Privacy advocates worry over new Apple iPhone tracking feature

Barely noticed by most consumers, Apple’s (AAPL) latest software upgrade for iPhones, iOS 7, included a capability for malls, museums or stadiums to identify visitors and track their movements indoors with a startling degree of accuracy.

Known as iBeacons, the feature allows a store to pop up, say, a coupon offer for Coca Cola on a customer’s phone just as they pass by the soda aisle. It also allows the store to track and record a customer’s movements for later analysis.

The rapid growth of smartphone use has opened a huge new opportunity for marketers to collect detailed location data on consumers, so far mostly outdoors. But the sensitivity of the information has already sparked numerous controversies, including in 2011 when iPhone users discovered their phones were keeping a list of their movements in an unencrypted text file.

And Nordstrom (JWN) created a stir when it was caught last year secretly tracking shoppers’ mobile phones via Wifi in 17 stores. The department store chain quickly ended the practice, which did not include identifying the phones' owners, after the controversy erupted.

With iBeacons, unlike some more-surreptitious retail location tracking systems that have come to light, however, iPhone users have to give their consent to be tracked by installing an app. So far, just Apple’s own Apple Store app on the iPhone, and coupon and rewards apps from a company called inMarket have disclosed they will use iBeacons for tracking customers.

The scope of risks

But some privacy advocates are concerned the simple explanations offered by the apps when they seek a consumer’s consent don’t come close to revealing just how much data could be collected or how it will be used.

“The scope and the risks and the sharing that takes place now is so far beyond the disclosures  consumers typically see,” warns Fordham University law professor Joel Reidenberg. "They’re not in a position to really know.”

Regulators have mostly taken a piecemeal approach so far. One industry-led effort hopes to create a "Do Not Track" list modeled on the successful "Do Not Call" list for telemarketing. 

Apple did not respond to a request for comment. Customers can turn access to iBeacons on and off for any app via a location services settings screen on the iPhone, Apple says on a Web page called iOS: Understanding iBeacon.

“If you allow third-party apps or websites to use your current location, you agree to their terms, privacy policies, and practices,” Apple states on the page. “You should review the terms, privacy policies, and practices of the apps and websites to understand how they use your location and other information.”

Of course, few consumers read the fine print in privacy policies and, as Facebook (FB) has aptly demonstrated, privacy policies can be changed frequently. Further, the data is often sold to third parties whose privacy policies are not made available to an app’s users. And storing extensive amounts of data creates the risk that hackers will steal the information, as happened during the Target (TGT) breach.

"Consumers can't make good decisions"

“Without knowing where the data is flowing and what is going to happen with it, consumers can't make good decisions,” says Jennifer Urban, co-director of the Samuelson Law, Technology & Public Policy Clinic at the University of California, Berkeley Law School.

Buried in inMarket’s privacy policy, for example, the company says third-party marketers, advertisers, analytics firms and others may track consumers via their software. And if consumers sign up for mailing lists or click social media links, personally identifiable information could be shared.

The company says protecting consumer privacy is important. "Our system considers privacy by design, and requires users to opt-in by downloading apps and opt-in to location services," inMarket said in a statement. "This is a fundamentally different design than the systems that require opt-out."

It also says it doesn't currently use analytics firms for location tracking and only "occasionally" uses third party ad networks. The company offered links to privacy policies of several ad networks it uses, but an ordinary user of an inMarket app wouldn't know which ad networks to check based on the general language of inMarket's own privacy policy.

Unlike Apple’s shopping app, which only registers iBeacons in physical Apple stores, inMarket’s more general apps such as “CheckPoints” and “Free Grocery List Ease” work across many retailers’ stores. The recent announcement of iBeacons service in 200 supermarkets relies on customers using inMarket apps.

The iBeacons feature relies on the Bluetooth wireless adapter in each phone and tiny, quarter-sized sensors that can be placed inside buildings. An app on a phone picks up the sensor signals and contacts a retailer or advertiser which can register the location information and offer a coupon or other piece of information. By prompting customers to create individual rewards accounts or link apps to their Facebook accounts, retailers can tie data from a specific phone app to a specific person.

Because every phone’s Bluetooth adapter has a unique serial-number-like identifier, called a MAC Address, retailers and other trackers can also tie movement data to a specific device.

To be sure, iBeacons could also be used to provide new kinds of useful services that don’t threaten consumer privacy, such as triggering phone-based guided audio tours around a museum or tracking children’s toys so they don’t get lost.

Some privacy advocates would like the government to step in and regulate the collection and uses of location-tracking data. Others see industry self-regulation as a better path.

A code of conduct

Under an agreement prompted in part by New York Senator Charles Schumer, a handful of the biggest location tracking analytics firms agreed in October to a code of conduct to protect consumer privacy. The code requires stores to post signs warning customers if surreptitious tracking is going on.

Another part of the effort will be creating the “Do Not Track” list. But retailers and other businesses will have to agree to abide by the wishes of consumers who enter themselves on this list.

“It’s critical for retailers to step up and lean in,” says Jules Polonetsky, who helped craft the code. Polonetsky knows the issues well. He was the chief privacy officer for AOL and DoubleClick and now heads the advocacy group The Future of Privacy Forum in Washington, D.C.

Self-regulation may be just the first step needed, says Anita Ramasastry, a law professor at University of Washington, who thinks the industry-led effort should be given a chance.

“I’m in wait-and-see mode,” she says. “Although I’m in Seattle and I’ve yet to see a sign posted in any stores.”