Adapted from Always On: How the iPhone Unlocked the Anything-Anytime-Anywhere Future — and Locked Us In, © Brian X. Chen, to be published by Da Capo Press, A Member of the Perseus Books Group, on June 7.

For more discussion of the book, visit the Always On book page on Facebook.

One Saturday afternoon in January 2009, Rose Maltais picked up her granddaughter Natalie in Athol, Massachusetts for a short weekend visit. Just before she drove off, Maltais reportedly told Natalie’s adoptive parents that they would never see the nine-year-old again. But just one night later, police officers found Maltais at a Budget Inn in Virginia and arrested her. They didn’t use the traditional process of tracking down a suspect — interviewing witnesses and following clues — to find Maltais and her grandchild. Instead, they tracked Natalie’s smartphone and used a bit of clever technological sluthing to follow their trail.

Unbeknownst to Maltais, the Federal Communications Commission has required cellphone carriers since 2005 to provide a way for police to track most phones within a few hundred meters, and the GPS technology embedded in all smartphones has been a crucial tracking tool. To narrow down Maltais’s location, officer Todd Neale of the Athol police department called the child’s cell phone provider, AT&T, which provided approximate GPS coordinates every time Natalie’s smartphone connected with a celltower to get a signal. Then Neale contacted Athol deputy fire chief Thomas Lozier, who had experience using GPS for guiding firefighters through forest fires and finding lost hikers. Lozier plugged the coordinates into Google Maps and used satellite imagery to home in on where Maltais might be hiding. Jiggering around in Google Street View, Lozier saw a road sign for the Budget Inn in Natural Bridge, Virginia. Neale contacted Virginia state police, who arrived at the motel and found Natalie and her grandmother.

This GPS-assisted arrest offers a peek into the future of policing in an “always-on” society, where we are all constantly connected to the internet via incredibly-capable handheld gadgets with access to data everywhere. Smartphones already include a stunning amount of computing power, and an array of advanced sensors, such as gyroscopes, accelerometers, magnetometers, not to mention GPS, cellular, Bluetooth and Wi-Fi radios. The constant connection these devices offer, and the amount of information they are constantly collecting and transmitting is set to change much of our lives. In law enforcement, that data-driven revolution is already underway.

The information collected and stored on an iPhone can be more revealing than a fingerprint and a face scan, and police officers are already taking advantage of this. Security researcher Jonathan Zdziarski regularly teaches forensics courses focused on the iPhone. Police officers learn how to recover sensitive data from the device to help them build cases against suspects. That includes information that a suspect has attempted to destroy — deleted text messages, voicemails, contacts can be recovered with some clever hacks; officers can also learn how to crack pass codes of an iPhone and bypass encryption. Zdziarski admits that from a user’s perspective, it’s unsettling how insecure the iPhone is, but says he’s somewhat “divided on it,” because “at the same time, it’s been useful for investigating criminals.” iPhone forensics techniques have helped officers successfully gather evidence against criminals later convicted of rape, murder, or drug deals, according to Zdziarski.

Of course, it’s possible that some day, someone might clear themselves of a crime using their phone (See, I posted to Twitter from miles away when the crime was committed!). For now, however, these devices are more of a help to cops than suspects.

‘I think there’s an extreme lack of knowledge about the tracking on your iPhone or your iPad.’

But what’s good for law enforcement might not be good for our privacy. Just how much information are our smartphones are broadcasting about us? To find out, German politician and privacy advocate Malte Spitz sued his phone company, Deutsche Telekom, to get information that the company had about Spitz’s movements. It turns out that between August 2009 and February 2010, the carrier tracked and stored his location 35,000 times. That was enough data for German newspaper Die Zeit to compile a detailed interactive map that showed Spitz’s every move over six months.

Never before had a mobile phone company been shown to have such a detailed log on a single customer. Already, Spitz’s story has created ripples reaching the United States, where congressmen Edward Markey and Joe Bartain have sent letters to AT&T, Verizon, Sprint and T-Mobile demanding disclosure on their data collection and storage practices. “Location, location, location may be the favored currency of the real estate industry but it is sensitive information for mobile phone users that must be safeguarded,” said Rep. Markey. “Collecting, storing and disclosing a consumer’s exact whereabouts for commercial purposes without their express permission is unacceptable and violates current law.”

Incidentally, federal prosecutors in New Jersey in April 2011 issued subpoenas to makers of multiple iPhone and Android apps, accusing them of transmitting personal customer data such as location, age and other identifiable information to third-party advertisers. The federal investigation stems from an ongoing study by The Wall Street Journal, which tested 101 iPhone apps and found that 56 of them transmitted unique device identifiers (UDID) — a 40-character string of letters and numbers tagged to each iPhone — to third-parties, including advertisers, without the user awareness or consent. While an iPhone does not transmit a user’s real name, a company could combine a UDID with other personal information collected from the device, such as location, age and gender data to determine a customer’s real identity.

One target of the subpoena is popular music-streaming service Pandora, which the WSJ found to be sharing UDID, age and gender without user permission. Also, independent programmer Anthony Campiti received a subpoena regarding his app Pumpkin Maker, a kiddy app for carving virtual Jack-O-Lanterns, which the Wall Street Journal found was sharing UDID and location data with advertisers. Notably, neither of these apps ask customers for permission to share this data, and neither of them provides services related to location. “These unique indentifiers are permanent social security numbers in your phone in that they’re freely submitted and they can’t change,” says Justin Brookman, director of the Center for Democracy and Technology’s Project on Consumer Privacy. “You can’t go in there and change your UDID like you could go out and change a cookie [on a PC web browser]. It presents a lot more of a problem.”

“I’m glad this is coming to light, because we’ve seen for a while that with smartphone apps there’s a significant lack of transparency,” says Sharon Nissim, consumer privacy counsel for the Electronic Privacy Information Center. “I think consumers are waking up to the tracking that’s going on with a computer, but I think there’s an extreme lack of knowledge about the tracking on your iPhone or your iPad.”

Pages:123 View All