Are our iPhones eavesdropping on us? How else would Siri hear us say “Hey, Siri” other than if she were constantly listening?
That’s what Congress wondered, and it wanted Apple to explain. It also wanted to know about how much location data iPhones are storing and handing over about us.
So the US House of Representatives Energy and Commerce Committee sent a letter to Apple CEO Tim Cook on the matter of Apple having recently cracked down on developers whose apps share location data in violation of its policies.
The letter posed a slew of questions about how Apple has represented all this third-party access to consumer data, about its collection and use of audio recording data, and about location data that comes from iPhones.
On Tuesday, Apple responded.
Much of the response letter translates into “We Are Not Google! We Are Not Facebook!” As in, Apple’s business model is different from those of other data-hoovering Silicon Valley companies that rely on selling consumer information to advertisers:
The customer is not our product, and our business model does not depend on collecting vast amounts of personally identifiable information to enrich targeted profiles marketed to advertising.
Timothy Powderly, Apple’s director of federal government affairs, emphasized in the letter that Apple minimizes collection of data and anonymizes what it does collect:
We believe privacy is a fundamental human right and purposely design our products and services to minimize our collection of customer data. When we do collect data, we’re transparent about it and work to disassociate it from the user.
And no, Siri is not eavesdropping. The letter went into specifics about how iPhones can respond to voice commands without actually eavesdropping. It has to do with locally stored, short buffers that only wake up Siri if there’s a high probability that what it hears is the “Hey, Siri” cue.
A buffer is a chunk of audio that’s continually recorded over and thus, by definition, isn’t archived. In short, “always listening” is pretty restricted: an iPhone has only a short amount of recorded audio at any time. That audio is only used to identify the trigger phrase “Hey Siri,” and it’s only stored locally.
Once actual recording takes place after the “Hey, Siri” phrase is uttered, the recording that’s sent to Apple is attached to an anonymous identification number that isn’t tied to an individual’s Apple ID. Users can reset that identification number at any time.
Similar services store voice recordings in ways that are associated with an individual user, Apple said. In other words, in ways that can be linked to an individual who can then be target-marketed.
When Siri’s listening, an iOS device gives the user a visual indicator. Apple’s Developer Guidelines require that developers display that visual indicator when their apps are recording audio information. Third-party apps are required to obtain explicit user consent when collecting microphone data, as well.
iOS conditions state that third-party apps have to get user permission before accessing the microphone, camera, or location data. They also have to tell users what they’re going to do with that access or information. iOS apps also have to show the visual cue that they’re listening, just as they’re required to do with Siri.
Users can change the settings at any time, Apple said.
Consistent with Apple’s view that privacy is a fundamental human right, we impose significant privacy-related restrictions on apps. Notwithstanding the developer’s responsibilities and direct relationship with customers, Apple requires developers to adhere to privacy principles.
The upshot: if an app is compliant with Apple’s terms, it has to give a visual cue that it’s got access to the microphone, even after a user has granted permission to do so.
But the fact of the matter is that Apple doesn’t constantly monitor apps to make sure they’re always compliant. All apps go through the App Review Process for privacy compliance before getting approved, but that doesn’t equate to Apple keeping an eagle eye on them to make sure they don’t misbehave down the line. At a certain point, what happens to user data comes down to whatever a user has signed off on when agreeing to an app’s terms. From the letter:
Apple does not and cannot monitor what developers do with the customer data they have collected, or prevent the onward transfer of that data, nor do we have the ability to ensure a developer’s compliance with their own privacy policies or local law.
When we have credible information that developer is not acting in accordance with the PLA or App Store Review Guidelines or otherwise violates privacy laws, we will investigate to the extent possible.
In other words, Apple does its damnedest to make sure iPhones aren’t eavesdropping on us, including through privacy policies, short buffer windows, local storage, and app review.
Does any of this ease your worries about eavesdropping iPhones, if you had any such worries to begin with? Please do let us know if you’re still looking at Siri with a hairy eyeball, and if so, why?