Friday, August 27, 2010
When you personally buy a new technological toy, then it's yours to do with as you please. Right? Wrong! What if your new device were activated on the sly and used against you? That's a step beyond spyware. In fact, the EFF coined a new term, "traitorware."
Unless you've been cut off from technology, then you have probably heard about Apple's patent, "Systems and Methods for Identifying Unauthorized Users of an Electronic Device." It appears that Apple is taking steps to enable locking out unauthorized iOS users. What's new is that privacy watchdog EFF has posted their reaction to this Apple patent application. I love the EFF, so I listen when they talk.
The EFF weighed in on Apple's recent security software patent. The EFF's post, Steve Jobs Is Watching You: Apple Seeking to Patent Spyware, states, "This patent is downright creepy and invasive - certainly far more than would be needed to respond to the possible loss of a phone. Spyware, and its new cousin traitorware, will hurt customers and companies alike - Apple should shelve this idea before it backfires on both it and its customers."
From a security perspective, Apple has Mobile Me that allows users to find a lost iPhone or iPad via a web portal. The app will approximately map where the device is currently located. It allows a user to play a sound even if it's off. It allows users who do not want the information on their Apple device to fall into enemy's hands, or into anyone's elses, to remotely erase the device. So why does Apple need an enhanced version of Mobile Me?
According to Patent Vest, this Apple patent is aimed at identifying unauthorized users. Your iPhone might identify you through its camera or through its microphone, to verify if you are indeed the owner. It might user a biometric measurement, such as detecting the heartbeat to make sure it matches the authorized user's "heart signature." It could log keystrokes and GPS coordinates, and could even measure "vibration profiles," whatever that really means.
Depending upon how you view those security matters, you might cheer Apple's ingenuity. Or you may, like the EFF, feel like Steve Jobs is spying on you with traitorware. Apple would surely make this software opt-in. But then again, what jailbreaking fan in their right mind would opt-in when this software would also be able to detect your jailbroken or hacked Apple devices? If you wanted to jailbreak your iPhone or iPad, then why wouldn't you stick with Mobile Me if you lost your Apple toy? Will the orignial Mobile Me be discontinued?
What if you are not into jailbreaking and you are all for strong security? Do you feel confident that Apple would never be hacked and that their analysis of your face, your voice, and your heartbeat data will never become vulnerable? Calling anything unhackable is like issuing a challenge to some hackers. Perhaps in the future, a heartbeat signature will become a valuable part of your identity?
If you bought an Apple product and you want to jailbreak it, then you should be able to do so. If Apple begins to remotely wipe jailbroken devices, then it seems that is as good as announcing it doesn't want your jailbreaking business.
The most troubling part of this patent, to me, is the potential for Apple to take action against users who jailbreak. That does seem too invasive into your privacy. Using your own personal device against you may even make Apple's patent spyware a type of traitorware. Will it herald a pending iPocolypse?
I "know" Big Brother is watching, but I'm not so sure Steve Jobs is.