back to article Is iPhone data collection legal?

According to Gizmodo (and many others), it’s “no big” deal that Google, Microsoft and Apple are collecting location data from mobile devices. Its reasoning is that although all three companies’ mobile device operating systems – IOS, Android and Windows Phone – collect both GPS coordinates and WiFi base station data, and …

COMMENTS

This topic is closed for new posts.

Page:

  1. BozNZ
    Megaphone

    I'm not a lawyer either, but

    An EULA cannot and should not have an opt in or opt out to override the privacy law (or any other law) of a country, if it does so the application should NOT be available in that country and the company should withdraw the applications use.

    1. Jolyon Smith

      I also am not a lawyer, but ...

      If an EULA has an opt out from *any* law that does not allow for such an opt in/out then that clause of the EULA is quite simply rendered invalid, and the relevant law applies come-what-may without affecting any other terms in the EULA (assuming there is a severibility provision, which there usually is).

      Of course, if Goopplesoft are found guilty of any crimes here, they will get slapped with a huge fine which will go into the coffers of the justice departments of the relevant jurisdictions, rather than into the pockets of the consumers who's rights were violated.

      1. Danny 14
        Go

        yup

        "Of course, if Goopplesoft are found guilty of any crimes here, they will get slapped with a huge fine which will go into the coffers of the justice departments of the relevant jurisdictions"

        But then people can use this judgement to persue civil cases. Hence why the big companies settle first to avoid big precidents. Civil cases usually need smaller burdens of proof too, so a big high court judgement will be plenty.

      2. Anonymous Coward
        Anonymous Coward

        Goopplesoft

        Hell, i'll upvote you for that word alone :)

    2. Anton Ivanov

      EULA is void vs a law

      EULA does not provide the right to violate a law and in most legislations is automatically void in part or even as a whole if it tries to supersede consumer, contract, copyright or other law. Microsoft got burned on that one more than once in the past. There is at least one case where Apple got zapped as well.

      As far as Apple, Google, Microsoft, etc not being telecommunications providers - that is incorrect. Google is registered as a telecommunications provider in most legislations. IIRC so is Microsoft. I would be surprised if Apple is not.

    3. BillG
      Grenade

      I'm not a lawyer

      You cannot require someone to sign a document that declares that something that is illegal, is now O.K. to do. Years ago, Siemens Microelectronics suddenly required that all employees, as a condition of employment, MUST sign a document that gave Siemens permission to do personal background checks, credit checks, and "accrue personal information". The document stated that Siemens had absolutely no responsibility to keep the information confidential and could do what they wanted with the information. Yes, there were lawsuits and Siemens lost.

  2. Gene Cash Silver badge

    Phone books?

    OK, so according to this reading, phone directories would be illegal. I never consented to having my address published in a phone book, yet there it is, and I have to pay extra to have it not listed. How does that work?

    1. Anonymous Coward
      Anonymous Coward

      yes you did agree!

      And like I always do, you could have said "i dont want to be in the phone book" and guess what, you're not in it....

      magic eh?

    2. The BigYin

      What?

      In the UK ex-directory is free, there is no charge to pay. So either you are not in the UK or you are simply wrong.

      THe one things that pisses me off about data is the likes of Experian. They collect data about ME that directly affects MY life, and then have the gall to charge ME for access to MY data. They should be forced by law to open it to the person who the data refers to.

      Never happen though.

    3. John Dougald McCallum

      Phonebooks

      Actually you did by signing up for a telephone line at least here in the UK you also had the option to not have your details in the phonebook this is known as exdirectory,of course one does have the pain in the arse problem that if you run a buisness that no one knows your buisness exists.

    4. David Pollard

      The phonebook address is stationary

      Mobile devices follow you around; and they hand on this information to other devices.

    5. g e

      By being ex-directory

      Nuff said

    6. Glenns

      O Rly

      I'm ex-directory . I didn't have to pay for it,

    7. Graham 25

      Yes you did

      It was in the T&C's of the Line Agreement - there;s a box to tick for Ex-Directory which you must not have ticked.

    8. John H Woods Silver badge

      Yes you did...

      ... you just didn't pay attention - at least if you're in the UK. UK Phone books are slim these days because many of those who actually listen to the question 'do you want to be listed' say no. And you do NOT have to pay extra not to be listed, nor to have a withheld number, nor to withhold your number on a one-off basis (by dialling the prefix).

