back to article Is iPhone data collection legal?

According to Gizmodo (and many others), it’s “no big” deal that Google, Microsoft and Apple are collecting location data from mobile devices. Its reasoning is that although all three companies’ mobile device operating systems – IOS, Android and Windows Phone – collect both GPS coordinates and WiFi base station data, and …

COMMENTS

This topic is closed for new posts.
  1. BozNZ
    Megaphone

    I'm not a lawyer either, but

    An EULA cannot and should not have an opt in or opt out to override the privacy law (or any other law) of a country, if it does so the application should NOT be available in that country and the company should withdraw the applications use.

    1. Jolyon Smith

      I also am not a lawyer, but ...

      If an EULA has an opt out from *any* law that does not allow for such an opt in/out then that clause of the EULA is quite simply rendered invalid, and the relevant law applies come-what-may without affecting any other terms in the EULA (assuming there is a severibility provision, which there usually is).

      Of course, if Goopplesoft are found guilty of any crimes here, they will get slapped with a huge fine which will go into the coffers of the justice departments of the relevant jurisdictions, rather than into the pockets of the consumers who's rights were violated.

      1. Danny 14
        Go

        yup

        "Of course, if Goopplesoft are found guilty of any crimes here, they will get slapped with a huge fine which will go into the coffers of the justice departments of the relevant jurisdictions"

        But then people can use this judgement to persue civil cases. Hence why the big companies settle first to avoid big precidents. Civil cases usually need smaller burdens of proof too, so a big high court judgement will be plenty.

      2. Anonymous Coward
        Anonymous Coward

        Goopplesoft

        Hell, i'll upvote you for that word alone :)

    2. Anton Ivanov

      EULA is void vs a law

      EULA does not provide the right to violate a law and in most legislations is automatically void in part or even as a whole if it tries to supersede consumer, contract, copyright or other law. Microsoft got burned on that one more than once in the past. There is at least one case where Apple got zapped as well.

      As far as Apple, Google, Microsoft, etc not being telecommunications providers - that is incorrect. Google is registered as a telecommunications provider in most legislations. IIRC so is Microsoft. I would be surprised if Apple is not.

    3. BillG
      Grenade

      I'm not a lawyer

      You cannot require someone to sign a document that declares that something that is illegal, is now O.K. to do. Years ago, Siemens Microelectronics suddenly required that all employees, as a condition of employment, MUST sign a document that gave Siemens permission to do personal background checks, credit checks, and "accrue personal information". The document stated that Siemens had absolutely no responsibility to keep the information confidential and could do what they wanted with the information. Yes, there were lawsuits and Siemens lost.

  2. Gene Cash Silver badge

    Phone books?

    OK, so according to this reading, phone directories would be illegal. I never consented to having my address published in a phone book, yet there it is, and I have to pay extra to have it not listed. How does that work?

    1. Anonymous Coward
      Anonymous Coward

      yes you did agree!

      And like I always do, you could have said "i dont want to be in the phone book" and guess what, you're not in it....

      magic eh?

    2. The BigYin

      What?

      In the UK ex-directory is free, there is no charge to pay. So either you are not in the UK or you are simply wrong.

      THe one things that pisses me off about data is the likes of Experian. They collect data about ME that directly affects MY life, and then have the gall to charge ME for access to MY data. They should be forced by law to open it to the person who the data refers to.

      Never happen though.

    3. John Dougald McCallum

      Phonebooks

      Actually you did by signing up for a telephone line at least here in the UK you also had the option to not have your details in the phonebook this is known as exdirectory,of course one does have the pain in the arse problem that if you run a buisness that no one knows your buisness exists.

    4. David Pollard

      The phonebook address is stationary

      Mobile devices follow you around; and they hand on this information to other devices.

    5. g e

      By being ex-directory

      Nuff said

    6. Glenns

      O Rly

      I'm ex-directory . I didn't have to pay for it,

    7. Graham 25

      Yes you did

      It was in the T&C's of the Line Agreement - there;s a box to tick for Ex-Directory which you must not have ticked.

    8. John H Woods Silver badge

      Yes you did...

      ... you just didn't pay attention - at least if you're in the UK. UK Phone books are slim these days because many of those who actually listen to the question 'do you want to be listed' say no. And you do NOT have to pay extra not to be listed, nor to have a withheld number, nor to withhold your number on a one-off basis (by dialling the prefix).

    9. jonathanb Silver badge

      Re: Phone books

      Which country are you in? In the UK, mobile phone numbers are never published in the phone book. For landlines, when you sign up, they ask if you want to be ex-directory, and most people say yes. There is no extra charge for that.

    10. P Zero
      Black Helicopters

      Post anonymously?

      I'm Australian and when I signed up for my VOIP and my mobile service, they asked if I wanted to be listed. I picked no.

      1. Mark 65

        Maybe Australian?

        Over here the arseholes at Telstra require you to pay to not be in the phone book. Yes, you did read that correctly. Lucky country, my arse it is.

    11. heyrick Silver badge

      Who is your carrier?

      BT (England, circa 2002), Orange-mobile (England), Orange-landline-and-mobile (France), SFR-mobile (France). We just asked to be ex-directory, or "liste rouge" in French, and our details were omitted from the phone book. Likewise hiding CLI is a free option (though we don't as it is no big privacy concern). Furthermore, in France, it is not legal to be cold-called by companies we don't already have dealings with (which means most of our sales calls are Orange themselves trying to push their satellite TV product).

