What Does Sony Owe Consumers After PSN Nightmare?

The massive data security mop-up is up to individual consumers but Sony may still be on the hook

What responsibility does Sony have to the 77 million Playstation Network customers who found out this week - days after the fact - that their personal data,online account info and credit card information were stolen by identity thieves?

"When I see something like this, I want to scream," says Florida identity theft expert Denise Richardson. "It's like a goldmine of information."

Companies in Sony's position typically respond by offering affected users a year of free credit monitoring--something any consumer in the U.S. is entitled to already. "To me, that's nothing," Richardson says. "Thieves are sitting back laughing at that."

Sophisticated data thieves have moved beyond stolen credit cards and use personal info like birthdates and home addresses to open bank accounts, obtain medical services or collect other people's unemployment checks. The fact that many of Sony's 77 million compromised accounts likely include teenagers and young adults makes it worse, she says, because they may not know their data was compromised for years, compounding Sony's potential liability.

"What happens next depends on how much damage comes from it," Richardson predicts. "It's going to cost Sony billions, is my guess."

Sadly, it falls to individuals to cancel credit cards, change passwords and watch their email and other communications carefully, and perhaps think twice about typing in reams of personal info on each website that asks for it. If you're looking for help try our PSN hack Survival guide.

Sony says the data thieves may have collected credit card numbers and expiration dates along with users' names, physical and email addresses, PSN online handle and password, birthdate and purchase history, and password hints.

So yeah, they know your mom's maiden name, favorite musician and what elementary school you attended. And they know your password, so if you're the kind of person who uses the same passwords over and over, you might be in for a series of unpleasant surprises over the coming months.

But no worries, the consumer electronics giant said today--the three-digit security code found on the back of your credit card was NOT included in the breach!

"That," said computer law expert Mike Godwin, "is like the weakest defense ever."

Adding a second 3-digit code to a 16-digit credit card number is "relying on security practices that are a couple of decades old," said Godwin, who was the first staff counsel at the Electronic Frontier Foundation. Assuming that is enough to wave off info thieves is symptomatic of a larger issue: "The entire system is broken."

Sony will have to admit that it violated its customers' trust and "start from the ground up," Godwin said. "They have to revamp their entire privacy system and not just paper over their mistake."

In the wake of the breach, Sony is facing multiple legal and regulatory challenges. Godwin adds, "A hugely comprehensive government action would actually help," although Sony's worldwide customer base complicates the possibility that regulatory action could do any good.

TSMC Q1 revenues reflect growth in tablet appetite

Demand for tablets helped Taiwan Semiconductor Manufacturing Co. (TSMC) grow its first quarter revenues by 14.3 percent over the same period last year.

This demand is expected to drive growth in the second quarter as well, and is also influencing TSMC’s plans for technology upgrades.

The world's largest semiconductor foundry reported Thursday that revenue for the first quarter was NT$105.38 billion (US$3.67 billion), and said it expected revenue to go as high as NT$111 billion in the second quarter.

Net profit of NT$36.28 billion was 7.8 percent higher than in the first quarter last year.

Market research firm Gartner forecasts shipments of 54.8 million tablets this year, up 181 percent over 2010.

TSMC expects to expand capacity by 20% in 2011, mainly to meet demand for chips for mobile devices. It said it would allocate $7.8 billion over the year to support an expansion in manufacturing capacity.

TSMC now can produce 13.5 million eight-inch equivalent wafers per year from the factories that it owns or manages.

Its 65-nanometer and 40-nanometer chip-making technology accounted for just over half its revenue, the company said on Thursday. But TSMC expects to be ready for a 20-nanometer process by next year to handle demand for chips for mobile devices, though it did not specify when it the process would be available at its foundries.

The company will develop 14-nanometer technology after that, and eventually go down to 7-nanometer.

The finer geometries mean smaller tools and more transistors per chip, and as a result more can be packed into a small device, which would in turn run faster, TSMC said.

