Apple’s entrance into the mobile advertising marketplace was born with their announcement of iAd. Alongside iAd comes persistent locational surveillance of Apple’s customers for the advantage of advertisers and Apple. The company’s advertising platform is controversial because Apple gives it a privileged position in their operating system, iOS4, and because the platform can draw on an iPhone’s locational awareness (using the phone’s GPS functionality) to deliver up targeted ads.

In this post I’m going to first give a brief background on iAd and some of the broader issues surrounding Apple’s deployment of their advertising platform. From there, I want to recap what Steve Jobs stated in a recent interview at the All Things Digital 8 concerning how Apple approaches locational surveillance through their mobile devices and then launch into an analysis of Apple’s recently changed terms of service for iOS4 devices as it relates to collecting, sharing, and retaining records on an iPhone’s geographic location. I’ll finish by noting that Apple may have inadvertently gotten itself into serious trouble as a result of its heavy-handed control of the iAd environment combined with modifying the privacy-related elements of their terms of service: Apple seems to have awoken the German data protection authorities. Hopefully the Germans can bring some transparency to a company regularly cloaked in secrecy.

Apple launched the iAd beta earlier this year and integrates the advertising platform into their mobile environment such that ads are seen within applications, and clicking on ads avoids taking individuals out of the particular applications that the customers are using. iAds can access core iOS4 functionality, including locational information, and can be coded using HTML 5 to provide rich advertising experiences. iAd was only made possible following Apple’s January acquisition of Quattro, a mobile advertising agency. Quattro was purchased after Apple was previously foiled in acquiring AdMob by Google last year (with the FTC recently citing iAd as a contributing reason why the Google transaction was permitted to go through). Ostensibly, the rich advertising from iAds is intended to help developers produce cheap and free applications for Apple’s mobile devices while retaining a long-term, ad-based, revenue stream. Arguably, with Apple taking a 40% cut of all advertising revenue and limiting access to the largest rich-media mobile platform in the world, advertising makes sense for their own bottom line and its just nice that they can ‘help’ developers along the way…

Regardless of the larger economic strategies Apple is involved in, what is key for our purposes is that the iAd system and its partners can utilize the smartphone’s locational awareness to deliver more customized applications. In the pre-iOS4 days, whenever an application wanted to access the GPS or wifi locational APIs users were presented with a very large warning offering notification that the application was trying to use the GPS/wifi. You had the option of touching OK or cancelling the request to the API. It was, as far as I was concerned, one of the best privacy-protective features of the phone.

Steve Jobs, in his most recent appearance at the All Things Digital conference, was asked by Walt Mossberg and Kara Swisher whether or not privacy was looked at differently in Silicon than in the rest of the world. Jobs responded,

We’ve always had a very different view of privacy than some of our colleagues in the Valley. We take privacy extremely seriously. That’s one of the reasons we have the curated apps store. We have rejected a lot of apps that want to take a lot of your personal data and suck it up into the cloud. Privacy means people know what they’re signing up for. In plain English, and repeatedly, that’s what it means. Ask them. Ask them every time. Make them tell you to stop asking if they get tired of your asking them. Let them know precisely what you’re going to do with their data.

Quite bluntly, this was a stellar response and were it being actualized in Apple’s present business practices it would cause the company to be one of the shining stars amongst technology companies looking to secure their customers’ privacy. Unfortunately, with the release of the iOS4 and iAd Apple seems to have significantly departed from the statements made by Jobs just a few weeks earlier. In order to install the most recent version of the mobile operating system on Apple’s devices, users must agree to a 45 page terms of service agreement. Buried within the agreement is the following:

To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

While the data is claimed to be ‘anonymous’ one has to ask: how anonymous is a data stream that identifies where a person is regularly browsing the web to be served ads to late at night, in a residential area? I have extreme doubts that it’s going to be particularly challenging to link up geographic information with actual residences, and by extension names of people that can be presumed to be using the phone.

As noted by Daily Tech, while customers can prevent third-parties from collecting locational information there isn’t a similar way of preventing Apple itself from collecting locational data. Apple does not have a clear system that users can use to prevent such data collections, nor has Apple made it clear how often they will be collecting personal information or the full range of internal uses of the information. There is not presently a process in place that would reveal this information to customers or regulators. Further, opting out of third-party surveillance entails customers learning that they are being tracked and then visiting an Apple website and choosing to opt-out using the smart device.  Significantly, “[t]his opt-out applies only to Apple advertising services and does not affect interest-based advertising from other advertising networks.” The ‘granular’ opt-out approach demonstrates that we are against dealing with the worst-practices privacy regime that is prevalent in the US, where customers must track down all of the advertisers collecting personal information and then choose to opt-out to each advertiser. Given Jobs’ earlier comments, we should expect Apple to adopt an opt-in approach to advertising if Apple were to genuinely differentiate themselves from the rest of Silicon Valley in the privacy domain.