      I don't doubt there are providers trying to ask money to keep you out of the phone book. Consider voting with your wallet. In any case, placing a phone number in a book of numbers is known, disclosed, and has been a service for half a century.

      On the other hand, the topic of this article is the mass of data collection that is, in general, not disclosed. And is shared and aggragated by unknown companies. My phone, for example, has "Motoblur" which syncs all of my contacts. In addition, it contains a method of tracking my phone. And worse, it apparently CANNOT be turned off...

    12. Anonymous Coward
      Anonymous Coward

      I consented

      Well, I admit it was a quite some time ago, but when I lived in Australia and had a land line, I explicitly allowed my address to be published. Having an "unlisted" number was a specific option available to me which I declined, in writing.

      At least in the 'good ol' days', there was no question of whether phone books legally published address information.

      Dweeb

  3. draenan
    WTF?

    Is this the Telecommunication Act *1997*?

    I agree; let's ensure that all advances in communications technology be tied to legislation that is written when said advances hadn't even been thought of. Who needs smartphones anyway?

    Looks like Amateur Armchair Lawyer Night at the Peanut Gallery again. BYO tin-foil hat.

    1. Baudwalk

      A greed?

      >>> I agree; let's ensure that all advances in communications technology be tied to legislation that is written when said advances hadn't even been thought of. <<<

      Good. We're in agreement, then.

      Companies should not violate existing laws just because "they can".

      Perhaps the law in question could do with some revising, but you don't just allow anyone to break laws they don't agree with.

      Otherwise who, other than parliament, should get to decide which laws still apply and which are OK to ignore?

      I'll take the job(s) of Benevolent (you wish) Dictator for Life, if you like, but you might not always like the decision I come up with.

      1. draenan

        "Nanny/police state"?

        "Perhaps the law in question could do with some revising, but you don't just allow anyone to break laws they don't agree with.

        Otherwise who, other than parliament, should get to decide which laws still apply and which are OK to ignore?"

        It's a valid point, but only if you are completely squeaky-clean in your observance to all laws. After all, you shouldn't be breaking any laws you don't agree with, right?

        What tends to annoy me is the large number of people who complain about companies not following laws exactly as written, yet having no hesitation themselves in breaking the laws they don't agree with; "piracy" on the Internet being a classic example. These are the people who tend to use words like "nanny state" or "police state."

    2. Greg J Preece

      Oh man...

      I'd love to uae that in court.

      'No, your honour, that law doesn't count, you see, because it was written more than 5 years ago.'

      A well researched and written law should be able to defend the rights of the public on an extended timescale, especially with regard to future developments.

      1. Danny 14
        FAIL

        hah

        Magna Carta (yes I know it is really the refined bill of rights that is mainly used) is still used in cases today.

        So lets ignore the bill of rights and let the churches pass judgements again.

    3. g e

      I thin kit's still legal

      To shoot a Welshman in Chester on a Sunday with your bow and arrow.

      You fancy your chances with that just because it hasn't been repealed?

      1. jonathanb Silver badge

        It's not legal

        It has been repealed by various murder acts, race discrimination acts and human rights acts that have been passed since then that contradict it. If two laws contradict, the later one stands.

    4. Anonymous Coward
      FAIL

      Eh?

      "I agree; let's ensure that all advances in communications technology"

      Being tracked by your phone company is an advance in communications technology? In what way?

      Leaving aside whatever miracle you think this tracking allows, your post is pretty specious anyway: when this law against burglary was introduced, you honour, my patented "blow a hole in the wall, leaving all locked doors and windows intact machine" had not been invented, therefore I should be allowed to do what the hell I like with other people's property.

  4. SpiderPig

    Data Collection

    The current paranoia of data collection that has come from the states recently is basically paranoia. There are lots of instances where anonymous data is collected from mobile devices. The wrinkle is when the mobile number or IMEI is collected, these are deemed to be private data because then it is a small matter to associate the two and trace the owner.

    The data collected for WiFi services is generally the SSID and it's position, the more data collected for that particular WiFi AP the more accurate the positioning becomes. I know of one manufacturers devices will collect the data from both secure and open WIFi points, the device does not have to be logged in.

    Another data collection point is used to provide faster positioning information to a devices GPS, this is known as A-GPS and the MNC & MCC are uploaded to the A-GPS data server and then the ephemeris data is downloaded to the device. This speeds up the First Time Fix of the GPS receiver.

    If with all this hullabaloo about data privacy effects all these capabilities I bet the one who are whining the loudest will be the same ones bitching the loudest about how useless mobile LBS is.

    I think we all need to take a step back and take a deep breath.

    1. Anonymous Coward
      Anonymous Coward

      Good advice

      I think you need to take a step back and post to a story that has something to do with your post.

    2. sT0rNG b4R3 duRiD
      Jobs Horns

      Why do we need AGPS?

      If one has to wait for a satellite fix, well, then... wait.... It's not like it's going to take *THAT* long. I wait on my car GPS *if* and *when* I need it. It works fine.

      I don't want faster fix A-GPS with all this BS.

      It's not like it makes my life much richer in any dimension.

      Honestly, tell me, how often do you use your phone's GPS?

