I went to the Apple App store a few days ago to download a new iPhone application. I expected that this would be as straightforward as it had been in the past: choose a title, click on pay, and presto – a new application becomes available.
I would assume “normal people” would say “uncle” and “click approve” around page 3. But in light of what is happening in the industry around location services I kept reading the tiny, unsearchable, unzoomable print.
And there – on page 37 – you come to “the news”. Apple's new “privacy” policy reveals that if you use Apple products Apple can disclose your device fingerprints and location to whomever it chooses and for whatever purpose:
Collection and Use of Non-Personal Information
We also collect non-personal information – data in a form that does not permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:
- We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.
No “direct association with any specific individual…”
Maintaining that a personal device fingerprint has “no direct association with any specific individual” is unbelievably specious in 2010 – and even more ludicrous than it used to be now that Google and others have collected the information to build giant centralized databases linking phone MAC addresses to house addresses. And – big surprise – my iPhone, at least, came bundled with Google's location service.
The irony here is a bit fantastic. I was, after all, using an “iPhone”. I assume Apple's lawyers are aware there is an “I” in the word “iPhone”. We're not talking here about a piece of shared communal property that might be picked up by anyone in the village. An iPhone is carried around by its owner. If a link is established between the owner's natural identity and the device (as Google's databases have done), its “unique device identifier” becomes a digital fingerprint for the person using it.