Apple called to second Senate hearing on privacy

Posted:
in General Discussion edited January 2014
Representatives from Apple and Google have been called to testify at a second U.S. Senate hearing on mobile consumer privacy later this week, this time with the Consumer Protection, Safety and Insurance Subcommittee.



The committee, which operates under the U.S. Senate Committee on Commerce, Science, and Transportation, will hold the hearing on May 19 at 10 a.m. Eastern, CNet reports. The hearing is entitled "Consumer Privacy and Protection in the Mobile Marketplace."



David Vladeck, the Federal Trade Commission's Director of the Bureau of Consumer Protection, has been called to testify in Witness Panel 1.



Catherine Novelli, Apple Vice President of Worldwide Government Affairs, will serve as a witness during Witness Panel 2. Google Director of Public Policy for the Americas Alan Davidson is also scheduled to testify, as is Bret Taylor, Facebook's Chief Technology Officer.



The Commerce hearing comes soon after a hearing by the Senate Judiciary Subcommittee on Privacy that also called Apple and Google as witnesses. Apple Vice President of Software Technology Guy L. "Bud" Tribble testified last week that the company had never tracked an individual's location.







Security researchers had claimed last month that a database file in iOS 4 stored users' location information. Apple responded by denying the claim in a statement, noting that the file is actually a crowd-sourced database of Wi-Fi hotspots and cell tower data meant to help an iPhone "rapidly and accurately calculate its location when requested."



Tribble acknowledged during the hearing that Apple was "looking into" the legality of apps that broadcast sobriety checkpoints.



Executives from AT&T, T-Mobile and Sprint testified in a hearing last week. The Senate Judiciary subcommittee met to evaluate whether AT&T's proposed acquisition of T-Mobile USA would hurt consumers and stifle competition.
«1

Comments

  • Reply 1 of 32
    magicjmagicj Posts: 406member
    Queue weak sauce fanboy denials of the issue in 3... 2... 1...
  • Reply 2 of 32
    gotwakegotwake Posts: 115member
    I tell you what..... why don't they set up a meeting and invite all of the interested committees? It freakin' amazes me how inefficient our government is today.
  • Reply 3 of 32
    steven n.steven n. Posts: 1,229member
    Quote:
    Originally Posted by magicj View Post


    Queue weak sauce fanboy denials of the issue in 3... 2... 1...



    The simple fact that the data in consolidated.db was accurate to about 50 square miles when used in a metro environment makes it worthless as an indication of a users true position. In a rural environment, the data was accurate to about 2000 square miles.



    Much ado about nothing unless you are under the mis-guided notion the data actually representing the phones position accurately.
  • Reply 4 of 32
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by Steven N. View Post


    The simple fact that the data in consolidated.db was accurate to about 50 square miles when used in a metro environment makes it worthless as an indication of a users true position. In a rural environment, the data was accurate to about 2000 square miles.



    Much ado about nothing unless you are under the mis-guided notion the data actually representing the phones position accurately.



    A) Your claims about the accuracy of the data being stored don't come even close to matching the accuracy documented by the creators of the technology (1000 meters, max), or the accuracy demonstrated to Congress using a live iPhone (20 feet).



    B) The hearing aren't about consolidated.db in particular, they are about privacy policy in general and what actions Congress can take to update and strengthen existing laws.
  • Reply 5 of 32
    skottichanskottichan Posts: 193member
    Quote:
    Originally Posted by magicj View Post


    A) Your claims about the accuracy of the data being stored don't come even close to matching the accuracy documented by the creators of the technology (1000 meters, max), or the accuracy demonstrated to Congress using a live iPhone (20 feet).



    B) The hearing aren't about consolidated.db in particular, they are about privacy policy in general and what actions Congress can take to update and strengthen existing laws.



    http://www.noisetech-software.com/Di...atability.html



    Huh, cus it looks like this test came up with a radius of nearly 4mi, which is significantly greater than "the accuracy documented by the creators of the technology (1000 meters, max)".



    And that was just the first link on Google. If you look at that test map, it's less accurate at finding your house as say... the phone book.
  • Reply 6 of 32
    mikemomikemo Posts: 7member
    Meanwhile...your tax dollars are spent in Las Vegas...



    http://www.kmov.com/news/local/Lawma...121666334.html
  • Reply 7 of 32
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by skottichan View Post


    http://www.noisetech-software.com/Di...atability.html



    Huh, cus it looks like this test came up with a radius of nearly 4mi, which is significantly greater than "the accuracy documented by the creators of the technology (1000 meters, max)".