      I can tell you I have used mine, a grand total of 3 times within the year I've owned an android smart phone... which brings me to the next question..

      *** Have we all now gotten so retarded that we can't even read a f#Ckin' map?

      1. jonathanb Silver badge
        Jobs Halo

        Because it is faster

        A standard GPS fix takes about 5 minutes. AGPS takes a few seconds, or if there is a Wifi network nearby, even one you never use, it is pretty much instant.

        I use my phone's GPS at least once a week. Yes I can read a map. Google Maps on my Android means I don't need to carry a separate one around with me, or a separate compas.

      2. Jess

        Honestly, tell me, how often do you use your phone's GPS?

        Almost daily. Probably several times as often as I use it for phone calls.

        The mobile network based approximate location system is very useful. (Both for time saving, you get the right map immediately, and for old phones without sat-GPS).

        I probably save the cost of the data service in tube fares, because I now know when walking (or bus) is a better option.

  5. Anonymous Coward
    Anonymous Coward

    The Act needs to be changed...

    But the Act pre-dates smartphones, by many years and none of the potential beneficial uses of sharing location data were known or understood.

    For example, there are many apps which permit me to share my location with friends. As a paraglider pilot this is invaluable for many reasons and hopelessly impractical to do in real-time any other way.

    The Act needs to be changed. At the very least to allow users to opt-in to sharing their position, it could be as easy as a switch in the iOS settings.

    Anyone worried about data should carry a dumb phone - whether it's a vengeful wife, or because you work in a sensitive environment for a very simple reason - sooner or later you'll forget to turn the tracking off.

    1. Daniel Evans

      As I see it...

      There shouldn't be any issue with those apps and the law. Presumably, by installing/using the app, you know it's going to be releasing your location information, and hence consented to it.

      The issue here is that people were not informed (at the very least, not clearly) that the phones were sharing location information with HQ.

    2. sT0rNG b4R3 duRiD
      Stop

      No.. I would think about it in another way.

      You are sharing your position *willingly* with another party.

      Sure, you use an app to do it, but the mobile carrier's got nothing to do with it, and neither does the phone manufacturer. They are not snooping in on you or using this data. You and your friends are.

      I am prepared to accept that telcos can and will snoop your location but to have google and apple and who knows who else do it is unacceptable, and if this article is correct, then google and apple have a lot to answer up to. I hope it is the case.

      I would ask you:

      1) Do you think the AGPS argument has any bearing on your paragliding?

      2) How *do* you paraglide and look at your mobile phone at the same time?

  6. Arctic fox
    Headmaster

    I think that a point is being missed by some.

    This article raises a number of very valid points. In my view it is not acceptable for these companies to collect this data unless they ensure that the sign-up/start-up procedure involving the device concerned really *does* place the customer in a position to make a *genuinely* free, informed and *uncoerced* decision when giving the necessary permissions. Burying it in the EULA or saying "well, you must realise that these smartphones etc..etc." is NOT acceptable. If these companies' behaviour is *not* illegal, it should be made so SAP.

    1. g e

      Like Finance services

      They should perhaps be forced to put a caveat on all of their advertising, e.g.

      Apple products collect and store your location and other personal information and transmit it to Apple Inc

      I wonder how fast a simple advertising requirement like that would make them fix their 'bug' and have the others tidy up their behaviour.

      Maybe worth mailing that idea to the ASA...

  7. Pascal Monett Silver badge
    Thumb Down

    Interesting

    If I read the above comments correctly, it would seem that the arguments in favor of data collection are :

    - everybody is doing it

    - it would be a nuisance not to

    - the laws against it were written before smartphones

    Yes, I can see how such brilliant arguments could sway the shrewdest judge. Not.

    1. Stuart Castle Silver badge

      How about providing evidence that the data is dangerous?

      If the data is not anonymous then yes, it is dangerous. However, I have seen no evidence that identifiable data is even sent to Apple let alone used by them

      If the iPhone sends the data to Apple with no personal identifiers, then people can hack Apple all they want, they won't get the data. Having just looked at the structure of consolidated.db (which is apparently all Apple get), I see nothing that could identify the phone or user.

      In terms of WiFi hotspots, it does store SSIDs, MACs and position data. However, unless you do something like use your name for the SSID, this will not help any potential hackers (even then it may not help much). The hacker would need to know your SSID or MAC, and it's likely that if they knew that, they would know where you are anyway..

      This different to the Google Streetview slurp. If Google had limited themselves to the MAC and SSID of all local networks, there wouldn't have been problem. They didn't. They took copies of actual data..

      1. Black Betty
        FAIL

        Law enforcement trolling for crime.

        The Dutch have already used Tom Tom data to set up speed traps in areas where road speeds were consistently high.

        The police have apparently been using similar data lifted from phones for years, which may be acceptable in terms of proving or disproving an alibi. However, I believe such data has also been used to put people in the frame for crimes, where the police had no reason to suspect that individual until their phone ratted them out and put them at or near a crime scene at the time of the crime.

    2. Anonymous Coward
      FAIL

      Australian Constitution 101

      Section 51 (v) of the Australian constitution enacted in 1901, states that the federal government's legislative powers specifically include;

      (v.) Postal, telegraphic, telephonic, and other like services:

      The observant reader will note that television is not specified, just the general catch-all "other like services".

