The news that Apple has been tracking iPhone locations is a reminder that we don't always know what our smart phones are doing. We'll get a preview of the next Ethics in Science and Technology forum called WHO OWNS YOUR CELLPHONE?
GUESTS: Michael Kalichman is director of the Center for Ethics in Science and Technology. He is Director of the Research Ethics Program at UC San Diego
Greg Rose, Senior Vice-President in the office of the chief scientist for Qualcomm incorporated.
EVENT: The next Center for Ethics in Science and Technology discussion called WHO OWNS YOUR CELLPHONE? will take place next Wednesday, May 4 at the Rueben H Fleet Science Center in Balboa Park starting at 5:30 PM.
Read Transcript
This is a rush transcript created by a contractor for KPBS to improve accessibility for the deaf and hard-of-hearing. Please refer to the media file as the formal record of this interview. Opinions expressed by guests during interviews reflect the guest’s individual views and do not necessarily represent those of KPBS staff, members or its sponsors.
CAVANAUGH: Lawsuits are being filed and Apple has tried to explain, but the news opens up the question of who the heck owns your cellphone anyway? That happens to be the subject of the next ethics and science technology forum in Balboa Park. Here to give us a preview are my guests. Michael Kalichman is director for the center for ethics in science and technology. He's director of the research ethics program at UCSD. Good morning, Mike.
KALICHMAN: Good morning issue Maureen.
CAVANAUGH: And Greg Rose is senior vice president in the office of chief scientist for Qualcomm incorporated. Greg, good morning.
ROSE: Good morning, Maureen. Thanks for having me.
MAUREEN CAVANAUGH: Thank you for coming in. Greg, I'm gonna start with you. Can you explain how apple has been tracking iPhones?
ROSE: Yeah, I believe I can. The purpose behind them tracking the iPhones appears not to be because they want to track the individual owner of the iPhone. What they want to do is have the iPhone improve its position location services by noticing when there are Wi-Fi networks around, and Wi-Fi networks in people's homes or their business or wherever, can quite often give a pretty precise indication of where the phone is without having to do all of the complicated triangulation, and GPS calculations and all of that kind of stuff. So it appears, and apple have been saying this, the fact that the log was kept on the phone in an insecure manner and had a lot more detail, like the phone would know where it was when it was reporting back to Apple about these wi-fi networks. They just didn't do the job very well of sanitizing that information and getting rid of it when it was necessary.
MAUREEN CAVANAUGH: Explain to us a little bit more of where that data was stored, and you said in basically an unprotected manner.
ROSE: Yeah, it's stored in a fairly simple database file. I don't want to go into too much detail. The file is in just one of the standard places on the iPhone where if you have jail broken your iPhone, that is, you get more access to it than your normal user has, and it's fairly straightforward to fine this file, fairly straightforward for some savvy people to figure out what's inside it, and then of course another part of the problem is that every time you plug in your iPhone for a synch, it backs up the contents, so that file not only appears on your phone, but also on YPC, where it's available to all sorts of hackers.
CAVANAUGH: To all sorts of hackers. Mike, what's the ethical implication of a company doing this? Without -- basically without the knowledge of the people who have the iPhone?
KALICHMAN: Well, the ethics is, in this case, simple. We have information that we retain on our phones. In this case, specifically, we have information with where we have been. And there for various reasons may be reasons that we would prefer that not to be known widely or for somebody to capture that information. And we simply don't upon. I think the key here isn't so much that we might be watched, it's that we probably would like to know who's watching us, and what they're gonna do with that information.
CAVANAUGH: Indeed.
KALICHMAN: Now, is this, apple phones, the only cellphone technology that is actually storing this kind of data? Do we know if Andriod phones -- I think Andrew would be the right person to answer that.
ROSE: We do know that Android do the same thing. Android phones do the same thing. Google's already had one brush with this privacy sort of issue in Europe where the vans that they send around to map the street views were doing essentially the same thing. So Google were much more aware of this. So the android phones, they store the last seven days, and then they overwrite it, you know, a sort of rolling pattern. And they were much more careful about sanitizing it, but the recent information is there on your android phone as well.
MAUREEN CAVANAUGH: Now, before you -- you scheduled this topic if are your ethics forum it, Mike, well before the for broke last week. So bodies the idea of I -- the apple people trying to keep a location data map of course basically of these iPhones, what recall the other concern when is it comes to who owns your cellphone?
