{"id":1141,"date":"2010-07-02T17:31:16","date_gmt":"2010-07-03T01:31:16","guid":{"rendered":"\/?p=1141"},"modified":"2010-07-02T17:47:50","modified_gmt":"2010-07-03T01:47:50","slug":"update-to-itunes-comes-with-privacy-fibs","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1141","title":{"rendered":"Update to iTunes comes with privacy fibs"},"content":{"rendered":"<p>A few days ago I reported that from now on, to get into\u00a0the iPhone App store you\u00a0must allow <a href=\"\/?p=1136\">Apple\u00a0to\u00a0share\u00a0your\u00a0phone or\u00a0tablet\u00a0device fingerprints and detailed, dynamic location information\u00a0with anyone it pleases.<\/a>\u00a0\u00a0No chance to vet the purposes for which\u00a0your location data is being\u00a0used.\u00a0 No way to know who it is going to.\u00a0<\/p>\n<p>As incredible as it sounds in 2010, no user control.\u00a0 Not even \u00a0transparency.\u00a0 Just one thing is for sure.\u00a0 If privacy isn&#39;t dead,\u00a0Apple is now amongst those\u00a0trying to bury it alive.<\/p>\n<p>Then today,\u00a0just when I thought Apple had gone as far\u00a0as it\u00a0could go in this particular direction,\u00a0a new version of iTunes\u00a0wanted to install itself on my\u00a0laptop.\u00a0 What do you know?\u00a0 It had a new privacy policy too&#8230;\u00a0<\/p>\n<p>The\u00a0new iTunes policy\u00a0was snappier than the iPhone policy &#8211; it came to the point &#8211; sort of &#8211; in the 5th paragraph rather than the 37th page!<\/p>\n<p style=\"padding-left: 30px;\">5. iTunes Store and other Services.\u00a0 This software enables access to Apple&#39;s iTunes Store which offers downloads of music for sale and other services (collectively and individually, &#8220;Services&#8221;). Use of the Services requires Internet access and use of certain Services requires you to accept additional terms of service which will be presented to you before you can use such Services.<\/p>\n<p style=\"padding-left: 30px;\"><em>By using this software in connection with an iTunes Store account, you agree to the latest iTunes Store Terms of Service, which you may access and review from the home page of the iTunes Store.<\/em><\/p>\n<p>I shuddered.\u00a0 Mind bend!\u00a0\u00a0A level of indirection in a privacy policy!\u00a0<\/p>\n<p>Imagine:\u00a0 &#8220;Our privacy policy is that you need to read another privacy policy.&#8221;\u00a0 This makes\u00a0it\u00a0much\u00a0more likely that people will figure out what they&#39;re getting into, don&#39;t you think?\u00a0\u00a0Besides,\u00a0it is a <em>really<\/em> <em>novel <\/em>application of the\u00a0proposition that all problems of computer science can be solved through a level of indirection!\u00a0 Bravo!<\/p>\n<p><img loading=\"lazy\" class=\"alignright\" style=\"float: right;\" src=\"\/wp-content\/images\/2010\/06\/iPhone37.gif\" alt=\"\" width=\"253\" height=\"74\" \/>But\u00a0then &#8211; the coup de grace.\u00a0 The privacy policy to which\u00a0Apple\u00a0redirects you is&#8230; are you ready&#8230;\u00a0the same one we came across a few days ago at the App Store!\u00a0 So once again you need to get to the equivalent of page 37 of 45 to read:<\/p>\n<p style=\"padding-left: 30px;\"><strong>Collection and Use of Non-Personal Information<\/strong><\/p>\n<p style=\"margin-left: 30px;\">We also collect non-personal information\u00a0&#8211; data in a form that does not permit direct association with any specific individual. <strong>We may collect, use, transfer, and disclose non-personal information for any purpose<\/strong>. The following are some examples of non-personal information that we collect and how we may use it:<\/p>\n<ul style=\"margin-left: 60px;\">\n<li>We may collect information such as occupation, language, zip code, area code, <strong>unique device identifier<\/strong>, <strong>location<\/strong>, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.<\/li>\n<\/ul>\n<p>The\u00a0mind bogggggles.\u00a0 What\u00a0does downloading a song have to do with giving away your location???<\/p>\n<p>Some may remember my surprise that\u00a0the Lords of\u00a0The iPhone would\u00a0call its unique\u00a0device identifier &#8211; and its location &#8211;\u00a0&#8220;non-personal data&#8221;.\u00a0\u00a0Non-personal implies there is no strong relationship\u00a0to the person who is using it.\u00a0 I wrote:<\/p>\n<p style=\"padding-left: 30px;\">The irony here is\u00a0a bit\u00a0fantastic.