      The authors of the constitution were sufficiently astute to recognise when framing the constitution that some new technology might come along which should be encompassed by this provision, and said so. With the introduction of television in Australia, this was in fact litigated, and the Supreme Court agreed that television was within the federal remit, and that had television existed in 1901 then the authors of the constitution would have included it.

      Fast forward to 1990's ...

      The legislators and their public servants, are all nit picking bureaucrats and lawyers, intent on making laws as impenetrable as possible, and as internally and cross-referentially as inconsistent as possible. Laws are no longer framed in a usable manner, but independently and without reference to related laws by some bizarre horsetrading system where paragraphs get added/deleted according to who has the most lobby money. The result is laws that are useless by the time they are passed, and which are "moment in time", in the sense that as soon as something new arrives, it is not covered unless it gets litigated (by which time the horse has bolted so to speak).

      Worse, many laws passed in the past few years are draconian in scope, and grant "fascist state" powers to the police. Apparently no one cares and fewer understand what the erosion of our basic rights means, now and in the future.

      Such is the state of the intellect of politicians in Australia - and it saddens me everytime I see how useless they actually are, how poorly they frame laws, and worse - how totally unaware of the legal philosophy upon which our fine country was built.

      It's no wonder I left :(

  8. Anonymous Coward
    Anonymous Coward

    Yeah let's just

    Let companies do whatever they want with disregard to the laws because a fraction of fans of said company are perfectly ok with it and the law is stupid anyway, having been written before the latest gadget came out.

    Other people may not be ok with it, have you thought of that?

    1. draenan
      Thumb Down

      Of course people aren't happy with it.

      Those people are free to not use that company's services.

      I'm hoping that the people who are complaining that a company isn't following the letter of the law are all squeaky clean in regard to the law themselves and don't get involved in "illegal" activities like speeding and sharing of content they don't own on Bit Torrent just because they don't happen to agree with the law that defines the activity as illegal.

      They'd be complete hypocrites otherwise.

  9. Anonymous Coward
    Thumb Up

    "The EULA is a grey area."

    It really shouldn't be. How difficult is it for govs to clarify that an EULA must be confined to legal and commercial agreements only - sufficient to protect the seller's interests in relation to the product in question and nothing more? To my mind anything that could give a reasonable person cause to -not- agree is thoroughly mis-placed in an EULA, and should have no legal standing whatsoever.

    Broadly in agreement with the arguments in the article, but good luck finding a lawyer who is clued-in (or cares) enough to argue the points successfully - or a court that is free and intelligent enough to understand them.

  10. JaitcH
    WTF?

    If not Legal then it is at least Immoral

    First of all I accept that, for purposes of troubleshooting, certain historical datasets are needed. For instance an LG handset with a slider keyboard counts the number of slide operations.

    Likewise collecting the last 30-50 cell sites or a similar number of WiFi transmissions (1) If used by the handset in question; (2) Used within the past 7 days; and (3) accessible only to a 'local' service need (i.e. a technician troubleshooting the handset) is OK.

    However, TRANSMISSION of this data is wrong and IMMORAL. This involves, usually without INFORMED user consent, the collection of geolocation data (otherwise for what use would it be) and an IDENTIFIER (no identifier reduces the use of the data) and THEFT OF TELECOMMUNICATIONS.

    Apple has admitted it has collected data for up to about a year. What use can this aged data be used for?

    I do not accept for a minute that it was an oversight. Any software author knows damn well how difficult it can be to get an authorised service to function properly. This infers that a great deal of effort went into this data collection. What triggered a collection and what triggered a transmission?

    Then let's consider the transmission. Handsets and cell sites have strict protocols and even if such protocols were successfully navigated, how was the mass transmission of this data 'ignored' by Apple. Stray strings of data, in my experience, almost always result in a Request for Retransmission/NAK and almost always GUARANTEED to trigger an alarm.

    This implies either Apple has sloppy server software that ignores certain transmitted data - which requires programming or they are lying - again.

    Apple has had sufficient problems with Lemon 4 software for it to have checked, and cross-checked, almost every line of code used in the handset if only to save 'face' in the case yet more weaknesses are exposed.

    It is common to find notable 'remarks' in software code but the comments are short whereas Apples data collection code would be far lengthier.

    I personally would have less concerns with data collection if (1) Apple and Google, etc. were up front about it; (2) if users had control over transmissions; (3) if users were compensated for transmission time.

    No one needs to know a users location unless a handset has gone 'rogue' and cellco's already have plenty of ways to minimise interference since almost all handset operations are subject to their control.

    Authorised entities can already interrogate a handset's GPS function without the knowledge of a user so why is it necessary for a MANUFACTURER to know where it's products are?

    Since Apple et al cannot be trusted to practice proper privacy it is incumbent upon legislators to put in place the necessary laws, with large financial penalties, to ensure compliance.

  11. Thomas Davie
    FAIL

    The key...

    Is that Apple at least, is not collecting your data – they're sending you data. They're sending you the location of towers near to other towers you just connected to so that the phone can look them up fast.

    1. Synonymous Howard

      And soon to be fixed ..

      in iOS 4.3.3, which to quote "BGR" is rumoured to include ..

      - The update will no longer back up the location database to iTunes.

      - The size of the location database will be reduced.

      - The location database will be deleted entirely when Location Services are turned off.

      - Battery life improvements.

      - iPod bug fixes.