As noted earlier, we presently have no real understandings of what exactly will be collected and delivered to third parties – anonymous data sets is unclear, and what is required is a granular depiction of what specific individuals may/will be sharing out to iAd partners and Apple itself. While we presently have no information about what is shared, how long it is retained, and the full range of uses of the data, this might be changing soon. Apple’s rising market share combined with the popular appeal of their products has made them a target for regulators, which arguably has influenced the amount of attention the company has recently received from German authorities. The German Justice Minister stated that “users of iPhones and other GPS devices must be aware of what kind of information about them is being collected.” As part of this, the Minister expects Apple to open its databases to German data protection authorities and clarify its data collection and retention policies. It is possible that the shield of secrecy usually surrounding Apply may be breached by the Germans, and we can hope that other privacy authorities around the world will similarly put pressure on Apple to increase their transparency on the collection, storage, and transference of deeply personal locational information.

It’s important to note that with the recent iOS4 updates there are no longer any notifications when either Apple or a third-party attempts to capture your location for collection and service provision purposes; instead of a clear notice of this change individuals are left to their own devices to find the new settings. If you’re not particularly savvy, or aware of the change (I wasn’t: for several days I was surprised that no location information was been collected or used by the various applications that I use), then you’d have no idea that to modify location settings individuals would have to:

  1. Open the ‘Settings’ panel;
  2. Open the ‘General’ sub-panel;
  3. Open the ‘Location Services’ sub-sub-panel;
  4. Modify what applications can access locational data discretely, or locational settings as a whole.

The problem with this new approach is that there are times when I have no issues broadcasting my location to one of these third-parties and other times that I see absolutely no reason to share this information. Without any indication of when my device is having its location data polled I’m entirely unable to know when, for example, the Google Maps application is collecting my location data. Does it do so even when I’m just seeing the distance between two locations on a continent I’m not on? Only when I’m actively trying to sync my location with a Google Map? The same issue – a binary ‘locational tracking is on or off’ option – pervades the entire iOS4. Previously individuals were actually given control over what third-parties could gain access to locational data. The degree of this control, and by extension the ability of individuals to limit the transmission of personal information to third parties, has significantly degraded.

Further, we are forced to ask: has Apple always collected some location data without asking the user’s permission (and just noted this behaviour as happening in their Service Agreement as of now) or is this genuinely a novel practice? Should companies be permitted to massively reshape how they deal with private information, moving from what visually appears as a terrific opt-in system to a woefully inadequate opt-out system, without very clearly communicating the restructuring of company privacy principles and legal extensions of those principles? Burying changes in a 45 page service agreement, and several layers into the operating systems settings, does not constitute such a clear communication.

Advertisers have long-opted for incredibly poor modes of alerting customers of data collection, sharing, and usage. Steve Jobs, and by extension Apple, had previously asserted a set of privacy principles intended to set them ahead of their peers – Apple was to be the guardian of privacy by advocating opt-in privacy practices. Unfortunately, it seems that the hint of advertising dollars has led Apple to cast aside privacy principles in the hopes of making a quick buck at the expense of citizens’ privacy. While not necessarily surprising or even disappointing (Apple is, after all, a publicly traded company that is purely motivated to return profits to their shareholders) the high-profile company’s bait and switch on its privacy principles will hopefully attract regulatory attention and establish more ‘guidance’ so that other companies are less willing to sell out customers on behalf of the balance sheet.

BACKDATE:

It would seem that the co-chairmen of the House Bi-Partisan Privacy Caucus sent a letter to Steve Jobs on June 24th to address Apple’s new locational sharing policies. The letter included the following questions:

  1. Which specific Apple products are being used by Apple to collect geographic location data?
  2. When did Apple begin collecting this location data, and how often is data collected from a given consumer?
  3. Does Apple collect this location data from all consumers using Apple products? If the answer is no, please explain which consumers Apple is collecting information from and the reasons that these consumers were chosen for monitoring.
  4. How many consumers are subject to this collection of location data?
  5. What internal procedures are in place to ensure that any location data is stored “anonymously in a form that does not personally identify” individual consumers? Please explain in detail why Apple decided to begin collecting location data at this time, and how it intends to use the data.
  6. Is Apple sharing consumer location information collected through iPhones and iPads with AT&T or other telecommunications carriers?
  7. Who are the unspecified “partners and licensees” with which Apple shares this location data, and what are the terms and conditions of such information sharing?
  8. How does this comply with the requirements of Section 222 of the Communications Act, which mandates that no consumer location information be shared without the explicit prior consent of the consumer?
  9. Does Apple believe that legal boilerplate in a general information policy, which the consumer must agree to in order to download applications or updates, is fully consistent with the intent of Section 222, and sufficient to inform the consumer that the consumer’s location may be disclosed to other parties?
  10. Has Apple or its legal counsel conducted an analysis of this issue? If yes, please provide a copy. If not, why not?

Apple has until July 12 to reply.