More on privacy issues with Apple's DRM-less iTunes Plus

Submitted by Danny Weitzner on Sun, 2007-06-03 21:14. ::

The original appearance of this entry was in Danny Weitzner - Open Internet Policy

There’s been more discussion of Apple iTunes Plus DRM-less music and its practice of embedded personal account information into the tracks that are sold without copy protection. I’ve earlier expressed my support for this accountability approach to copyright protection, as opposed to burdensome DRM systems. However, privacy complaints (BBC, Anger over DRM-free iTunes tracks) are appearing over the use of personal information in this way.

Looking through Apple’s privacy policy (updated 23 December 2004) and iTunes terms of service (updated 30 May 2007 I found no mention of this otherwise hidden use personal information. The terms of service does say:

(xii) iTunes Plus Products do not contain security technology that limits y our usage of such Products, and Usage Rules (iii) – (vi) do not apply to iTunes Plus Products. You may copy, store and burn iTunes Plus Products as reasonably necessary for personal, noncommercial use.

Seems that this would have been a good place to indicate the new use of users information. A simple notice here that passing tracks, which appears to be permitted as long as it is for “personal, non-commercial use,” also results in having your personal information passed around. Perhaps I missed this or perhaps Apple plans to add it. I’m going to ask around to get clarification.

Update: EFF and O’Reilly also report that the iTunes files may have individual differences (that could allegedly be used for individual tracking) even beyond the personal information that is visible.