or Connect
AppleInsider › Forums › General › General Discussion › Apple called to second Senate hearing on privacy
New Posts  All Forums:Forum Nav:

Apple called to second Senate hearing on privacy

post #1 of 21
Thread Starter 
Representatives from Apple and Google have been called to testify at a second U.S. Senate hearing on mobile consumer privacy later this week, this time with the Consumer Protection, Safety and Insurance Subcommittee.

The committee, which operates under the U.S. Senate Committee on Commerce, Science, and Transportation, will hold the hearing on May 19 at 10 a.m. Eastern, CNet reports. The hearing is entitled "Consumer Privacy and Protection in the Mobile Marketplace."

David Vladeck, the Federal Trade Commission's Director of the Bureau of Consumer Protection, has been called to testify in Witness Panel 1.

Catherine Novelli, Apple Vice President of Worldwide Government Affairs, will serve as a witness during Witness Panel 2. Google Director of Public Policy for the Americas Alan Davidson is also scheduled to testify, as is Bret Taylor, Facebook's Chief Technology Officer.

The Commerce hearing comes soon after a hearing by the Senate Judiciary Subcommittee on Privacy that also called Apple and Google as witnesses. Apple Vice President of Software Technology Guy L. "Bud" Tribble testified last week that the company had never tracked an individual's location.



Security researchers had claimed last month that a database file in iOS 4 stored users' location information. Apple responded by denying the claim in a statement, noting that the file is actually a crowd-sourced database of Wi-Fi hotspots and cell tower data meant to help an iPhone "rapidly and accurately calculate its location when requested."

Tribble acknowledged during the hearing that Apple was "looking into" the legality of apps that broadcast sobriety checkpoints.

Executives from AT&T, T-Mobile and Sprint testified in a hearing last week. The Senate Judiciary subcommittee met to evaluate whether AT&T's proposed acquisition of T-Mobile USA would hurt consumers and stifle competition.
post #2 of 21
I tell you what..... why don't they set up a meeting and invite all of the interested committees? It freakin' amazes me how inefficient our government is today.
post #3 of 21
Quote:
Originally Posted by magicj View Post

Queue weak sauce fanboy denials of the issue in 3... 2... 1...

The simple fact that the data in consolidated.db was accurate to about 50 square miles when used in a metro environment makes it worthless as an indication of a users true position. In a rural environment, the data was accurate to about 2000 square miles.

Much ado about nothing unless you are under the mis-guided notion the data actually representing the phones position accurately.
post #4 of 21
Quote:
Originally Posted by magicj View Post

A) Your claims about the accuracy of the data being stored don't come even close to matching the accuracy documented by the creators of the technology (1000 meters, max), or the accuracy demonstrated to Congress using a live iPhone (20 feet).

B) The hearing aren't about consolidated.db in particular, they are about privacy policy in general and what actions Congress can take to update and strengthen existing laws.

http://www.noisetech-software.com/Di...atability.html

Huh, cus it looks like this test came up with a radius of nearly 4mi, which is significantly greater than "the accuracy documented by the creators of the technology (1000 meters, max)".

And that was just the first link on Google. If you look at that test map, it's less accurate at finding your house as say... the phone book.
post #5 of 21
Meanwhile...your tax dollars are spent in Las Vegas...

http://www.kmov.com/news/local/Lawma...121666334.html
post #6 of 21
I certainly hope Novelli does better than Tribble did. He was a mumbling embarrassment.
post #7 of 21
Quote:
Originally Posted by magicj View Post

A) Your claims about the accuracy of the data being stored don't come even close to matching the accuracy documented by the creators of the technology (1000 meters, max), or the accuracy demonstrated to Congress using a live iPhone (20 feet).

B) The hearing aren't about consolidated.db in particular, they are about privacy policy in general and what actions Congress can take to update and strengthen existing laws.

You are comparing two different things. The 20ft accuracy referred to in the Senate hearing represents how accurately the Location Services were able to place the phone. This did not represent the accuracy/dependability of the data in the consolidated.db file. In other words, the simple existence of a data point in the consolidated.db file does not mean that this represents your proximity to that point.

