Feeds

Apple details privacy policies for US Congressmen

Not sharing location info with carriers

Providing a secure and efficient Helpdesk

Apple has sent Congress an explanation of its location-based information-gathering and privacy policies.

The 13-page letter letter from Apple's general counsel Bruce Sewell sent on July 12, in direct response to a "Dear Mr. Jobs" letter penned late last month by US Representatives Edward J. Markey and Joe Barton, co-chairs of the House Bi-Partisan Privacy Caucus.

Markey and Barton's letter, which included nine specific questions, was prompted by modifications to Apple's overall Privacy Policy, and to the Terms and Conditions with which you must agree before downloading items from the iTunes Store or App Store. Those modifications included the following:

To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

That language raised a red flag not only to Markey and Barton, but also to many an Apple customer concerned about his or her online, location, and personal-information privacy.

Sewell's letter is intended to calm those concerns. He says, among other things:

  • "...customers have always had the ability to turn 'Off' all location-based service capabilities with a single 'On/Off' toggle switch."
  • "Apple has always required express customer consent when any application requests location-based information for the first time... The customer is asked: 'Don't Allow' or 'OK.' If the customer clicks on 'Don't allow,' no location-based information will be collected or transmitted..."
  • "iOS 4 permits customers to identify individual applications that may not access location-based information, even though the global location-based service capabilities setting is toggled to 'On'... an arrow icon alerts iOS 4 users that an application is using or has recently used location-based information."
  • "When a customer's device sends Wi-Fi, cell tower, GPS or diagnostic location data to Apple it does not include any information identifying the particular device or user."
  • "Apple maintains a secure database containing information regarding known locations of cell towers and Wi-Fi access points. The information is stored in a database accessible only by Apple and does not reveal personal information about any customer."
  • "...GPS Information is batched on the device, encrypted, and transmitted to Apple over a secure Wi-Fi Internet connection (if available) every twelve hours with a random identification number that is generated by the device every twelve hours. The GPS Information cannot be associated with a particular customer or device."
  • "For customers who do not toggle location-based service capabilities to 'Off,' Apple collects information about the devices's location (latitude/longitude coordinates) when an ad request is made. This information is tranmitted securely to the Apple iAd server... The latitude/longitude coordinates are converted ... to a five-digit zip code... Apple then uses the zip code to select a relevant ad for the customer."

And in response to Markey and Barton's question: "Is Apple sharing consumer location information collected through iPhones and iPads with AT&T or other telecommunications carriers?", Sewell's answer was succinct: "No."

Markey and Barton have released statements that indicated an overall comfort with Sewell's assurances. Markey noted that: "Consumer consent is the key to assessing the adequacy of privacy protections, and Apple's responses provide examples of how consumers can grant or withhold consent in their usage of Apple products."

Barton expressed both praise and misgivings: "While I applaud Apple for responding to our questions, I remain concerned about privacy policies that run on for pages and pages."

Finally, as thorough as Sewell's answers may be — much more info can be found in the letter itself — it's important to remember that the questions Apple was responding to concerned just one type of personalization: location-based services. As The Reg reported earlier this month, Apple does have another ad-targeting trick up it sleeve: your personal iTune Store and App Store buying histories. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.