Tribble recapped much of what his company revealed in late April, when Apple issued a public statement on the Location Services feature of the iOS mobile operating system, which powers the iPhone and iPad. The Apple executive stated clearly that his company does not track users' locations, and does not share personally identifiable information with third parties for marketing purposes without a user's consent.
"Apple is strongly committed to giving our customers clear and transparent notice, choice and control over their information, and we believe our products do so in a simple and elegant way," Tribble said Tuesday in his remarks before the Judiciary Subcommittee on Privacy, Technology and the Law.
The hearing, held Tuesday morning, was entitled "Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy." Its existence was sponsored in part by concern over a location database file that was stored on users' iPhones and 3G connected iPads.
"Apple was never tracking an individual's location from the information residing in that cache," the Apple executive said. He added that Apple did not have access to the cache, and the information was also protected from other applications on a user's phone.
Tribble noted that Apple has a comprehensive privacy policy that is available from a link on every page of Apple's website. He also said that Apple devices, like the iPhone, do not transmit to Apple any data that can be uniquely associated with the device or that customer.
He explained that Apple has a crowd-sourced collection of cell phone towers and Wi-Fi hotspots that aid in allowing users' iPhones to assess their location quickly, before a GPS signal can be obtained.
Sen. Al Franken, D-Minn., asked how Apple is using the data to help handsets assess a user's location more accurately, and yet Apple Chief Executive Steve Jobs has said that the data collected is not the person's actual location. Jobs said in interviews with the press that the cell tower and Wi-Fi hotspot location data could represent points that were up to 100 miles away, but Franken said he believes the fact that the data is used for location services makes Jobs' statements seem contradictory.
Franken, who is chairman of the Judiciary Subcommittee, also asked if both Apple and Google would require application developers to commit to a fixed privacy policy in their respective mobile application stores. Tribble said that Apple's current developer agreement does not currently require a privacy policy, and said that the addition of a policy likely wouldn't go far enough.
Tribble said he believes that indicators need to be put in the user interface to make it clear to users what is being done with their information. He noted that when an application is using location data in Apple's iOS, a purple icon appears in the upper right of the screen so that users are aware.
"Transparency here goes beyond just what's in the privacy policy," Tribble said. "It's designing into the app and the system itself information for the user."
Tribble also told members of the committee that Apple takes pride in responding promptly to issues. He acknowledged that the location services data was stored for too long in the iOS software, and Apple addressed the bug last week with the release of iOS 4.3.3.
The Apple executive also detailed how his company conducts random audits on applications to make sure they're playing by the rules. He admitted that Apple does not audit every single one of its 350,000 iPhone applications, just like it would be impossible for the federal government to audit every single taxpayer.
Apple also keeps an eye on blogs and its "active community" of application users for potential violations. If a violation is discovered and the issue cannot be resolved, applications will be removed within 24 hours and the developer will be notified.
In most cases, Tribble said, developers quickly correct the issue, as they want to keep their application available in the App Store.
Last week, it was revealed that Tribble would take part as a witness in Tuesday's congressional hearing. Tribble served as the manager of Apple's original Macintosh software development team, and helped design the original Mac OS and user interface. He also joined Apple Chief Executive Steve Jobs as one of the founders of NeXT, and rejoined Apple and Jobs in 2002.
Tribble was part of the second panel that appeared in Tuesday's hearing, and was joined by Alan Davidson, Google's director of public policy for the Americas. Davidson was grilled on Google's past controversial collection of Wi-Fi hotspot data with its "Street View" vans that capture imagery for the Google Maps service.
Sen. Richard Blumenthal, D-Conn., asked Davidson about patents that Google has applied for that mention the collection of Wi-Fi data for building more robust mapping services. Davidson restated his company's stance that the Street View Wi-Fi data collection was unintentional and was not done to improve its Maps product.
"It was a mistake, and we certainly never intended to collect payload information," Davidson said.
Update: Following Tuesday's hearing, Google also issued a statement in response to Blumenthal's question: "The technology in that patent has nothing to do with the collection and storage of payload data and is entirely unrelated to the software code used to collect Wi-Fi information with Street View cars," a Google spokesman said.
