TomTom, Apple and the Security-GPS Complex

TomTom, the maker of a popular Global Positioning Device that helps drivers navigate their way in unknown territory, sold its data to the Dutch government. Dutch police requisitioned the data, and used it to set up speed traps for motorists! In other words, TomTom may as well have been spying on people for the government and police and advising the latter how best to stick it to them with nuisance traffic tickets. TomTom’s data did not reveal individual identities, but it still was a form of surveillance for the state on large numbers of individuals.

This gathering of information about your whereabouts via GPS by private corporations who then share it with the government or allow the government easy access to it, is a major threat to individual privacy.

Apple on Wednesday (way too late!) denied collecting data at its own servers on the movements of its iPhone and iPad custormers using ios 4. But it admitted that it had installed a database file on all such devices that has been tracking the whereabouts of its customers and storing that information unencrypted since last summer. It turns out that Google/ Android smartphones do much the same thing.

It is just wrong that Apple did not tell its customers it was creating such a long-term database, unencrypted, on both the device and on the computer on which it is backed up. (Consumers can encrypt the back-up file, but had never been prompted to do so). Apparently Apple intends to ensure in the next operating system upgrade that customers can opt out of being involuntarily tracked on their own devices.

Police, unlike the consumers, have known about these databases for some time and have access to devices that will easily extract and display it. Given that courts have held that border agents can search computers at will, it is difficult to see why they couldn’t also search smartphones, which means anyone who travels abroad and back could be forced to surrender to the government a database of their movements for the past year. Without a warrant and with no reason given.

The government does not have a right to engage in warrantless, unreasonable searches into our private lives (the fourth amendment excludes our “effects” from the prying eyes of constables, and surely a database of our own movements kept on our own phone and computer is enough like a diary that the Founding Fathers would have considered it an “effect”) But the National Security State is enamored of warrantless GPS tracking of Americans.

Now that corporations are inserting themselves into our intimate lives (mainly for marketing purposes), they are creating diary-like information for us against our will and then laying it out in public where it is fair game for government surveillance. There is a Security-GPS Complex growing up that will be the death of the Fourth Amendment if we are not careful. Apple should not want to be part of such an Orwellian structure.

Posted in Uncategorized | 18 Responses | Print |

18 Responses

  1. I got a traffic ticket when I was driving a rental car in Holland; the ticket was produced by an automated camera/computer system. I did not regard the ticket as a “nuisance”; I say it as part of a reasonable attempt to create a decent human society. Cars themselves are nuisances, quite difficult to manage, and driving them at whatever speed we want is not a basic human right. Being able to walk down the street safely, however, IS a basic human right, and by speeding I was infringing on other people’s rights to do so. I’m not thrilled about the prospect of a Security-GPS complex, but I cheer on Dutch efforts to keep cars under control.

    • At what point do we become simply part of the Borg, where all our actions are tracked and deviant behavior is disciplined automatically? I guess it’s inevitable given people’s paranoia about safety (see above) but I find it very disturbing.

  2. I’m an old curmudgeon living (sometimes uncomfortably) in the (non-late) 20th century: I have no cellphone, no iXXX, etc. Therefore I have not faced these problems. (My problem, often, is finding a payphone.)

    As to 4th amendment, already in tatters under the merciless onslaught of the S/C in service of the police-state (did the founding fathers really provide the 4th with a love of the police-state? Wasn’t there an unpleasant memory of the British “writs of assistance” to make unwarranted searching deeply abhorrent to Americans?), computer files may look like “effects”, but to me they also look like “papers”, also purportedly protected by the 4th [“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures”]). The Court has whittled the 4th away to not much by reducing the meaning of “unreasonable”, arguing that in various contexts people have no reasonable expectation of privacy. As when, I suppose, crossing national borders.

  3. I can’t get too exercised over the Dutch government getting access to this information. They take road safety seriously in that country, and have a decently lower per-mile death rate than we do, and intend to bring it down even further. In this country, every year car and truck crashes kill 30,000 annually, 3000 of those pedestrians. It would be nuisance enforcement if it didn’t do anything to bring down the death rate, but apparently, they do in fact work to make their roads safer.

    See, for example: link to

    Note that the #1 reason people give for not riding a bike is that they are “scared of the traffic”. “Terrorized”, perhaps. A response, proportional to 9/11’s death toll, would of course be to invade our privacy in a dozen embarrassing, useless, and intrusive ways, and to “bring democracy” to ten nations of brown-skinned people that had nothing to do with the problem. I commend the Dutch on their restraint in not exporting democracy, and in finding relatively productive privacy invasions.

    In terms of minimizing deaths, simply shifting transit away from driving has a much larger public health effect that does not appear in crash statistics. One estimate (Mayer Hillman) suggests a 10 or 20 to 1 payoff in expected years of life lost, shifting from driving-only to use of a bicycle (i.e., lack of activity is 10x more dangerous than bicycle crashes, which in turn are more dangerous than car crashes). A Danish study observes a 39% higher mortality rate for non-bicycle commuters, even with the usual adjusting-for-other-risk-factors. Thus, even a perceived loss of driving privacy, if it results in people spending more time out of their cars, has public health benefits.