    And that was just the first link on Google. If you look at that test map, it's less accurate at finding your house as say... the phone book.



    If you feel the blog post is relevant, send the link to Congress. The hearings are open to public comment for 2 weeks after the interviews with Apple and Google that just took place.



    In the meantime, the information I noted is what Congress is working with.
  • Reply 8 of 32
    gqbgqb Posts: 1,934member
    I certainly hope Novelli does better than Tribble did. He was a mumbling embarrassment.
  • Reply 9 of 32
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by GQB View Post


    I certainly hope Novelli does better than Tribble did. He was a mumbling embarrassment.



    I'd agree he did not have a strong grasp of the privacy issues being discussed. He seemed to me to be a very capable technical professional who was looking at the issue solely from the point of view of Apple and generally unaware that there were other important points of view.



    That said, Apple is not on trial in these hearings. The hearings are basically "fact finding" exercises designed to lay the groundwork for future changes to the law.
  • Reply 10 of 32
    steven n.steven n. Posts: 1,229member
    Quote:
    Originally Posted by magicj View Post


    A) Your claims about the accuracy of the data being stored don't come even close to matching the accuracy documented by the creators of the technology (1000 meters, max), or the accuracy demonstrated to Congress using a live iPhone (20 feet).



    B) The hearing aren't about consolidated.db in particular, they are about privacy policy in general and what actions Congress can take to update and strengthen existing laws.



    You are comparing two different things. The 20ft accuracy referred to in the Senate hearing represents how accurately the Location Services were able to place the phone. This did not represent the accuracy/dependability of the data in the consolidated.db file. In other words, the simple existence of a data point in the consolidated.db file does not mean that this represents your proximity to that point.



    And yes, the hearings are very much about the consolidated.db file. If you believe that the hearings would have happened without this 10 month old know file coming to the forefront of peoples minds, you are a crazy man. Notice that Senator Franken referenced this file many times. He was very confused how a file with very inaccurate data (from the standpint of phone position) could be used to actually locate the phone's position with high accuracy.



    For example:

    http://www.noisetech-software.com/Di...atability.html



    This is a simple study I did with iOS 4.3.2. For the study I:
    • Backed up my phone.

    • Deleted all data on my phone.

    • Installed and used a few location aware apps.

    • Used the phone for 36 hours.

    • Performed a Backup to get access to the new consolidated.db file.

    • Ploted the data.

    • Restored my phone to its original condition.

    On the plot, I plotted a dark enclosed path at the center of the plot. This represents the limits of my travels for the 36 hour period. NOTE: There is not a single point within the roughly 3/4 square mile area I traveled on that day and a half.



    The data within the file is accurate to within almost 50 square miles in a metropolitan setting. In a rural setting it is closer to 2000 square miles.



    So again, knowing this, what is the security risk associated with this data?
  • Reply 11 of 32
    steven n.steven n. Posts: 1,229member
    Quote:
    Originally Posted by magicj View Post


    If you feel the blog post is relevant, send the link to Congress. The hearings are open to public comment for 2 weeks after the interviews with Apple and Google that just took place.



    In the meantime, the information I noted is what Congress is working with.



    I sent the link/research to Al Franken. No reply because I am sure it did not support his fear mongering views of the world.
  • Reply 12 of 32
    mdriftmeyermdriftmeyer Posts: 7,503member
    Quote:
    Originally Posted by Steven N. View Post


    I sent the link/research to Al Franken. No reply because I am sure it did not support his fear mongering views of the world.



    No reply, because Senators don't reply. You expected a brownie point or a gold star? Seriously?



    It's info that they will use if it has merits. Don't expect a pat on the back from anyone.
  • Reply 13 of 32
    steven n.steven n. Posts: 1,229member
    Quote:
    Originally Posted by mdriftmeyer View Post


    No reply, because Senators don't reply. You expected a brownie point or a gold star? Seriously?



    It's info that they will use if it has merits. Don't expect a pat on the back from anyone.



    And there is an option for a reply.
  • Reply 14 of 32
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by Steven N. View Post


    So again, knowing this, what is the security risk associated with this data?



    Steven, we've discussed this before. Your tests done in Arizona can be 100% correct yet still not reflect the results others would get in other areas. Still, I think it's good that you sent your results to Fraken.



    As to the "security risk" associated with the data, the issue isn't security, it's privacy. These are similar areas, but they're not the same thing.



    Privacy is a question of property ownership. Your privacy data belongs to you. You own it. The issues being discussed at these hearings relate to how corporations can gather, use, share, and sell your property. The laws in this area are very weak. Outside of a few key areas, like children 12 and younger, there are very few laws at all.



