Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

iTunes Store, in trying to help, may say too much

A feature of the iTunes Store to avoid duplicate gifts may have privacy risks, says an MIT researcher

Apple's iTunes Store that can reveal what content another person has downloaded, which could be a privacy concern for users of the service, says a research scientist at MIT.

Techworld: How to get free iTunes music

The iTunes Store allows people to gift content such as music to another user. A person can compile a list of up to 100 songs to gift to someone else, and the iTunes Store checks to see if the recipient already owns the content, wrote Andrew McAfee , principal research scientist at the Center for Digital Business at MIT's Sloan School of Management.

"This is done with good intentions -- to keep users from gifting music that the recipient already has -- but the implementation of this feature opens up privacy concerns: if the check reveals duplicates, iTunes tells the gifter about one of them," McAfee wrote.

The person who is gifting the content only needs to know the recipient's e-mail address, which McAfee argues isn't usually difficult to guess, and have a copy of the iTunes application. Apple also doesn't require givers to sign into their account or present credit card information. The recipients have no idea that their purchases are being scanned by someone else.

"This strikes me as problematic," McAfee wrote. "Of course, this is nowhere near as big a deal as privacy holes in online health or financial information would be, so we should keep this issue in perspective. But it is an issue, I think."

For music playlists, users are allowed to send up to 100 tracks, so scanning a person's library would take a while, but McAfee writes that the process could likely be automated.

McAfee wrote that the way the iTunes Store gifting procedure works could be violation of the U.S. Video Privacy and Protection Act, which bans disclosure of customer rental records without consent of the consumer. Other U.S. states have stricter laws covering the same area, he wrote.

The Video Privacy and Protection Act was the basis for a class-action lawsuit filed in April 2008 against the video store Blockbuster, which signed up for Facebook's doomed Beacon ad service. Facebook canceled Beacon due to privacy concerns. The service would report back what a user did on participating Web sites back to Facebook.

The class-action suit was later dropped, according to records for the U.S. District Court for the Northern District of Texas.

McAfee contrasted Apple's approach with that of Amazon's digital book marketplace for its Kindle e-book reader.

"As a comparison, I tried to send my Mom an Amazon Kindle book I knew she already had," he wrote. "Amazon let the purchase go through and told me nothing about her Kindle inventory. She received a message from the company that I'd sent her an e-book she already owned, and giving her a credit for its price. To put it mildly, this seems like a better approach to me."

Apple officials in London did not have an immediate comment.

Send news tips and comments to jeremy_kirk@idg.com

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Amazon, Amazon.com, Andrew, Apple, Blockbuster, Facebook, McAfee, MIT
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Apple, internet, Internet-based applications and services, privacy, security
Latest Blog Posts
Whitepapers
  • Advanced Malware Exposed - How advanced malware, zero-day and targeted APT attacks are evading today's network defences
    This handbook shines a light on the dark corners of advanced malware, both to educate as well as to spark renewed efforts against these stealthy and persistent threats. By understanding the tools being used by criminals, we can better defend our nations, our critical infrastructures and our citizens. It is certainly my hope that this book will provide readers with a new understanding of the rapidly developing cyber threat landscape and practical insights into how they can protect their data and computing infrastructures. - Robert F. Lentz, President and CEO, Cyber Security Strategies, LLC
    Learn more »
  • Why Hackers have Turned to Malicious JavaScript Attacks
    Website attacks have become a serious business proposition. In the past, hackers may have infected websites to gain notoriety or just to prove they could—but today, it’s all about the money. Reaching unsuspecting users through the web is easy and effective. Hackers now use sophisticated techniques—like injecting inline JavaScript—to spread malware through the web. Learn about the threat of malicious JavaScript attacks, and how they work. Understand how cybercriminals make money with these types of attacks and why IT managers should be vigilant.
    Learn more »
  • OVUM Report: Governance Risk and Compliance-- GRC usage and buying trends in the ANZ markets
    The existence of an established and stable governance risk and compliance strategy is extremely important to public and private sector organisations as they strive to meet an evergrowing range of regulatory demands. Given the current constraints, it is one of the few areas where the vast majority of organisations intend to either maintain or in many cases increase spending. Read more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments