Focusing public attention on emerging privacy and civil liberties issues

Location Privacy: Apple iPhone / iPad

On April 20, 2011, Alasdair Allan and Pete Warden announced that they had discovered that the Apple iPhone and the Apple 3G iPad were regularly recording the devices' locations into a hidden file. The data gathering, they claimed, was "clearly intentional."

Top News

  • Apple Announces New Privacy Enhancing Techniques: The most recent product announcement from Apple, includes several privacy enhancing techniques that EPIC has favored, including randomized MAC addresses, end-to-end encryption, robust screen lock, and implementation of secure electronic payment systems. Still, EPIC has raised questions about Health Kit, which enables the collection and transfer of sensitive medical information, and the enforcement of developer guidelines. For more information, see, EPIC: Practical Privacy Tools and EPIC: Location Privacy. (Sep. 23, 2014)
  • Apple Announces New Privacy-Enhancing Techniques in iOS 8: Apple has announced new privacy-enhancing techniques that will limit the ability of third parties to track Apple mobile devicesi. Specifically, iOS8 will use "random, locally administered MAC addresses," instead of unique device IDs, to connect to the Internet. Mobile phones can now be tracked by law enforcement and private companies because of the unique MAC address associated with the device. In 2004 when the adoption of IPv6 raised privacy concerns, EPIC recommended that MAC addresses be randomized to avoid tracking. The change in the Apple iOS implements this proposal. For more information, see EPIC: Practical Privacy Tools and EPIC: Location Privacy. (Jun. 10, 2014)
  • Senate Holds Hearing on Consumer Location Privacy Protection: The Senate recently held a hearing on the Location Privacy Protection Act of 2014 authored by Senator Franken. In an opening statement, Senator Franken said his "bill makes sure that if a company wants to get your location...they need to get your permission first." FTC Director, Jessica Rich, testified that location data is "sensitive information" that "raises privacy concerns." The FTC recently signed a 20-year consent order with Snapchat after finding the app was collecting location information in contradiction to its stated privacy policy. The FTC investigated Snapchat after EPIC filed a complaint with the agency detailing the companies deceptive practices. EPIC also filed an amicus brief in a location privacy case in which the New Jersey Supreme Court case announced a landmark decision, holding that individuals have an expectation of privacy in their cell phone data.For more information, see EPIC: Location Privacy. (Jun. 6, 2014)
  • Massachusetts Court Upholds Privacy Protection for Location Records: In Commonwealth v. Augustine, the Massachusetts Supreme Judicial Court ruled that an individual has a reasonable expectation of privacy in cell phone location records held by a company. Article 14 of the Massachusetts Constitution, similar to the Fourth Amendment, provides that individuals should be free from "unreasonable searches, and seizures." The court held that obtaining two weeks of phone location records was a search, requiring a warrant. EPIC filed "friend of the court" briefs in Commonwealth v. Connolly, a similar case in Massachusetts concerning warrantless GPS tracking, and State v. Earls, a case in which the New Jersey Supreme Court held that location data is protected under the state constitution. EPIC also filed a brief in In re U.S. Application for Historical Cell Site Data, where an appeals court held that users have no reasonable expectation of privacy in location records under the Fourth Amendment. The Massachusetts Supreme Court considered all three cases. For more information, see EPIC: Location Privacy. (Feb. 20, 2014)
  • New Jersey Court Issues Landmark Location Privacy Decision: Today the Supreme Court of New Jersey held that individuals have a reasonable expectation of privacy in their cell phone location data under the NJ state constitution. In State v. Earls, the New Jersey high court found that "cell-phone location information, which users must provide to receive service, can reveal a great deal of personal information about an individual." This decision is the first to establish a Constitutional right in location data since the U.S. Supreme Court decided United States v. Jones, a GPS tracking case in which several Justices expressed concern about the collection of location data. EPIC participated as amicus curiae in Earls. The New Jersey Supreme Court noted that "EPIC offered helpful details about the current state of cell-phone technology." For more information, see EPIC: State v. Earls and EPIC: Locational Privacy. (Jul. 18, 2013)
  • EPIC Recommends Privacy Protections for Natural Disaster Survivors: In comments to the National Institutes of Health, an agency component of Health and Human Services, EPIC urged the agency to safeguard personally identifiable information following natural disasters. The agency proposes to use the PEOPLE LOCATOR system and related mobile app ReUnite™ to reunite "family and friends who are separated during a disaster." The PEOPLE LOCATOR system allows third parties to enter highly sensitive information about each missing or located individual, which in turn is accessed by the public. The system stores disaster survivor information including name, location, date of birth, race, religion, health status, address, and photographs. EPIC recommended that the agency: (1) limit its data collection to relevant information, (2) protect the security of the system by implementing data access control and establishing data quality standards; (3) define a record retention and disposal schedule; and (4) establish guidelines, which adhere to the Fair Information Practices, for disclosures to third parties like Google. For more information, see EPIC: Locational Privacy. (Jun. 20, 2013)
  • Texas Bill to Require Warrants for E-mail Searches Awaits Governor's Signature: The Texas legislature has passed H.B. No. 2268, a bill that creates a warrant requirement for law enforcement access to stored electronic communications and customer data. The law, which was presented to Governor Rick Perry this week, is the first successful state effort to establish an across-the-board warrant requirement for stored communications. Congress is considering similar changes to the federal Electronic Communications Privacy Act. Others have proposed more sweeping privacy reforms, and there are bills in both the House and Senate that would establish location privacy protections. EPIC testified before the Texas Legislature on H.B. 1608, a location privacy companion to H.B. 2268. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Locational Privacy. (May. 29, 2013)
  • House Subcommittee Considers Geolocation Privacy: The House Subcommittee on Crime, Terrorism, Homeland Security, and Investigations today heard testimony today on proposed Geolocation Privacy safeguards for the collection and use of location data generated by cellphones and other devices. As EPIC recently noted in a letter to the House Judiciary committee, and testimony before the Maryland House of Delegates and Texas House of Representatives on similar bills, ECPA does not protect location records; courts are divided on whether such records are protected by the Fourth Amendment. For more information, see EPIC: Locational Privacy. (Apr. 26, 2013)
  • EPIC Testifies in Austin on Texas Location Privacy Bill: EPIC's Appellate Advocacy Counsel Alan Butler testified before the Texas State Assembly on a privacy bill for telephone location data. The House bill, would establish a warrant requirement for location data and a comprehensive reporting requirement, similar to the federal wiretap reports. Mr. Butler discussed the need for clear rules governing location surveillance that satisfy Fourth Amendment standards, as well as the importance of public reporting and accountability. He also testified at a Senate Committee hearing on the proposal. EPIC recently submitted amicus briefs in State v. Earls and In re U.S. (5th Cir.) regarding location privacy. For more information, see EPIC: Locational Privacy. (Mar. 28, 2013)
  • EPIC Highlights Need for Broad Reform of Federal Privacy Law: In response to a request from the House Judiciary Committee, EPIC has recommended a comprehensive review of the federal communications privacy law. Congress will begin hearings this week on ECPA Part 1: Lawful Access to Stored Content. EPIC's letter to the Committee noted the recent settlement by the state Attorneys General with Google in the Street View matter and the reluctance of federal officials to pursue a similar investigation. EPIC also noted growing confusion in the lower courts about the application of the federal privacy law. Finally, EPIC pointed out that the current law provides inadequate protection for private location records. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Locational Privacy. (Mar. 18, 2013)

