Location Tracking is not Spying

Yesterday’s twitter stream is punctuated with big brother sentiment about the storage of non-personal location data on the mobile device and in backups stored on the computer used to sync. Much of the discussion seemed to criticize Apple for storing the data and for not being really clear about it in their user agreement. There are a few things I find disappointing about this discussion.

1. Access to Raw Data

While it’s true that the information is stored on the device, it is nearly impossible for any malicious party to gain access to this information. First, there’s the concern about accessing it directly on the device. An app developer could conceivably access the file, but I’d bet the farm that Apple will reject any app that attempts to open the file. That basically means the only way to access the information is for you to build your own app, install it on your own device, and subsequently fuck yourself over. That potential exists, regardless of technology. You could easily push yourself in front of a bus, mail yourself some anthrax, etc. As the expression goes, “you can’t fix stupid.”

Another way to gain access is to find the file in the device backup, made whenever the device syncs with a computer. Again, this means the malicious party has access to your computer, which probably contains substantially more sensitive information (social security number, bank account details, passwords, etc), so the location data from your mobile is the least of your concerns. The only other way to gain access is to dig into a Time Machine backup. Similarly, if someone has this level of access, you’re fucked anyway.

2. Precision

The raw location data is not a precise or accurate time-stamped latitude/longitude coordinate of your device. It is instead a log of weight values indicating the probability that the device was near a given point on a grid (presumably either in minutes or seconds of lat/lon). As a point of reference for those who are not experts in geospatial terminology, a one second grid has points about every 31m (100ft) at sea level. Given the precision information available to legitimate developers and personal experience with Core Location, you’re lucky if you can resolve location with 3sec (100m / 330ft) accuracy.

Put simply, it is not possible to derive from this information precisely where a device was, is, or will be. It would not be possible, for example, to determine whether your device was at the Gap or Banana Republic. It might be possible to say you were at the mall, but that’s about it.

3. Identity

Remember that the raw location data shows only the possible location of the device, not its owner. This alone is not enough information to be dangerous. While the device does have a unique identifier, it would not be possible to determine with any certainty whether the device is in the owner’s possession. I realize this is the weakest of these four points, as there are a few other things we might use to increase our certainty that the device is indeed being carried by its owner. For example, twitter posts made from the device could provide sufficient evidence. Even that, though, is somewhat dubious.

4. Self-Reporting

Let’s not forget that in the age of Foursquare, GoWalla, Twitter, Facebook, and all the other social networks that allow (and even encourage) location tagging, we are our own big brother. Joe DeSetto wrote about this last year in his post, titled Social Location Is Creepy. With the growing trend of publishing not just what we’re doing, but where we’re doing it, I’m baffled by the outrage exhibited by so many people over this latest big brother meme.

Your mobile device may contain more information about your location than you realized, but it’s not enough to derive anything meaningful, nor is it accessible to anyone but you. More importantly, it doesn’t fucking matter when you’re announcing your location (and personal preference) to the world at large by checking in at Mons Venus. And if you’re the mayor, you’re telling the world so much more than they could ever glean from mining your location log.


Suspending Civil Liberty

There was a time in my life when i would have been excited about being felt up by a random stranger in an airport. Of course, the context of my fantasy involved a cute international 20-something and a mutual understanding. When that very thing really happened this afternoon, it was anything but consensual and nothing like the experience i had imagined. I was given the opportunity to be escorted to a less public place, but i declined and stated that i would rather show the rest of the travelers what they could expect if they exercised their civil liberties. As i stood at the exit of the airport security checkpoint, other travelers passed by and watched a surprisingly pleasant agent gently pat me down. The most remarkable aspect of the experience was the striking similarity between the pat-down procedure to which i was subjected and that used in law enforcement. I struggle to see what probable cause any air travel passenger might ever exhibit that would substantiate this level of scrutiny, short of maybe wearing a T-shirt that says “in all seriousness, i plan to do you harm.”

I’m pretty sure i brought the experience on myself. I wasn’t paying attention when i was walking through security, and i found myself looking for the shortest line, not the shortest line that fed into a non-invasive scanner. As a result, by the time i realized that my lane was feeding directly into the Porn-O-Matic, it was already too late to shift to a different lane. There was a brief moment when i thought i might have an opportunity to choose the metal detector, say if the scanner was occupied, but when the moment of truth came, the path was clear and only one choice presented itself – my naked ass recorded for all time in striking clarity (along with potentially harmful radiation) or a police-style pat down.

What i find most ridiculous about this security measure is the simple fact that they don’t have enough scanners yet. Since they do have enough metal detectors, they are funneling people through both devices arbitrarily based on the layout of the queues feeding the scanning stations. That means any possible benefit there might be involved with the new scanner technology is mitigated by the logistics of pushing a lot of people through a bottleneck. It is possible they hope to do something like random screenings, but based on the layout I saw, it looks like they are hoping to funnel everyone through the scanner eventually. Until then, they are offering no better odds of improving security than random chance. I would prefer that my tax money be spent on a system that produces measurable results with clear advantages over existing solutions and no harmful side-effects or not spent at all.

Also, given the fact that this technology uses X-Ray radiation, I’m naturally skeptical of the claims that the device is harmless. Cumulative effects of long-term exposure to X-Ray radiation are still largely unknown, and I am not interested in finding out those effects if there is an alternative. It seems obvious to me that not being exposed is the best way to prevent ill effects. It also seems obvious that this security measure is doing nothing to reduce risk and only serves to add to the stress of traveling.