This article is more than 1 year old

Apple details privacy policies for US Congressmen

Not sharing location info with carriers

Apple has sent Congress an explanation of its location-based information-gathering and privacy policies.

The 13-page letter letter from Apple's general counsel Bruce Sewell sent on July 12, in direct response to a "Dear Mr. Jobs" letter penned late last month by US Representatives Edward J. Markey and Joe Barton, co-chairs of the House Bi-Partisan Privacy Caucus.

Markey and Barton's letter, which included nine specific questions, was prompted by modifications to Apple's overall Privacy Policy, and to the Terms and Conditions with which you must agree before downloading items from the iTunes Store or App Store. Those modifications included the following:

To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

That language raised a red flag not only to Markey and Barton, but also to many an Apple customer concerned about his or her online, location, and personal-information privacy.

Sewell's letter is intended to calm those concerns. He says, among other things:

  • "...customers have always had the ability to turn 'Off' all location-based service capabilities with a single 'On/Off' toggle switch."
  • "Apple has always required express customer consent when any application requests location-based information for the first time... The customer is asked: 'Don't Allow' or 'OK.' If the customer clicks on 'Don't allow,' no location-based information will be collected or transmitted..."
  • "iOS 4 permits customers to identify individual applications that may not access location-based information, even though the global location-based service capabilities setting is toggled to 'On'... an arrow icon alerts iOS 4 users that an application is using or has recently used location-based information."
  • "When a customer's device sends Wi-Fi, cell tower, GPS or diagnostic location data to Apple it does not include any information identifying the particular device or user."
  • "Apple maintains a secure database containing information regarding known locations of cell towers and Wi-Fi access points. The information is stored in a database accessible only by Apple and does not reveal personal information about any customer."
  • "...GPS Information is batched on the device, encrypted, and transmitted to Apple over a secure Wi-Fi Internet connection (if available) every twelve hours with a random identification number that is generated by the device every twelve hours. The GPS Information cannot be associated with a particular customer or device."
  • "For customers who do not toggle location-based service capabilities to 'Off,' Apple collects information about the devices's location (latitude/longitude coordinates) when an ad request is made. This information is tranmitted securely to the Apple iAd server... The latitude/longitude coordinates are converted ... to a five-digit zip code... Apple then uses the zip code to select a relevant ad for the customer."

And in response to Markey and Barton's question: "Is Apple sharing consumer location information collected through iPhones and iPads with AT&T or other telecommunications carriers?", Sewell's answer was succinct: "No."

Markey and Barton have released statements that indicated an overall comfort with Sewell's assurances. Markey noted that: "Consumer consent is the key to assessing the adequacy of privacy protections, and Apple's responses provide examples of how consumers can grant or withhold consent in their usage of Apple products."

Barton expressed both praise and misgivings: "While I applaud Apple for responding to our questions, I remain concerned about privacy policies that run on for pages and pages."

Finally, as thorough as Sewell's answers may be — much more info can be found in the letter itself — it's important to remember that the questions Apple was responding to concerned just one type of personalization: location-based services. As The Reg reported earlier this month, Apple does have another ad-targeting trick up it sleeve: your personal iTune Store and App Store buying histories. ®

More about

TIP US OFF

Send us news


Other stories you might like