Feeds

Apple details privacy policies for US Congressmen

Not sharing location info with carriers

High performance access to file storage

Apple has sent Congress an explanation of its location-based information-gathering and privacy policies.

The 13-page letter letter from Apple's general counsel Bruce Sewell sent on July 12, in direct response to a "Dear Mr. Jobs" letter penned late last month by US Representatives Edward J. Markey and Joe Barton, co-chairs of the House Bi-Partisan Privacy Caucus.

Markey and Barton's letter, which included nine specific questions, was prompted by modifications to Apple's overall Privacy Policy, and to the Terms and Conditions with which you must agree before downloading items from the iTunes Store or App Store. Those modifications included the following:

To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

That language raised a red flag not only to Markey and Barton, but also to many an Apple customer concerned about his or her online, location, and personal-information privacy.

Sewell's letter is intended to calm those concerns. He says, among other things:

  • "...customers have always had the ability to turn 'Off' all location-based service capabilities with a single 'On/Off' toggle switch."
  • "Apple has always required express customer consent when any application requests location-based information for the first time... The customer is asked: 'Don't Allow' or 'OK.' If the customer clicks on 'Don't allow,' no location-based information will be collected or transmitted..."
  • "iOS 4 permits customers to identify individual applications that may not access location-based information, even though the global location-based service capabilities setting is toggled to 'On'... an arrow icon alerts iOS 4 users that an application is using or has recently used location-based information."
  • "When a customer's device sends Wi-Fi, cell tower, GPS or diagnostic location data to Apple it does not include any information identifying the particular device or user."
  • "Apple maintains a secure database containing information regarding known locations of cell towers and Wi-Fi access points. The information is stored in a database accessible only by Apple and does not reveal personal information about any customer."
  • "...GPS Information is batched on the device, encrypted, and transmitted to Apple over a secure Wi-Fi Internet connection (if available) every twelve hours with a random identification number that is generated by the device every twelve hours. The GPS Information cannot be associated with a particular customer or device."
  • "For customers who do not toggle location-based service capabilities to 'Off,' Apple collects information about the devices's location (latitude/longitude coordinates) when an ad request is made. This information is tranmitted securely to the Apple iAd server... The latitude/longitude coordinates are converted ... to a five-digit zip code... Apple then uses the zip code to select a relevant ad for the customer."

And in response to Markey and Barton's question: "Is Apple sharing consumer location information collected through iPhones and iPads with AT&T or other telecommunications carriers?", Sewell's answer was succinct: "No."

Markey and Barton have released statements that indicated an overall comfort with Sewell's assurances. Markey noted that: "Consumer consent is the key to assessing the adequacy of privacy protections, and Apple's responses provide examples of how consumers can grant or withhold consent in their usage of Apple products."

Barton expressed both praise and misgivings: "While I applaud Apple for responding to our questions, I remain concerned about privacy policies that run on for pages and pages."

Finally, as thorough as Sewell's answers may be — much more info can be found in the letter itself — it's important to remember that the questions Apple was responding to concerned just one type of personalization: location-based services. As The Reg reported earlier this month, Apple does have another ad-targeting trick up it sleeve: your personal iTune Store and App Store buying histories. ®

High performance access to file storage

More from The Register

next story
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
Broadband Secretary of SHEEP sensationally quits Cabinet
Maria Miller finally resigns over expenses row
Skype pimps pro-level broadcast service
Playing Cat and Mouse with the media
Beat it, freetards! Dyn to shut down no-cost dynamic DNS next month
... but don't worry, charter members, you're still in 'for life'
EE dismisses DATA-BURNING glitch with Orange Mail app
Bug quietly slurps PAYG credit - yet EE denies it exists
Like Google, Comcast might roll its own mobile voice network
Says anything's possible if regulators approve merger with Time Warner
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.