    9. jonathanb Silver badge

      Re: Phone books

      Which country are you in? In the UK, mobile phone numbers are never published in the phone book. For landlines, when you sign up, they ask if you want to be ex-directory, and most people say yes. There is no extra charge for that.

    10. P Zero
      Black Helicopters

      Post anonymously?

      I'm Australian and when I signed up for my VOIP and my mobile service, they asked if I wanted to be listed. I picked no.

      1. Mark 65

        Maybe Australian?

        Over here the arseholes at Telstra require you to pay to not be in the phone book. Yes, you did read that correctly. Lucky country, my arse it is.

    11. heyrick Silver badge

      Who is your carrier?

      BT (England, circa 2002), Orange-mobile (England), Orange-landline-and-mobile (France), SFR-mobile (France). We just asked to be ex-directory, or "liste rouge" in French, and our details were omitted from the phone book. Likewise hiding CLI is a free option (though we don't as it is no big privacy concern). Furthermore, in France, it is not legal to be cold-called by companies we don't already have dealings with (which means most of our sales calls are Orange themselves trying to push their satellite TV product).

      I don't doubt there are providers trying to ask money to keep you out of the phone book. Consider voting with your wallet. In any case, placing a phone number in a book of numbers is known, disclosed, and has been a service for half a century.

      On the other hand, the topic of this article is the mass of data collection that is, in general, not disclosed. And is shared and aggragated by unknown companies. My phone, for example, has "Motoblur" which syncs all of my contacts. In addition, it contains a method of tracking my phone. And worse, it apparently CANNOT be turned off...

    12. Anonymous Coward
      Anonymous Coward

      I consented

      Well, I admit it was a quite some time ago, but when I lived in Australia and had a land line, I explicitly allowed my address to be published. Having an "unlisted" number was a specific option available to me which I declined, in writing.

      At least in the 'good ol' days', there was no question of whether phone books legally published address information.

      Dweeb

  3. draenan
    WTF?

    Is this the Telecommunication Act *1997*?

    I agree; let's ensure that all advances in communications technology be tied to legislation that is written when said advances hadn't even been thought of. Who needs smartphones anyway?

    Looks like Amateur Armchair Lawyer Night at the Peanut Gallery again. BYO tin-foil hat.

    1. Baudwalk

      A greed?

      >>> I agree; let's ensure that all advances in communications technology be tied to legislation that is written when said advances hadn't even been thought of. <<<

      Good. We're in agreement, then.

      Companies should not violate existing laws just because "they can".

      Perhaps the law in question could do with some revising, but you don't just allow anyone to break laws they don't agree with.

      Otherwise who, other than parliament, should get to decide which laws still apply and which are OK to ignore?

      I'll take the job(s) of Benevolent (you wish) Dictator for Life, if you like, but you might not always like the decision I come up with.

      1. draenan

        "Nanny/police state"?

        "Perhaps the law in question could do with some revising, but you don't just allow anyone to break laws they don't agree with.

        Otherwise who, other than parliament, should get to decide which laws still apply and which are OK to ignore?"

        It's a valid point, but only if you are completely squeaky-clean in your observance to all laws. After all, you shouldn't be breaking any laws you don't agree with, right?

        What tends to annoy me is the large number of people who complain about companies not following laws exactly as written, yet having no hesitation themselves in breaking the laws they don't agree with; "piracy" on the Internet being a classic example. These are the people who tend to use words like "nanny state" or "police state."

    2. Greg J Preece

      Oh man...

      I'd love to uae that in court.

      'No, your honour, that law doesn't count, you see, because it was written more than 5 years ago.'

      A well researched and written law should be able to defend the rights of the public on an extended timescale, especially with regard to future developments.

      1. Danny 14
        FAIL

        hah

        Magna Carta (yes I know it is really the refined bill of rights that is mainly used) is still used in cases today.

        So lets ignore the bill of rights and let the churches pass judgements again.

    3. g e

      I thin kit's still legal

      To shoot a Welshman in Chester on a Sunday with your bow and arrow.

      You fancy your chances with that just because it hasn't been repealed?

      1. jonathanb Silver badge

        It's not legal

        It has been repealed by various murder acts, race discrimination acts and human rights acts that have been passed since then that contradict it. If two laws contradict, the later one stands.

    4. Anonymous Coward
      FAIL

      Eh?

      "I agree; let's ensure that all advances in communications technology"

      Being tracked by your phone company is an advance in communications technology? In what way?