    • The point is that TomTom did not ask us if we wanted to share that information with the government; it was gathered from us; it is iurs; we should have a say.

      • If that is the point, don’t muddle it up with a silly phrase like “nuisance traffic tickets.” That was what got my goat, and seems to be what DR@CHASE was responding to as well. Dutch traffic tickets are not a mere nuisance; they are part of a serious effort to curb a menace that kills about 1,000,000 people worldwide every year–most of them probably pedestrians, which means poor people killed by rich people. OK, we should have a say; if I had a say, I would say go ahead and use the data, as long as it doesn’t reveal individual identities.

  4. It’s almost cute to see people grapple with the dawning realization that they have no privacy rights. The government has long been reading your email, listening to your calls, and tracking your location via cell phones and EZ passes.

    So let me be clear: whatever you think the 4th Amendment gives you in terms of privacy — it doesn’t. There is no limit to what the government can do you. Been that way for some time now…

  5. Malware attacks are known quite for some time. Why now it is up to FBI to take care of this? As a result, FBI, Justice Department and the Courts discuss purely technical issues which have absolutely no meaning for non-specialists!

    Also, this is pretty bad for international cooperation. Malware affects everybody, but why should anybody but close US allies cooperate in the FBI effort?

    Lots of countries would be happy to work with neutral private entities, but not with US intelligence, this is a completely different matter!

    Are we looking for the war on malware? This is going to be quite unfortunate.

    link to

  6. I suspect these companies are paid well by the state for providing this info. That’s why they do it. They probably either receive direct monetary payments or special favors or contracts. Just as was done with the telecoms.

  7. Prof. Cole,

    Thanks for this very good post. I share your fears about this “Security-GPS Complex”, and see it as yet another — but very dangerous — example of corporatism (which, as you know, is the word Mussolini recommended be used instead of ‘fascism’). It is inimical to democracy, and it is precisely what the Supreme Court conferred its blessing in its disgusting decision in Citizens United v. Federal Election Commission. These huge and powerful corporations are the greatest threat to both our liberty and our planet, toward which they act with utter contempt. Even as they help Big Brother to spy on us, they manipulate the political process (“the best democracy money can buy”) with their vast wealth, most of which has been built up on the backs of the working class and at the expense of the Third World’s poor, while polluting the environment and laying waste to whole ecosystems.

  8. Profit considerations outweigh all others, including privacy for capitalist corporations. It’s not that they’re bad people, though they may be, the logic of the system compels certain behavior to increase profits. If their conscience won’t let them do it, there are many people right down the hall willing to take their place and do it. Thus, relying on people running Apple to be good citizens is naive.

  9. In 2001, cellphones were required by law to track location and make it available upstream. This was done so that 911 services could locate callers. One may argue whether or not this invasion of privacy was justified and should have been enacted or should be repealed, but for now, it is the law. Why did it take 10 years for the public to become aware?

  10. It gets better even: Today, the official Dutch Data Protection Authority (CBP, or DPA) published its findings in a research of the (major) The Hague police corps district and the national CID, and their use of the Central Information Point for the Research of Telecommunications (CIOT), a database gathering information of telecom providers who are legally bound to deliver such, and open to queries by law enforcement agencies (notably name and address particulars and email and IP addresses).

    Its findings include

    — Of 22 investigated requests, 14 were unlawful. (5 Out of 11 with the The Hague police corps, 9 out of 11 with the CID.)

    — The year 2009 saw some 3 million requests, as opposed to some 1.7 million in 2007. (The Dutch population is currently estimated to number some 16.5 million. We have for years been said to have the highest number per capita of telephone taps and other such surveillance in the world.)

    — In the The Hague police corps district (these districts cover a rather wider area), of 25 officers with access to CIOT, only 6 have the required clearance to do so.

    — Law enforcement agencies furthermore often approach telecom providers directly, bypassing CIOT, with such data transfer manifestly having no adequate protection.

    The appropriate minister now threatens to shut off police corpses who don’t clear up their act from access to CIOT; it is noted that such corpses would still gain access through those who do meet standards.

    Yours truly from the Netherlands; I’ve not found reports on this in English yet, I guess they may come out over the coming days; the CBP’s findings can be accessed in Dutch at link to (and I notice now they have an English section as well, so I guess they too may come up with something in that language soon).

    The above data btw swiftly lifted from a report at link to .

  11. Those tech movies are going to end up being right. Technology will really turn its back against us and be used against us. It’s already happening.

  12. can there be two issues here:

    separation of actual powers is none: public and private sectors, universities, governments and corporations are one gluey blob.

    and what could be called one-way transparency and accountability. if this is the case as now it is, transparency is barely better then complete opacity. transparency should be both ways, always. real people from within the blob and glue should take the blame and be fined, there is no excuse for playing dumb at this level.

  13. You know that your phone contains GPS loggings…

    and you want to make an alibi…

    so you hack your phone and put in coordinates that show you were somewhere else when you were really doing something nefarious.

    GPS databases are a two-edged sword.

Comments are closed.