KALICHMAN: Sure. I think we can broadly summarize that. Our phone is this fantastic source of the end use are information. We store information on our phone, and we transmit information. And to a large except, we think of that as being private, that nobody wouldville access to that. But we now know that people either [CHECK AUDIO] that have the networks that the phones are on, have certain kinds of access to that information. But even people that we might not want to access that information. Outside of that network that we do not know, hackers might be able to get in very ways. There's a report on PBC news just last week about a couple of individuals who are looking at some of the older technologies, still widely used in the world were able to, from a distance of 500 yards, were able to get into somebody's phone, and access a wide variety of information, including stealing the phone calls that were coming across that phone. So knowing that people could do that, at least that's part of thethics piece here, we should know what's possible soy upon where some of the risks are.
CAVANAUGH: And Greg, part of the ethics have to do with cellphone applications themselves. Some of these cellphone applications are generating information for themselves, aren't they?
ROSE: Yes, that's certainly true. And not only that, but depending on, you know, whether you've done what I mentioned, jail breaking your phone or not, the applications can also access other applications' data. So interchanging that private application, even if application A legitimately wanted to know your home address for some reason, I don't know what that might be, that doesn't mean that application B should have access to that information. And they have not been nearly as widely publicized, [CHECK AUDIO] some android apps that were collecting information from other applications and sending it back to the -- back to their application writers' home base, and we still don't really know whether why they were doing that. They were just basically collecting everything they could find and accepting it. So that's pretty scary.
CAVANAUGH: It is pretty scary. So until practical terms though, what kind of applications are we talking about that would do this sort of thing?
ROSE: Well, applications might masquerade as innocuous games. They might be used for financial management. There are applications that help you access bank accounts, check balances, transfer money, and obviously those are -- those should be disjointed sets, but when the game manufacture's application is sending financial information back to homose, that's really not a good thing.
MAUREEN CAVANAUGH: No, it's not. And the fact that you have welcomed, let's say, a game app on your phone, which comes with this hidden sort of financial thing, does that -- does that make the ethical part of it more questionable in that you have already agreed to down load this application?
ROSE: Well, certainly, and I sort of hate to say it, but the world that we live in has trained us to just click yes, to just click okay when it pops up a dialog box saying do you want me to help you -- assist you in writing this Word document and at the same time withdraw $100,000 from your account, we're trained to click "Okay."
And we're also trained not to read the license agreements. So for example, the license agreement you signed when you bought your iPhone says says, by the way, apple can use your location data, and you agreed to it.
ROSE: Right, because no one reads it.
ROSE: So did you know whether you agreed to it or not? That's a good questions that I'd like to find out more about.
CAVANAUGH: We do have to take a short break. When we return, we'll talk more about who owns your cellphone, stay with us for more of These Days on KPBS.
MAUREEN CAVANAUGH: I'm Maureen Cavanaugh, and You're listening to These Days on KPBS. We're getting a preview of the next ethics forum discussion called who owns your cellphone. And we gap talking about the iPhone tracking scandal that was revealed last week. My guests are Michael Kalichman and Greg rose. And let's talk hackers. You brought up the subject, Mike, with that sort of scary story from Britain. Would that tracking data that we were talking about, Greg, be of any use to people who wanted to hack into an iPhone?
ROSE: Probably not. I think they would have had to hack the iPhone first to get.
CAVANAUGH: I see.
ROSE: To get access to the tracking data.
CAVANAUGH: But if they did get access to it, what would it tell them? Anything?
ROSE: Oh, the mind boggles with the possibilities. Part of my job as head of security is we have to think in terms of bad scenarios, so without having put any forethought into this at all, if I want to go to the worst kind of scenario, I would think, well, if a terrorist wants to know your movements so he can plant a bomb on you, and get it taken into the headquarters of KPBS, had, that information would be there for them. So that's a pretty nightmarish scenario. But there are many lesser degrees. We've discovered that by watching people's movements as recorded on iPhones, you can pretty much predict where they're going to go, people know that I go shopping on Thursdays, stuff like that.
MAUREEN CAVANAUGH: This is not normally the reason that people do hack into phones though, to find out where you're gonna be and when.
ROSE: No, of course not.
CAVANAUGH: What are the reasons that they do that?
ROSE: Well, increasingly, these days, especially our smart phones are repositories of information. And many people -- in fact, I did a show of hands the other day, and at least two thirds of the people in the audience said that they do store bank account information on their phones. And coming soon, there's a new technology called NFC, [CHECK AUDIO] just like you can do with some credit cards today. That's effectively money stored on your phone, and of course, if the hackers can make a profit, then that's when we really have to worry.
MAUREEN CAVANAUGH: Now, how easy is it for hackers to gain access to smart phones?