\u00a0 I was, after all, using an \u201ciPhone\u201d.\u00a0\u00a0\u00a0I assume Apple\u2019s lawyers are aware there is an\u00a0\u201dI\u201d in the word \u201ciPhone\u201d.\u00a0 We\u2019re not talking here about a piece of shared communal property that might be\u00a0picked up\u00a0by anyone in\u00a0the village.\u00a0\u00a0An iPhone\u00a0is carried around by its owner.\u00a0 If\u00a0a link is established between the owner\u2019s natural identity and the device (as Google\u2019s databases have done), its \u201cunique\u00a0device identifier\u201d becomes a digital fingerprint for the person using it.\u00a0<\/p>\n<p>Anybody\u00a0who thinks\u00a0about identity understands\u00a0that a &#8220;<em>personal<\/em>\u00a0device&#8221; is associated with (even an extension of) the <em>person<\/em>\u00a0who uses it.\u00a0 But most people &#8211;\u00a0including technical people &#8211; don&#39;t give these matters the slightest thought.\u00a0\u00a0<\/p>\n<p>A parade\u00a0of\u00a0tech companies have\u00a0figured out how\u00a0to\u00a0use peoples&#8217;\u00a0ignorance\u00a0about\u00a0digital identity\u00a0to\u00a0get away with practices letting them track what we do from morning\u00a0to night in the physical world.\u00a0 But of course, they <em>never<\/em> track people, they <em>only<\/em> track their personal devices!\u00a0\u00a0Those unruly devices really have a mind of their own &#8211; you definitely need\u00a0central databases\u00a0to keep tabs on where they&#39;re going.<\/p>\n<p>I was therefore really happy to read some of\u00a0\u00a0<a href=\"http:\/\/en.wikipedia.org\/wiki\/Eric_E._Schmidt\">Google CEO Eric Schmidt<\/a>\u2019s recent speech\u00a0to the <a href=\"http:\/\/asne.org\/annual_conference\/1-annualconference.aspx\" class=\"broken_link\">American Society of News Editors<\/a>.\u00a0\u00a0Talking about mobility\u00a0he made a number of statements that begin to explain the ABCs of what mobile devices are about:<\/p>\n<p style=\"padding-left: 30px;\">Google is making the Android phone, we have the Kindle, of course, and we have the iPad. Each of these form factors with the tablet represent in many ways your future\u2026.: they\u2019re personal. They\u2019re personal in a really fundamental way. They know who you are. So imagine that the next version of a news reader will not only know who you are, but it\u2019ll know what you\u2019ve read\u2026and it\u2019ll be more interactive. And it\u2019ll have more video. And it\u2019ll be more real-time. Because of this principle of \u201cnow.\u201d<\/p>\n<p>It is good to see Eric sharing\u00a0the actual truth\u00a0about personal devices with a group of key influencers.\u00a0\u00a0This stands in stark contrast to the<em> silly fibs<\/em> <em>about phones and laptops being non-personal<\/em> that are being\u00a0handed down in\u00a0the\u00a0iTunes Store, the iPhone\u00a0App Store, and\u00a0in\u00a0the &#8220;Refresher FAQ&#8221; Fantasyland\u00a0Google created in response to\u00a0its\u00a0Street View WiFi shenanigans.\u00a0<\/p>\n<p>As the personal phone evolves it will become <em>increasingly obvious<\/em>\u00a0\u00a0that groups within some of our best tech companies\u00a0have built\u00a0businesses based on\u00a0<strong>consciously crafted privacy fibs<\/strong>.\u00a0\u00a0I&#39;m amazed at the short-sightedness involved:\u00a0 folks, we&#39;re talking about a &#8220;BP moment&#8221;.\u00a0\u00a0History teaches us\u00a0that\u00a0&#8220;There is no vice that doth so cover a man with shame as to be found false and perfidious.&#8221; <small>[Francis Bacon]\u00a0<\/small> And statements that your personal device doesn&#39;t identify you and that location is not personal information are\u00a0precisely &#8220;false and perfidious.&#8221;<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As the personal phone evolves it will become increasingly obvious  that groups within some of our best tech companies have built businesses based on consciously crafted privacy fibs.<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[17,71,2,47,11,77],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1141"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1141"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1141\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1141"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1141"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1141"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}