iPhone software update 4.3.3: limits tracking cache

Good to see that Apple has now released a software update (iOS 4.3.3) that means that iPhones will no longer retain information about where they have been!

As Apple, states:

“This update contains changes to the iOS crowd-sourced location database cache including:

• Reduces the size of the cache
• No longer backs the cache up to iTunes
• Deletes the cache entirely when Location Services is turned off”

In effect, this means that the amount of information kept on the ‘phone is limited to a week’s usage, and the location data are no longer backed up on users’ computers.

In response to criticisms over iPhone location data being stored on the ‘phones and backed up on users’ computers, Apple claimed that iPhones were not actually logging locations – “Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple”.

Apple went on to say that the fact that up to a year’s data was stored was the result of a bug: “The reason the iPhone stores so much data is a bug we uncovered and plan to fix shortly (see Software Update section below). We don’t think the iPhone needs to store more than seven days of this data”.  Further, their statement also emphasised that Apple believe that personal information security and privacy and important: “Yes, we strongly do. For example, iPhone was the first to ask users to give their permission for each and every app that wanted to use location. Apple will continue to be one of the leaders in strengthening personal information security and privacy”.

For further comment, see:

• Rich Trenholm
• BBC

Your iPhone is being tracked

I wonder how many iPhone users are aware that their movements are automatically being logged in a small, easily accessible application on their ‘phones?  Recent, important work by Alasdair Allen and Pete Warden has shown just how easy it would be for unscrupulous people to access this information.  It also raises worrying questions about why Apple has done this, and why they have not clearly informed users that this information is so readily available?

Allen and Warden have written a neat Open Source application that enables users to visualise this information – down to a very high level of detail in space-time – called iPhoneTracker.  Essentially, Apple stores this information on the ‘phone in terms of latitude, longitude and time stamp.  The database of locations is stored on the iPhone, but is also on any backups that might have been made when synced with iTunes.

As Apple and Warden comment with respect to why Apple has done this, “It’s unclear. One guess might be that they have new features in mind that require a history of your location, but that’s pure speculation. The fact that it’s transferred across devices when you restore or migrate is evidence the data-gathering isn’t accidental.”

They also point to the very serious moral and ethical issues that this raises: “The most immediate problem is that this data is stored in an easily-readable form on your machine. Any other program you run or user with access to your machine can look through it. The more fundamental problem is that Apple are collecting this information at all. Cell-phone providers collect similar data almost inevitably as part of their operations, but it’s kept behind their firewall. It normally requires a court order to gain access to it, whereas this is available to anyone who can get their hands on your phone or computer. By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements”.

The screen grab from their visualiser shows where I have been using my iPhone in recent months. Perhaps colleagues who have been sceptical about why I have various different ‘phones and different SIM cards will now understand the reason!

We should all be immensely grateful to Alasdair Allen and Pete Warden for bringing this to our attention!

See also Jacqui Cheng’s recent article on this.

Google and privacy

I am often criticised for my concerns over Google’s ethical claims. Most people seem to like the apparently ‘free’ services that the company offers, and are not greatly concerned about the implications of sharing private information with a corporate giant that claims to do no evil.  I was therefore very pleased to see a report yesterday on the the BBC’s news site that Google is to be audited over privacy concerns relating to its social network Buzz.  Highlights of the article noted that:

• “Google will be subjected to independent privacy audits for the next 20 years over charges that it “violated its own privacy promises”.  The US Federal Trade Commission (FTC) said that the search giant wrongly used information from Google Mail users last year to create its social network Buzz”
• “When companies make privacy pledges, they need to honour them,” said Jon Leibowitz, chairman of the FTC. “This is a tough settlement that ensures that Google will honour its commitments to consumers and build strong privacy protections into all of its operations.”
• “Buzz’s launch in February 2010 came under heavy criticism from users. According to Google, the system was designed to bring together members’ personal and private lives. One widespread complaint was over a feature that allowed it to publicly list other Gmail contacts a user was most frequently in touch with. While this feature could be turned off, the default setting was to leave it on – potentially revealing a user’s contact with an ex-spouse, employer or similar.”
• “The FTC said “deceptive tactics” were used to populate the network with personal data gained from use of Gmail, and that when users were given the change to opt-out of Buzz, they were still enrolled in some of its features”
• “The FTC said Google violated its privacy policy which stated: “When you sign up for a particular service that requires registration, we ask you to provide personal information.”
• “Reflecting on the latest settlement, Alma Whitten, Google’s director of privacy, product and engineering, said: “We’d like to apologize again for the mistakes we made with Buzz. “While today’s announcement thankfully put this incident behind us, we are 100 percent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward.”

In another recent report from the BBC, it is also interesting to note that the US Department of Justice has approved a New York court ruling that blocked an agreement between Google and publishers over the publication of books online.  As the report noted, “An agreement between Google and publishers over the web firm’s publication of books online has been blocked by a US court. The web giant has scanned millions of books and made them available online via its eBooks platform. Google had negotiated the deal to settle a six-year-old class action suit claiming infringement of copyright. But the New York court said the deal would “simply go too far”, giving Google an unfair competitive advantage”.

ICTs, citizens and the state: moral philosophy and development practices

Great to see my latest paper just published in The Electronic Journal on Information Systems in Developing Countries – thanks to Mark Levy and Vignesh Ilvarasan for all their editorial work on this.

The paper examines the moral implications of the use of ICTs in e-government initiatives, focusing especially on national databases, identity cards, and surveillance technologies. It suggests that in resolving debates over these, we need to reach ethical resolutions concerning notions of trust, privacy, and the law. It also draws attention to the ethical problems that emerge in linking the notion of of Universal Human Rights with the introduction of ICTs in developing countries.

As I argue in the paper, “The really difficult ethical questions that arise from this are about how we judge whether it is better for poor and marginalised communities for such egovernment initiatives to have been introduced, or whether they might actually be more advantaged if their governments did not spend vast sums of money on their implementation. Just because it is possible to implement national citizen databases, to use biodata for ID cards, and to introduce sophisticated digital surveillance mechanisms does not mean that it is right to do so”.

Watching the watchers watching…

In recent months I seem to have posted several photos of ongoing surveillance, generally by people acting on behalf of the state.  Perhaps I should start a collection of these!  So, here is another one (Camden CCTV again) patrolling the streets near Euston.  I wonder how much footage they take and what they do with the images.

This is what Camden Council’s website has to say on this under the heading of “enforcement”: “We have responsibility for the enforcement of the borough’s parking and moving traffic regulations and this is carried out by Civil Enforcement Officers (CEOs) (formerly known as Parking Attendants) and through the use of CCTV. The scheme is part of the Association of London Government’s (ALG), the Mayor of London and London Borough of Camden’s commitment to the travelling public to keep London moving and ease congestion.”

What an amazing upgrade, Parking Attendants can now be confused with Chief Executive Officers!

Camden’s more detailed account goes on to say that this is done:

• “to stop traffic congestion
• alienate inconsiderate motorists
• free up the bus lane to combat delays for commuters
• to allow the free flow of traffic
• improve journey times for bus users”

Am I the only one who finds words such as “enforcement”, “alienate” and “combat” just  a tiny bit worrying?  So, let’s keep watching the watchers…

UK government set to re-examine Google’s infringements of privacy

Great to see the announcement reported by the BBC that Britain’s privacy watchdog is to re-examine the personal information that Google has gathered from private wi-fi networks.

As the BBC article commented, “The Information Commissioner’s Office had investigated a sample earlier this year after it was revealed that Google had collected personal data during its Street View project. At the time, it said no “significant” personal details were collected. But Google has since admitted that e-mails and passwords were copied. … Google’s admission of more detailed data has prompted further action by the ICO. “We will be making enquires to see whether this information relates to the data inadvertently captured in the UK, before deciding on the necessary course of action, including a consideration of the need to use our enforcement powers,” a spokesman said.‬ Google’s director of privacy Alma Whitten said the company would work with the ICO to answer its “further questions and concerns”.”

Many popular Android apps share location and unique identifiers with advertisers

A recent report on the BBC website notes a study by researchers from Intel Labs, Penn State and Duke University which shows that “Some of the most popular apps written for Google’s Android phones do not tell users what is done with data they gather… . Half of 30 applications studied share location information and unique identifiers with advertisers”. Two-thirds of these popular third-party apps showed suspicious handling of personal data.

Information from the ‘phones was sent to advertisers without the users being told that data was being shared with them.  As the BBC report goes on to note,  “Some apps gathered and despatched location information even when an application was not running and some sent updates every 30 seconds.”

Whilst users should always be wary of downloading any apps that they do not necessarily trust, this seems to be yet another example of Google not being the fully trustworthy company that it would like people to believe it is.  It would be a relatively simple matter to ensure that all users are automatically warned about this when software is downloaded. As the researchers conclude, “Android’s coarse-grained access control provides insufficient protection against third-party applications seeking to collect sensitive data”.

This is definitely a powerful reason why Android ‘phones should be avoided, and once again raises serious concerns about Google’s lack of ethical probity.

UK Government switches off child database

I have previously raised concerns about the creation of the national ContactPoint database of all children that was put in place in 2009. I’m therefore delighted to note that this is to be shut down.

The BBC  reports that the “£235m government database containing the records of England’s 11 million children has been switched off. … Within two months of the switch-off all the data collected for the system is to be destroyed, although the information will still remain in the social services, education and health departments it had been gathered from. But there have been concerns that there is nothing collating key information centrally in one place. The system, which has been running since January last year, was always controversial and was set to cost a further £41m a year. After successive delays, it was rolled out to only 15,000 users, out of the initial target of 330,000. The system was used by doctors, social workers, schools, charities and other individuals involved in the protection of children. Many said it was useful in tracking children and discovering the truth about the way they are cared for. …  But civil liberties groups criticised it as intrusive and disproportionate.”

While it is of course crucial that we find ways to try to ensure that all those seeking to support “children at risk” can share information efficiently, the creation of a national database of information about all children raised huge ethical issues.  Whilst it seems that the reason for the closure of ContactPoint was largely on cost grounds, it is good to see that this represents at least a small step back from the excessive use of ICTs by the UK state to maintain databases of information so that it can more effectively monitor and control the country’s population.

ICTs and Special Educational Needs in Ghana

Godfred Bonnah Nkansah and I are delighted that our paper on the contribution of ICTs to the delivery of special educational needs in Ghana has just been published in Information Technology for Development, 16(3), 2010, 191-211. The paper not only provides rich empirical evidence of the usage and potential of ICTs in the special educational needs sector in Ghana, but also argues strongly that much more attention should be paid to the positive benefits that ICTs can bring to the lives of people with disabilities across Africa.

Abstract
This paper explores three main issues in the context of Ghana: constraints on the delivery of effective special educational needs (SEN); the range of information and communication technologies (ICT)-based needs identified by teachers, pupils and organizations involved in the delivery of SEN; and existing practices in the use of ICTs in SEN in the country. It concludes that people with disabilities continue to be highly marginalized, both in terms of policy and practice. Those involved in delivering SEN nevertheless recognize that ICTs can indeed contribute significantly to the learning processes of people with disabilities. Governments across Africa must take positive action to ensure that such experience with ICTs can be used to enable those with SEN to achieve their their full potential, whether in special schools or included within mainstream education.

For media comments on this research see:

• The Commonwealth Secretariat News

Who’s watching who at LHR?

The extent of state surveillance in the UK increases apace. Imagine my surprise when I saw this police car with a surveillance camera on the roof when I was recently passing through London Heathrow!

Perhaps we should all start taking photographs of those who are taking photographs of us while we are going about our day-to-day business!

What happens to all the photographs that the police take of us?  Imagine what would happen if we all asked for copies of such photographs under Freedom of Information legislation! Just because it is possible for the state to photograph its citizens and store this information does not mean that it is right for the state to do so.