"Technology people can always give you a solution," TSMC acting spokeswoman Elizabeth Sun said. "The only question is how much it costs."

PlayStation Network Security Breach: A Survival Guide

If you're a registered PSN user, the implications of the breach for you and your online information is serious.

Sony has admitted that account details, logins and online IDs for registered Sony PlayStation Network users, as many as 77million people, have been compromised. The information was stolen sometime between April 17 and 19, according to a Sony Blog Post, as early as nine days before Sony notified its users of the breach. Even worse, the company says it can't be sure whether credit card information was stolen.

The admission came nearly a week after Sony pulled the plug on PSN and its Qriocity music service, blaming the outage on an "external intrusion" into Sony's network. Sony says that it is rebuilding the PSN and Qriocity server system with improved security. Both services are expected to be operational within the next week.

Sony has quite the security disaster on its hands, and the fact that it took the company almost 10 days to figure out and then admit that user data had been stolen is troubling to say the least. If you're a registered PSN user, the implications for you and your online information is quite serious. Here's what you need to know:

What the bad guys know about you

Sony said the following user information was compromised: your name, address (city, state, zip), country, e-mail address, birth date, PlayStation Network/Qriocity password and login, and handle/PSN online ID.

It's also possible, according to Sony, that hackers obtained your PSN purchase history, billing address (city, state, zip), and password security answers.

If that wasn't bad enough, it's also possible your credit card information was stolen, including your card number and expiration date. "While there is no evidence at this time that credit card data was taken," Sony said, "we cannot rule out the possibility." Your credit card's security code (typically a three-digit number on the back of your card) was not compromised, according to Sony.

Your kids' account is compromised, too

Sony also warns that if you have a sub-account for a minor attached to your PSN credentials, that account is probably toast as well.

What to do

There are several measures you should take to ensure the integrity of your data. First, considering how long it took Sony to warn its users, it's probably best to assume that all of your information needs to be changed as soon as possible. This isn't meant as a scare tactic, but the fact that hackers may have obtained your PSN data nearly 10 days ago means they have a huge head start on using that data for malicious purposes.

Sony is also warning users to be wary of people calling or e-mailing you for extra information such as your Social Security number or other personal information. Sony says it will never call you asking you to verify your information. You should also be wary of people claiming to be from other companies or services looking to verify your personal data.

Next, you'll want to decide what measures you want to take to secure your credit card information. You can either monitor your card for suspicious activity, or, if you can manage without your card for a few days, you may want to consider canceling it and getting a new one.

Sony also advises that you may want to place a fraud alert on your credit record with the three major U.S. credit bureaus. This will make it harder for someone to open a new credit card in your name (remember they may have your name, billing address and birth date). To find out how to contact the credit bureaus see Sony's blog post.

Review your online accounts

Next, you'll want to review your online passwords to see whether you are using the same password and login ID across multiple accounts. If, for example, your PSN and e-mail logins are the same, change your e-mail address password immediately.

Many people often use one difficult password across multiple online accounts, because it's easier to memorize just one set of credentials. If that sounds like you, I highly recommend you try a password manager such as LastPass (my personal preference) or KeePass. That way you can use as many difficult passwords as you want without having to memorize all of them. If you use multiple devices during the day such as a laptop, desktop, tablet (iPad or Xoom) and smartphone, you may want to look for a password manager that has software available on all the platforms you use.

Consider two-factor authentication

For an added dose of security, you can also use two-factor authentication on accounts that support them. Two-factor authentication basically means your account requires a randomly generated password in addition to your regular password before you can access your account. The second password is usually generated by an extra piece of software, authenticated by you, on a keychain dongle or smartphone app. This makes it harder for hackers to break into your online accounts.

Google recently released two-factor authentication for Google accounts, and Facebook has announced that it intends to roll out the security feature to users. Symantec also provides a free two-factor authentication service called VeriSign VIP Access for Mobile. 

