The Washington Post
The rules governing the collection of personal data are few and often
unclear. There is no firm limit, for example, on how long a cellphone
carrier can keep GPS location data on its users even though many aren’t
aware that such records are being kept. A poll by the University of
California at Berkeley released in July said 46 percent of Americans
thought cellphone providers should not keep such data, and 28 percent
said it should be deleted after one year.
The “metadata” that’s embedded in files is particularly
treacherous, said Chris Hoofnagle, a law professor at U.C.-Berkeley.
Businesses made so many accidental releases that several programs now
are available to help scrub out comments and deletions in documents that
are intended to remain private. Rules in some states govern what
information lawyers can use when opposing counsel inadvertently shares
private information in metadata fields.
The rapid spread of smartphones has made it even harder for most
users to monitor the creation and flow of personal information,
Hoofnagle said. “It has trapped a lot of people, this problem. We’re
often not aware of the metadata that’s created.”
The McAfee case
is all the more striking because of his presumed savviness in handling
technology. The iPhone appears to have belonged to one of the
journalists, but sophisticated users can alter or delete the metadata
that accompanies photographs — something that McAfee could have demanded
or done himself before the image was sent to the Web site. Vice also
could have eliminated such data before posting the image online (as it
did after Simple Nomad’s discovery).