Liberty News

Security researchers have discovered that Apple's iPhone keeps a record of where you go -- and saves every detail of it to a secret file on the device which is then copied to the owner's computer when the two are synchronised.

The file contains the latitude and longitude of the phone's recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner's movements using a simple program.

For some phones, there could be almost a year's worth of data stored, as the recording of data seems to have started with Apple's iOS 4 update to the phone's operating system, released in June 2010.

Apple has made it possible for almost anybody -- a jealous spouse, a private detective -- with access to your phone or computer to get detailed information about where you've been, said Pete Warden, one of the researchers.

Although mobile networks already record phones' locations, it is only available to the police and other recognised organisations following a court order under the Regulation of Investigatory Power Act.

Warden and Allan have set up a web page which answers questions about the file, and created a simple downloadable application to let Apple users check for themselves what location data the phone is retaining.

The Guardian has confirmed that 3G-enabled devices including the iPad also retain the data and copy it to the owner's computer.

Google has announced that it was placing 60 of its Web services under a unified privacy policy that would allow the company to share data between any of those services. (Google Books, Google Wallet and Google Chrome are excluded due to different regulatory and technical issues.)

Any user with a Google account --- used to sign in to services such as Gmail, YouTube and personalized search --- must agree to the policy. Users who don't want to have their data shared have the option to close their accounts with Google.

The changes will apply from March 1st.

Data-protection agencies in Ireland and France said they would assess the implications of the push. At least one consumer-advocacy group fretted that the policy -- which makes it easier for Google to target advertisements to specific groups -- might tie users' hands and make it harder for them to limit what the company can do with their information.

This announcement is pretty frustrating and potentially frightening from a kids and family and teenager standpoint and an overall consumer privacy standpoint, said James Steyer, chief executive officer of San Francisco-based Common Sense Media.

...Read the full article

After Newham in London, Aberdeen Council has introduced a video system that gives council staff first sight of every visitor to residential properties.

Previously the video entry system connected the person at the door with the property they were trying to enter, and the person inside was able to see a video image of the person outside and, if they wished, remotely open the door.

Aberdeen Council has now written to residents informing them that they are going to change the system so it is a council operator who controls access, and gets to see who is visiting you. The letter reads:

When a non-resident calls your flat from the entrance, the call would be diverted to a centralised control room, where we will also monitor the current CCTV cameras in your building 24 hours a day. A member of staff from the control room would contact you directly and ask if you agreed to the non-resident being allowed access to the building.

Why should a council official be able to see the visitors to your flat before you do? It's no business who you have into your own property and the last thing residents need is a council official scrutinising everyone they invite round for a cup of tea.

Following the intervention of Big Brother Watch, the council has confirmed that residents who do not wish their visitors to be seen by a council official in the control room will be able to opt-out of the system.

Researchers have found that so called smart electricity meters can be used to determine what TV programmes people are watching.

German researchers have been looking over meters from the company Discovergy. They found that the fluctuating brightness levels of a film or TV show when displayed on a plasma-screen or LCD TV created fluctuating power-consumption levels. This creates a power/consumption signature for a film that might be determined from the readings obtained by Discovergy's technology.

The researchers also found that Discovergy apparently allowed information gathered by its smart meters to travel over an insecure link to its servers. The information -- which could be intercepted -- apparently could be interpreted to reveal not only whether or not users happened to be at home and consuming electricity at the time.

This was revealed during a presentation by researchers Dario Carluccio and Stephan Brinkhaus at the 28th Chaos Computing Congress (28c3) hacker conference in Berlin late last month.

During the talk, entitled, Smart Hacking for Privacy, the researchers explained that they came across numerous security and privacy-related issues after signing up with the smart electricity meter service supplied by Discovergy.

Because Discovergy's website's SSL certificate was misconfigured, the meters failed to send data over a secure, encrypted link - contrary to claims Discovergy made at the time before the presentation. This meant that confidential electricity consumption data was sent in clear text.

In addition, the researchers discovered that a complete historical record of users' meter usage was easily obtained from Discovergy's servers via an interface designed to provide access to usage for only the last three months. The meters supplied by the firm log power usage in two-second intervals. This fine-grained data was enough not only to determine what appliances a user was using over a period of time -- thanks to the power signature of particular devices -- but even which film they were watching.

The researchers concluded that the two-second frequency of power readings was unnecessary for Discovergy's stated goals. One has to ask why the sample rate was fast enough to determine customers viewing habits and what devices they are using and why a complete history of such information is being kept.

Shopping centres have triggered a Big Brother row after installing equipment that allows them to track customers using their mobile phone signals.

The technology has raised privacy concerns after it emerged that major shopping centre owner Land Securities has installed it at ten of Britain's biggest malls.

These include the giant Cabot Circus, Bristol; Gunwharf Quays, Portsmouth; Princesshay, Exeter; Buchanan Galleries, Glasgow; Bon Accord & St Nicholas, Aberdeen; and The Centre, Livingston. Malls using the FootPath system in the London area include One New Change and New Street Square in the City; Cardinal Place, Victoria; and The Galleria, Hatfield.

A tiny yellow sign in Exeter's Princesshay shopping centre is the only warning customers receive that their mobile phone signal is being tracked by Footpath's scanners. There is no way to opt out except not to enter or to turn off your mobile

Path Intelligence, which developed the system in the UK, said it includes safeguards to prevent spying on individuals and that no personal information is collected. Rather, it is designed to track people's movements to better understand what shops and services they find most interesting or useful.

Nick Pickles, of privacy and civil liberties group Big Brother Watch, said the law needs to be tightened to cope with new mobile phone tracking systems:

People are right to be worried that their mobile phones can be turned into tracking devices very easily, without their permission or knowledge.

While we have been given assurances that the FootPath technology is not capable of capturing personal information or sending communications to people's phones, other technologies which would allow this are available.

Such tracking and communications would be a significant intrusion on privacy.