Palm’s Pre has you covered — like an enemy of the state

Hey, Verizon customers -- ever get tired of having "The Network" following you around everywhere you go? It's such a hassle, especially when you have to use the restroom, or spend some "alone time" with your significant other.

Well, Sprint's Palm prē has you covered. Palm's latest smart phone is so smart, the network can find YOU -- ANY TIME THEY WANT!

INFORMATION SENT TO PALM: { "errorCode": 0, "timestamp": 1249855555954.000000, "latitude": 36.594108, "longitude": -82.183260, "horizAccuracy": 2523, "heading": 0, "velocity": 0, "altitude": 0, "vertAccuracy": 0 }

The news was released on Joey Hess' blog. Hess, a programmer, noticed a log file on his Palm prē was being sent to http://ps.palmws.com on a daily basis. Among other things, the log file contained his GPS coordinates (in this case, his home address) in the form of longitude and latitude. This information is derived from the built in GPS common to most cellular telephones on the market today.

In addition to his location, the log file also recorded the name of every application he used, when, and for how long.

Although there has been some speculation that this information is only recorded when the device crashes, Hess has shown that, even though Palm's WebOS makes a record of device crashes, this is supplemental to the daily GPS location, and usage-tracking that is sent to Palm every day. (All of which, for now, he has disabled by hacking a file in the operating system.)

Palm's response to this shocking revelation?

RTPP: Read The Privacy Policy. In a statement released by Palm, "Our privacy policy is like many policies in the industry and includes very detailed language about potential scenarios in which we might use a customer's information, all toward a goal of offering a great user experience."

In preparation for this posting, I read Palm's Privacy Policy (08-13-2009). Focusing strictly on users' private location data, the only mention of  location-based information being collected and transmitted is as follows:

"When you use location based services, we will collect, transmit, maintain, process, and use your location and usage data (including both real time geographic information and information that can be used to approximate location) in order to provide location based and related services, and to enhance your device experience."

This policy specifically addresses use of this data when "provid[ing] location-based and related services". That does not explain why they are collecting and transmitting GPS data as part of a daily log.

Frankly, I have some issues with Palm's right to this data, even if it has been disclosed. Although, arguably, Sprint has to process this data through their network to provide service to it's customers, Palm sells hardware and software, not network service, or even traffic and directions. As an individual who collects and analyzes similar data for criminal cases on a daily basis, I see no justification in Palm's Policy, or in terms of the way the equipment operates, for the transmittal of location-specific data to their company.

Read more @ InformationWeek (http://www.informationweek.com/news/security/privacy/showArticle.jhtml?articleID=219300120)

{ "errorCode": 0, "timestamp": 1249855555954.000000, "latitude": 36.594108, "longitude": -82.183260, "horizAccuracy": 2523, "heading": 0, "velocity": 0, "altitude": 0, "vertAccuracy": 0 }

About Jeff M. Fischbach

http://www.twitter.com/FischTech Jeff Michael Fischbach is founder and President of SecondWave Information Systems (SecondWave.com), a consulting firm specializing in Forensic Technology. Since 1994, he has served as a board member and technology adviser to numerous professional organizations and corporations. Mr. Fischbach has been engaged as a litigation consultant and Forensic Examiner, offering expert advice and oversight on matters involving intellectual property, computers, information systems, satellite, tracking and wireless communications technologies. He has advised law enforcement, foreign government representatives, judges, lawyers and the press.