  12. Phil A

    Scope

    My issue is with the scope of some of the agreements. If I want to even turn the GPS on on my android phone, I have to agree to it collecting "anonymous" GPS data. Fair enough, if I want to use Google maps, I accept that it needs to send my location to a server to retrieve the map tiles but once I've finished getting lost, I don't see why my location should be tracked any more.

    1. Anonymous Coward
      Anonymous Coward

      @Phil A

      Ever wondered why Google Navigation does not work with data services turned off even though it has the required maps cached?

      Well, unlike TomTom and Garmin and all the others, it is not your device that actually works out the route. Your Android phone transmits your location and the destination up to a Google server, which then works out the route, which is transmitted back to your phone with all the intermediate map data. So not only do Google know where you are, they know where you are going, and have an idea about where you will be at some time in the future.

      I know that if I were a wanted person, I would be using a navigation device other than Google Navigation!

  13. Richard Tobin
    Grenade

    The dangers illustrated...

    They'd have got Bin Laden years ago if he hadn't been waiting for a white iPhone.

  14. Guus Leeuw
    Megaphone

    Before and after

    Sir,

    once we were a people to whom the concepts of a smartphone, GPS or A-GPS did not occur. We were happy, and we were able to find the lost paraglider. People knew where I was, knew this only because they could see me there.

    Access points, network SSIDs and the likes were known to people in the area, and they could connect if they had the right details / devices to do so.

    We did not use location-based services simply because we did not have a concept of it. We were quite happy with that, as location-based services came through the frontdoor in the form of a newspaper, magazine, or other advertisement materials.

    Nowadays, some service organisations find it attractive to be able to tell people that "ITPassion" is a wireless network located at 5 Anstice Close. Who should know this? Did I agree for them (and their followers) to know this? Should I care? Not so much... But: when it comes to tracking my location based on GPS data *readily available to non-government parties*, I feel very different. I don't want to be tracked by just about anybody, and the fact that the Telecoms Act indeed protects me in that way (so that only government bodies can find me, should they have the need to do so (that is proven beyond reasonable doubt in front of a judge)). Do I want that Google / Microsoft / Apple / Nokia / Samsung / Sony / Motorola / Blackberry / Somebody-knows-who-else can invariably track my location and use that to provide me with a ping that the restaurant I'm standing in front of, is actually rated 4.59 by 1239993 voters? Do I care what other people think of that particular restaurant? Should I care? Maybe they are kitchen-and-food nitwits and in fact the restaurant is crap?

    I do agree that there are, indeed, situations in which it would be desirable to *know* where somebody is, mountaineering, paragliding, road racing, diving, etc come to mind. But then these situations would require *local* knowledge (think of how air traffic control works on a local basis). They would not need knowledge held by a third party that has no value in knowing these things. The ruse "but it is valuable to you that we know" is deemed in Europe (especially Germany) as Brown Thinking (because the Nazis also told the people what was good for them, or worse what they should be thinking).

    Besides, we *all* readily state the Governments should know as little as possible. However, we seem to shed the reasoning behind that point of view aside when it comes to for-profit organisations. Or are you saying: I like CCTV everywhere, and therefore I don't mind Google / etc... knowing of my whereabouts... Shouldn't the reasoning be more akin to: I'd rather have Government knowing, because I (collectively ;)) elected them, rather than somebody else, because I (uncollectively(!)) did not elect them.

    People should be more vigilent, and should have more common sense, and people should stop falling for marketing ruses. But then again, marketing is forceful, simply because people belief what they are being told (Google does not do evil, Google is good)....

    Guus Leeuw

  15. Rolf Howarth
    Alert

    But it's not personal data

    " It is an offence to disclose or use any information relating to the content of a communication, services supplied, or any user’s personal information"

    I don't see the problem here. Recording the wifi SSID of a network you happen to see is no more personal data than writing down the house number of a house you see from the road. Recording that a particular phone saw that SSID at a particular time *is* personal data, but if the data is anonymized so there's no way of linking the SSID/location to the phone that reported it then it's *not* personal data.

    In any case, you did give permission through the EULA. Whether EULA's are legal or not I suspect has a lot to do with whether a court thinks it "reasonable" or not. If the small print in some software click through EULA says you agree to sacrifice your first born on some altar and pay 50% of all your income for the rest of eternity into some account then no, that's not enforceable. If it's the EULA for a mobile, location-aware data device and it says the device will create and use location data then that's hardly unreasonable and you'd have a hard time proving otherwise.

  16. gryphon
    FAIL

    EULA

    Someone really MUST test some of the major EULA's in court with regards to length etc. iTunes for instance is on the order of 50 pages and gets updated every 5 minutes. What 'reasonable' person is ever going to read that, and all the upates? I did, once, my brain almost melted with the tediousness.

    I'd say that if you can't fit an EULA / contract for a consumer on a maximum of 2 pages then it isn't fit for its purpose.

    I also don't like Paypal where they'll send you an e-mail saying there are updates to their T&C's but require you to login to look at them.

  17. MrT
    Coat

    So to summarise the article...

    ... "Chirgers" plays pop

  18. Graham 25

    Who says data is being collected ?

    Its on your phone, in your possession, and on your computer.

    Anyone got any evidence at all that a third party has collected it ?

    Thought not.

    Just because you have a brain and a mouth doesn't mean you only have to use one at a time.

