I’ll admit to having let my guard down a bit on the privacy front. While I was initially concerned by things like the indexing of Gmail e-mails and putting personal information like my schedule on the web, I’ve since seen that it has some value. Yet, cases like Facebook’s privacy control changes and Apple’s collection of GPS data send me back to skepticism. Why? Because the changes have been made without the consent of users–or more importantly, before the company has earned the trust of their users.
Apple has recently replied to a congressional question about the GPS data collection:
In a 13-page reply to questions posed by Representative Ed Markey from Massachusetts and Congressman Joe Barton from Texas, Apple said it collects GPS data daily from iPhones running OS 3.2 or iOS 4. The phones collect the GPS data and encrypt it before sending it back to Apple every 12 hours via Wi-Fi. Attached to the GPS data is a random identification number generated by the phone every 24 hours. The information is not associated with a particular customer, Apple said. (via Apple lays out location collection policies | ITworld.)
I find Apple’s explanation unconvincing. While the data may be collected in aggregate, there is no way for the customer to opt out. iPhone owners are under contract with AT&T that imposes a heavy termination fee. iPhone owners using older versions of iOS are forced to upgrade their phones to the latest version if they ever need to restore their phone or bring it the store. Thus, Apple has used their position to gather this valulable data on the millions of iPhone owners without their consent or the ability to opt out.
According to the article congressman Markey was pleased with the response, while congressman Barton was less than convinced. I hope they continue to press Apple on this important issue.