A friendly warning: anything your smartphone transmits can be used against you in a court of law. Wednesday's announcement that Apple's latest iOS operating system for its iPhone product contained a backdoor for surveillance activities was a shock for many, but not for law enforcement personnel who have been taking advantage of the security flaw in order to track cellphone users' movements in legal cases.
Two researchers at the Where 2.0 conference in Santa Clara publicized their discovery of a hidden tracking file which can be found on all Apple devices running the latest version of its mobile operating system. It was determined that the file contains location data with the specific latitude and longitude coordinates of every cellphone tower and Wi-Fi access point that interacted with the device.
How the tracking file got on its mobile devices, Apple won't say. In a letter to lawmakers, Apple general counsel Bruce Sewell said that data regularly collected and transmitted by its iOS devices to the company was used to “help Apple maintain and update its database” in regards to cell tower and Wi-Fi locations. Whatever the case, Jeff Chester, executive director of the Center for Digital Democracy, says “Apple has unwittingly or knowingly become complicit in a wide range of mobile surveillance.” These activities have consumer groups and privacy advocates worried.
Some officials see no cause for alarm. The San Jose Mercury News is reporting that digital forensics experts have worked with software makers and law enforcers for some time to analyze phone data for criminal investigations.
One such company that has been profiting off of the iOS “anomaly” is Katana Forensics whose CEO, Sean Morrissey, said he discovered the ability to log user movement over time early last year after he analyzed an earlier version of the OS. Released last summer, iOS 4 made the tracking file much more accessible, he says. His company developed an application called Lantern, which it offers, according to Mercury News, “to companies and law enforcement agencies 'from the federal to the local level' for use in gleaning data from iOS devices.”
The article continues:
“As early as May or June, Katana had developed a software tool that it used internally to access the iOS tracking file for clients for which it consulted, [Morrissey] said. The company included a version of that tool with the new version of Lantern it released in January.”
Other software companies such as Access Data have admitted to offering similar tracking services and not just for Apple devices. Gleaning data from other brands of phones is as simple as logging data from applications that provide information based on the location of the user, says one mobile forensics expert. The Wall Street Journal confirmed Thursday that devices utilizing Google's Android OS collect data as frequently as every few seconds and send it to Google several times an hour. Google hasn't confirmed whether or not this location data is physically stored on cellphones in the way it is on Apple devices.
It's been known that cellphone service providers have the ability to track their customers in real-time, logging records of individual phones, but law enforcers generally opt for the “hacking” route to avoid separate subpoenas to service providers. Its never been too difficult for police to gain possession of a suspect's phone and legal precedent is trending in a dangerous direction, one that excludes cellphones from 4th amendment protections. For instance, the Supreme Court of California ruled in January that police don't need a warrant to search the contents of a detainee's cellphone and use that information to incriminate its owner. In the digital age, privacy is literally up in the air.
Many privacy experts place the onus on cellphone makers who knowingly permit data mining from private and public organizations.
"Whatever the engineering explanation for this, if there is one, it's critically important that consumers be aware of this kind of tracking and, to the extent possible, be given a choice of whether they want this kind of file on their system," said John Morris of the Center for Democracy and Technology.