      Leaving aside whatever miracle you think this tracking allows, your post is pretty specious anyway: when this law against burglary was introduced, you honour, my patented "blow a hole in the wall, leaving all locked doors and windows intact machine" had not been invented, therefore I should be allowed to do what the hell I like with other people's property.

  4. SpiderPig

    Data Collection

    The current paranoia of data collection that has come from the states recently is basically paranoia. There are lots of instances where anonymous data is collected from mobile devices. The wrinkle is when the mobile number or IMEI is collected, these are deemed to be private data because then it is a small matter to associate the two and trace the owner.

    The data collected for WiFi services is generally the SSID and it's position, the more data collected for that particular WiFi AP the more accurate the positioning becomes. I know of one manufacturers devices will collect the data from both secure and open WIFi points, the device does not have to be logged in.

    Another data collection point is used to provide faster positioning information to a devices GPS, this is known as A-GPS and the MNC & MCC are uploaded to the A-GPS data server and then the ephemeris data is downloaded to the device. This speeds up the First Time Fix of the GPS receiver.

    If with all this hullabaloo about data privacy effects all these capabilities I bet the one who are whining the loudest will be the same ones bitching the loudest about how useless mobile LBS is.

    I think we all need to take a step back and take a deep breath.

    1. Anonymous Coward
      Anonymous Coward

      Good advice

      I think you need to take a step back and post to a story that has something to do with your post.

    2. sT0rNG b4R3 duRiD
      Jobs Horns

      Why do we need AGPS?

      If one has to wait for a satellite fix, well, then... wait.... It's not like it's going to take *THAT* long. I wait on my car GPS *if* and *when* I need it. It works fine.

      I don't want faster fix A-GPS with all this BS.

      It's not like it makes my life much richer in any dimension.

      Honestly, tell me, how often do you use your phone's GPS?

      I can tell you I have used mine, a grand total of 3 times within the year I've owned an android smart phone... which brings me to the next question..

      *** Have we all now gotten so retarded that we can't even read a f#Ckin' map?

      1. jonathanb Silver badge
        Jobs Halo

        Because it is faster

        A standard GPS fix takes about 5 minutes. AGPS takes a few seconds, or if there is a Wifi network nearby, even one you never use, it is pretty much instant.

        I use my phone's GPS at least once a week. Yes I can read a map. Google Maps on my Android means I don't need to carry a separate one around with me, or a separate compas.

      2. Jess

        Honestly, tell me, how often do you use your phone's GPS?

        Almost daily. Probably several times as often as I use it for phone calls.

        The mobile network based approximate location system is very useful. (Both for time saving, you get the right map immediately, and for old phones without sat-GPS).

        I probably save the cost of the data service in tube fares, because I now know when walking (or bus) is a better option.

  5. Anonymous Coward
    Anonymous Coward

    The Act needs to be changed...

    But the Act pre-dates smartphones, by many years and none of the potential beneficial uses of sharing location data were known or understood.

    For example, there are many apps which permit me to share my location with friends. As a paraglider pilot this is invaluable for many reasons and hopelessly impractical to do in real-time any other way.

    The Act needs to be changed. At the very least to allow users to opt-in to sharing their position, it could be as easy as a switch in the iOS settings.

    Anyone worried about data should carry a dumb phone - whether it's a vengeful wife, or because you work in a sensitive environment for a very simple reason - sooner or later you'll forget to turn the tracking off.

    1. Daniel Evans

      As I see it...

      There shouldn't be any issue with those apps and the law. Presumably, by installing/using the app, you know it's going to be releasing your location information, and hence consented to it.

      The issue here is that people were not informed (at the very least, not clearly) that the phones were sharing location information with HQ.

    2. sT0rNG b4R3 duRiD
      Stop

      No.. I would think about it in another way.

      You are sharing your position *willingly* with another party.

      Sure, you use an app to do it, but the mobile carrier's got nothing to do with it, and neither does the phone manufacturer. They are not snooping in on you or using this data. You and your friends are.

      I am prepared to accept that telcos can and will snoop your location but to have google and apple and who knows who else do it is unacceptable, and if this article is correct, then google and apple have a lot to answer up to. I hope it is the case.

      I would ask you:

      1) Do you think the AGPS argument has any bearing on your paragliding?

      2) How *do* you paraglide and look at your mobile phone at the same time?

  6. Arctic fox
    Headmaster

    I think that a point is being missed by some.

