Apple's mobile privacy letter to Congress omits an awful lot of context

Apple's letter was designed to alleviate congressional fears about the company invading its customers' privacy. But a close reading of the letter does the opposite.

1 2 Page 2
Page 2 of 2

Two thoughts here. First, I'm not sure how sophisticated this speech recognizer is, given the many times I have repeatedly shouted, "Hey Siri" into my phone and had it ignore me, so there's that. For argument's sake, it might simply be that Apple is far more worried about activating Siri when it wasn't wanted than not activating it when it is. Secondly, this again describes ideal behavior. For a phone to detect "Hey Siri," it has to be listening at all times. And if someone can plant malware on the phone to piggyback on that always-on microphone, the privacy and security problems get quite numerous.

Back to the letter and "Hey Siri" functionality: "When Siri wakes up, its first task is to confirm that the speech recognizer correctly identified the audio trigger 'Hey, Siri.' Unlike other similar services, which associate and store historical voice utterances in identifiable form, Siri utterances, which include the audio trigger and the remainder of the Siri command, are tied to a random device identifier, not a user's Apple ID. Siri utterances are sent to Apple and handled in accordance with Apple's Privacy Policy. Users have control over the random device identifier associated with Siri utterances, which can be reset at any time by toggling Siri and Dictation off and back on. When the identifier is reset, Apple deletes information that it stores that is associated with the identifier."

That is a very interesting passage. First, I don't recall seeing this "toggling Siri and Dictation off and back on" suggestion on Apple's help site nor in any material associated with the iPhone. Nice that Apple told Congress before its customers. Anyway, now we know. Secondly, anytime Apple says "users have control," substitute the words "cyberthief with access to the phone potentially has control." Privacy requires a heightened sense of paranoia.

By the by, as I was preparing this column, I was directed to peek at the phone's advertising information. It's quite an eyeful. Go to Settings/Privacy and then scroll all the way down to Advertising. Click on that. If you haven't selected Limit Ad Tracking — which, by default, is not selected — you'll be shown what about your activity is being shared with advertisers. I have yet to tell this to anyone who didn't — within seconds of seeing that list — go back and activate Limit Ad Tracking.

Related:

Copyright © 2018 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Download: EMM vendor comparison chart 2019
  
Shop Tech Products at Amazon