re Apple refuses to override user location spying choices

["Dave Farber" <farber () gmail com>]

> Begin forwarded message:
>
> From: John Gilmore <gnu () toad com>
> Subject: Re: [IP] Apple refuses to override user location spying choices
> Date: August 10, 2017 at 6:18:57 PM EDT
> To: dave () farber net
> Cc: "ip" <ip () listbox com>
>
> > Apple refuses to enable iPhone emergency settings that could save countless lives
> >
> > https://thenextweb.com/apple/2017/08/10/apple-refuses-enable-iphone-settings-save-countless-lives/#.tnw_O0GihW8u
> >
> > > OK why Apple are you refusing? Dfarber
>
> Because they've stopped beating their wives, of course.
>
> [first, note that the above URL contains covert tracking information,
> that "#.tnw_O0GihW8u" on the end.  Lauren, Dave, don't you strip that
> stuff off before sending it to hundreds or thousands of friends?  You
> should!]
>
> I'm not a big Apple defender, but Apple is probably making the right
> choice here.  The extremely slanted article that Dave and Lauren
> forwarded neglects to mention giving users real choice about their own
> privacy.  It also neglects the use of large-company Internet-based
> physical tracking services that are required and used for this
> supposedly "simple" AML (Advanced Mobile Location) feature.
>
> If users have location services turned off, they should stay off, even
> for emergency calls.  I don't want Apple (or Google especially)
> overriding my choices about whether my phone is going to track me.
> Especially not with the explicit connivance of government and
> supranational eurocrats.  These guys are famous for forcing stupid
> privacy choices on the public (like the RFID chips in passports,
> chosen because the immigration bureaucrats didn't consider merely
> moving their OCR passport readers 20 feet back along the queue of
> incoming people).
>
> On my own free software Android phone I enable the phone to find its
> location via receive-only radio transmissions from GNSS satellites
> (US's GPS, Europe's GLONASS, and China's Beidou satellites).  This
> enables my free software mapping application (OsmAnd, which uses the
> free culture OpenStreetMap database, which is stored directly in my
> phone) to help me navigate.  Neither Android nor OsmAnd is reporting
> either my general position or my specific location to ANY satellites
> nor ANY servers anywhere.  (Yes, Virginia, it is possible and easy to
> use mapping applications that DO NOT report your location to Apple,
> Google, Bing, NSA, or anybody else.  Of course, Apple, Google, Bing,
> and NSA don't tell you that.)
>
> I explicitly do not turn on "WiFi" or "GSM base station" location
> services.  That's because these services both require that the phone
> first listen to the local radio environment, and then REPORT that
> radio environment to servers run by large companies, via the Internet.
> These servers, run by Apple or Google or their subcontractors, store
> that information, and then reply to my phone with location information
> about those specific WiFi access points and those specific GSM cell
> towers.  In both cases, some big company has silently collected a data
> point about where my phone is, and thus where I am.  And they are
> under no obligation to me to use that information solely for my own
> benefit; quite the opposite.  They use it for their OWN benefit, and
> even use it to build up their databases about WiFi access points they
> haven't yet discovered.  They use it to sell things to me.  They use
> it to report me to government agencies and civil suit opponents under
> subpoenas, wiretap orders, or National Security Letters.  Etc.
>
> The article about AML was closely cribbed from press releases and
> other info published by EENA, the European Emergency Number
> Association, a nonprofit funded by EU project funding and by commercial
> vendors who sell to police agencies.(*)  The article and the EENA press
> release carefully neglect to point out how the government-requested
> AML feature would both override the user's location privacy settings,
> and would report the user's location to some large faceless
> corporation:
>
>  "The process is completely automated.  ... turn[s] on GNSS (global
>  navigation satellite system) and Wi-Fi. The phone then automatically
>  sends an SMS to emergency services, detailing the location of the
>  caller."
>
> The "report my location to large corporation" step between "turn on
> Wi-Fi" and "send an SMS to emergency services" has conveniently been
> ignored by this slanted article.  It's all about Saving the Children,
