Jailbreakers Smell Trouble in New Apple Security Patent

Apple (Nasdaq: AAPL) has apparently filed a patent for technology that might make its mobile devices more secure, though it's also raised pointed questions about how privacy would be impacted if the company opted to implement the technology in its products.

The technology could identify an unauthorized user, which would include hackers, jailbreakers and users who change out the device's SIM card. It could also erase sensitive data on the device.

In addition, it could transmit identifying information about the unauthorized user, identify how that user is transporting the device and detail the device's location.

The technology is designed to ease the discomfort associated with the loss of an electronic device, which "can be exceedingly disruptive to the owner's peace of mind and security," the patent application states.

About the Patent

Filed jointly in February 2009 by Taido Nakajima, Pareet Rahul and Gloria Lin on behalf of Apple, U.S. Patent Application 20100207721 appears to have been approved last week.

The technology will apparently be used to record the authorized owner's voice and heartbeat as well as his or her mug shot, then store all that in a database in the operating system. It's apparently for use on the iPad, iPhone and iPod touch, all of which use the same operating system: iOS.

When anyone other than the authorized user takes the device, the technology can record his or her heartbeat, voice and mug shot and compare them to the information in its database. If they don't match, the operating system can restrict the use of some files and shut down sensitive files.

The unauthorized user's photograph can be geotagged with the device's current location. This will be determined by the device's camera automatically taking several photographs of the device's location and identifying distinguishing landmarks in the photos.

The device can then transmit an alert through various means, including SMS, fax, VoIP, instant messaging and social media, to the authorized owner. The operating system can automatically restrict access to some applications or sensitive information, delete sensitive information or do any combination of these actions.

However, the technology does have a safeguard of sorts -- the safety measures won't be triggered unless the device user has entered the wrong password a predetermined number of times.

Keeping America Safe, One iDevice at a Time

How would an iDevice be able to compare the voiceprint, heartbeat or mug shot of whoever's using it to that of the authorized user unless it first captured such data on the authorized user first?

And when would this happen? When the purchaser of an iDevice turned it on for the first time? Would users know their biometric data was being captured?

Would Apple give iDevice purchasers the ability to opt out or opt in? Would Apple seek users' permission before capturing the biometric data?

"At a minimum, Apple would have to clearly and succinctly disclose precisely what information it was gathering, and how that information would be used, before a customer purchased a device," Lee Tien, a senior staff attorney at the Electronic Freedom Foundation, told MacNewsWorld.

"If Apple or some other vendor started collecting data without customers being aware of, or agreeing to, its collection, I can see it opening up a huge can of worms and lawsuits coming out of the woodwork," Charles King, principal at Pund-IT, told MacNewsWorld.

What Cupertino Should Do

"If Apple's going to deploy this technology, which is a dangerous technology, it would need to have some kind of very clear policy for opt in or opt out at the outset," Tien added. "Second, it has to be very clear what it's going to do with the data."

If Apple did indeed have an opt-in or opt-out feature, that would make the technology no different from what's already on laptops, Charles King, principal at Pund-IT, pointed out.

"Our laptops now have fingerprint or facial recognition features that can be turned on at the user's request," King told MacNewsWorld. "I wouldn't have a problem if Apple offered this technology as a security feature that users could turn off if they wish."

All Politics Is Apple Sauce

Perhaps Apple is really targeting hackers and jailbreakers rather than unauthorized users of its devices.

The patent filing classifies unauthorized use as "one or more of hacking the electronic device, jailbreaking the electronic device, unlocking the electronic device, removing a SIM card from the electronic device, and moving at least a predetermined distance away from a synced device."

Jailbreaking and unlocking an iDevice allows users to gain greater control of the handheld and use software of which Apple has not approved. Changing out the SIM card, which is done after unlocking the device, lets users select carriers other than those approved by Apple.

That has the EFF's Tien up in arms.

"This affects the right to tinker or jailbreak," Tien said. "This is where privacy and intellectual property and the DMCA (Digital Millennium Copyright Act) have a tendency to merge."

The Library of Congress recently ruled that jailbreaking is not illegal provided it's not done for purposes of piracy, and that it's not covered under the DMCA.

"Apple's trying to shut users out, and this isn't just a problem of jailbreaking and intellectual property," Tien warned. "Apple's overturning the ruling on DMCA, and that has implications not only for intellectual property but also for privacy and surveillance."

By conducting an end run around the Library of Congress' ruling, Apple could be headed for trouble.

"It's one thing for Apple to clamp down on jailbroken iPhones when it had the right to do so under the law, but the recent legal ruling by the Librarian of Congress means a device belongs to the person who paid for it," Pund-IT's King said. "I think Apple would be advised to walk very carefully into this particular minefield."