    This article raises a number of very valid points. In my view it is not acceptable for these companies to collect this data unless they ensure that the sign-up/start-up procedure involving the device concerned really *does* place the customer in a position to make a *genuinely* free, informed and *uncoerced* decision when giving the necessary permissions. Burying it in the EULA or saying "well, you must realise that these smartphones etc..etc." is NOT acceptable. If these companies' behaviour is *not* illegal, it should be made so SAP.

    1. g e

      Like Finance services

      They should perhaps be forced to put a caveat on all of their advertising, e.g.

      Apple products collect and store your location and other personal information and transmit it to Apple Inc

      I wonder how fast a simple advertising requirement like that would make them fix their 'bug' and have the others tidy up their behaviour.

      Maybe worth mailing that idea to the ASA...

  7. Pascal Monett Silver badge
    Thumb Down

    Interesting

    If I read the above comments correctly, it would seem that the arguments in favor of data collection are :

    - everybody is doing it

    - it would be a nuisance not to

    - the laws against it were written before smartphones

    Yes, I can see how such brilliant arguments could sway the shrewdest judge. Not.

    1. Stuart Castle Silver badge

      How about providing evidence that the data is dangerous?

      If the data is not anonymous then yes, it is dangerous. However, I have seen no evidence that identifiable data is even sent to Apple let alone used by them

      If the iPhone sends the data to Apple with no personal identifiers, then people can hack Apple all they want, they won't get the data. Having just looked at the structure of consolidated.db (which is apparently all Apple get), I see nothing that could identify the phone or user.

      In terms of WiFi hotspots, it does store SSIDs, MACs and position data. However, unless you do something like use your name for the SSID, this will not help any potential hackers (even then it may not help much). The hacker would need to know your SSID or MAC, and it's likely that if they knew that, they would know where you are anyway..

      This different to the Google Streetview slurp. If Google had limited themselves to the MAC and SSID of all local networks, there wouldn't have been problem. They didn't. They took copies of actual data..

      1. Black Betty
        FAIL

        Law enforcement trolling for crime.

        The Dutch have already used Tom Tom data to set up speed traps in areas where road speeds were consistently high.

        The police have apparently been using similar data lifted from phones for years, which may be acceptable in terms of proving or disproving an alibi. However, I believe such data has also been used to put people in the frame for crimes, where the police had no reason to suspect that individual until their phone ratted them out and put them at or near a crime scene at the time of the crime.

    2. Anonymous Coward
      FAIL

      Australian Constitution 101

      Section 51 (v) of the Australian constitution enacted in 1901, states that the federal government's legislative powers specifically include;

      (v.) Postal, telegraphic, telephonic, and other like services:

      The observant reader will note that television is not specified, just the general catch-all "other like services".

      The authors of the constitution were sufficiently astute to recognise when framing the constitution that some new technology might come along which should be encompassed by this provision, and said so. With the introduction of television in Australia, this was in fact litigated, and the Supreme Court agreed that television was within the federal remit, and that had television existed in 1901 then the authors of the constitution would have included it.

      Fast forward to 1990's ...

      The legislators and their public servants, are all nit picking bureaucrats and lawyers, intent on making laws as impenetrable as possible, and as internally and cross-referentially as inconsistent as possible. Laws are no longer framed in a usable manner, but independently and without reference to related laws by some bizarre horsetrading system where paragraphs get added/deleted according to who has the most lobby money. The result is laws that are useless by the time they are passed, and which are "moment in time", in the sense that as soon as something new arrives, it is not covered unless it gets litigated (by which time the horse has bolted so to speak).

      Worse, many laws passed in the past few years are draconian in scope, and grant "fascist state" powers to the police. Apparently no one cares and fewer understand what the erosion of our basic rights means, now and in the future.

      Such is the state of the intellect of politicians in Australia - and it saddens me everytime I see how useless they actually are, how poorly they frame laws, and worse - how totally unaware of the legal philosophy upon which our fine country was built.

      It's no wonder I left :(

  8. Anonymous Coward
    Anonymous Coward

    Yeah let's just

    Let companies do whatever they want with disregard to the laws because a fraction of fans of said company are perfectly ok with it and the law is stupid anyway, having been written before the latest gadget came out.

    Other people may not be ok with it, have you thought of that?

    1. draenan
      Thumb Down

      Of course people aren't happy with it.

      Those people are free to not use that company's services.

      I'm hoping that the people who are complaining that a company isn't following the letter of the law are all squeaky clean in regard to the law themselves and don't get involved in "illegal" activities like speeding and sharing of content they don't own on Bit Torrent just because they don't happen to agree with the law that defines the activity as illegal.

