Apple flavored fraud
Privacy or fraud tool?
Apple and Google have been moving the state of the art forward in privacy enhancements for phones. Most of these have revolved around providing the user a finer grain of control over permissions. Does App A need access to the camera, or does App B need the microphone, etc.
Apple recently release iOS 15 and it came with a feature of editing the photos date, time and location. Removing those fields, or deleting the values is useful for privacy, but modifying them to what ever the user wants is pretty much a tool for fraud.
Location
I remove location from the images I take for this blog. Sorry, you don’t need to see that I took a bunch of those images in my basement, or where my basement is on the map. Removing that detail is a privacy enhancement feature. When location data is missing, it tells everyone viewing the metadata that the person taking the picture did not want to share location.
Some people though want to be able to touch up the location. Maybe there was GPS error that put the point on the wrong side of the street or in the woods when it really was in a street. Those shifts of a few hundred feet or yards are useful for making minor corrections when GPS is wrong, but I’m not convinced it is a good feature. The accuracy of the image should show that an error is likely and the viewer of the metadata can consider both when judging validity.
Where we have a major problem is that someone can pick any old location. Even a minor change to location could change a story significantly. Where was this car crash? Was it on the street where the phone owner claims someone hit him, or was it in a driveway where the phone owner hit a concrete support? In one case a 3rd party is responsible for the damages. In the other case the responsibility belong to the first party. Given a little creativity most people can think up a lot of possible ways this could be abused.
Date and time
Editing date and time is even more nefarious. There is no legitimate reason for altering the date and time. Either you have a good reason for taking a picture at that time or you don’t. Removing the date and time can be a privacy enhancement, but altering it is a lie.
Let’s come up with a case example. Someone says there was a break in and the criminal destroyed their TV. Insurance asks for an image of the damage. The policy holder takes a hammer to their TV and alters the date to when they said it happened. This is fraud plain and simple. It might seem like a small case, but again let you mind wonder a little and you can come up with possibilities.
Let me give you one that is a bit worse. There is an accusation of police harassment in a community. Frequent patrols of a large number of officers in tactical gear. The person wanting to make that claim could take pictures of a response to a single crime and back date them to multiple dates in the past. All of a sudden there is evidence of police using ongoing heavy handed tactics in a neighborhood. Sure a good reporter could look at police logs and other evidence to refute the claims, but photos are hard to overcome.
What’s changed
Many of you may be pointing out that there has always been software that could change either. Yes that is true. It required someone install the software, grab the images, make the alterations and then put them back on the phone. In most cases this leaves a long trail of evidence and it is a hurdle that most people won’t jump over.
Now Apple has made it a couple taps away for any user. There is no additional software. The image doesn’t need to be converted, altered or transferred in any way shape or form. Apple has allowed users to create new location and date/time information for any photo on an iPhone.
Sure, if you go into an android you see similar options, but try using them. On version 12 clicking on edit the location gives me an error that says, “Can’t edit location added by your camera.”. That’s the correct answer, thanks Google.
When I edit the date and time (I tried moving a photo into next year), it let me in the metadata viewer. This had me worried. When I downloaded and uploaded the image in different ways though the photo had the correct date and time, plus it showed a note that it had been altered in other ways. That date and time seems to only be kept in my photo album. Google gets it right again as they are preserving evidence independent of what the user wants.
Why Apple, why?
What is the thought process behind doing this? I’ve wracked my brain around this for a few days, but there is no legitimate reason for Apple to allow this alteration of evidence. Removal of the data makes sense. Even removal of detail would make sense (snap the location data to a city or state, and drop the time while leaving the date) from a privacy perspective.
I’m going with “they didn’t think it through”. Someone in the privacy enhancement team saw an easy new feature to add and added it. Maybe this could protect abused spouses when questioned by their abusers. The unintended consequences though are massive. I see this being used for insurance fraud, alibis in court cases, and in the political arena.
As soon as data becomes easily altered we have to stop using the data that can be altered. Apple, by adding this feature you have increased the likelihood that your devices will be used for everything from minor crime up through the undermining of governments. I can’t believe this was Apple’s intent and I hope they fix this before the damage adds up to a real problem.