And yes, the hearings are very much about the consolidated.db file. If you believe that the hearings would have happened without this 10 month old know file coming to the forefront of peoples minds, you are a crazy man. Notice that Senator Franken referenced this file many times. He was very confused how a file with very inaccurate data (from the standpint of phone position) could be used to actually locate the phone's position with high accuracy.

For example:
http://www.noisetech-software.com/Di...atability.html

This is a simple study I did with iOS 4.3.2. For the study I:
  • Backed up my phone.
  • Deleted all data on my phone.
  • Installed and used a few location aware apps.
  • Used the phone for 36 hours.
  • Performed a Backup to get access to the new consolidated.db file.
  • Ploted the data.
  • Restored my phone to its original condition.

On the plot, I plotted a dark enclosed path at the center of the plot. This represents the limits of my travels for the 36 hour period. NOTE: There is not a single point within the roughly 3/4 square mile area I traveled on that day and a half.

The data within the file is accurate to within almost 50 square miles in a metropolitan setting. In a rural setting it is closer to 2000 square miles.

So again, knowing this, what is the security risk associated with this data?
post #8 of 21
Quote:
Originally Posted by magicj View Post

If you feel the blog post is relevant, send the link to Congress. The hearings are open to public comment for 2 weeks after the interviews with Apple and Google that just took place.

In the meantime, the information I noted is what Congress is working with.

I sent the link/research to Al Franken. No reply because I am sure it did not support his fear mongering views of the world.
post #9 of 21
Quote:
Originally Posted by Steven N. View Post

I sent the link/research to Al Franken. No reply because I am sure it did not support his fear mongering views of the world.

No reply, because Senators don't reply. You expected a brownie point or a gold star? Seriously?

It's info that they will use if it has merits. Don't expect a pat on the back from anyone.
post #10 of 21
Quote:
Originally Posted by mdriftmeyer View Post

No reply, because Senators don't reply. You expected a brownie point or a gold star? Seriously?

It's info that they will use if it has merits. Don't expect a pat on the back from anyone.

And there is an option for a reply.
post #11 of 21
Quote:
Originally Posted by magicj View Post

Steven, we've discussed this before. Your tests done in Arizona can be 100% correct yet still not reflect the results others would get in other areas. Still, I think it's good that you sent your results to Fraken.

Why would it not reflect the results others would get? Do you have any data that proves other wise? Apple has said this doesn't give a precise location. Steven posted his data showing it doesn't give a precise location. consolidated.db violates one's privacy about as much as looking up someone's address, drawing a 50 square mile perimeter and saying that that person travels within it.
post #12 of 21
Quote:
Originally Posted by magicj View Post

Queue weak sauce fanboy denials of the issue in 3... 2... 1...

On cue with you.

Ugh.
post #13 of 21
Quote:
Originally Posted by Steven N. View Post

I sent the link/research to Al Franken. No reply because I am sure it did not support his fear mongering views of the world.

Al Franken is a comedian. I bet you he thinks all of this is very funny.
I personnally enjoyed how he stumbled on Tribble's name and when it got to be Tribble's name to give his testimony, Tribble screwed up Franken's name. The camera showing Franken clearly showed he got it and was smiling about it.
post #14 of 21
[QUOTE=magicj;1865061]Because different configurations of cell towers, wi-fi hot spots, etc, will give different levels of accuracy to the phone. There's no reason to expect a town in Arizona to have the same results as metro D.C.
[/QUTOE] -Edit / tag.

I have looked at data from Chicago, KC, OKC, Phoenix and LA all with similar results. In otherwords, AZ is not some weird out-flyer.

Quote:
Originally Posted by magicj View Post

The developers of the technology being used have stated it's accurate at determining location to within 1000 meters and one of the experts appearing before Congress used it to determine his location to within 20 feet.

See the product documentation and the Congressional testimony for details. I don't feel like looking up the links right now. I've provided them on past threads on this issue and you should be able to google for the results anyway.

The congressional details are it fact true. Location services can pin-point your location to within meters on WiFi only data. I have demonstrated, that does not mean the data within the controversial consolidated.db file pins your location to 20 feet. Soltani made the following observation:
  • GPS is disabled as is the Cell radio.
  • WiFi is enabled.
  • Location is within 20 ft.
  • Consolidated.db includes a time stamp.
  • Therefore, the file has my location pegged to within 20 feet.

That is as stupid of logic as exists on the face of the planet. That is like saying: Dogs are animals. Cats are animals. Therefore all dogs are cats.

So again (You seem to have a very think skull unwilling to learn anything new), just because the location services can pinpoint a location within a few feet, that does not mean the data recorded in the file represents:
  1. The phones position.
  2. The time the phone picked-up or had download to it a WiFi net location.

The file contains a list of GPS coordinates and time stamps. That data does not seem to correlate with your physical location and the time-stamps seem to be the time the data was added to the database. This time does not, necessarily, correlate to the time you passed a specific location.

You have much homework to do before you can comment with any amount of authority on the subject. In short, show me your specific test data.
post #15 of 21
Quote:
Originally Posted by magicj View Post

It also doesn't change the fact that the Congressional hearings aren't about consolidated.db, or even Apple, per se. They're about modernizing privacy laws.

But it does not change the fact that the consolidated.db file was mentioned many many times in the hearings and my money says it will be discussed that in the new hearings as well. The consolidated.db file is the catalyst for the hearings in the first place.

It does not change the fact that Apple (the creator of the file) responded that the file did not contain the location of the phone but rather a crowd sourced database that could by 100 miles away from your current location. My data supports this testimony. All data present so far, [B]except Soltani's[/B,] supports those findings.

It does not change the fact you are warping what was said in the hearings to your own agenda whatever that may be.

What I am saying is the file and your location are different things. You keep quoting responses given by Soltani that were flat out wrong and not in agreement with other expert testimony.

That said, yes there are broader issues at play here and I doubt anything will come of it. There are already ample opt-out options in both Android and iOS. Both offer the chance to share the location data or not share it. Both all options to disable location services on an app by app basis. The implementations are slightly different but the end results are the same.
post #16 of 21
Quote:
Originally Posted by AppleInsider View Post

Representatives from Apple and Google have been called to testify at a second U.S. Senate hearing on mobile consumer privacy later this week, this time with the Consumer Protection, Safety and Insurance Subcommittee.
[/c]

The Gov either doesn't understand Apple, etc; or they are simply creating window dressing on this resolved issue.

Either way it's a dumb waste of money the Gov doesn't have.
post #17 of 21
Quote:
Originally Posted by magicj View Post

*cough*


http://petewarden.github.com/iPhoneTracker/


http://petewarden.github.com/iPhoneTracker/

For reference, 1 degree equals about 69 miles. 1/100th of a degree is about 0.69 miles (about 3643.2 feet) .


http://www.skyhookwireless.com/howitworks/

As I said, not a single piece of information points to the data in the consolidated.db file being the location of the phone. Not one. I have proven to my self that is 100% true. Not even any of the data you presented repudiates that claim. Read your sources again.

When you learn to comprehend what you are reading, please come back and we can have an open, intelligent and frank discussion. As it is, you are posting about how the data in the file can be used to determine accurate location when combined with other data NOT in the file. Things missing in the file:

1) GPS Satellite position.
2) Phones current location relative to the logged data.
3) Signal strengths.

Just because I know there is a house 1.5 miles North of me does not give any indication where I currently am; you only know there is a house 1.5 miles North of my current location.

Likewise, just because a cell tower's location was logged into the database yesterday at 12:12:14 and a second one was logged in at 12:13:11 that was 4 miles away from the first one does not give any indication of my current location any closer than about 25 square miles.

So yes, location services can pinpoint your location quickly and accurately using data from cell towers, WiFi nets and GPS. Yes, there is a database with time tags. No, the data in the file can only predict your location in a metropolitan setting to within about 45-50 square miles because the database's data is woefully incomplete. In rural areas, the error is closer to 2000 square miles.

