Last year, Apple quietly introduced iBeacon into location services on iOS 7. It’s a technology that can track your position and movements in places like stores and restaurants. It functions kind of like GPS but uses more energy-efficient Bluetooth communication. When you install a third-party app that uses iBeacon, a destination (like a store or a stadium) can know when you enter, where you go, what you look at, and when you leave.
Apps that have access to this kind of tracking data, combined with other personal information, are powerful monitoring tools. Few of us would allow the police or government to track us at this level. What could an app offer that would make us hand over all this data? Discounts, perhaps?
Each person is likely to have a different answer. In every case, though, the data is valuable and there are real risks to sharing it. Choosing to share should be based on a clear understanding of how our data will be collected, used, and passed around. Unfortunately, privacy policies—in this domain and many others—are written to obfuscate and sometimes they are outright misleading.
Take as an example Shopkick, one of the most popular apps starting to use iBeacon. It has more than 6 million users, and, based on its high ratings in the App Store, a lot of them are fans. I’m not singling it out—its policies are fairly typical of what you would see from other apps in this category.
Shopkick’s big draw is that you are rewarded with “kicks” for all kinds of actions, like checking in at a store or scanning an item. Get enough kicks, and you can exchange them for gift cards or other rewards. To qualify for these rewards, you are required to give Shopkick your cellphone number, ZIP code, email, and access to your phone’s microphone (more on that shortly). And if you are using Shopkick at a store with iBeacon, it also knows where you are in a store, where you linger, and what products you are interested in.
[T]he shopkick application may ask you to open the app while you are watching TV, and then we may record or analyze the audio signal from the television set via the shopkick app and your cell phone’s microphone, to determine the commercial, and/or program, including the date and/or time)
For users to qualify for rewards—the main motivation for using Shopkick—they are required to grant mic access to the app.
Shopkick also collects “Personally Identifiable” information, like “your name, mobile phone number, other phone numbers, email address, home address.” You may provide some of it, but it can also come from stores and white pages providers. If you have associated the app with a loyalty card, or if the information’s in an online database, Shopkick may be able to access it even if you don’t explicitly choose to share it.
In other words, knowing exactly who you are is important to Shopkick’s honchos, and they will seek that information out.
Once Shopkick has your data, what does it do with it? More importantly, who does it share it with? Shopkick’s policy says, “We may also share this Non-Personally Identifiable Information with our Affiliated Partners.” It’s not clear what an
“Affiliated Partner” is, though.
Second, when an app or website shares or sells your data, that data enters the hands of another company whose privacy policies we don’t know. Those third parties might be stores that can make us useful offers based on our data. But what if the third party tells insurance companies how much time you spend shopping in your local tobacco shop, liquor store, or marijuana dispensary? Since there are no clear restrictions on the companies that receive our data, we are left to wonder how they use it.
Finally, most privacy policies are extremely misleading about “non-personally identifiable information.” Bits of data that feel anonymous are anything but when taken together. The Electronic Frontier Foundation provides an excellent overview of academic research that shows these traits can uniquely identify a vast majority of the U.S. population. For example, the combination of ZIP code, birthdate, and gender—all “non-personal information” that Shopkick and many other services collect—is unique for about 87 percent of U.S. residents. That means if an app has this data, it usually has enough that you can be individually identified.
The vast majority of companies creating these apps are not malicious. They are trying to provide a service that people find valuable, and there is nothing inherently wrong with profiting from that. Our data helps them provide these services to us, and it helps them make money.
Right now, users are deciding to share their data based on an analysis of the benefits. But that decision should come from an analysis of the risks, too. That requires transparent and informative privacy policies, but the state of privacy policies today is quite the opposite. They are opaque and misleading. Before granting companies access to such critical components of our lives, we should know exactly what they will collect and how well it will be protected. Without that knowledge, we are forced to operate entirely on trust.
This article is part of Future Tense, a collaboration among Arizona State University, the New America Foundation, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, visit the Future Tense blog and the Future Tense home page. You can also follow us on Twitter.