Sen. Al Franken (D-MN) and Rep. Ed Markey (D-MA) have sent letters to Apple CEO Steve Jobs demanding to know why Apple’s products are keeping a log of every place the owner goes.
Researchers Alasdair Allan and Pete Warden revealed Wednesday that Apple’s iPads and iPhones contain a database with thousands of location points that gets downloaded every time the device syncs with a PC or Mac.
The unencrypted file, named “consolidated.db,” seems to be first created when user downloads and installs iOS 4 software to the device. It includes latitude, longitude, a time stamp, and the IP address for the wireless network the phone was currently accessing.
Because the location is derived from cell phone towers instead of GPS, the researchers speculated that the feature could not be disabled without completely turning off the device.
This seems to contradict a letter to Markey (PDF) last year where Apple stated that “users could “turn ‘off’ all location-based service capabilities with a single ‘on/off’ switch.”
“The existence of this information — stored in an unencrypted format — raises serious privacy concerns,” Franken wrote in his Wednesday letter (PDF). “The researchers who uncovered this file speculated that it generated location based on cell phone triangulation technology. If that is indeed the case, the location available in this file is likely accurate to 50 meters or less.”
“Anyone who gains access to this single file could likely determine the location of a user’s home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken-over the past months or even a year,” the senator continued.
“There are numerous ways in which this information could be abused by criminals and bad actors. Furthermore, there is no indication that this file is any different for underage iPhone or iPad users, meaning that the millions of children and teenagers who use iPhone or iPad devices also risk having their location collected and compromised.”
In his Thursday letter (PDF), Markey pressed Jobs to explain if the newly discovered tracking feature complies with existing U.S. law.
“If location information is used for a commercial purpose, please describe the policies and procedures Apple utilizes to comply with Section 222 of the Communications Act (47 U.S.C. 222), which requires express prior customer authorization for the use, disclosure of, or access to the customer’s location information for commercial purposes,” he wrote.
The Massachusetts Democrat said he expected an answer from the company within 15 days.
Update: In a statement to Raw Story Friday, Franken said that “[t]his is a very real threat to people’s privacy” and he plans to schedule his first hearing “soon.”
“Because these files are saved on the computers you use to back up your data, an abusive husband could easily go on his family computer to find out his wife’s whereabouts—if she’s visited a police station, a domestic violence shelter, or a divorce lawyer,” he added.
“Finally and most importantly, from what I understand, there is no evidence that these files are any different for kids. That means that if a child loses his or her iPhone or iPad or the laptop they use to back up these devices, the person who finds that computer or device could know almost everything about that child’s movements for the past several months.”
The senator’s office said that he had not yet received a response from the company.
David Edwards has served as an editor at Raw Story since 2006. His work can also be found at Crooks & Liars, and he's also been published at The BRAD BLOG. He came to Raw Story after working as a network manager for the state of North Carolina and as as engineer developing enterprise resource planning software. Follow him on Twitter at @DavidEdwards.
Raw Story is a progressive news site that focuses on stories often ignored in the mainstream media. While giving coverage to the big stories of the day, we also bring our readers' attention to policy, politics, legal and human rights stories that get ignored in an infotainment culture driven solely by pageviews.
Founded in 2004, Raw Story reaches 9 million unique readers per month and serves more than 30 million pageviews.