Chapell & Associates

Thursday, May 31, 2007

Apple iTunes tears down the (DRM) wall, but ads a very long string

This story came from the Digital Music News. Apparently, all those shiny new DRM-free files people are downloading form iTunes still come with strings attached - invisible strings that can potentially be used to keep track of purchases who might transfer the files to third parties.

"As users began experimenting with the premium, DRM-free downloads from EMI artists on Wednesday, an interesting discovery soon surfaced. The unprotected, higher-quality files may lack digital locks-and-keys, but they contain information identifying the purchaser. Specifically, the username and related email address are embedded into the file, and it remains unclear whether the information can easily be wiped away. "

Now, I'm going to leave aside the DRM issue for a moment - although it's somewhat disengenuous for Apple to claim that they've torn down the DRM walls while leaving open the possibility of keeping tabs on file sharing.

The LARGER issue here might be the impact on User privacy. If I purchase DRM-free music on iTunes, Apple embeds my email address and User name into that file. However, they don't disclose this anywhere in their privacy statement. In fact their privacy statement vows to protect the personal information provided to them. "Apple takes precautions — including administrative, technical, and physical measures — to safeguard your personal information against loss, theft, and misuse, as well as unauthorized access, disclosure, alteration, and destruction." If I don't know that my personal information is being embedded into their files, then I don't necessarily know that by accidentally transferring that information to someone else, I may be inadvertently compromising my personal information.

Does that rise to the level of being false and deceptive? I dunno - maybe someone should as the FTC. Either way, it strikes me as bad policy. If you're Apple, and you're collecting personal information, and storing it in a place where consumers are not likely to know its being stored, you have a responsibility tell consumers so they can take appropriate safeguards.

Otherwise, you're just being sneaky...

posted by Alan on Thursday, May 31, 2007

© 2005 by Alan Chapell & Associates LLC