January 2008
Good NY Times Magazine Article on E-Voting (6 January 2008)
A License for Geiger Counters? (9 January 2008)
Hacking Trains (11 January 2008)
A New Internet Wiretapping Plan? (15 January 2008)
The CIA Blames Hackers for Power Outages (18 January 2008)
Apple Adds the Missing Applications to the iPod Touch (23 January 2008)
The Dangers of the Protect America Act (27 January 2008)
Massive Computer-Assisted Fraud (29 January 2008)

Apple Adds the Missing Applications to the iPod Touch

23 January 2008

A while ago, I wrote about missing applications on the iPod touch. Specifically, I wondered why the email, notes, map, and stock applications were missing. Apple has now added them via a software update. This is good; however, there are two possible flies in the ointment.

First, Apple is charging $20 for the update. Presumably, they’re charging because they’re adding new features; however, those features should have been there in the first place.

The second issue is more subtle and concerns the WiFi-based geolocation service on the new iPod Touch, which apparently uses technology developed by Skyhook Wireless. Skyhook Wireless has built up a database mapping the location of WiFi access points to locations. When you initiate a location query, the iPod Touch (and the iPhone) listen for access points and send the list to Skyhook Wireless; it replies with your approximate location. The question is what else happens to that data.

Skyhook Wireless has a pretty good privacy policy. However, they inherently know your IP address, at least at some point — they couldn’t talk to you over the Internet without that — and IP addresses are sometimes (rightly) considered to be personal information. On the other hand, exactly how Skyhook Wireless treats the IP address is a bit confusing:

WPS may, if configured by the end-user application, also identify the Internet Protocol or IP address (a unique identifier assigned to any device accessing the Internet) of your computer. The identification of your IP address is a standard, commonly accepted practice used by a majority of the websites and services on the Internet.
I don’t know what it means to "identify" an IP address. The web page does note that if the access points within reach are not in their database, ordinary IP geolocation techniques — based on your IP address — may be used instead.

The question is what else can be done with your location data. The usual geotargeted advertising is permitted:

Skyhook may also use this information to deliver targeted, location-based advertising or to aggregate data about general usage (e.g., there are X number of WPS users in the 12345 zip code) to potential advertisers.
Furthermore, the data is accessible to law enforcement: "Skyhook may disclose location information if required to do so by law or in the good faith belief that such action is necessary to (a) conform to a legal order or comply with legal process served on Skyhook". But what is the legal standard for such court orders? It strikes me as likely that it would be treated as information voluntarily disclosed to a third party — Skyhook — and hence not within a subject’s expectation of privacy. This is unfortunate, since most people will have no idea what, if anything, is being transmitted or to whom (Apple’s web site sure doesn’t say), and a popular technology people are familiar with (GPS) is purely passive.

All that said, the new features make the iPod Touch very attractive. I’m still waiting to see what the terms and conditions are for the software development key — but my iPod Nano is showing its age and may need replacing…

Tags: Apple
https://www.cs.columbia.edu/~smb/blog/2008-01/2008-01-23.html