ROSE: We like to think that it's harder than they want it to be. But I would be wrong to say that it's not possible. You know, cellphones are trailing behind the PCs of the world. If you think of them in terms of capability, they're about ten years behind. A cellphone today is about a ten-year-old PC. And in many other way, we're a bit ahead of that. But security wise, they're not as hardened AP Cs running modern day operating systems.
CAVANAUGH: And how about like antivirus protection for cellphones? Is there anything like that out there?
ROSE: Antiviruses for cellphones are available. But to be honest, we think they're the wrong answer. Part of the reason is, that's this humongous file that stores the signatures for all the viruses, and somehow that has to get to your cellphone. If every cellphone in the U.S. had an antivirus ap installed and was downloading these big antivirus lists, there wouldn't be any time left to make cellphone calls or down load your data. So we're concentrating on hardening the insides of the cellphone, so the virus just can't get a hand hold, you know.
MAUREEN CAVANAUGH: In speaking with Greg earlier, Mike, he described a cellphone as computers that can make phone calls. And I'm wondering if you get the feeling that most people think of their smart phones that way, or are a little bit too easygoing and think of them, perhaps, as the old fashioned mobile phone that didn't really carry that much information.
DEFENDANT: Well, two thoughts on that, the first is that there's some data from this past year, we now are at the point where people are using their cellphones less for phone calls than for sending text and information back and forth. Teenagers apparently are -- more than half of them, greater than -- 1500 text messages a month, 50 a day, many pointers are aware of that, bun not all of your listeners may be aware of that. So in that sense, we have a phone that's not being used just for calls but I think people are thinking of them as -- we think of a phone as something almost like being -- just talking to somebody, and it's our conversation, it doesn't belong to anybody else, and there's no way that anybody else accesses it, exempt with the person you're talking to. And now with the technology, we realize that this information, all of this information could be accessible with anybody with the right tools and the ability to do that. And how do we protect ourselves against that is the question.
CAVANAUGH: Now, Greg, you're -- work in the Office of the chief scientist for Qualcomm, so what are phone companies doing to, as you say, harden smart phones so that they are not this opportunity for hackers?
ROSE: Well, we're doing a lot, and when I say we, I don't just mean Qualcomm, I mean the whole industry. We're using techniques, for example, fuzzing which probably doesn't mean anything to anybody out there, but techniques for searching for vulnerabilities, so they're exploitable by viruses or worms or hackers or whatever, and closing all of those loopholes, every one that we can find. Now, we know that programming computers is really hard, so we know that we'll never be a hundred percent successful. But like a lot of things, it's really just important to make it as hard as we can, and make it uneconomical for people to put the effort in to find all these problems.
CAVANAUGH: Would you say that security is, if it's not already, becoming the major priority of cellphone designers?
ROSE: Well, there are many priorities Burke security is right up there in the list, yes.
MAUREEN CAVANAUGH: Do you think it should be, Mike, one of their major priorities?
KALICHMAN: I think it's gotta be -- not necessarily the top item, but high on the list. I mean, I think more personal I put the focus on the users and the customers to be aware that these issues might be out there, and to be informed about what the possibilities are. And then to lobby for what they need. I think manufacturers of cellphones, set phone companies, they are a business. And they're gonna respond to what's need first degree their customers aren't worried about security, then they report gonna focus on security.
CAVANAUGH: How can a smart phone user today, Greg, make their use of their smart phone more security?
ROSE: Well, the very 50 thing everybody should do is -- the number one cause -- the number one cost to a user and when they lose their cellphone, and there's all sorts of custodies associated with that, not the least of which is paying for all the calls to Columbia or whatever.
MAUREEN CAVANAUGH: Yes, right.
BARBER: But the very simplest thing you should do is put a password on your phone, or a pin code or whatever is appropriate to your kind of phone. But the bottom line is, just make it so that the guy who finds it on the street, put a speed bump in his way. I think everybody should just automatically do that.
MAUREEN CAVANAUGH: Right, right just make it a little wit harder for everybody to hack in or use your lost phone. I want to tell even that the next ethics and science technology discussion is called who owns your cellphone, so this conversation is going to continue next Wednesday, May 4th pat the Ruben H. Fleet science center in Balboa Park starting at 4:30, and just about everybody is westbound, right Mike?
KALICHMAN: Yes, absolutely.
MAUREEN CAVANAUGH: Okay. I want to thank you Michael Kalichman, and Greg rose. Thank you so much for coming in and talking with us.
KALICHMAN: Thank you.
ROSE: Thank you.
CAVANAUGH: And this has been These Days. Stay with us for hour two, coming upright here on KPBS.