Background

On April 20, 2011, two data scientists, Alasdair Allan and Pete Warden, conducted a discussion at Where 2.0, an annual conference on location-aware technology and business. Allan and Warden announced that they had discovered that the Apple iPhone and the Apple 3G iPad were regularly recording the devices' locations into a hidden file, explaining how they made the discovery, what they thought the collection implied, and how users would be able to view their own data.

Following the announcement, several journalists and researchers delved further into an issue, and much speculation occurred about if the data was being transmitted to Apple and if the tracking was exclusive to the iPhone / iPad, or if it also was occurring on other smartphones, including android-based hardware.

Apple has made many statements in support of locational privacy in the past. With the release of OS4, on April 8, 2010, Scott Forstall, the Senior Vice President for iPhone Software, stated: "For all these location things, we take privacy very, very seriously. Ever since we added the first API's for location, we would put up a panel whenever an application wanted to use your location - and the user would have to approve this. We're taking privacy several steps further - in iPhone OS 4." In clarification, Forstall explained exactly what steps would be taken to protect location privacy:

  • "First, we're adding an indicator right on the status bar to let you know if any application is asking for your location. Be it a foreground application or one of the background applications - so you could know if something is tracking your location."
  • "Next - we're adding fine grain settings - so you could see all of the application that would like to use your location and the user can enable or disable location, per application."
  • "And on top of all of this, if any application has asked for your location in the last 24 hours, we'll add an indicator right next to that app - so you could know that it's asked for your location."
  • "So we're being completely transparent on the usage of location and we're letting user set, on an app-by-app basis, the ability for apps to use location."

In April 2010, Apple changed its Privacy Policies regarding locational data. At the time, Representative Edward Markey (D-Mass) and Representative Joe Barton (R-TX), sent a letter to Apple's Steve Jobs asking for an explanation for the change in policy and how the changes would effect compliance with the Telecommunications Act (47 U.S.C. § 222). In a lengthy response, Apple explained that the change was meant to address Apple's location-based services. Apple assured that customer's location-based GPS information that Apple collected from mobile devices would be "stored in a database accessible only by Apple."

Apple's Privacy Policy, as of the date of the discovery, included two explicit statements about location data:

  • "[Apple] may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising."
  • "To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services."
Apple also carries a TRUSTe Privacy Seal:

    Apple Inc. has been awarded TRUSTe’s Privacy Seal signifying that this Privacy Policy and practices have been reviewed by TRUSTe for compliance with TRUSTe’s program requirements including transparency, accountability, and choice regarding the collection and use of your personal information.

On April 21, 2011, Representative Edward J. Markey (D-Mass), sent a letter to Steve Jobs, the CEO of Apple, Inc. Rep. Markey voiced concern for the "consequences of this feature for individuals' privacy," and proposed the following questions:

  • Is it accurate that Apple iPhone keeps track of where iPhone users go, saving this information to a file on the device that is then copied to the owner's computer when the two are synchronized?
  • Did Apple intentionally develop this functionality in order to log the locations of users?
  • How does Apple collect this customer location information?

  • Does Apple use this information for any purpose?
  • Has Apple used this location information for any commercial purpose?

  • Is it possible for customers to disable this feature? 

  • Given the widespread usage of iPhones and iPads by individuals under the age of 18, is Apple concerned that the wide array of precise location data logged by these devices can be used to track minors, exposing them to potential harm?

In a similar letter, sent on April 21, 2011, from Senator Franken (D-Minn), the following questions were proposed:

  • Why does Apple collect and compile this location data? Why did Apple choose to initiate tracking this data in its iOS 4 operating system?
  • Does Apple collect and compile this location data for laptops?
  • How is this data generated? (GPS, cell tower triangulation, WiFi triangulation, etc.)
  • How frequently is a user's location recorded? What triggers the creation of a record of someone's location?
  • How precise is this location data? Can it track a user's location to 50 meters, 100 meter, etc.?
  • Why is this data not encrypted? What steps will Apple take to encrypt this data?
  • Why were Apple consumers never affiamtely informed of the collection and retention of their location data in this manner? Why did Apple not seek affirmative consent before doing so?
  • Does Apple believe that this conduct is permissible under the terms of its privacy policty? See Apple Privacy Policy at "Location-based Services" (accessed on April 20, 2011), available at www.apple.com/privacy.
  • To whom, if anyone, including Apple, has this data been disclosed. When and why were these disclosures made?

Sen. Franken stated that, "The existence of this information stored in an unencrypted format-raises serious privacy concerns."

On April 20, 2011 Representative Jay Inslee (D-WA) issued an official statement on the issue, indicating that he would press the company for answers and noting that "current law fails to ensure consumers are protected from privacy violations." On April 22, 2011, Rep. Inslee wrote to Chairman Leibowitz, chairman of the Federal Trade Commission, calling for the Commission's "prompt attention to this important matter."

As of April 22, 2011, the Italian Data Protection Authority has opened an investigation into the matter. In addition, the Bavarian Agency for the Supervision of Data Protection (Germany) and the French Data Protection Authority had stated an intent to look deeper into the matter. On April 26, 2011, South Korea's Communications Commission also questioned Apple about location data stored on iPhone and iPad devices.

On April 22, 2011, two individuals filed a class action lawsuit against Apple in the Middle District of Florida. Allegations include violations of the Computer Fraud and Abuse Act, Fraud, Misrepresentation, and several state claims, among others.

On April 25, 2011, the Illinois Attorney General asked for a meeting with Apple to discuss privacy concerns on mobile devices.

Apple finally responded to the allegations on April 27, 2011 in a carefully worded press release. Responding to pressure from privacy groups, Apple announced three changes to iOS4:

  • Locational data storage will be limited to one week
  • Locational data will no longer be transferred to a user's computer
  • Users will be able to delete all locational data collection on the device
  • All locational data stored on a the device will be encrypted
Apple further pledged that the company has "no plans to ever" track users.

Additional Resources

Latest News