Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

February 18 2011

Apple iTunes gifts users with a privacy hole

When Apple added a "Gift button" to the iTunes Store in 2006, it provided users with a new way to easily buy music for friends, family or colleagues. In the years since, the Gift button has been extended to TV shows, movies and applications. As MIT research professor Andrew McAfee discovered recently, however, this gift function also comes with a privacy issue: whoever is making the gift can see whether or not the other person already has a song, video or application.

In his post, McAfee explains how a user could systematically determine whether someone already has a given video or application in his or her library:

I've been doing some poking around, and have found that it's pretty straightforward for one person (let's call him George Smiley, after John Le Carré's master spy) to find out what music, video, and apps someone else (like me) has purchased or had gifted to them on iTunes.

nefarious-vppa.jpg

The key to this privacy hole is having the email address associated with the iTunes account for the person in question. Acquiring email addresses is not the barrier it once was, however, particularly in the age of spear phishing. As McAfee points out, there's no need to establish an account with Apple or spend any money to work through the process. The user targeted also has no knowledge that this is going on, nor any way to stop it from happening, other than disassociating an exposed email address from iTunes.

The Video Privacy Protection Act and privacy

McAfee is right: the harm from this privacy hole in iTunes doesn't extend to a data breach of credit card information or other personally identifiable information. That does not, however, mean that there isn't some potential for a headache for Apple, given an accident of history that brings a federal statute into play.

McAfee, who is a student of history when it comes to the use of collaborative technology in business, looked back at the Supreme Court nomination of Robert Bork. During the hearings, the question of whether Bork believed that the United States Constitution included a general right to personal privacy was raised. After the Washington City Paper published a list of Bork's rentals from a Chicago video store, Congress passed the Video Privacy Protection Act (VPPA), which specifically forbade the wrongful disclosure of personally identifiable rental records of "prerecorded video cassette tapes or similar audio visual material." As McAfee points out, the VPPA has been used in recent years in class-action lawsuits against Facebook and Netflix.

"If it's a movie purchase, it's a violation of the statute, under the Video Privacy Act," said Danielle Citron, a law professor and privacy researcher at the University of Maryland School of Law. "Certainly if we were in Europe, there's a whole other set of privacy implications. There are even more robust privacy protections there."

In theory, a highly motivated searcher could take advantage of the security hole through automated scripts or by posting small tasks on a crowdsourcing platform, like Amazon's Mechanical Turk. In practice, those concerns are unlikely to come to fruition. But as McAfee observes, this capability is problematic with respect to personal privacy:

A person's taste in media can be highly personal, yet all of Apple's more than 10 billion songs and 200 million TV and movie downloads are potentially traceable by the George Smileys of the world — the world's spies, stalkers, yellow journalists, and opposition researchers. Of course, this is nowhere near as big a deal as privacy holes in online health or financial information would be, so we should keep this issue in perspective.

Citron offered a scenario that extended beyond one consumer looking at another's media consumption. "Imagine if government has a suspect in mind," she posited. "Typically to get reading habits, you'd need a warrant. If you had an email address, you could pretend to gift them and see whether they'd read something. You have to consider reputational harm — if someone doesn't like you discovers that you're reading or watching something salacious, there's a problem."

Privacy by design

Whether Apple will move quickly to address the issue with an update is an open question (Apple did not respond when asked for comment today). A new series of privacy lawsuits over the transmission of unique identifiers to application makers would suggest that the lawyers in Cupertino already have their hands full. The larger issue here lies in how technology companies should build platforms with privacy by design, as the electronic privacy report released by the Federal Trade Commission last year recommended. It's worth going back to consider what FTC officials said about privacy by design then.

"When you're designing systems, and put it in right at the outset, you're in much better shape than adding it later," said Jessica Rich, deputy director of the Bureau of Consumer Protection. "Behavioral advertising, when we came in and started calling on companies to add privacy to their business models, they were saying 'privacy is very costly, and privacy is not in our business models, and you're changing our business models.' The idea of baking it in from the start is actually very good for small businesses," she said.

