Hacker Locates John McAfee Through Smartphone Tracks

The Washington Post


The rules governing the collection of personal data are few and often unclear. There is no firm limit, for example, on how long a cellphone carrier can keep GPS location data on its users even though many aren’t aware that such records are being kept. A poll by the University of California at Berkeley released in July said 46 percent of Americans thought cellphone providers should not keep such data, and 28 percent said it should be deleted after one year.

The “metadata” that’s embedded in files is particularly treacherous, said Chris Hoofnagle, a law professor at U.C.-Berkeley. Businesses made so many accidental releases that several programs now are available to help scrub out comments and deletions in documents that are intended to remain private. Rules in some states govern what information lawyers can use when opposing counsel inadvertently shares private information in metadata fields.

The rapid spread of smartphones has made it even harder for most users to monitor the creation and flow of personal information, Hoofnagle said. “It has trapped a lot of people, this problem. We’re often not aware of the metadata that’s created.”

The McAfee case is all the more striking because of his presumed savviness in handling technology. The iPhone appears to have belonged to one of the journalists, but sophisticated users can alter or delete the metadata that accompanies photographs — something that McAfee could have demanded or done himself before the image was sent to the Web site. Vice also could have eliminated such data before posting the image online (as it did after Simple Nomad’s discovery).