Feeds

Apple details privacy policies for US Congressmen

Not sharing location info with carriers

The essential guide to IT transformation

Apple has sent Congress an explanation of its location-based information-gathering and privacy policies.

The 13-page letter letter from Apple's general counsel Bruce Sewell sent on July 12, in direct response to a "Dear Mr. Jobs" letter penned late last month by US Representatives Edward J. Markey and Joe Barton, co-chairs of the House Bi-Partisan Privacy Caucus.

Markey and Barton's letter, which included nine specific questions, was prompted by modifications to Apple's overall Privacy Policy, and to the Terms and Conditions with which you must agree before downloading items from the iTunes Store or App Store. Those modifications included the following:

To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

That language raised a red flag not only to Markey and Barton, but also to many an Apple customer concerned about his or her online, location, and personal-information privacy.

Sewell's letter is intended to calm those concerns. He says, among other things:

  • "...customers have always had the ability to turn 'Off' all location-based service capabilities with a single 'On/Off' toggle switch."
  • "Apple has always required express customer consent when any application requests location-based information for the first time... The customer is asked: 'Don't Allow' or 'OK.' If the customer clicks on 'Don't allow,' no location-based information will be collected or transmitted..."
  • "iOS 4 permits customers to identify individual applications that may not access location-based information, even though the global location-based service capabilities setting is toggled to 'On'... an arrow icon alerts iOS 4 users that an application is using or has recently used location-based information."
  • "When a customer's device sends Wi-Fi, cell tower, GPS or diagnostic location data to Apple it does not include any information identifying the particular device or user."
  • "Apple maintains a secure database containing information regarding known locations of cell towers and Wi-Fi access points. The information is stored in a database accessible only by Apple and does not reveal personal information about any customer."
  • "...GPS Information is batched on the device, encrypted, and transmitted to Apple over a secure Wi-Fi Internet connection (if available) every twelve hours with a random identification number that is generated by the device every twelve hours. The GPS Information cannot be associated with a particular customer or device."
  • "For customers who do not toggle location-based service capabilities to 'Off,' Apple collects information about the devices's location (latitude/longitude coordinates) when an ad request is made. This information is tranmitted securely to the Apple iAd server... The latitude/longitude coordinates are converted ... to a five-digit zip code... Apple then uses the zip code to select a relevant ad for the customer."

And in response to Markey and Barton's question: "Is Apple sharing consumer location information collected through iPhones and iPads with AT&T or other telecommunications carriers?", Sewell's answer was succinct: "No."

Markey and Barton have released statements that indicated an overall comfort with Sewell's assurances. Markey noted that: "Consumer consent is the key to assessing the adequacy of privacy protections, and Apple's responses provide examples of how consumers can grant or withhold consent in their usage of Apple products."

Barton expressed both praise and misgivings: "While I applaud Apple for responding to our questions, I remain concerned about privacy policies that run on for pages and pages."

Finally, as thorough as Sewell's answers may be — much more info can be found in the letter itself — it's important to remember that the questions Apple was responding to concerned just one type of personalization: location-based services. As The Reg reported earlier this month, Apple does have another ad-targeting trick up it sleeve: your personal iTune Store and App Store buying histories. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Déjà vu: Virgin Media jacks up broadband prices
Screw copper phone lines, we're UNIQUE, bleats telco
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
Fifteen zero days found in hacker router comp romp
Four routers rooted in SOHOpelessly Broken challenge
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
US TV stations bowl sueball directly at FCC's spectrum mega-sale
Broadcasters upset about coverage and cost as they shift up and down the dials
UK mobile coverage is BETTER than EVER, networks tell Ofcom
Regulator swallows this line and parrots it back out at us. What are they playing at?
What's the nature of your emergency, Vodafone?
Oh, you've dialled the wrong number for ad fibs, rules ASA
EE network whacked by 'PDP authentication failure' blunder
Carrier is 'aware' of cockup, working on a fix NOW
ROAD TRIP! An FCC road trip – Leahy demands net neutrality debate across US
You crashed watchdog's site, now time to crash its ears
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?