Davidson, in the hearing, also said that unlike Apple, Google does not actively comb applications that are available for its Android operating system once they are available on the marketplace. He said that the open source nature of Android means the search giant would prefer to take a hands-off approach.
To protect users, Davidson said that they are prompted with a list of features, including location services, that software downloaded from the Android Market might use. Users are given that information when they install new software on their Android-powered device.
Other members of the second panel were Justin Brookman, director for project on consumer privacy at the Center for Democracy and Technology; Ashkan Soltani, independent researcher and consultant; and Jonathan Zuck, president of the Association for Competitive Technology.
The first panel in Tuesday's hearing included Jason Weinstein, deputy assistant attorney general of the Criminal Division at the U.S. Department of Justice, and Jessica Rich, deputy director for the Bureau of Consumer protection at the Federal Trade Commission. Franken asked Rich if Apple was "deceptive" by stating in its iPhone user agreement that turning off Location Services would stop the collection of data even though, until last week's release of iOS 4.3.3, that was not the case.
Rich declined to comment on one company, or Apple's particular situation. However, she did add: "If a statement is made by a company that is false, it is a deceptive practice."
Tribble noted that last week's release of iOS 4.3.3 made it so switching off the Location Services feature on an iPhone would delete the database file and cease collection of information about nearby Wi-Fi hotspots and cell towers. He also said that in the next major release of iOS, location information would be encrypted on iOS devices.
19 Comments
Like it or not, you can kiss drunk trap apps good-bye as a result of this hearing.
IMHO, good riddance. I love the fact that Schumer et al are calling out the red herring that the police publish drunk test points themselves.
They publish SOME such points, and frequently that's only to funnel dodgers into the actual drunk test point.
Ok, so location data was stored on the phone for longer than expected unencrypted. Apple nor apps use that data and how many people could use that data against you or for profit? Honestly! Can they ask the telcos about text message rates now?
Ok, so location data was stored on the phone for longer than expected unencrypted. Apple nor apps use that data and how many people could use that data against you or for profit? Honestly! Can they ask the telcos about text message rates now?
One battle at a time.
Frankly, I was impressed with the hearing, having listened to the entire thing.
The location db issue actually wasn't nearly as much the focus as were general privacy issues, and its obvious that this is a jumping off point for more serious (and needed) privacy legislation.
Franken shined a light on an issue that most smart phone users don't pay attention to, which is the degree to which private data on their phones is shared without their knowledge or consent with 3rd parties. I'm all for serious daylight and control on that issue.
There were of course moments of dumb questions, but this was not a tech forum. The audience was the average user who is really treading in dangerous waters with their personal information, and need to have good oversight on their side.
One battle at a time.
Frankly, I was impressed with the hearing, having listened to the entire thing.
The location db issue actually wasn't nearly as much the focus as were general privacy issues, and its obvious that this is a jumping off point for more serious (and needed) privacy legislation.
Franken shined a light on an issue that most smart phone users don't pay attention to, which is the degree to which private data on their phones is shared without their knowledge or consent with 3rd parties. I'm all for serious daylight and control on that issue.
There were of course moments of dumb questions, but this was not a tech forum. The audience was the average user who is really treading in dangerous waters with their personal information, and need to have good oversight on their side.
Well said GQB
One battle at a time.
Frankly, I was impressed with the hearing, having listened to the entire thing.
The location db issue actually wasn't nearly as much the focus as were general privacy issues, and its obvious that this is a jumping off point for more serious (and needed) privacy legislation.
Franken shined a light on an issue that most smart phone users don't pay attention to, which is the degree to which private data on their phones is shared without their knowledge or consent with 3rd parties. I'm all for serious daylight and control on that issue.
There were of course moments of dumb questions, but this was not a tech forum. The audience was the average user who is really treading in dangerous waters with their personal information, and need to have good oversight on their side.
One battle at a time indeed, which is why I agree with silverpraxis wholeheartedly. The SMS/MMS oligopoly is more widespread, more costly and has been going on a lot longer than the iPhone has been around. Do we even know what carriers are doing with our SMS data? Is that data private or are they mining our personal info?