"Companies that handle large amounts of sensitive consumer data, whether or not they are startups, have basic responsibilities to protect that data and to handle it responsibly," said Ed Felten, the chief technologist at the Federal Trade Commission (FTC). "Startups are in a good position to 'bake in' privacy, compared to bigger, more established companies, because they are not constrained as much by past design decisions.  As with security, it is easier to design-in privacy in advance than to retrofit it later."

As online privacy debates heat up in Washington, the benefits of personalization and new business models for publishing or distribution will need to be balanced with mechanisms to protect consumer privacy. "You want to give gifts that people want," said Citron. "It's part of the behavioral advertising message, but there are privacy risks that we shouldn't overlook. This could be a way of outing people depending on the material."

Privacy by design in an electronic gifting mechanism for media isn't an unreachable holy grail here, either. McAfee determined that the same issue does not exist with Amazon. "As a test, I tried to send my Mom an Amazon Kindle book I knew she already had," he wrote. "Amazon let the purchase go through and told me nothing about her Kindle inventory. She received a message from the company that I'd sent her an e-book she already owned, and giving her a credit for its price. To put it mildly, this seems like a better approach to me."

September 23 2010

ECPA reform: Why digital due process matters

Yesterday, the Senate held a hearing on proposed updates to the Electronic Communications Privacy Act, the landmark 1986 legislation that governs the protections citizens have when they communicate using the Internet or cellphones. Today, the House held a hearing on ECPA reform and the revolution in cloud computing.

While the vagaries of online privacy and tech policy are far out in the geeky stratosphere, the matter before Congress should be earning more attention from citizens, media and technologists alike.

"Just as the electric grid paved the way for industrial economy, cloud computing paves the way for a digital economy," testified David Shellhuse of Rackspace.

So to take it one step further: updates to the ECPA have the potential to improve the privacy protections for every connected citizen, cloud computing provider or government employee. "Advances in technology depend not just on smart engineers but on smart laws," testified Richard Delgado of Google. Salgado highlighted Digital Due Process, in concert with a new post on ECPA reform at the Google Public Privacy blog.

After the hearing yesterday, I interviewed digital privacy and security researcher Chris Soghoian about what's at stake. Soghoian, until recently the resident geek at the Federal Trade Commission, explained why the Digital Due Process coalition is pushing for an ECPA update for online privacy in the cloud computing age.

“From the perspective of industry and definitely the public interest groups, people shouldn’t have to consider government access as one of the issues when they embrace cloud computing,” said Soghoian. “It should be about cost, about efficiency, about green energy, about reliability, about backups, but government access shouldn’t be an issue.”

Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. "Users of cloud services must have confidence that their data will have privacy protections from government and from providers," testified Mike Hintz of Microsoft, who said that his company "regularly hears from enterprises that moving data to the cloud affects privacy."

Below, ACLU legislative counsel Chris Calabrese talks about email, cloud computing and what's at stake with proposed updates to the Electronic Communications Privacy Act.

In the next video, Indiana University professor Fred Cate talks about electronic privacy protections for email under the current laws and and what updates to the Electronic Communications Privacy Act could mean. [Testimony]

Below, Princeton computer science professor Ed Felten talks about proposed updates to the Electronic Communications Privacy Act in the context of the shift to cloud computing. "In an ideal world, people would be deciding to use on the cloud based on efficiency and cost," testified Felten. Privacy concern alter the choices of businesses and consumers. When ECPA was first written, he said, "the founder of Facebook was 2 years old." To say much has changed in technology since 1986 would be a considerable understatement. [Testimony]

Finally, Wharton professor Kevin Werbach talks about why the Electronic Communications Privacy Act is important to reducing friction and uncertainty for cloud providers and their customers. "A drop in trust in online intermediaries will add more friction to the Internet economy," he said. [Testimony]

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl