{"id":1140,"date":"2010-07-03T15:33:08","date_gmt":"2010-07-03T23:33:08","guid":{"rendered":"\/?p=1140"},"modified":"2010-07-03T15:33:08","modified_gmt":"2010-07-03T23:33:08","slug":"microsoft-identity-guru-questions-apple-google-on-mobile-privacy","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1140","title":{"rendered":"Microsoft identity guru questions Apple, Google on mobile privacy"},"content":{"rendered":"

Todd Bishop at TechFlash<\/a>\u00a0published\u00a0a\u00a0comprehensive story this week on\u00a0device fingerprints and\u00a0location services:\u00a0<\/p>\n

Kim Cameron is an expert in digital identity and privacy, so when his iPhone recently prompted him to read and accept Apple's revised terms and conditions before downloading a new app, he was perhaps more inclined than the rest of us to read the entire privacy policy<\/span><\/a> — all 45 pages of tiny text on his mobile screen.<\/p>\n

It's important to note that apart from writing his own blog on identity issues — where he told this story — Cameron is Microsoft's chief identity architect<\/span><\/a> and one of its distinguished engineers<\/span><\/a>. So he's not a disinterested industry observer in the broader sense. But he does have extensive expertise.<\/p>\n

And he is publicly acknowledging his use of an iPhone, after all, which should earn him at least a few points for neutrality…<\/p>\n

At this point I'll butt in and editorialize a little.\u00a0\u00a0I'd like to amplify on Todd's point for the benefit of readers who don't know me very well:\u00a0 I'm not critical of Street View WiFi\u00a0because I\u00a0am anti-Google.\u00a0\u00a0I'm not against anyone who does good<\/em> technology.\u00a0 My critique stems from my work as\u00a0a computer scientist specializing in identity, not as\u00a0a person\u00a0playing a role in a particular company.\u00a0 In short,\u00a0Google's Street View WiFi is bad technology, and if the company persists in it,\u00a0it\u00a0will be\u00a0one of the identity catastrophes of our time.<\/p>\n

When I\u00a0figured out\u00a0the Laws of Identity and understood that Microsoft had broken them, I was just as hard on Microsoft as I am on Google today.\u00a0 In fact,\u00a0someone recently pointed out the following reference in\u00a0Wikipedia's article on Microsoft's Passport<\/a>:<\/p>\n

“A prominent critic was Kim Cameron, the author of the Laws of Identity<\/span><\/a>, who questioned Microsoft Passport in its violations of those laws. He has since become Microsoft's Chief Identity Architect and helped address those violations in the design of the Windows Live ID identity meta-system. As a consequence, Windows Live ID is not positioned as the single sign-on service for all web commerce, but as one choice of many among identity systems.”<\/p>\n

I hope this has earned me some right\u00a0to comment on\u00a0the current abuse of personal device identifiers by Google and Apple – which, if their FAQs and privacy policies represent what is actually going on,\u00a0is at least as\u00a0significant as<\/em>\u00a0the problems\u00a0I\u00a0discussed long ago with Passport.\u00a0\u00a0<\/p>\n

But back to Todd:\u00a0<\/p>\n

At any rate, as Cameron explained on his IdentityBlog over the weekend<\/span><\/a>, his epic mobile reading adventure uncovered something troubling on Page 37 of Apple's revised privacy policy, under the heading of “Collection and Use of Non-Personal Information.” Here's an excerpt from Apple's policy, Cameron's emphasis in bold.<\/p>\n

<\/p>\n

We also collect non-personal information — data in a form that does not permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose<\/strong>. The following are some examples of non-personal information that we collect and how we may use it:<\/p>\n

We may collect information such as occupation, language, zip code, area code, unique device identifier<\/strong>, location<\/strong>, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.<\/p>\n

Here's what Cameron had to say about that.<\/p>\n

Maintaining that a personal device fingerprint has \u201cno direct association with any specific individual\u201d is unbelievably specious in 2010 — and even more ludicrous than it used to be now that Google and others have collected the information to build giant centralized databases linking phone MAC addresses to house addresses. And — big surprise — my iPhone, at least, came bundled with Google\u2019s location service.<\/p>\n

The irony here is a bit fantastic. I was, after all, using an \u201ciPhone\u201d. I assume Apple\u2019s lawyers are aware there is an ‘I’ in the word \u201ciPhone\u201d. We\u2019re not talking here about a piece of shared communal property that might be picked up by anyone in the village. An iPhone is carried around by its owner. If a link is established between the owner\u2019s natural identity and the device (as Google\u2019s databases have done), its \u201cunique device identifier\u201d becomes a digital fingerprint for the person using it.<\/p>\n

MAC in this context refers to Media Access Control addresses associated with specific devices, one type of data that Google has acknowledged collecting<\/span><\/a>. However, in a response to an Atlantic magazine piece<\/span><\/a> that quoted an earlier Cameron blog post<\/span><\/a>, Google says that it hasn't gone as far Cameron is suggesting. The company says it has collected only the MAC addresses of WiFi routers, not of laptops or phones.<\/p>\n

The distinction is important because it speaks to how far the companies could go in linking together a specific device with a specific person in a particular location.<\/p>\n

Google's FAQ<\/span><\/a>, for the record, says its location-based services (such as Google Maps for Mobile) figure out the location of a device when that device “sends a request to the Google location server with a list of MAC addresses which are currently visible to the device” — not distinguishing between MAC addresses from phones or computers and those from wireless routers.<\/p>\n

Here's what Cameron said when I asked about that topic via email.<\/p>\n

I have suggested that the author ask Google if it will therefore correct its FAQ, since the portion of the FAQ on \u201chow the system works\u201d continues to say it behaves in the way I described. If Google does correct its FAQ then it will be likely that data protection authorities ask Google to demonstrate that its shipped software behaving in the way described in the correction.<\/p>\n

I would of course feel better about things if Google\u2019s FAQ is changed to say something like, \u201cThe user\u2019s device sends a request to the Google location server with <\/span><\/em>the list of MAC addresses found in Beacon Frames announcing a Network Access Point SSID and excluding the addresses of end user devices.\u201d<\/p>\n

However, I would still worry that the commercially irresistible feature of tracking end user devices could be turned on at any second by Google or others. Is that to be prevented? If so, how?<\/p>\n

So a statement from Google that its FAQ was incorrect would be good news – and I would welcome it – but not the end of the problem for the industry as a whole.<\/p>\n

The privacy statement for Microsoft's Location Finder service<\/span><\/a>, for the record, is more specific in saying that the service uses MAC addresses from wireless access points, making no reference to those from individual devices.<\/p>\n

In any event, the basic question about Apple is whether its new privacy policy is ultimately correct in saying that the company is only collecting “data in a form that does not permit direct association with any specific individual” — if that data includes such information as the phone's unique device identifier and location.<\/p>\n

Cameron isn't the only one raising questions.<\/p>\n

The Consumerist blog picked up on this issue last week<\/span><\/a>, citing a separate portion of the revised privacy policy that says Apple and its partners and licensees “may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device.” The policy adds, “This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services.”<\/p>\n

The Consumerist called the language “creepy” and said it didn't find Apple's assurances about the lack of personal identification particularly comforting. Cameron, in a follow-up post<\/span><\/a>, agreed with that sentiment.<\/p>\n

SF Weekly<\/span><\/a> and the Hypebot music technology blog<\/span><\/a> also noted the new location-tracking language, and the fact that users must agree to the new privacy policy if they want to use the service.<\/p>\n

“Though Apple states that the data is anonymous and does not enable the personal identification of users, they are left with little choice but to agree if they want to continue buying from iTunes,” Hypebot wrote.<\/p>\n

We've left messages with Apple and Google to comment on any of this, and we'll update this post depending on the response.<\/p>\n

And for the record, there is an option to email the Apple privacy policy from the phone to a computer for reading, and it's also available here<\/span><\/a>, so you don't necessarily need to duplicate Cameron's feat by reading it all on your phone.<\/p>\n","protected":false},"excerpt":{"rendered":"

The current abuse of personal device identifiers by Google and Apple is at least as significant as the problems I discussed long ago with Passport<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[71,2,3,47,11,77],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1140"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1140"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1140\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1140"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1140"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}