      They'd be complete hypocrites otherwise.

  9. Anonymous Coward
    Thumb Up

    "The EULA is a grey area."

    It really shouldn't be. How difficult is it for govs to clarify that an EULA must be confined to legal and commercial agreements only - sufficient to protect the seller's interests in relation to the product in question and nothing more? To my mind anything that could give a reasonable person cause to -not- agree is thoroughly mis-placed in an EULA, and should have no legal standing whatsoever.

    Broadly in agreement with the arguments in the article, but good luck finding a lawyer who is clued-in (or cares) enough to argue the points successfully - or a court that is free and intelligent enough to understand them.

  10. JaitcH
    WTF?

    If not Legal then it is at least Immoral

    First of all I accept that, for purposes of troubleshooting, certain historical datasets are needed. For instance an LG handset with a slider keyboard counts the number of slide operations.

    Likewise collecting the last 30-50 cell sites or a similar number of WiFi transmissions (1) If used by the handset in question; (2) Used within the past 7 days; and (3) accessible only to a 'local' service need (i.e. a technician troubleshooting the handset) is OK.

    However, TRANSMISSION of this data is wrong and IMMORAL. This involves, usually without INFORMED user consent, the collection of geolocation data (otherwise for what use would it be) and an IDENTIFIER (no identifier reduces the use of the data) and THEFT OF TELECOMMUNICATIONS.

    Apple has admitted it has collected data for up to about a year. What use can this aged data be used for?

    I do not accept for a minute that it was an oversight. Any software author knows damn well how difficult it can be to get an authorised service to function properly. This infers that a great deal of effort went into this data collection. What triggered a collection and what triggered a transmission?

    Then let's consider the transmission. Handsets and cell sites have strict protocols and even if such protocols were successfully navigated, how was the mass transmission of this data 'ignored' by Apple. Stray strings of data, in my experience, almost always result in a Request for Retransmission/NAK and almost always GUARANTEED to trigger an alarm.

    This implies either Apple has sloppy server software that ignores certain transmitted data - which requires programming or they are lying - again.

    Apple has had sufficient problems with Lemon 4 software for it to have checked, and cross-checked, almost every line of code used in the handset if only to save 'face' in the case yet more weaknesses are exposed.

    It is common to find notable 'remarks' in software code but the comments are short whereas Apples data collection code would be far lengthier.

    I personally would have less concerns with data collection if (1) Apple and Google, etc. were up front about it; (2) if users had control over transmissions; (3) if users were compensated for transmission time.

    No one needs to know a users location unless a handset has gone 'rogue' and cellco's already have plenty of ways to minimise interference since almost all handset operations are subject to their control.

    Authorised entities can already interrogate a handset's GPS function without the knowledge of a user so why is it necessary for a MANUFACTURER to know where it's products are?

    Since Apple et al cannot be trusted to practice proper privacy it is incumbent upon legislators to put in place the necessary laws, with large financial penalties, to ensure compliance.

  11. Thomas Davie
    FAIL

    The key...

    Is that Apple at least, is not collecting your data – they're sending you data. They're sending you the location of towers near to other towers you just connected to so that the phone can look them up fast.

    1. Synonymous Howard

      And soon to be fixed ..

      in iOS 4.3.3, which to quote "BGR" is rumoured to include ..

      - The update will no longer back up the location database to iTunes.

      - The size of the location database will be reduced.

      - The location database will be deleted entirely when Location Services are turned off.

      - Battery life improvements.

      - iPod bug fixes.

  12. Phil A

    Scope

    My issue is with the scope of some of the agreements. If I want to even turn the GPS on on my android phone, I have to agree to it collecting "anonymous" GPS data. Fair enough, if I want to use Google maps, I accept that it needs to send my location to a server to retrieve the map tiles but once I've finished getting lost, I don't see why my location should be tracked any more.

    1. Anonymous Coward
      Anonymous Coward

      @Phil A

      Ever wondered why Google Navigation does not work with data services turned off even though it has the required maps cached?

      Well, unlike TomTom and Garmin and all the others, it is not your device that actually works out the route. Your Android phone transmits your location and the destination up to a Google server, which then works out the route, which is transmitted back to your phone with all the intermediate map data. So not only do Google know where you are, they know where you are going, and have an idea about where you will be at some time in the future.

      I know that if I were a wanted person, I would be using a navigation device other than Google Navigation!

Page:

This topic is closed for new posts.

Other stories you might like