  19. Anonymous Coward
    Dead Vulture

    Why voice an opinion without facts?

    This article might be interesting if the author had done their homework. Why post such sweeping opinions, only to undermine them with disclaimers that you're not an expert? Anyone posting a reply could say as much. Why not get an opinion from an expert so we have something tangible to discuss? The whole article is reduced to hearsay.

    Some basic facts would be nice too, e.g. why do you imagine data is anonymised *after* it is received when it is much more efficient to anonymise if before transmission? The data does not carry user data even in the cached version on the phone, so why would they add it during transmission only to strip it off again on reception? It only slows transmission, increases data use, and makes more work for the receiver. In other words, lots of extra work for no benefit. Why would anyone do that?

    It also seems hopelessly implausible that a 3rd party receiving personal information from a phone user is implicitly a contractor of the carrier. This logic could equally by applied to *anyone* providing a service through the phone that necessitates the transmission of personal data. Phones are now used for all manner of personal transactions with online stores, retailers, government services, and banks. Does the Telecommunications Act apply to all these businesses too?

    1. Richard 12 Silver badge
      FAIL

      That 3rd party made the phone operating system

      In many cases that OS was then customised to the requirements of the mobile phone network.

      Either way, Google/MS/Apple provided necessary parts of the mobile telephony system to the mobile telephone network.

      That's a very cut-and-dried Contractor status - they made something for the network at the request of the network and were paid by the network for it. (With-SIM mobiles are always subsidised by the network to some extent.)

      Obviously in the specific case of 'SIM-free' phones that wouldn't apply.

  20. Gavin McMenemy

    Your statutory rights are not affected.

    You cannot sign away your rights in a EULA - or any other contract. A contract is not allowed to override the law of the land.

    At least in the UK.

  21. SuccessCase

    This article makes the assumption

    That the data is collected with personal information intact. But if the phone-home doesn't pass on that data (even though it may the transiently relatable to the individual through the allocated ip-address being mapped somewhere to a hardware device) there is no need to anonymize the data and the PS3 scenario is not one we need worry about. This is a sideshow, because the real worry is that the telephone companies already do store far more detailed location tracking logs + all the requisite personal data. So actually looking at Apple and Google on this account is the wrong place to look (there are other privacy issues we should be more worried about). The PS3 scenario is perfectly possible where the telco's are concerned, so perhaps we should be more worried there. What if an employee does a Bradley Manning and dumps all that data in the public domain? Easily mappable to google maps by date. Then for many people it really will be brown underpant time.

  22. Charles Augustus Milverton

    If....

    If the data collected is just transmitter location and identification then I don't think there are any privacy problems. It is no different to adding marine/air navigation beacons to a map, or noting the location of a local TV transmitter.

    The real problem is that WE are doing this highly useful work for free. Google, et al, should be paying us for our legwork !

  23. Fred Flintstone Gold badge

    Another point: permission must be given explicitly

    It's part of the UK Data Protection Act (and AFAIK EU privacy laws) that it is not possible to obtain permission implicitly, i.e. make the permission part of the small print in another contract. The permission to use personal data should be obtained EXPLICITLY - that means there should be a separate section that explains the use of the data, and then seeks your permission specifically for Data Protection purposes.

    The usual BS of burying such permission somewhere in the back of a contract is simply not valid.

    I disagree with your statement that privacy paranoia has come from the US. As far as I can tell, they still suffer from the brainwashing dished out during the Bush(/Blair) era that you must be a commie, sorry, terrorist if you assert your Human Right to privacy. It is actually remarkable how identical the whole manipulation was to the McCarthy era where whispering "communist" was enough to make paranoia break out like a bad case of stomach flu (and equally pleasant).

    Privacy is a right. It's as simple as that.

  24. Ian Michael Gumby

    Spot On

    "The second is that the recording of WiFi hotspot data, without the hotspot owner’s consent, isn’t necessarily legal under privacy regimes other than those that apply in America. Google’s StreetView program has led to it submitting to privacy audits in Australia; just why it’s okay to undertake similar data collection using other peoples’ devices is a subtlety that escapes me."

    I don't see how you think that this action is actually legal in the US.

  25. Anonymous Coward
    Paris Hilton

    I am definitely not a lawyer

    but surely WiFi hotspot data is something that the hotspot owner has chosen to make public by broadcasting it? When that information is gathered and transferred by Apple or whoever, that company is not providing a carriage service to the hotspot owner. Neither are they providing a location based service to the owner of the phone that is transferring it because they are gathering the data for their own business purposes.

  26. Steve Todd
    Stop

    The author seems to be ignoring a number of points

    Firstly, at least in Apple's case, users are quite free to opt out of location services. Simply turn them off in settings.

    Secondly location services are a value added proposition. Users WANT to be able to locate themselves, find routes etc. The vast majority are happy to opt in.

    Thirdly anonymisation happens at the phone level. It sends an id with its data, but that isn't directly linked with a given phone number, so trying to identify the owner of a given phone, even if the central database is hacked, is near impossible.

    Fourthly WiFi SSID identifiers and MAC addresses are publicly broadcast data. Collecting payload data is at best legally dubious, but publicly broadcast data (which can be turned off by the owner of the base station) is fair game, especially on unlicensed wireless spectrum.

