They make a huge and ugly deal out of the totally obvious - and that's the problem.
You can frighten fools with obvious information and I don't think that is doing anyone's privacy a good turn.
The big "scare" of the article is that inside your iPhone there are files and other information about the geophysical locations your phone has been: longitude and latitude from GPS, cell tower information as in what cell towers are near by and what the signal strengths are, things like that.
Now Apple in its wisdom clearly spells out in all of those agreements you quickly click through and ignore what they do and how, to some degree, they do it. They go to great pains to try and keep your personal name and identification out of the data mix using specially crafted "Randomized Id's".
Back at Apple this information goes into (one presumes) huge database that lists all WiFi access points, cell towers, etc. as well as (I'm guessing) something like the USPS address database, Google Map-type data and other things. When you ask your phone to tell you where "the nearest pizza" is the phone hits this database with its current location. The database coughs up the most likely nearby "pizza" locations.
The problem here is that in order to collect the information about things you, the iPhone user are A) asking about and B) agreeing to give your location data up about, Apple has to collect and store the information. By its very nature the fact that you are, under agreement, telling someone where you are and to some extent what you are doing (looking for pizza) means that the information is not "private".
Now imagine a time when there were no iPhones. If I was standing on the street in NYC and I wanted pizza what were my options: A) look around and go the the one of the pizza shops I can see, B) find a phone book, look up pizza shops, and munge around until I find one with an address near me, C) ask passers by.
Now if I choose #C then the knowledge of me looking for pizza is no longer private. I am telling others what I am interested in. If I ask someone then, regardless of what they tell me, they could follow me around and see where I go, where I live, and so on. I am revealing my personal information (my physical self and my desire) as part of a social transaction to find pizza.
If you read the explanation from Apple linked above you will see that they go to great pains to spell all this out - using your phone and its location services makes information about you to some extent non-private.
In addition, the iPhone itself has software requirements to accomplish this. It must collect and store data in files about what's going on so it can tell where you are.
The wire article makes a big deal about a file on the iPhone called "connections.db" that contains a list of recent locations. Someone might be able to steal your phone, dump out the geodata from "connections.db" and find out where you live.
Well "D'oh!"...
Someone could look at my text message and see where I lived, someone could look at my browser history and see things about me, look in my notes file, any number of things if they physically take over my phone.
If I lose my wallet should the DMV issue only licenses without addresses?
How is the phone supposed to work all this magic if it doesn't collect this information? Clearly it has to store it somewhere in order for the entire process to work.
Maybe the phone should work like all the banking and teller machines, bank statements, and so forth and obliterate your account number from everything making the correspondence totally useless (no doubt some genius will figure out that deposit slips are a security problem and remove your account number from those as well).
The problem here isn't one of software security, or programming, or lawyering about "agreements" or anything else.
Its about law and order.
Identity theft is sort of the ugly step child of crime - police have little time to deal with it unless its on a vast, federal scale. Walking off with someone's iPhone by definition is identity theft because the device contains personal information - so is taking someone's wallet.
But these are also simply crimes of theft.
Modern law layers multiple crimes on top of a single problem activity: stealing.
So rather than punishing the criminals we give them a node and wink and say we'll make the devices secure so that when they are stolen (because of course they will be) it will be harder for the criminal to
Further steal? What the hell is that...
You stole my iPhone. Period.
As to someone "hacking into my iPhone" well, things like notes files, browser history, text data, they are all there to steal as well.
So the bottom line is that something like an iPhone, which is really a complex computer with storage, files, and all the rest, is going to be breached and any criminal interested in the information will find a way to decode the data that's there.
So my suggestion is that we stop treating this kind of "identity theft" with a wink and a nod.
In the USA any merchant will take any credit card - they don't care who it belongs to as long as the sale completes...
D'oh! again.
In Europe merchants check. In the USA if little Jr. takes mommies credit card and goes and buys an XBox no one at Walmart gives a hoot. Yet that kind of identity theft is tolerated because it would be too much of a burden on the merchant to have to check ID with credit card sales.
No. The real problem is that all of this technology is too much of a burden for law enforcement. They are not tech savy, phones and things are small and easily replaced by insurance programs when stolen, so they along with everybody else simply don't care to follow up on such crimes.
And that creates this silly "security burden" on everyone and everything else.
If your iPhone is your life then you need to get a new life...
Don't carry around on your person something you are not able to live without - because it might get stolen or you might just forget it some where.
Figure the phone is going to remember what you are doing - just like the stupid kiddy porn criminals that store their pictures on their computers... do you really thing law enforcement won't look there first? So if you are doing things you are not supposed to figure the data will be somewhere.
Taking videos of yourself having an affair with your co-worker on your iPhone? Expect problems.
Texting your buddies that you just deposited the $100K USD settlement check in your checking account from your iPhone that saves your ATM and bank account numbers in the notes app? Expect problems.
Realize that the iPhone is flawed - like everything else including you. Mistakes will be made - like losing it or having it stolen.
Realize that no one in law enforcement cares about your lost phone or data.
So think twice about running your life from something small enough to fall out of your pocket and into the seat cushions in a restaurant, car or movie theater.
No comments:
Post a Comment