed a third party had to create this application. This is data users ought to have access to, especially since it’s already accessible by numerous third parties, and used against you in courts.
But the security or privacy concerns are profoundly overblown. It’s data the FBI would never bother to search your computer for: they already got it from the phone company. If you’re worried about someone snooping around in your computer, just check the box “Encrypt iPhone Backups”. Literally one click. Besides, is the most scandalous thing you have on your phone your location?
LikeLike
Al Franken just sent Apple some questions about this:
http://arstechnica.com/apple/news/2011/04/senator-questions-apple-in-wake-of-ios-tracking-scandal.ars
LikeLike