When PSN comes back

Sony hasn't detailed if it will require extra authentication steps from you the first time you login to PSN after it comes back online. But make sure that you login as soon as the service becomes available and change your password.

When security breaches like this happen, it's best to play it safe and take precautions to safeguard your data in case it has fallen into the wrong hands. And if nothing bad happens to you, at least you took the time to review your online security management practices, which is never a bad thing to do from time to time.

Investigation on after Amazon's cloud nightmare

Several days after Amazon.com's cloud outage knocked some high-profile Web sites offline, the company said its cloud service was largely back up and running. Now Amazon is trying to track down the root of the problem.

The outage partially disabled or knocked out popular websites including Quora, Foursquare and Reddit.

On Saturday, two days after Amazon suffered a failure in its Web Hosting services , the company announced that it had fixed most of the problem. However, the latest update on Amazon's Service Health Dashboard noted that engineers are still working on some remaining issues with its EBS, or Elastic Block Storage.

At 10:35 p.m. ET on Sunday, Amazon reported, "We're in the process of contacting a limited number of customers who have EBS volumes that have not yet recovered and will continue to work hard on restoring these remaining volumes.

Users still having problems with their hosted Web sites should contact Amazon on their Web Services site. Users should select Amazon Elastic Compute Cloud in the "Services" field. And in the description field, they should list the instance and volume IDs and describe the issue they're experiencing.

The company also noted on its dashboard that workers are "digging deeply into the root causes of this event" and will post their findings in a post mortem.

The trouble started a little after 5 a.m. Eastern on Thursday when the company's Service Health Dashboard reported connectivity problems that were affecting its Relational Database Service, which is used to manage a relational database in the cloud, across multiple zones in the eastern U.S.

Because of server problems at Amazon's data center, which handles the company's EC2 Web hosting services, some websites, including popular Web2.0 sites, were left staggering or disabled.

Web sites Reddit, Foursquare, Quora and HootSuite, which suffered through Amazon's outage, are back up today.

SARbot Dives In to Save Japanese Tsunami Victims' Lives

Another robot has been sent out to hep with the Japanese relief effort, and this one can swim underwater.

More than a month after Japan's devasting 9.0 magnitude easthquake and massive tsunami, there's still a lot of work to be done to relieve the victims. While many robots have been sent in to help deal with the high radiation issues in Fukushima, one machine is contributing by being able to film underwater and also potentially save lives.

The SARbot by the Center for Robot-Assisted Search and Rescue (CRASAR) in Texas can dive down 150 meters to film underwater, and is protected by a polyethylene bumper. In the case of the Japanese tsunami, while a humanoid remains above the surface with a video-enabled PC, SARbot can swim through the wreckage and film clearly through the dirty water. That long claw on the front of the robot is there to grab arms or legs if it happens to find a living thing in need of assistance.

SARbot was tested recently in the Rikuzen-Takada area alongside Japanese Coast Guard divers, as they are forbidden to go through rubble or houses under the water, so cannot look for bodies or survivors. The good thing is SARbot didn't find any dead bodies, but sadly also didn't find anyone trapped.

China to punish search giant Baidu for illegal music

China's Ministry of Culture is punishing a total of 14 websites for providing illegal music downloads

China's Ministry of Culture will punish the country's largest search engine Baidu for providing illegal music downloads, according to a report from the state-run Xinhua news agency.

There were no details on what kind of punishment the Chinese search giant would receive. The ministry could not be reached for comment. A total of 14 websites will be punished for providing illegal music downloads, according to the XinHua report.

Baidu's MP3 search service has long been criticized for providing links to troves of pirated music downloads hosted from third-party sites. In the past, lawsuits have been filed against the Chinese company, but often with minimal results.

However, Baidu has started to change the way it offers online music. Earlier this month, the company announced it would start paying a group representing songwriters for every music download made from the site. Baidu has also said it is working out partnerships with recording agencies to provide music downloads.

But according to the Xinhua news report, Baidu's MP3 search continued to provide illegal music services, even after it was warned repeatedly not to do so.

Baidu said in a statement that the company would remove the links that have been identified by the ministry. "We are aware that songs require approval and have sought to comply with previous notifications from the Ministry of Culture. But search engine indexing is a continuous process and some files may have reappeared in results," the company added.

The crackdown, however, may also have less to do with piracy and more to do with the content of the music.

In January, the ministry issued a notice, providing a list of 100 songs that had not been approved by authorities. Christina Aguilera, Eminem and Bruno Mars were among the artists whose songs were included in the list. The ministry demanded all music sites operating in the country to observe the law and remove the songs.

The end of February was the deadline for removing the songs. In mid-March, the ministry investigated and prosecuted 54 music websites that were still providing the songs.

PlayBook's first-day sales outdo Galaxy Tab and Xoom, analyst says

50,000 units sold on Tuesday, says RBC analyst 

BlackBerry PlayBook sales hit 50,000 for the first day of sales on April 19, including pre-sales, an analyst at RBC Capital Markets estimated.

Overall, Research in Motion (RIM) is on track to sell 500,000 PlayBooks in its first fiscal quarter ending in May, analyst Mike Abramsky wrote in a note to his clients that was reported in the Montreal Gazette.

Abramsky's staff checked 70 retails stores and found 11% of the locations that stocked the device had sold out. "The launch appears to have been stronger than the launch of Motorola's Xoom or the Samsung Galaxy Tab, although it's too early to judge sustainability," Abramsky wrote.

In suburban Boston, one Best Buy outlet had only one 16GB PlayBook on sale for $499.99 the first day; it was also being used as a demonstration model. A nearby Radio Shack sold all three PlayBooks it had on the first day, a clerk said.

Several analysts said that RIM was probably relying on pre-sales of the device to business customers, although business sales were said to be direct from RIM to customers and not through retailers.

The PlayBook has been criticized for not including a native email client, forcing users to rely on a Web-based email account. Users can also tether to a BlackBerry smartphone for access to corporate mail through BlackBerry Bridge software on the PlayBook and its connection through the phone to a BlackBerry Enterprise Server.

AT&T is still testing the BlackBerry Bridge software, meaning that tethering through an AT&T BlackBerry phone is not yet supported. AT&T, Verizon Wireless and Sprint have not announced when they will sell the PlayBook, but Wimax (Sprint), LTE (Verizon) and HSPA+ (AT&T) versions of the tablet are expected from RIM this summer.

RIM is also planning to offer a free over-the-air update to PlayBook with a native email client this summer.

Even though Verizon spokeswoman Brenda Raney told Computerworld on Tuesday that Verizon has "not announced when we will sell the PlayBook," she told CNET on Wednesday: "We are still evaluating the Blackberry Playbook and have not made a determination as to whether or not we're going to distribute it."

In comments today, Raney confirmed that Verizon has not yet decided whether it will carry the PlayBook.

Reviewers have criticized RIM for not providing enough apps for the PlayBook as well.

Firefox 4 tops 100M downloads, fails to move share

Mozilla users upgrade, but total Firefox share stagnant 

In the month since Firefox 4's launch, the browser has racked up 100 million downloads, Mozilla said last weekend.

But statistics from one Web analytics company showed that Firefox 4's introduction has done nothing to boost Mozilla's overall share of the browser market.

The 100-million figure was touted by Asa Dotzler, Mozilla's community coordinator for Firefox marketing, in an entry on his personal blog Saturday. As of late Sunday, Firefox 4's download counter stood at 103 million.

According to Irish Web metrics company StatCounter, Firefox 4 downloads have translated into a usage share jump for that edition since its March 22 launch.

Through April 24, Firefox 4's average share for the month was 7.3%, more than double the average for March. In the last four days, Firefox 4's share has exceeded 8%.

