Tim Cook touts new Apple privacy policies in open letter to customers

By Mikey Campbell

Apple on Wednesday updated its customer privacy webpage to reflect new security initiatives, highlighting a letter written by CEO Tim Cook, who restated the company's business is in selling products, not harvesting data.

In Cook's letter, which is linked to in a special section on the Apple.com home page, the Apple chief restates his company's focus on consumer privacy, an issue touched upon during an interview with Charlie Rose earlier this week.

"Security and privacy are fundamental to the design of all our hardware, software, and services, including iCloud and new services like Apple Pay," Cook writes.

Apple's security methods were recently scrutinized after a batch of nude photos supposedly harvested from multiple celebrity iCloud accounts leaked online. In a statement released following the incident, Apple denied rumors of an iCloud breach and attributed the photo theft to "very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet."

In light of the celebrity photo kerfuffle, Apple rolled out more aggressive iCloud security measures, including two-step authentication for iCloud.com and app-specific passwords for software connecting with the cloud service.

Moving to personal data monetization, Cook took the opportunity to tear in to Google's business model, which is based on revenue earned from targeted ads. Unlike the Internet search giant, Apple's advertising business -- the iAd network -- is built on the same fundamental privacy tenets employed in other products and does not cultivate data from services like Maps, Siri and the new HealthKit framework found in iOS 8.

"Our business model is very straightforward: We sell great products. We don't build a profile based on your email content or web browsing habits to sell to advertisers. We don't 'monetize' the information you store on your iPhone or in iCloud. And we don't read your email or your messages to get information to market to you. Our software and services are designed to make our devices better. Plain and simple," Cook says.

Cook goes on to explain current Apple privacy policies and the need for greater transparency in reporting government data requests, a topic of concern for privacy advocates. In May, Apple announced it would routinely issue data request reports to keep the public apprised of U.S. national security orders and account information requests from various state agencies.

As for the updated privacy policies, Apple says changes "were made predominantly to cover new features in iOS 8, or to provide additional information on current use of data such as your date of birth or information you've provided about others (for example, when sending products or gift certificates to another person). None of these changes are retroactive." Also added was a more detailed description of technologies used for location-based services like GPS and cell tower positioning.

Cook's full letter follows below:

At Apple, your trust means everything to us. That's why we respect your privacy and protect it with strong encryption, plus strict policies that govern how all data is handled. Security and privacy are fundamental to the design of all our hardware, software, and services, including iCloud and new services like Apple Pay. And we continue to make improvements. Two-step verification, which we encourage all our customers to use, in addition to protecting your Apple ID account information, now also protects all of the data you store and keep up to date with iCloud.

We believe in telling you up front exactly what's going to happen to your personal information and asking for your permission before you share it with us. And if you change your mind later, we make it easy to stop sharing with us. Every Apple product is designed around those principles. When we do ask to use your data, it's to provide you with a better user experience.

We're publishing this website to explain how we handle your personal information, what we do and don't collect, and why. We're going to make sure you get updates here about privacy at Apple at least once a year and whenever there are significant changes to our policies.

A few years ago, users of Internet services began to realize that when an online service is free, you're not the customer. You're the product. But at Apple, we believe a great customer experience shouldn't come at the expense of your privacy.

Our business model is very straightforward: We sell great products. We don't build a profile based on your email content or web browsing habits to sell to advertisers. We don't "monetize" the information you store on your iPhone or in iCloud. And we don't read your email or your messages to get information to market to you. Our software and services are designed to make our devices better. Plain and simple.

One very small part of our business does serve advertisers, and that's iAd. We built an advertising network because some app developers depend on that business model, and we want to support them as well as a free iTunes Radio service. iAd sticks to the same privacy policy that applies to every other Apple product. It doesn't get data from Health and HomeKit, Maps, Siri, iMessage, your call history, or any iCloud service like Contacts or Mail, and you can always just opt out altogether.

Finally, I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.

Our commitment to protecting your privacy comes from a deep respect for our customers. We know that your trust doesn't come easy. That's why we have and always will work as hard as we can to earn and keep it.

Tim