Apple, Google Under Fire at Hearing

Senate Panel Focuses on Mobile Location Services' Privacy Threat
Apple, Google Under Fire at Hearing
Ashkan Soltani, sitting on a bench in the lobby of the Hart Senate Office Building on Capitol Hill, conducted an experiment on whether files stored on smartphones can identify the location of their users.

An independent privacy researcher and consultant, Soltani accurately recorded his whereabouts within 20 meters using GPS. Then, using Wi-Fi geolocation from a database maintained by Google, the application found Soltani at nearly the exact location (see blue circles in maps below). "Since Wi-Fi is a short-range communication, knowing even one nearby Wi-Fi signal can typically pin the user within 100 feet," Sotani testified Tuesday at Senate hearing held in the Hart building.

Sen. Al Franken, D-Minn., chairman of the newly formed Senate Judiciary Subcommittee on Privacy, Technology and the Law, called the panel's inaugural hearing after reports last month that Apple and Google maintained hidden files on their mobile devices that tracked locations visited by users (see Apple Denies It Tracks iPhone Users).

At the hearing, Apple and Google officials reiterated earlier statements from their companies that hidden files don't show where users visited. Guy Tribble, Apple vice president for software technology, told the committee that the location data collected represented Wi-Fi hotspots and cell towers that help the smartphone rapidly and accurately calculate its location when requested by an application on the device. "Apple does not track users' locations; Apple has never done so and has no plans to ever do so," Tribble said.

Sontani didn't dispute Apple's and Google's contention they don't intentionally collect location data on specific individuals, but said much information can be construed from the trails of historical location data stored on mobile devices. "People are creatures of habit, and it would often be easy to deduce where an individual works from her location on weekdays from 9 a.m. to 5 p.m. or, from the same nightly location, where she sleeps," Sotani said. "These two pieces of information start to form a picture of who the device owner is."

That information can be used to do harm, despite the vendors' intent, prompted Franken to observe: "Information on our mobile devices is not being protected in the way it should be."

Value of Location Services

Alan Davidson, Google director of public policy, said a balance must be reached between protecting individuals' privacy - something he contends Google does - and allowing the use of technology that provides the mobile services customers want. "Mobile services are creating enormous economic benefits for our society," he said, citing a recent market report that predicted that the mobile applications market will be worth $25 billion by 2015. "At Google," he said, "we have seen an explosion in demand for location-based services."

Davidson listed a wide variety of services mobile devices offer such as identifying traffic jams to where to get a cup of coffee as well as helping locate a missing child through Amber alerts and warning people of a coming tsunami. "None of these services or public safety tools would be possible without the location information that our users share with us and other providers, and without the mobile platforms for businesses and governments to effectively reach the appropriate audience," Davidson said.

Franken said it's not Congress' intent to pass laws to end location-based services. "No one up here wants to stop Apple or Google from producing their products or doing the incredible things that you do," he said. "You guys are brilliant. When people think of the word brilliant, they think of the people that founded and run your companies. No, what today is about is trying to find a balance between all of those wonderful benefits and the public's right to privacy. And I for one think that's doable."

But Franken lamented that existing federal law does little to protect individuals privacy. Makers of mobile applications can freely disclose individuals' locations and other sensitive data to nearly anyone without letting their customers know.

"I still have serious doubts rights that those rights are being respected in law or in practice," Franken said at the hearing's conclusion. "We need to think seriously how to address the problem, and we need to address this problem now. Mobile devices are only going to become more and more popular; they'll soon be the predominant way that people access the Internet, so this is an urgent issue we'll be dealing with."


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.