But Firefox 4 has not changed Mozilla's total usage share: StatCounter's data has Firefox -- all editions, including version 4 -- down three-tenths of a percentage point so far this month, consistent with the steady decline the browser has suffered since last fall.

Mozilla has yet to offer Firefox 3.6 users the upgrade to 4 -- that isn't scheduled to start until May 3 -- but from the numbers, all of Firefox 4's gains can be attributed to current users upgrading on their own. Firefox 3.6's March share of 24% tumbled to 19.2% this month, a 4.8-point loss that nearly matched Firefox 4's five-point gain during the same period.

Nor has Microsoft's Internet Explorer 9 (IE9), which debuted March 14, moved IE share by StatCounter's report.

While IE9 averaged a 2.1% share through April 24, and in the last several days climbed above 3%, its gains were not at the expense of rivals: StatCounter has all versions of IE down five-tenths of a point in April.

Firefox 4's larger gains aren't a surprise. The browser runs on Windows XP, Mac and Linux, all operating systems that IE9 does not support.

For that reason, Microsoft has argued that IE9 should be judged only by its gains on Vista and Windows7 , not all operating systems. Executives have also called Firefox-IE comparisons "premature at best ...misleading at worst" because of the differences in the browsers' upgrade mechanisms.

Microsoft began offering IE9 to Vista and Windows 7 users via Windows Update a week ago. Since then, IE9's share has increased a half-percentage point over the previous week.

Is Iran just seeing Stars?

An Iranian official caused a stir Monday, claiming the nation's cybersecurity experts found another digital attack aimed at the Islamic country's systems.

Calling the attack "Stars," Gholam-Reza Jalali, the director of Irans Passive Defense Organization, said that the attack was camouflaged as a government file and that initial damage was slight, according to a report from the Mehr News Agency.While Jalali made connections between the attack and the sabotage committed by Stuxnet, the code has not been analyzed by any security firm.

"If they have a sample of something and they are not sharing it with anyone, then it is impossible for us to tell what it is, how serious it is and really if it is even targeted toward them," says Kevin Haley, director of Symantec's security response group. "So we are stuck with just guessing until we can look at a sample and figure out what it is doing and even if we have seen it before."

In July 2010, antivirus firms discovered samples of the Stuxnet worm, a custom-built attack on Iran's nuclear program, but only after a third-party security company had identified the attack as something different. Finding the program referred to by Jalali is nearly impossible without technical details, says Haley.

Given the description of the attack, it seems more likely that the malicious program may be a typical cyber espionage operation or phishing attack, rather than a state-sponsored attempt at sabotage, says Michael Assante, president of the National Board of Information Security Examiners and former chief security officer of the North American Electric Reliability Council.

"Everything is coming from this state-sponsored announcement of that specific individual," Assante says. "It looks like it is more of one of those focused direct phishing attacks, rather than something unique like Stuxnet."

Other security firms agree there is too little information at this point to make a determination of the nature of the attack. Both McAfee and F-Secure took a wait-and-see attitude.

"We currently have no way of verifying the attack the Iranian government is reporting, nor do we have any way of identifying who might be behind the attack or what the target could be," McAfee spokesman Joris Evers wrote in a blog post on Monday.

Until Iran makes available any code that they found, it's hard to say whether it is a nation-state attack or a regular phishing scam, says Mikko Hypponen, chief research officer for antivirus firm F-Secure.

"We can't tie this case to any particular sample we might already have," he wrote in blog post  on Monday. "We don't know if this is another cyber attack launched by U.S. Government. We don't know if Iran officials have just found some ordinary Windows worm and announced it to be a cyber war attack."

Adobe vs. Apple: And the winner is...

Two corporate giants have duked it out for a year over Flash media but the cold war may be coming to a head. The winner is...

A battle has been raging. Two corporate giants have duked it out for the past year over Flash media but the highly publicized cold war may finally be coming to a head. And the winner is...

