Interesting People mailing list archives
re Apple refuses to override user location spying choices
From: "Dave Farber" <farber () gmail com>
Date: Thu, 10 Aug 2017 19:21:51 -0400
Begin forwarded message: From: John Gilmore <gnu () toad com> Subject: Re: [IP] Apple refuses to override user location spying choices Date: August 10, 2017 at 6:18:57 PM EDT To: dave () farber net Cc: "ip" <ip () listbox com>Apple refuses to enable iPhone emergency settings that could save countless lives https://thenextweb.com/apple/2017/08/10/apple-refuses-enable-iphone-settings-save-countless-lives/#.tnw_O0GihW8uOK why Apple are you refusing? DfarberBecause they've stopped beating their wives, of course. [first, note that the above URL contains covert tracking information, that "#.tnw_O0GihW8u" on the end. Lauren, Dave, don't you strip that stuff off before sending it to hundreds or thousands of friends? You should!] I'm not a big Apple defender, but Apple is probably making the right choice here. The extremely slanted article that Dave and Lauren forwarded neglects to mention giving users real choice about their own privacy. It also neglects the use of large-company Internet-based physical tracking services that are required and used for this supposedly "simple" AML (Advanced Mobile Location) feature. If users have location services turned off, they should stay off, even for emergency calls. I don't want Apple (or Google especially) overriding my choices about whether my phone is going to track me. Especially not with the explicit connivance of government and supranational eurocrats. These guys are famous for forcing stupid privacy choices on the public (like the RFID chips in passports, chosen because the immigration bureaucrats didn't consider merely moving their OCR passport readers 20 feet back along the queue of incoming people). On my own free software Android phone I enable the phone to find its location via receive-only radio transmissions from GNSS satellites (US's GPS, Europe's GLONASS, and China's Beidou satellites). This enables my free software mapping application (OsmAnd, which uses the free culture OpenStreetMap database, which is stored directly in my phone) to help me navigate. Neither Android nor OsmAnd is reporting either my general position or my specific location to ANY satellites nor ANY servers anywhere. (Yes, Virginia, it is possible and easy to use mapping applications that DO NOT report your location to Apple, Google, Bing, NSA, or anybody else. Of course, Apple, Google, Bing, and NSA don't tell you that.) I explicitly do not turn on "WiFi" or "GSM base station" location services. That's because these services both require that the phone first listen to the local radio environment, and then REPORT that radio environment to servers run by large companies, via the Internet. These servers, run by Apple or Google or their subcontractors, store that information, and then reply to my phone with location information about those specific WiFi access points and those specific GSM cell towers. In both cases, some big company has silently collected a data point about where my phone is, and thus where I am. And they are under no obligation to me to use that information solely for my own benefit; quite the opposite. They use it for their OWN benefit, and even use it to build up their databases about WiFi access points they haven't yet discovered. They use it to sell things to me. They use it to report me to government agencies and civil suit opponents under subpoenas, wiretap orders, or National Security Letters. Etc. The article about AML was closely cribbed from press releases and other info published by EENA, the European Emergency Number Association, a nonprofit funded by EU project funding and by commercial vendors who sell to police agencies.(*) The article and the EENA press release carefully neglect to point out how the government-requested AML feature would both override the user's location privacy settings, and would report the user's location to some large faceless corporation: "The process is completely automated. ... turn[s] on GNSS (global navigation satellite system) and Wi-Fi. The phone then automatically sends an SMS to emergency services, detailing the location of the caller." The "report my location to large corporation" step between "turn on Wi-Fi" and "send an SMS to emergency services" has conveniently been ignored by this slanted article. It's all about Saving the Children, not about Government Mandated Citizen Tracking Via Megacorps. The "ignore my privacy settings" step isn't mentioned either; instead, EENA is quoted as saying "accurate location information should be sent during ALL emergency calls (emphasis theirs)" -- regardless of the user's privacy choices. After all, who's in charge here? The police agencies, or the citizen? The article also doesn't report that a significant fraction of calls to government emergency services (911 in the US; 112 in Europe) are spurious, typically "pocket dials". AML would report your location to a company and to the emergency bureau, not just for real 911 calls that you make in an emergency, but for every 911 pocket dial as well. Try a web search for "911 pocket dial" for tons of links like these: https://en.wikipedia.org/wiki/Pocket_dialing#Accidental_calling_of_emergency_services https://www.theglobeandmail.com/news/toronto/remember-to-lock-your-phone-911-operators-forced-to-field-thousands-of-pocket-dials/article22990236/ http://www.cbc.ca/news/trending/man-dies-911-dispatchers-mistake-call-for-pocket-dial-1.3677006 http://abcnews.go.com/US/911-pocket-dial-leads-arrest-burglary-charges/story?id=26473210 https://www.yahoo.com/gma/blogs/abc-news/apparent-butt-dial-oregon-police-leads-drug-bust-113206871--abc-news-topstories.html http://www.pennlive.com/nation-world/2014/12/woman_25_arrested_after_pocket.html This vague ETSI tech report for AML is the best technical description available of the service: http://www.etsi.org/deliver/etsi_tr/103300_103399/103393/01.01.01_60/tr_103393v010101p.pdf It notes that if you're roaming in another country, either the SMS containing your location will go to your home country (not to the local emergency dispatcher -- another location information leak), or the phone will need to contain a database of countries and their dispatcher SMS numbers, plus a mechanism for regularly updating this database. The report ignores the idea that the emergency dispatchers in each country should be able to forward such information to the right country's dispatchers; the standard tries to push all the complication into the phone firmware. It also states that: "The use of AML software should be invisible to the user so as not to confuse them when they are trying to get help. No record of the SMS message should be available to the user either during or after the emergency call." In other words, don't tell the user that you spied on them, and don't let them see any record of your spying. It also notes that turning on location services can drain the battery, thus terminating the voice 911 call earlier. It also says that a Time of Positioning should be sent in the SMS message; "the handset should attempt to use the time established by an NTP server, this should be possible if a network connection is available." So now there's a second access to an NTP server somewhere on the Internet, that AML is requiring the handset to do, invisibly. It's getting less and less simple, the more we look into the details... Meanwhile, the proponents(*) have this to say: http://www.eena.org/download.asp?item_id=209 "Are there any privacy risks? No. ..." John (*) EENA says it's a nonprofit, not a regulator. But it lobbies for and coordinates 1300 police agency bureaucrats from all over Europe and the world. It's funded by ~400K euros of project funding from the EU government, plus 90 corporate members each paying 10,000 euros a year for the privilege of marketing their products to the 1300 "no membership fee" bureaucrat members; total about 1.1M euros a year. We are seeing more orgs like this, full of officials but exempt from FOIA and sunshine laws, pushing totalitarian "solutions" that then their members go back and mandate in their own jurisdictions. AAMVA is a big one in the US, pushing the idea that to solve "terrorism", everyone needs a government issued ID, tied to a national ID database, just to exist or travel. Its membership: Heads of Departments of Motor Vehicles in each state -- the ones who issue those ID cards. They decline to allow privacy activists to join their membership, conferences, or discussions; we tried.
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580 Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170810192200:B3BFF6CA-7E22-11E7-8786-B8FCE1E445EA Powered by Listbox: http://www.listbox.com
Current thread:
- re Apple refuses to override user location spying choices Dave Farber (Aug 10)