The Washington PostDemocracy Dies in Darkness

How Apple is trying to protect your privacy as its products get more personal

September 29, 2015 at 3:01 a.m. EDT
Apple's products are increasingly relying on personalization, but the company stands by keeping your data private. (Video: TWP)

Fire up the new Apple News service for the first time on your iPhone, and it’ll ask for your favorite topics and news outlets. Use it over time, and you’ll find that it is behaving like your personal news recommendation engine.

Read a lot about gardening, and you’ll see more stories about hardy perennials. Click on every story about the Red Sox? Get ready for more bullpen analysis. But eventually you may start to wonder — just how much does this app know about me?

You may think you know the answer, given that we live in a world where our every click and scroll is obsessively tracked by tech companies eager to sell us personalized ads. Apple, too, has been employing a small amount of targeted advertising since at least 2010.

But in a revamped privacy policy Web site, a copy of which was reviewed by The Washington Post, Apple on Tuesday attempts to lay out how its philosophy on data collection distinguishes itself from its tech industry rivals.

In essence, the company is telling customers it is not interested in their personal data, even as it must use more of that data to deliver personalized products.

“We knew coming in that building a personalized news product could be very sensitive -- and the first thing we thought about was we really don’t want to associate news with your personal Apple account,” says Jane Horvath, Apple’s senior director of global privacy.

Apple News, which can deliver a stream of headlines right onto one of the home screens of the iPhone, launched this month into a crowded space. Tech giants such as Google, Facebook and Twitter have long been using algorithms to serve piping hot headlines from the Web to consumers while using their reading habits to enhance the vast trove of data the companies keep on every user.

Apple's offering is different in that its stories are also curated by a small team of journalists. And the company clearly hopes a selling point will be its pledges on privacy protection.

“We don’t build a profile based on your email content or web browsing habits to sell to advertisers,” chief executive Tim Cook wrote in a letter that introduced its privacy Web site last year. “We don’t ‘monetize’ the information you store on your iPhone or in iCloud.”

Apple's privacy policies, explained

Apple made substantial updates last fall to its privacy policies and the revamped Web site launching Tuesday offers new details and language on several topics. It is broken down into several sections -- such as how it handles information requests from the authorities including the National Security Agency, instructions on how to secure devices from, say, third parties which may be interested in tracking behavior, and how some of Apple's services work.

Others such as Google have also tried to explain data use policies in everyday language, but sometimes veer to toward being too general. For example, Google’s explanation of how it uses personal data in Maps is: “Your current location is what allows us to understand where you are on your journey. We can then tell you the next step, and reroute you if a faster route becomes available.”

Apple’s attempt is notable for being clear while not shying away from the technical details — though it does include some subtle jabs at competitors. Take this, from its section of its mapping service: “Maps is also engineered to separate the data about your trips into segments, to keep Apple or anyone else from putting together a complete picture of your travels. Helping you get from Point A to Point B matters a great deal to us, but knowing the history of all your Point A’s and Point B’s doesn’t.”

A new section on the Apple News app states that it collects data on what each user is reading so it can offer personalized headlines and ads. But the service does not tie reading habits to an Apple account and uses a unique identifier -- which functions only within the News app -- to send you targeted ads. Readers can also remove a record of their reading history from their device.

Much of the section on government requests hasn't changed significantly from last year. Apple stated then that the authorities must first obtain a search warrant. When it receives a request, its legal team reviews it and informs its customer about the demand for information. Apple said it reserves the right to not disclose a government request only in "extreme situations," such as when such a disclosure could put a child or other person in danger. Apple has said it has never -- and will never -- give any government agency access to its servers.

In a separate section, the company laid out new language on encrpytion. Last year, Apple made it impossible for the company to turn over data from a customer’s iPhones or iPads — even when authorities have a search warrant -- if users turn off automatic back-ups to the company’s servers. The policy has generated protests from police departments and Obama administration officials.

The new language doesn't mention law enforcement, but the debate over Apple's decision last fall motivated the company to spell out its thinking on encryption. "It didn't seem like there was a discussion about how encryption worked for customers – we thought it was really important to lay out on the site how important encryption is for them,” said Horvath, Apple’s senior director of global privacy.

Noting that Apple uses encryption to protect everything from Web traffic to individual smartphones, the section reads:

“Encryption protects trillions of online transactions every day. Whether you’re shopping or paying a bill, you’re using encryption. It turns your data into indecipherable text that can only be read by the right key... And we can’t unlock your device for anyone because you hold the key -- your unique password. We’re committed to using powerful encryption because you should know that the data on your device and the information you share with others is protected.”

Apple's push into new areas

Apple, which makes most of its money from selling gadgets rather than services, so betting hard on privacy has not damaged the company's prospects in recent years.

“I’m speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information,” Cook noted in June when accepting an award from the Electronic Privacy Information Center via livestream.  “They’re gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong. And it’s not the kind of company that Apple wants to be.”

But as Apple has dug in on privacy, the company has grappled with how to deliver the convenient experiences customers have come to expect from devices and Web services. And it’s not even clear how much consumers understand -- or care -- that their personal data is part of the fundamental economic trade-off that powers many of the “free” services available online such as e-mail and social networks, privacy experts said.

Almost everything done online can be tracked -- that’s the reason the shoes you were looking at buying online suddenly seem to start popping up in ads on nearly every site you visit. Smartphones raised the stakes in the online advertising industry, since they allow companies to collect an even more information about what people are doing, such as where they are or who they call the most.

Now tech companies are asking for consumers to trust them with more and more sensitive data, including digital payments, health information, driving patterns, while information from connected devices in your home that could be hanging on your every word. Soon everything from your fridge to your daughter’s Barbie doll could be creating a digital trail about your life. And how companies decide to handle that data going forward will define what  “privacy” means for everyday people around the world, experts warn.

Apple, already a major player in the mobile device marketplace, is pushing into products and services that require more of that data. With HomeKit and CarPlay, Apple is trying to enter the market for home and car connected devices. Apple Music, Apple Maps and its digital assistant Siri are services that rely on consumer behavior to improve.

These offerings may be a reason why Apple is investing so much time now to explain why they should care about privacy.

“It’s important for Apple because it’s a business differentiator.” said Rich Mogull, chief executive of Securosis and an analyst who’s covered Apple for nearly a decade. “The way they are built, they don’t make any money through collecting personal information. That’s the core of Google’s business.”

“When consumers are educated they do care about privacy,” Mogull added.

For the News app, the end result of that process looks like a boon for consumers according to privacy advocates. “It goes a long way to mitigating the potential risks involved in the type of tracking they’re doing,” said Nate Cardozo, a staff attorney at the Electronic Frontier Foundation.

And some observers think it may pay off. “I do think there is something to be made as a selling point around privacy,” said Joe Turow, a professor at the University of Pennsylvania’s Annenberg School of Communication who has examined how consumers think about data when shopping.

His research has found privacy does matter to users, even if they often feel resigned to being tracked anyway. People are aware that companies are collecting data about them, but they often “don’t know much about how it works,” Turow said.