> not about Government Mandated Citizen Tracking Via Megacorps.  The
> "ignore my privacy settings" step isn't mentioned either; instead,
> EENA is quoted as saying "accurate location information should be sent
> during ALL emergency calls (emphasis theirs)" -- regardless of the
> user's privacy choices.  After all, who's in charge here?  The
> police agencies, or the citizen?
>
> The article also doesn't report that a significant fraction of calls
> to government emergency services (911 in the US; 112 in Europe) are
> spurious, typically "pocket dials".  AML would report your location to
> a company and to the emergency bureau, not just for real 911 calls
> that you make in an emergency, but for every 911 pocket dial as well.
> Try a web search for "911 pocket dial" for tons of links like these:
>
>  https://en.wikipedia.org/wiki/Pocket_dialing#Accidental_calling_of_emergency_services
>  
> https://www.theglobeandmail.com/news/toronto/remember-to-lock-your-phone-911-operators-forced-to-field-thousands-of-pocket-dials/article22990236/
>  http://www.cbc.ca/news/trending/man-dies-911-dispatchers-mistake-call-for-pocket-dial-1.3677006
>  http://abcnews.go.com/US/911-pocket-dial-leads-arrest-burglary-charges/story?id=26473210
>  
> https://www.yahoo.com/gma/blogs/abc-news/apparent-butt-dial-oregon-police-leads-drug-bust-113206871--abc-news-topstories.html
>  http://www.pennlive.com/nation-world/2014/12/woman_25_arrested_after_pocket.html
>
> This vague ETSI tech report for AML is the best technical description
> available of the service:
>
>  http://www.etsi.org/deliver/etsi_tr/103300_103399/103393/01.01.01_60/tr_103393v010101p.pdf
>
> It notes that if you're roaming in another country, either the SMS
> containing your location will go to your home country (not to the
> local emergency dispatcher -- another location information leak), or
> the phone will need to contain a database of countries and their
> dispatcher SMS numbers, plus a mechanism for regularly updating this
> database.  The report ignores the idea that the emergency dispatchers
> in each country should be able to forward such information to the
> right country's dispatchers; the standard tries to push all the
> complication into the phone firmware.
>
> It also states that:
>
>  "The use of AML software should be invisible to the user so 
>   as not to confuse them when they are trying to get help. 
>
>   No record of the SMS message should be available to 
>   the user either during or after the emergency call."
>
> In other words, don't tell the user that you spied on them, and don't
> let them see any record of your spying.
>
> It also notes that turning on location services can drain the battery,
> thus terminating the voice 911 call earlier.  
>
> It also says that a Time of Positioning should be sent in the SMS
> message; "the handset should attempt to use the time established by an
> NTP server, this should be possible if a network connection is
> available."  So now there's a second access to an NTP server somewhere
> on the Internet, that AML is requiring the handset to do, invisibly.
>
> It's getting less and less simple, the more we look into the details...
>
> Meanwhile, the proponents(*) have this to say:
>
>  http://www.eena.org/download.asp?item_id=209
>
>  "Are there any privacy risks?
>
>   No.   ..."
>
>       John
>
> (*) EENA says it's a nonprofit, not a regulator.  But it lobbies for
> and coordinates 1300 police agency bureaucrats from all over Europe
> and the world.  It's funded by ~400K euros of project funding from the
> EU government, plus 90 corporate members each paying 10,000 euros a
> year for the privilege of marketing their products to the 1300 "no
> membership fee" bureaucrat members; total about 1.1M euros a year.  We
> are seeing more orgs like this, full of officials but exempt from FOIA
> and sunshine laws, pushing totalitarian "solutions" that then their
> members go back and mandate in their own jurisdictions.  AAMVA is a
> big one in the US, pushing the idea that to solve "terrorism",
> everyone needs a government issued ID, tied to a national ID database,
> just to exist or travel.  Its membership: Heads of Departments of
> Motor Vehicles in each state -- the ones who issue those ID cards.
> They decline to allow privacy activists to join their membership,
> conferences, or discussions; we tried.




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170810192200:B3BFF6CA-7E22-11E7-8786-B8FCE1E445EA
Powered by Listbox: http://www.listbox.com