[+] Wayc0de's Blog[+]

03/09/11

Class Action Lawsuit Accuses Microsoft of Illegal Geotagging

UPDATE: A class action lawsuit filed in U.S. District Court in Seattle, Washington, accuses Microsoft Corp. of collecting geolocation information from photos taken with phones running its Windows Phone 7 operating system, even without the user's consent.

The suit, filed by one Rebecca Cousineau, on behalf of other Windows Phone 7 users, accuses Microsoft of violating federal laws and of submitting false testimony to the U.S. Congress about its activities. The suit, is just the latest to raise questions about mobile phone companies' data collection practices.

In April, a similar class action suit was filed on behalf of iPhone users over privacy violations. That after security researchers presented a paper at the Where 2.0 Conference in San Francisco that detailed an iPhone feature that secretly tracks and saves the movements and locations of iPhone users. Faced with scrutiny, Apple maintained that the tracking feature is used to assemble a map of cell phone tower locations, not user movements. The goal, the company said, is to improve iPhone users connectivity by noting the location of cell phone towers and wifi hotspots.

Like Apple, Microsoft also uses its mobile phone user population to help it assemble an accurate map of cell phone towers and WiFi hotspots. Accurate maps allow the phone to connect to nearby resources more quickly, and can be used to calculate the user's exact location without the need to query GPS satellites.

The Windows Phone 7 suit hinges on research by Samy Kamkar, who is noted for his creation of the MySpace worm, as well as "evercookie" - a persistent tracking cookie. Kamkar's research found that Windows Phone 7's prepackaged camera application periodically transmits information from wifi networks and cell towers to a host system owned by Microsoft Corp. even in cases where the user elected not to share his or her location data. The data sent includes the longitude and latitude of the cell tower the phone had connected to, as well as unique identifiers corresponding to the phone and the application(s) running on it.

Kamkar tested the behavior on Samsung Omnia 7 phones running Windows Phone 7.0.7004 and 7.0.7392.
In an e-mail statement, a Microsoft spokesperson said that it is investigating the claims raised in the complaint.

“We take consumer privacy issues very seriously. Our objective was – and remains – to provide consumers with control over whether and how data used to determine the location of their devices are used, and we designed the Windows Phone operating system with this in mind."

The company also said that it does not store unique identifiers with any data transmitted to its location service - an assertion that seems to run contrary to what Kamkar's research showed.

"The data captured and stored on our location database cannot be correlated to a specific device or user. Any transmission of location data by the Windows Phone camera would not enable Microsoft to identify an individual or 'track' his or her movements,” the spokesperson said.

In her suit, Cousineau is asking for Microsoft to pay $1,000 per violation of the applicable federal laws. Those penalties would be due to herself and others included in the class, assuming the suit is granted "class" status.

Tidak ada komentar:

Posting Komentar