Geek Post Alert: GPS, Friend or Foe
A couple of interesting tidbits caught my attention in my weekly SANS newsletter (www.sans.org; SANSBites), so I thought I would bounce some thoughts around.
The first item is the discovery that the version 4 operating system of the iPhone apparently stores GPS location information and downloads it to your computer iTunes. According to the blurb I read, the data is not sent to Apple or any other entity, but iPhone users are not advised this location information is tracked.
BTW, if you would like to read about this, here is one article about it also containing links to two tools developed by researchers which will provide a graphical representation of the data (just in case you want to know where any iPhone 4 users in the house have been recently). http://news.cnet.com/8301-13579_3-20055885-37.html?tag=mncol;title
The second (which I will relate to the first shortly) is a note that the DOJ is asking the Supreme Court to allow warrantless GPS tracking authority. http://www.wired.com/threatlevel/2011/04/scotus-gps-monitoring/
WOW
Ok, so from what I can tell the DOJ tried to use a 1983 case allowing the beacon tracking of a container to justify a GPS tracker on a drug dealer. (BTW, drug dealing bad, very bad). The case of the drug dealer is now making its way through the court system challenging the GPS tracking with the last round going to the drug dealer and GPS tracking being struck down. The thought behind the latest ruling was that the beacon tracking was from location A to location B while GPS tracking tracks continuous movement as it “illustrates how the sequence of a person’s movements may reveal more that the individual movements of which it is composed.” Uhhh, yeah.
While I am all about using GPS to track teen ager movements (after all as parents we are ultimately responsible for their actions) and potentially older, aging parents (when we are worried about their safety and sense of direction). I am not in favor of the DOJ deciding to track my movements on a whim.
Granted, they really don’t on a whim, but you know what I mean.
A warrant in its purest form requires a burden of proof to a judge of reasonable suspicion crimes are being committed. Warrantless is a fishing expedition.
Now to the Apple stuff, while the DOJ items are warrantless, let’s say the DOJ decides you are a drug dealer and wants to gain GPS information on you. They don’t even have to do it themselves, now all they have to do is subpoena your iPhone and computer with iTunes and they have historical data. Data you didn’t agree to allow nor even realize existed. Well, until now. You don’t get the benefit of a uh-oh, the Feds are watching so I better cool it. (If you even know they got a warrant.)
I am pretty much a fair player. I don’t believe in bad guys and support the good guys. I do, however, worry when Technology can potentially be used without context or safeguards.
I have seen people fired over misread proxy logs (i.e. incorrectly read listings of web site browsing) and other items where zealousness tramples common sense.
I am a bit disappointed in Apple for including this tracking in their latest OS.
Remember anything good guys can figure out how to get, so can bad guys. A hacked system with this type data provides hackers the ability to track your location and typical movements. Worst case scenario, gee whiz, look every Tuesday you are at Karate for 2 hours. I can sell that information to a local contact who robs your home Tuesday evening during the window of opportunity, no casing involved.
Some of my examples are extreme, and many of you may not care, after all you check in on Facebook with where you are all the time. A little GPS tracking is trivial.
The key difference, you choose to release the information you do on Facebook or tracking in Latitude (Google’s’ site).
Apple didn’t ask, and I guarantee, they didn’t code it unless they had a plan to use it.
GPS, Friend or Foe? I think the jury is still out on that one…