Legal Watch blog recently reported that Apple has applied for a patent on technology that, among other things, would allow Apple to identify and punish users who “jailbreak” or unlock their iPhones or who otherwise tamper with their devices against Apple policy.
The patent application is titled, Systems and methods for identifying unauthorized users of an electronic device, and would allow Apple to remotely, and without detection, record a user’s face, voice, a unique “heartbeat signature”, a photo of the location where the phone is being used, and monitor essentially all usage of the device.
These biometric measures could also be used to identify unauthorized users of an electronic device by comparing the identity of the current user to the identity of the owner of the electronic device. When an unauthorized user is detected, various safety measures could be taken such as shutting down functions of the electronic device in question.
Many civil liberties advocates, such as Electronic Frontier Foundation (EFF), which defends civil rights and freedoms in the digital world, believe that this patented system would enable Apple to secretly collect, store and potentially use sensitive biometric information about a user—simply put, to spy on their customers.
According to the EFF:
This is dangerous in two ways: First, it is far more than what is needed just to protect you against a lost or stolen phone. It’s extremely privacy-invasive and it puts you at great risk if Apple’s data on you are compromised. But it’s not only the biometric data that are a concern. Second, Apple’s technology includes various types of usage monitoring—also very privacy-invasive. This patented process could be used to retaliate against you if you jailbreak or tinker with your device in ways that Apple views as “unauthorized” even if it is perfectly legal under copyright law.
Here’s a sample of the kinds of information Apple plans to collect:
- The system can take a picture of the user’s face, “without a flash, any noise, or any indication that a picture is being taken to prevent the current user from knowing he is being photographed”
- The system can record the user’s voice, whether or not a phone call is even being made
- The system can determine the user’s unique individual heartbeat “signature”
- To determine if the device has been hacked, the device can watch for “a sudden increase in memory usage of the electronic device”
- The user’s “Internet activity can be monitored or any communication packets that are served to the electronic device can be recorded”
- The device can take a photograph of the surrounding location to determine where it is being used
In other words, Apple will know who you are, where you are, and what you are doing and saying and even how fast your heart is beating.
Quite invasive and privacy intrusive; enough to stop my beating heart!
Obviously, there are two sides on this issue:
Apple and others will surely argue that Apple has the right to protect its products from being used or tampered with in contravention of its policies, and the company has a legitimate interest in recovering customers’ products when they are lost or stolen.
However, the potential—and the temptation—for Apple to misuse the personal information that it might collect is immense. The data that could be collected via an iPhone would be incredibly valuable to marketers and to criminals.
One legal question is, could Apple protect and recover its products with the same effectiveness in a way that wouldn’t require collecting so much personal information?
Another is, will Apple respect the privacy rights of users who give up this information?
A more personal question is, will customers accept the collection, storage, use and disclosure of such an unprecedented amount of personal data?
If Apple moves ahead with this initiative, the company could know more about customers than those customers know about themselves!
And privacy isn’t the only issue here. The technology could be used to find copyright-infringers. It could be used to find people committing crimes or questionable acts unrelated to the devices themselves. It could be used to locate employees or company vehicles. And on and on.
It’s pretty common to hear people saying something like, “If you’re not doing anything wrong, you shouldn’t be worried if someone is watching you.”
But the issue isn’t whether honest people are doing dishonest things, it is that organizations can use personal information to control or manipulate customers and even the law. And it can be very difficult for consumers to control where their personal information goes once it’s in an organization’s hands. Will the law change in your jurisdiction so that the police are able to subpoena identifiable personal information from organizations? Do police already have that right?
Nearly 400 years ago, Cardinal Richelieu, the 17th century chief minister to the King of France, said, “If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.” He might not have been thinking of big brother and the surveillance state, but his point rings true today: the most innocuous act can seem like the most heinous crime to the wrong person.
Is there no perfectly legal act that you would prefer to do in private?