    So again, the purpose of these hearings isn't to punish Apple. In fact, it was made very clear that Congress believes privacy data can be used by corporations to provide extremely valuable services.



    The ability of corporations to continue to provide these services and still profit from privacy data while simultaneously respecting the privacy of individuals who do not want to share this data is what these hearings are all about.
  • Reply 15 of 32
    gotwakegotwake Posts: 115member
    Quote:
    Originally Posted by magicj View Post


    Steven, we've discussed this before. Your tests done in Arizona can be 100% correct yet still not reflect the results others would get in other areas. Still, I think it's good that you sent your results to Fraken.



    Why would it not reflect the results others would get? Do you have any data that proves other wise? Apple has said this doesn't give a precise location. Steven posted his data showing it doesn't give a precise location. consolidated.db violates one's privacy about as much as looking up someone's address, drawing a 50 square mile perimeter and saying that that person travels within it.
  • Reply 16 of 32
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by GotWake View Post


    Why would it not reflect the results others would get?



    Because different configurations of cell towers, wi-fi hot spots, etc, will give different levels of accuracy to the phone. There's no reason to expect a town in Arizona to have the same results as metro D.C.



    The developers of the technology being used have stated it's accurate at determining location to within 1000 meters and one of the experts appearing before Congress used it to determine his location to within 20 feet.



    See the product documentation and the Congressional testimony for details. I don't feel like looking up the links right now. I've provided them on past threads on this issue and you should be able to google for the results anyway.
  • Reply 17 of 32
    anantksundaramanantksundaram Posts: 20,403member
    Quote:
    Originally Posted by magicj View Post


    Queue weak sauce fanboy denials of the issue in 3... 2... 1...



    On cue with you.



    Ugh.
  • Reply 18 of 32
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by anantksundaram View Post


    On cue with you.



    Ugh.



    I also used "breech" rather than "breach" several times on previous threads to describe iPhone developers accessing a user's unprotected contact information.



    Apologies.
  • Reply 19 of 32
    see flatsee flat Posts: 145member
    Quote:
    Originally Posted by Steven N. View Post


    I sent the link/research to Al Franken. No reply because I am sure it did not support his fear mongering views of the world.



    Al Franken is a comedian. I bet you he thinks all of this is very funny.

    I personnally enjoyed how he stumbled on Tribble's name and when it got to be Tribble's name to give his testimony, Tribble screwed up Franken's name. The camera showing Franken clearly showed he got it and was smiling about it.
  • Reply 20 of 32
    steven n.steven n. Posts: 1,229member
    [QUOTE=magicj;1865061]Because different configurations of cell towers, wi-fi hot spots, etc, will give different levels of accuracy to the phone. There's no reason to expect a town in Arizona to have the same results as metro D.C.

    [/QUTOE] -Edit / tag.



    I have looked at data from Chicago, KC, OKC, Phoenix and LA all with similar results. In otherwords, AZ is not some weird out-flyer.



    Quote:
    Originally Posted by magicj View Post


    The developers of the technology being used have stated it's accurate at determining location to within 1000 meters and one of the experts appearing before Congress used it to determine his location to within 20 feet.



    See the product documentation and the Congressional testimony for details. I don't feel like looking up the links right now. I've provided them on past threads on this issue and you should be able to google for the results anyway.



    The congressional details are it fact true. Location services can pin-point your location to within meters on WiFi only data. I have demonstrated, that does not mean the data within the controversial consolidated.db file pins your location to 20 feet. Soltani made the following observation:
    • GPS is disabled as is the Cell radio.

    • WiFi is enabled.

    • Location is within 20 ft.

    • Consolidated.db includes a time stamp.

    • Therefore, the file has my location pegged to within 20 feet.

    That is as stupid of logic as exists on the face of the planet. That is like saying: Dogs are animals. Cats are animals. Therefore all dogs are cats.



    So again (You seem to have a very think skull unwilling to learn anything new), just because the location services can pinpoint a location within a few feet, that does not mean the data recorded in the file represents:
    1. The phones position.

    2. The time the phone picked-up or had download to it a WiFi net location.

    The file contains a list of GPS coordinates and time stamps. That data does not seem to correlate with your physical location and the time-stamps seem to be the time the data was added to the database. This time does not, necessarily, correlate to the time you passed a specific location.



    You have much homework to do before you can comment with any amount of authority on the subject. In short, show me your specific test data.
Sign In or Register to comment.