...Apple! According to Ars Technica, it looks like Adobe has finally come to terms with the fact that Apple won't be adopting Flash media in its current form to its über-popular iOS platform anytime soon. At the recent National Association of Broadcasters (NAB) trade show, Adobe demoed a build of Flash Media Server using the Apple-developed HTTP Live Streaming protocol, which uses H.264-encoded video and would finally bring Flash media streaming on iOS devices.

Up to now, Flash Media Server used RTSP (Real Time Streaming Protocol) to deliver media content, which is often criticized for being dated and difficult to optimize. I know plenty of people who have already uninstalled Flash from their desktops (myself included), so I'd be curious to see if Adobe will abandon RTSP altogether or will simply use HTTP Live Streaming when an iOS device is detected, similar to how Microsoft's Silverlight (used by Netflix) works. My guess is the latter, at least until Apple and other hardware companies put more pressure on Adobe by omitting Flash pre-installs (as Apple has already done with MacBook Air).

Throughout the Flash-war, many complained of Apple's seemingly arrogant "who needs you?" attitude towards a plug-in installed on over 95% of desktops. I'm sure a few smartphone users jumped the iOS ship in favor of Android largely for the promise of Flash, though by many accounts performance and battery life has been just as disappointing as Steve Jobs promised it would be. It seems as though Apple's strategy of stubbornness paid off, prompting sites to optimize their streaming content for mobile and Adobe to adopt a better performing HTTP-based streaming protocol. The real winners here the smartphone users, most of whom ultimately don't care how their streaming media gets to them, as long as it does and it's fast.

Remains of the Day: In a flash

Is Apple making some under-the-hood changes to the MacBook Air? And, if the iPad is now available at more stores, how come people are still lining up? Finally, while the iPad may be good for me and good for you, is it really good for America? The remainders for Monday, April 18, 2011 are red, white, and blue all over.

Apple Now Using Samsung SSD in Macbook Air?(AnandTech)

Apple may now be using speedier solid-state storage chips, possibly manufactured by Samsung, in some MacBook Airs. According to AnandTech, the newer chips boast both faster read and write times than the Toshiba models used to date. But if you're in the market for a MacBook Air, there's no way to tell which units have which chips,  making this the most annoying flash change since Wally West replaced Barry Allen.

iPad Store List(Toys 'R' Us)

If you don't ever want to grow up--because if you did, you wouldn't be a Toys 'R' Us kid--well, then, here's some good news. As rumored earlier this month, the iPad 2 is now on sale at the retail chain's locations throughout the U.S. Sorry, parents, so much for trying to convince your kids "the iPad isn't a toy!"

iPad Resellers Now Camp Overnight at Apple Stores(New York Times)

Despite adding more places where you can buy an iPad, it appears that Apple is still having a tough time meeting demand for the tablet. New York Times writer Nick Bilton writes that folks are still camping out at the Soho Apple Store in New York City in order to snap up an iPad 2 when new shipments come in. And then they turn around and sell them at an outrageous profit in China. Really, it's really only a matter of time before there are more iPad 2s in China than in the U.S.

Square's Disruptive Payment Service About To Get A Huge Retail Boost From Apple(TechCrunch)

Upstart payment processor Square has scored quite the coup: Apple will reportedly begin carrying the company's iPhone- and iPad-compatible credit-card reader in both its online and brick-and-mortar stores. The reader, which is free to anyone who requests one, will supposedly cost about $10 at the Apple Store, but will also come with $10 worth of Square credit. We expect this to be a huge win for Square, right up until Apple unveils its own personal payment system, Rectangle.

Jesse Jackson Jr.Blames The iPad For Killing Jobs(YouTube)

Not Steve Jobs, mind you, but American jobs. Representative Jesse Jackson, Jr. (D-IL) said in a speech on the floor of the U.S. House of Representatives that the iPad "is now probably responsible for eliminating thousands of American jobs," since it's made in China. You know, maybe he's right. Let's stop using all that high tech manufactured in China! That'll show 'em! By which I mean "show 'em how much further our children's math and science test scores can fall."

