OhMyGov!

Congressmen Seek Answers on Apple iPhone Privacy Controversy

By Jack B. Winn



Wall Street may be singing Apple's praises, but the House of Representatives is hardly an evangelist.

In a joint press release issued today, Energy and Commerce Committee Ranking Member Henry A. Waxman and Commerce, Manufacturing, and Trade Subcommittee Ranking Member G. K. Butterfield sent a letter to Apple CEO Tim Cook regarding recent reports that the social networking app “Path” accessed and collected address book information from consumers without asking for consent.

In a letter addressed to Apple CEO Tim Cook, Waxman and Butterfield expressed concern that the popular "Path" application-a kind of journal/photo sharing service that allows users to share content with friends and family via social media like Twitter and Facebook-was able to access the names and phone numbers of people in users' contact lists, including unsuspecting individuals who have never heard of the Path service.

The issue came to light when Singaporean blogger and IT employee, Arun Thampi, stumbled upon the data mining feature of Path during a 'hackathon' hosted by the group com.anideo.dev. Using a little-known proxy tool popular with coders, Thampi noticed that his contact information was being uploaded to Path's servers in San Francisco.

"This incident raises concern that about whether Apples iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts," read the Committees' letter.

Path CEO Dave Morin thanked Thampi for pointing out the exploit, saying that "this is an important conversation and we are taking it very seriously."
In an update on Thampi's popular mclovin.in blog, Thampi noted the release of a new version of the Path app, replete with a dialog box that prompts users for permission to access their personal content, a far cry from the hidden exploit that Thampi discovered Feb. 8.

For his part, Thampi is downplaying sinister rumors about Path in the wake of the discovery, insisting that he isn't insinuating any 'nefarious' behavior on the company's behalf, although he does note that the exploit did feel 'a bit creepy'.

The Internet is less forgiving, though.

"The FTC should fine path," one user identified only as NotAPPLEcable wrote on Apple's iTunes message boards.

Waxman and Butterfield are equally displeased. In their letter, they ask Cook for answers, not empty platitudes.

"Please describe all iOS guidelines that concern criteria related to the privacy and security of data that will be accessed or transmitted by the app," they write. "Please describe how you determine whether an app meets that criteria...How many iOS apps transmit data about a user? Do you consider the contents of an address book to be 'data about a user'?"

Apple's Terms of Use are somewhat opaque when it comes to user's privacy, though very clear when it about Apple's rights to user content. "By using the Site, you acknowledge and agree that Internet transmissions are never completely private or secure," the legal language reads.

The privacy policy page on Apple is more forthright.

"You may be asked to provide personal information anytime you are in contact with Apple or an Apple-affiliated company," it reads. "When you share your content with family and friends using Apple products...Apple may collect the information you provide including your name, mailing address, email address, contact preferences and phone number."

But does that include third party content accessed from independent apps like Path?

"At times, Apple may make personal information available to strategic partners that work with Apple to provide products and services." the section on third party disclosure reads.

In 2010, former CEO and Apple co-founder, Steve Jobs, went on record about Silicon Valley's double standard when it comes to user's personal privacy. Speaking at the popular D8 Conference in Rancho Palos Verdes, California, Jobs spared no punches when he spoke with All Things Digital's Walt Mossberg.

"We have always had a different view on privacy than some of our colleagues in the Valley," he said. "...As an example, we worry a lot about location in phones. And we worry that some 14 year-old is gonna get stalked and something terrible is gonna happen because of our phone. We have rejected a lot of apps that wanna take your personal information and put it up in the cloud. Privacy means people know what they are signing up for. In plain English and repeatedly."

But in the wake of Job's death, Apple's notorious pickiness when it comes to privacy has fallen away. As Gizmodo reported Feb. 15th, nearly every app in its store-not just Path-has exploits or vulnerabilities that allow third parties to access personal information.

www.ohmygov.com