Apple Tells Congressmen It Batches, Encrypts Location Data
Apple said its iPhone, iPad and Mac computers collect location information, but do so anonymously in batches and encrypt it before sending the data over a WiFi connection from the devices to Apple's servers every 12 hours.
The normally super-secretive company shed light on its data collection practices for location-based services in a July 12 letter, responding to a list of questions from U.S. Reps. Edward J. Markey (D-Mass.) and Joe L. Barton (R-Texas).
The Congressmen June 24 sent Apple a letter demanding to know about the company's practice of collecting, storing and sharing the location of users' mobile devices.
Apple, which will not let users download any applications from the iTunes store without agreeing to the new terms and conditions, shares location data with application providers when consumers opt in to providers' location services.
"To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services."
That policy change spurred concern among Congressmen Barton and Markey, who sent Apple a list of nine questions about this practice, which is becoming more pronounced among providers of Web services.
Bruce Sewell, general counsel and senior vice president of legal and government affairs for Apple, pointed out that Apple, like Google and other companies providing location-based services, uses cell tower and WiFi information to collect data from users' iPhone, iPad and Mac computers.
Apple offers location-based services on the iPhone 3G, iPhone 3GS, iphone 4, iPad WiFi/3G and on older iPhones, iPad WiFi iPod touch and Macs running Snow Leopard, and Windows or Macs running the Safari 5 Web browser, albeit to a more limited extent.
However, this only happens when users have toggled their device to turn the services on and only when the user runs an application requiring location information.
At that point the device "intermittently and anonymously collects cell tower and WiFi access point information from the access points it can see, along with the device's GPS coordinates if available."
Web services that leverage location such as Google Latitude, Google Buzz, Twitter Foursquare and Gowalla are becoming increasingly popular among users. Google, Yahoo and Bing are negotiating with Foursquare to use its location-based check-in data in their core search results.
The Congressmen nodded to this fact and appreciated Apple's detailed response.
"As more Americans rely on location-based services as part of their everyday lives, it is imperative that consumers have control over how their personal information is used, transmitted and stored," Markey wrote.
"Apple's responses provided additional information about how it uses location data and the ability of consumers to exercise control over a variety of features on Apple's products, and I appreciate the company's response."
He added that he was satisfied that Apple adequately lets users grant or withhold consent in their usage of Apple products, adding that consumer consent is the key to assessing the adequacy of privacy protections.
Barton chimed in:
"Our personal information has moved from our wallets and home filing cabinets, to the file cabinets of data brokers and online files of behavioral advertisers and now, directly to the Internet cloud from our mobile devices. Consumers must be made aware of this collection and they must consent to giving it up."
Barton did admonish Apple for writing privacy policies "that run on for pages and pages," which most people won't bother to read.