Chapell & Associates

Friday, January 13, 2006

Apple's iTunes Raises Privacy Concerns

CNET News.com - January 12, 2006
A new version of Apple Computer's popular iTunes software, released Tuesday, is drawing barbs from privacy advocates for sending information about computer users' playlists back to Apple. The new music software includes a "MiniStore" window, which provides recommended links to Apple's music download service when a listener actively clicks on a song in their personal playlist, including songs that haven't been purchased from the iTunes store. To provide those recommendations, the software sends information about the selected song, such as artist, title and genre, back to Apple. But the software also transmits a string of data that is linked to a computer user's unique iTunes account ID, computer experts have found.

The Chapell View
Creating "recommendations" isn't that unusual - in fact, a lot of online advertising is built around the idea of making ads relevant enough to be considered something akin to this. With the new version of iTunes, it's not the MiniStore itself that's being objected to; Apple's error, according to Kirk McElhearn, for example (who was quoted by CNET and has documented iTunes' practice), was to collect an account ID number along with song and artist information.

The worry is that this ID number, linked to a users' iTunes music store account, could be used to combine personally identifiable information (email address, credit card number) stored by the store with the non-personally identifiable data from the iTunes software (songs listened to, et cetera). There's generally an objection when PII might be combined with non-PII, and it's not entirely clear why Apple would need to link listening habits to a particular iTunes user or purchasing history. We might think the complaints to have some ground, if only because data is being collected without any necessary application.

That being said, I was thinking about this for a moment, and started to wonder: doesn't Amazon do exactly the same thing? When I log into Amazon.com, I get a list of "recommendations" based on the books I've bought and the books I'm currently viewing. Now, Amazon also knows my email address, credit card number and purchasing history. Assuming that there's no possible connection between the two, the complaint against iTunes doesn't apply. But to get these recommendations, I have to log into Amazon - meaning that the website now knows me as a particular user (i.e., probably gives me a specific account number). In fact, my purchase history from my user account is used, in part, to provide me with recommendations. This seems pretty close to the objections leveled against iTunes.

The real difference between the two seems to be that when I visit Amazon, it's very clear that my purchase history is relevant to the suggestions I see. On iTunes, this isn't explained, and there's no particular reason to believe that it would be necessary. Just as importantly, neither the new version of iTunes or the Apple website provides a full disclosure or explanation of the transferred information.

We've been working for some time to ensure that consumers fully understand the "essence of the bargain" prior to downloading software. Certain software functions are important enough to this bargain that they need be prominently displayed to consumers - and I would argue that what Apple is doing falls somewhere in that category.
posted by Isaac on Friday, January 13, 2006

© 2005 by Alan Chapell & Associates LLC