• The Obama administration recently unveiled its National Strategy for Trusted Identities In Cyberspace (NSTIC), a regulatory framework that will encourage the private sector to create a more secure Internet identity ecosystem aimed at reducing online fraud and theft. The proposal will establish standards for online identity authentication that will allow consumers to create, through private sector companies, a single online identity for all online transactions. According to the administration, businesses will benefit from the system by being able to more easily do business online without the costs of building secure log-in systems. Commerce Secretary Gary Locke stated, “We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords.” The National Institute of Standards and Technology will oversee the implementation of NSTIC. It is scheduled to hold a series of workshops later this year to get input on privacy and interoperability issues.
  • Researchers Alasdair Allan and Pete Warden revealed this past week that Apple devices such as the iPhone or 3G iPad track their users. The devices log an individual’s location data in a file called ‘consolidated.db’ with latitude and longitude coordinates and a timestamp. This tracking capability appears to be associated with the launch of iOS 4 last June, meaning that many users now have had their locations tracked for nearly a year. According to their findings, Apple triangulates an individual’s location from cell phone towers and logs that information in order to help get a faster GPS lock. It is this triangulation data that is being logged even if the user is not using the built-in GPS application and, according to the report, is done without the user’s knowledge or consent. “As far as we can tell, the location is determined by triangulating against the nearest cell-phone towers. This isn’t as accurate as GPS, but presumably takes less power,” they wrote. Of additional concern is that the location files are stored unencrypted on the iPhone or iPad and also copied to any computer the device is syncs with. Thus, individuals who access the device or computer can see this information and know precisely where the individual has been at any time since they purchased the Apple device. “By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements,” the team wrote. The pair have created and released an application that enables users to view the location files stored in their devices, available here.