Product News:

Perian 1.2.2 - The 1.2.2 update for the plays-everything QuickTime codec for Mac has added support for the WebM/VP8 video format, compressed MKV tracks, and FFv1 lossless video. It also now incorporates an internal decoder for Theora and fixes several bugs. Free.

Dropbox1.4 - The cloud-storage service has updated its iOS app, now allowing you to upload multiple photos and videos in bulk, as well as import files from Mail and other apps. Free.

Good Reader for ipad3.6.0 - The latest update to Good.iWare's reader application for iPad adds support for iOS's ability to encrypt individual files, the ability to flatten PDF annotations so other apps can display them, AirPlay video support, and a handful of bug fixes. $5.

Why Apple Tracks You Via iPhone: It's Not Why You Think

Here is the real reason Apple is tracking your iPhone-whereabouts. 

Wondering why your iPhone and 3G-enable iPad are storing your general location in an easily accessible database on your PC? It's simple. Apple uses this information to build a cell tower and WI-FI access point location database, and the company admitted as much last year. At least that's my theory. Let's take a look.

The iTracking "Scandal"

On Wednesday, two researchers released an open source application called iPhone Tracker that pulls data from a hidden location history database contained in your iOS device's backup files saved on your PC. The app then plots this location information on a map allowing you to see your phone's travels over the past year. Your iOS devices have been building this location database since iOS 4 was released in June of last year, the researchers say.

The data appears to be based on cell tower triangulation and not GPS. This means the location information is not pinpoint accurate, but only shows your general location. The researchers also discovered in the database a list of Wi-Fi access points that your device has been in range of during the past year.

The researchers don't believe this data is leaving your custody, but I disagree. My best guess is that it is leaving your device as anonymized and encrypted information that Apple then uses to build its cell tower and Wi-Fi access point database.

Here's why.

What Apple Said

In July 2010, Apple sent a letter to Reps. Edward J. Markey (D-Mass.) and Joe Barton (R-Texas) spelling out in detail what kind of location information Apple collects from device owners. Apple may "collect and transmit cell tower and Wi-Fi Access point information automatically [from your device]," the letter reads. "This information is batched and then encrypted and transmitted to Apple over a secure Wi-Fi Internet connection every twelve hours."

The letter was requested by the Congressmen after a Times report in late June 2010 said Apple had changed its privacy policy to allow the company to collect and share your Apple device's location information. You can find the letter to the Congressmen here. 

Same File?

It's not clear if the location database the researchers found and the "batched" location information Apple takes from your device are the same file. But that seems very likely. I have sent a note to Apple about this and will update this post should the company reply.

The only troubling thing, however, is that Apple said in the letter that it encrypts your location data before sending it back to company servers. But the database on your computer is sitting there unencrypted in an easily discoverable location. This means the database is a potential target for malware or even law enforcement if the authorities should decide to seize and search your PC. Apple will need to do a better job of protecting this data in future iOS updates now that its existence has been well publicized.

What You Can Do

An important thing to note is that Apple says it will collect almost no location information from your phone if you don't have location services turned on. To adjust your preference open up your device's Settings app (the silver cog) and toggle 'Location Services' to 'Off' if you don't want to be tracked.

Even then, location information is only collected when you are using an application that requires your location such as Foursquare or Facebook Places, according to Apple. The only exception to this rule is that Apple will automatically collect cell tower information when your GPS-enabled device has location services turned on and is searching for a cellular network. Phones typically search for a network after dropping a connection or when first powering on.

Apple started building its own cell tower and Wi-Fi database after introducing iPhone OS 3.2 in April 2010. Previously, the company had used data from Skyhook Wireless and Google and still does for devices still running iOS 3.1 or older.