Again, the database is in no way shape or form the location of the phone but items around the phone. These items may be removed from the phone by many many many 10's of miles. The time tags do not seem to relate to when you passed a point but when a point was entered into the database. An age mark as it were. Items can be placed in the database when you are miles from the point.

As for sharing the data, all current smart phone OSes prompt for that and anyone can say no. There may be some device functionality that is lost due to that. If you don't want any type of tracking, don't by a cell phone. Any cell phone. No pager.

For example, take this quote:

Quote:
As far as we can tell, the location is determined by triangulating against the nearest cell-phone towers. This isn’t as accurate as GPS, but presumably takes less power. In some cases it can get very confused and temporarily think you’re several miles from your actual location, but these tend to be intermittent glitches.

It is obvious from these quotes, that Pete and Alasdair did not understand what these files contained, only that they mapped roughly to your position. If you look at their Cambridge/Oxford trip, you can see most of the errors are covering 25-75 square miles; at some points it is over 100 square miles of area. Pete and Alasdair made an assumption this file contained triangulated location information on the phone. The glitches are not glitches, just points being added to the database.

They were wrong.
post #18 of 21
Quote:
Originally Posted by Steven N. View Post

If you don't want any type of tracking, don't by a cell phone. Any cell phone. No pager.

If you have something that you dont want anyone to know maybe you shouldnt be doing it in the first place
No Matte == No Sale :-(
Reply
No Matte == No Sale :-(
Reply
post #19 of 21
Steven, you seemed to have missed the earlier conversations. Location data is indeed available (required) to the carriers. But they are bound by certain legal restrictions on how that data can be used or distributed. Not so with the phone manufacturers, currently they can do whatever the hell they want with that data. Comparing the two is either misleading or ignorant.

And this point has nothing at all to do with the consolidated.db file, that's another story, although it did help bring attention to the issues of location privacy, which is a good thing.
No Matte == No Sale :-(
Reply
No Matte == No Sale :-(
Reply
post #20 of 21
Quote:
Originally Posted by Steven N. View Post

As I said, not a single piece of information points to the data in the consolidated.db file being the location of the phone. Not one. [/B]

I agree with you that the data in that particular file isn't a(n accurate) record of your phone's absolute location. However, as was discussed near the end of a previous thread here, in order to generate that file, your location data had to be passed back to Apple.

Now, Apple says they obscured that data en route, and they say they didn't/don't keep that data. I don't believe this has been proven, but I'm willing to trust them on that. Mostly. Not so much trust for Google or other manufacturers though, so I'm very happy that the (very slow and cumbersome) legal discovery process is working its way through this. It's important that the public (and our legislators) understand (to the degree possible) what the issues are, what's happening, why it's happening, etc. And then at the end of the process they can decide how (not if) this data will be regulated.

Today's smart phone manufacturers and mobile OS developers are in a position that has never previously existed in our society. Having the unregulated ability to track their users' locations in real-time without explicit, opt-in permission of the user. It will probably take some time to figure out how our society wants to deal with this situation, but I for one am glad the process has started.
No Matte == No Sale :-(
Reply
No Matte == No Sale :-(
Reply
post #21 of 21
Quote:
Originally Posted by Steven N. View Post

On the plot, I plotted a dark enclosed path at the center of the plot. This represents the limits of my travels for the 36 hour period. NOTE: There is not a single point within the roughly 3/4 square mile area I traveled on that day and a half.

The data within the file is accurate to within almost 50 square miles in a metropolitan setting. In a rural setting it is closer to 2000 square miles.

So again, knowing this, what is the security risk associated with this data?


My guess is that we are reading the data wrong. Using cell towers for location requires triangulation and measurement of signal strength from 3 different towers at known coordinates to get a fix on your location. Plotting the individual towers does not show this but plotting the three tower you may be in range of at any given point can.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Apple called to second Senate hearing on privacy