Apple faces questions from Congress about iPhone tracking

Computerworld - Sen. Al Franken (D.-Minn.), who chairs a new privacy panel set up in February, yesterday asked Apple to explain why its iPhones are tracking users' locations.

The Federal Communications Commission (FCC) is also reportedly looking into the matter, while a Congressman from Washington State has followed Franken's lead, promising to ask questions of his own.

Franken's letter to Apple CEO Steve Jobs came after a pair of British researchers reported Wednesday that iPhones and 3G iPads running iOS 4 logged up to 100 location entries daily.

The data is stored in an unencrypted SQLite file on the device, while a copy of the file is regularly backed up by Apple's iTunes during synchronization, then saved on the device owner's Windows PC or Mac.

Security experts have expressed concern that the data is unencrypted and easily readable by anyone with access to a smartphone or tablet -- perhaps after one is lost or stolen -- or to the synching computer.

Franken, who is on the Senate Judiciary Committee, was appointed chairman in February of the newly-created Senate Subcommittee on Privacy, Technology and the Law.

"Anyone who gains access to this single file could likely determine the location of a user's home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken -- over the past months or even a year," said Franken in the letter to Jobs (download PDF).

Although Jobs is on indefinite medical leave, he remains the CEO of Apple. In his absence, COO Tim Cook is running the company.

Franked posed nine questions and asked for a "prompt response" from Apple.

"Why does Apple collect and compile this location data?" Franked asked. "Why did Apple choose to initiate tracking this data in the iOS 4 operating system?"

Franken also asked for answers to a range of other queries, including how the data was obtained, the location mapping precision, to whom the data is disclosed and whether Apple believes the tracking is covered by its privacy policy.

Additionally, the letter asked why the data was not encrypted and why Apple did "not seek affirmative consent" from users before logging the locations.

"There are numerous ways in which this information could be abused by criminals and bad actors," said Franken in the letter. "Furthermore, there is no indication that this file is any different for underage iPhone and iPad users, meaning that the millions of children and teenagers who use the iPhone and iPad devices also risk having their location collected and compromised."

Apple has not responded to questions about the iOS location tracking.

Rep. Jay Inslee (D-Wash.) also took a shot at Apple in a statement today, saying he was "deeply disturbed" by the news and promised to ask his own questions of the Cupertino, Calif. company.