    Fifthly section 276 is about the penalties for a carrier or agents of a carrier intercepting and disclosing the contents of a communication between the owner of a phone and a third party. It does not cover the third party (Apple or Google in this case) disclosing the data to additional parties. The data is not intercepted. Neither Apple or Google are acting as agents of the celular companies when they provide these services either.

    1. Anonymous Coward
      FAIL

      WTFH does 'fair game' mean in this context?!

      So, professional fouls are OK if the ref doesn't spot it or if s/he does and your team can shout louder and distract, it's acceptable?

      I have an open router (I Think) but that doesn't make it acceptable for any Tom, Dick or Harriet to come along, register and record the fact and include it on a map for sale - or does it? It doesn't infringe the laws and it is not for profit. Google, Apple, MS and the rest are "for profit" and may infringe the law. I've not polished my halo because I don't think I need to.

      Is fishing with dynamite acceptable? It is certainly effective in some circumstances!

      FEA and I hope the corporate a..holes lose their shirts and the share price tanks if the courts find against them. Long live the little people Ms Helmsley!

      1. Steve Todd
        FAIL

        @AC 22:25 - You have a number visible on the front of your house

        Is it somehow illegal or immoral for someone to collect the location of door numbers? If so when are you going to sue the sat nav companies? What part of your privacy is infringed by it?

        Just like this WiFi routers sit there shouting their existence. They broadcast a network ID just like cell towers broadcast an ID. They broadcast on an unlicensed band to anyone who cares to listen. If you don't like this then turn it off or switch to wired.

    2. Anonymous Coward
      FAIL

      Does the EULA actually say that?

      It is a while since I read the EULA (what tedium that was), but I seem to recall that I had no option to agree to it, or iTunes would not work, and that I had to agree to apple collecting location data. I do not recall that "turning of location services" implied that I had revoked apple's right by EULA to collect whatever data it wants.

      Let's face it. Just because I turned of location services, does not mean that apple can't turn them on whenever the OS is programmed to do so, collect what it wants, and silently go to sleep again, all without my knowledge. It was my assumption that this is actually the expected result of what the EULA said.

      I may have remembered incorrectly, and in any case the EULA has been amended 117 times since last month, so it's a bit hard to check

      Dweeb

      1. Steve Todd
        FAIL

        @AC 23:26 - before you comment you might try reading it

        Right near the top (section 4. Consent to Use of Non-Personal Data) you'll find

        "By using any location-based services on your iPhone, you agree and consent to Apple's and its partners' and licensees' transmission, collection, maintenance, processing and use of your location data to provide such products and services. You may withdraw this consent at any time by not using the location-based features or by turning off the Location Services setting on your iPhone."

        The remainder of your post is FUD and paranoia.

        1. Anonymous Coward
          FAIL

          Really?

          Your post indicates clearly you didn't read mine. Having read the EULA once, I am not predisposed to read it again to check what the current version says. My recollection, as I indicated, was not precise and I have no way of confirming what the EULA used to say, and I suspect neither do you. I fail to see what part of my post constituted paranoia or FUD

          I have 30+ years as a software engineer - I do not need to be told by smart ass little twats what constitutes paranoia or FUD.

          so, STFU and PO

        2. Anonymous Coward
          Megaphone

          Subsequent articles confirm ...

          Subsequent articles seem to confirm that Apple was doing EXACTLY as I suggested, and that they were sending data even with location services turned off. So clearly my supposition was well founded and my "paranoia" did not mean I was wrong.

          It is always pleasing to be right, so that twats like you are exposed as just that, twats.

  27. Anonymous Coward
    Anonymous Coward

    I do not think it means what you think it means

    Making a note of the fact that the MAC address aa:bb:cc:dd:ee:ff is located at a particular location doesn't infringe anyone's privacy.

    That's not an opinion, it's a fact.

    1. Jess

      ... is located at a particular location doesn't infringe anyone's privacy.

      Not exactly.

      Firstly, we must assume you are referring to the MAC address of a router, because if you refer to the MAC of a laptop or smartphone, then that most certainly does.

      Also if a router is moved between locations, then the data would have the potential to invade privacy.

      e.g. an individuall moves away to escape an abusive spouse. They don't get a new router. The spouse is skilled enough to send a request to google maps saying I can only see this mac address, where am I?

      I'm not saying Google is wrong to collect the information, but it does need to be careful how it uses it.

      1. Wize

        If you are sniffing wifi (like the google cars did)

        then the MAC addresses of phones and laptops would be recorded too.

        And do we know if the phone version just record base stations or does it pick up anything using wifi?

  28. yella
    Stop

    Collection who, what and where..

    I think the main argument here is allowing access to this data for use by agreed parties.

    Forcing people to accept a agreement or your not allowed to update your software is an unfair practice.

    Next people dont mind sharing data as long as they permit those parties to actually collect that information from them.

    For example using software to track you phone in case its lost or stolen is for your purpose only, and you permit that company to hold your data, but not using it for there financial gain.

    I may wish to share my geo data with friends and family and such, but again this is not to be distributed to others, only the people I say can see my data.

    Personal data is to easy to access, and most companies gain the rights to your data as soon as you agree to this or that, and the secondary use of the data is for the app that you want to use it with.

    I really agree that new legislation needs to be brought in as to who can hold your data, and whether since they hold it are they permitted to use it for other purposes. Fair enough you allow them to collect data, but this collection is for your use not theirs.

  29. Anonymous Coward
    WTF?

    untitled

    i got as far as the first couple of chapters and decided to not waste any more of my time reading anyy more of the the crap that was a waste of my bandwidth my browser used to cache the page....

    you appear to think its not legal for a company to make a database of publicly obtainable information?

    if i were to make a database of the geo location of every post box in the world would you have a problem with that?

    Right, a little bit of technology babble dumbed down enough so that you may understand...

    you set up your wireless access point, set an SSID of "FRANK" and switch it on. it then begins to BROADCAST its location. sort of like "yoohoo... I am here, my name is FRANK, if you know the password, I will let you in" or if you dont broadcast the SSID then "yoohoo... I am here, I am not telling you my name, but if you know the password I will let you in"

    the hint is in BROADCAST... as in YOU BROADCAST THIS INFO. if someone wants to go around and collect this information and create a database of this information and can make use of it then good luck to them. When you switched on your transmitter YOU decided to publish its location and all the information that goes along with it.... What is that? you don't want to hand out that information you say? well then wire your house up with CAT5 and explain the mess to the missus...

    its a wonder google or apple or whoever didn't apply for a patent based on a new use for existing technology....

    1. Black Betty
      FAIL

      There is broadcast and broadcast.

      What is shrieked out through a 100 KW transmitter is clearly meant to be heard.

      What is whispered at 200 mW is just as clearly NOT meant for the entire world.

      By your arguments, anything coming out of an old analogue phone is "broadcast" and legally subject to interception by anyone with the ability to "listen".

      And as a matter of fact, when missuse of that "publically attainable" information is possible or likely, laws against consolidation, or very strong regulation covering the circumstances where consolidation is permitted are likely. Reverse phone/address books are an obvious example.

  30. Asgard
    Unhappy

    Anonymous GPS location data? ... how?

    @"collect both GPS coordinates and WiFi base station data, and although this information is returned to the respective vendors, the data is anonymized"

    There isn't any way to have truly anonymous GPS location data. If its at my house 7 nights at week then its at my house. If its at my place of work 40 hours a every week, then its at my place of work.

    The locations I visit are my life. Therefore location reveals identity and companies really know this, as they seek to tie marketing data to the person owning the phone based on where they travel.

    So at least companies, lets be honest about all this spying and so stop talking of anonymous data. Because currently any company talking of anonymous data shows they are really lying, hoping we won't think about it enough to notice they are really lying.

    The companies need to be at least honest in their intentions to spy on our locations seeking to reveal aspects of our life. Which then allows them to sell our location data to advertisers, who in turn seek to exploit our loss of privacy for their gain, to try to convince us to part with more of our money, based on whatever they can find out about us. All these attempts to find out about us are ultimately attempts to bypass and so violate our privacy.

    But then they wouldn't like us to think about it in terms of being spied on. But that is really what they are seeking to do and they are trying to stop us stopping them, because they have too much money to gain from invading, exploiting and selling our privacy for their profit. But ultimately its not theirs to sell!

    My privacy is my privacy!

  31. Anonymous Coward
    Anonymous Coward

    IN AUSTRALIA

    Just a suggestion - the words "in Australia" could be added a few more times through the article, just in case anyone outside Aus ever reads this and thinks it might apply where they live.

  32. Andy Watt
    Stop

    Headlines and bylines...

    I'm sure (I hope) that the use of "iPhone" only in the title and android and windows phone in the rest of the article was an oversight. You don't _really_ hate Applw that much, do you?

  33. Anonymous Coward
    Thumb Down

    More FUD

    Firstly, the data is anonymised before it is sent back, not the other way around.

    Secondly, isn't this a bit like the radar detectors case from some years back?

    In the UK, radar detectors used for avoiding Police speed traps were illegal to use until 1998 and the reason given was that they contravened the Wireless Telegraphy Act (1949) - the part about intercepting transmitted messages.

    In 1998 someone brought a case to establish that the mere detection of a wireless signal is not illegal (plus the radar transmission contains no message to intercept) and they have been considered legal to use ever since.

    I see no problem in knowing that a wireless hotspot called XYZ is located in a particular place. If you run a wireless hotspot and disagree, I suggest hiding the SSID.

    1. Anonymous Coward
      Anonymous Coward

      Good response,

      a good response, well balanced and informative..

      just one thing though, If you dont send the SSID, you can still locate the hotspot and geo-tag its location....

      the better thing to do if you you do not agree is to unplug your Wireless AP and use a wired network instead !

  34. Neal 5

    What fucking title, methinks CUNT

    hasn't google already been here, although in many various forms.

  35. Anonymous Coward
    Headmaster

    anonymous with a UID

    tried my Motorola Defy's location services today

    I can't use the Wifi location info without becoming a data source myself

    Why do I I have to upload to use a "service"

    Associating mt WiFi with my location ins nothing *BUT* personal

    when I travel i might turn use wifi location on...

    and off within 50 miles of me.

  36. T J
    Thumb Up

    A timely article

    This is a timely article and thank you for raising it. I have almost given up drawing attention to the Telecommunications Act and what constitutes breaches of it, and half the time it seems to go unenforced, possibly due to lack of information. And now there is a 'culture' developing of leaking information like a sieve to go on top of that pre-existing 'culture'. I think its time for some hardball.

This topic is closed for new posts.

Other stories you might like