First Lawsuit Filed Against Apple For Undocumented Location Database

With no real statement from Apple regarding the present consolidated.db tracking file furor, the obvious next step is to take it to the courts. Actually, the next step should be a rigorous federal investigation into whether or not Apple has broken any laws. Then, if it has, sue away. And if it hasn’t, sue anyway just in case. Vikram Ajjampur and William Devito are a little impatient, however, and have filed a lawsuit against Apple already.

Now, I’m all in favor of suing Apple — as soon as the facts are known. Apple gets a chance to defend itself against the allegations (time is running out, by the way), and if it doesn’t do so to our satisfaction, then that’s that. This nearly instantaneous lawsuit (filed April 22), however, seems slightly opportunistic.

Claim 12, for instance: “Apple collects the location information covertly, surreptitiously and in violations of law.” I’m not saying this isn’t the case, but when this information was only announced on the 20th, they seem a bit quick on the draw to decide that it’s “covert” as opposed to “undocumented,” like many files and features. It doesn’t take a lawyer to come up with mitigating circumstances or arguments that could potentially exonerate Apple. Use your imagination.

On the other hand, one doesn’t need to wait for the indictment when one has seen the smoking gun. It looks to me like Apple is breaking its own rules here, and in a pretty stupid way at that. An unencrypted log file? Even if it’s only reachable by root (and therefore, Apple may argue, inaccessible to anyone using the phone or any known exploits), it’s a stupid and insecure method and Apple should know better.

But let’s refresh ourselves on Apple’s location policy (from its iPhone 4 SLA):

(b) Location Data. Apple and its partners and licensees may provide certain services through your iPhone that rely upon location information. To provide and improve these services, where available, Apple and its partners and licensees may transmit, collect, maintain, process and use your location data, including the real-time geographic location of your iPhone, and location search queries. The location data and queries collected by Apple are collected in a form that does not personally identify you and may be used by Apple and its partners and licensees to provide and improve location-based products and services. By using any location-based services on your iPhone, you agree and consent to Apple’s and its partners’ and licensees’ transmission, collection, maintenance, processing and use of your location data and queries to provide and improve such products and services. You may withdraw this consent at any time by going to the Location Services setting on your iPhone and either turning off the global Location Services setting or turning off the individual location settings of each location-aware application on your iPhone. Not using these location features will not impact the non location-based functionality of your iPhone. When using third party applications or services on the iPhone that use or provide location data, you are subject to and should review such third party’s terms and privacy policy on use of location data by such third party applications or services.”

Emphasis mine. But then in the iTunes/App Store TOS:

We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.

We’ve got dueling location policies here. But what matters is whether Apple broke the law by not disclosing this particular file/method of tracking, or whether it was just bad and slightly creepy policy on their part.

At any rate, you can download the lawsuit here. My guess would be that this one will be obsoleted once more facts come to light, though another (indeed, several) may follow. And I would also guess that the most significant consequence of this episode will be an industry-wide clarification of stances on tracking, and perhaps some slight rewording of the relevant sections in a few terms of service documents.