Does Apple violate its own TOS with the new DRM-Free iTunes Plus tracks?
Posted by Lab Rat
TUAW reported earlier this week that the new DRM-Free tracks you can now purchase on iTunes (for a slight premium) contain embedded user data, such as your iTunes account name and e-mail address. Most people feel this is an attempt by Apple to add a way to track which iTunes users are making the DRM-Free tracks they will be purchasing available on the web and torrent clients. If true, this was likely a concession to the record industry in order to remove the DRM, and Apple is not likely to personally pursue anyone (although it may not mean the record companies won’t ask Apple for account holders info should they wish to prosecute).
In going through the new iTunes 7.2 Software license agreement, however, I noticed a line that made me stop and wonder as to whether Apple is allowed to embed your personal user data in the tracks you are purchasing.
“4. Consent to Use of Data. You agree that Apple and its subsidiaries may collect and use technical and related information, including but not limited to technical information about your computer, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to you (if any) related to the Apple Software and to verify compliance with the terms of this License. Apple may use this information, as long as it is in a form that does not personally identify you, to improve our products or to provide services or technologies to you.”
That last line, “Apple may use this information, as long as it is in a form that does not personally identify you,” is the kicker. I understand the paragraph is likely meant to apply to scanning your system to see if a new version of iTunes or Quicktime is available, but for them to expressly say they do not want to collect personally identifiable information, and then go ahead and take that information and embed it into tracks for anyone to see (well, any tech geek to see) seems a bit misleading to me.
Even if Apple does not legally have to tell people they are embedding their personal data in their purchased tracks, the fact that there is this line could cause some confusion, especially since when people think of the term “DRM-FREE”, the assumption is these tracks are the same as if you ripped them yourself from a CD, with no identifying data included.
The really interesting thing will be to see what the RIAA does when these DRM-free tracks begin hitting torrent sites. As big a stink as many folks are making over the embedded info in these tracks, most people still do not know about it. It is only a matter of time before someone starts uploading them for the world to see, complete with their iTunes account info. Will the RIAA subpoena Apple for the personal name and address of these users? Will Apple deliver it? There does not seem to be any other reason for this info to be in the tracks that I can think of, so I am guessing the answer is likely “yes” to both questions.
Seems to me that they aren’t publishing your personal information. If your personal information ends up getting published because it’s embedded in a music file, then it’s *YOU* who published that information…
Apple hasn’t done anything to violate their TOS…*THEY* aren’t the ones who would potentially publish that information.
I don’t know, Nathan, they aren’t saying they won’t publish it, they are saying they won’t collect and use any identifying information. Clearly they are. That’s the issue. I never checked any original tracks (the DRM protected ones. Is the same info there, or is it encoded in such a way as to be unreadable to anyone but Apple? If so, I would think they should have done the same thing with these tracks, if they really cared about privacy.
I agree though that if anyone sees it, it’s your fault.
I agree with Nathan. We have no evidence that they are going to analyze the files on someone’s iTunes library and upload this information to their servers (that would be collecting it) .. we even have a legally binding contract from them that says that they won’t do this. It will only get published if the person starts sharing the file with others … which is still illegal, remember. What’s the problem here?
Way Cool, yes, this info is apparently in all iTunes purchased tracks, whether they have DRM or not, according to ars technica.
Remember that iTunes DRM and user identification is stamped on your music by your copy of iTunes after it is downloaded from the iTMS server.
Apple isn’t publishing anything about you or your information anywhere – you are directing a program on your computer to imprint your files with your information. You can argue that they don’t tell you they are doing that, but I don’t think there’s any aspect of “publish” that comes in to play here unless you start sharing your music files beyond the licensed rights and “fair use” doctrine.
Given how relatively trivial it is to spoof metadata tags and the like, this information isn’t likely to be usable to prosecute a real content pirate, nor is it likely to be usable to bring charges against someone who is the victim of a spoofing prank.
This seems to be much ado about nothing.
Geez. Get a life. What a tempest in a teapot!
If Apple had evil designs on your imortal soul, it would probably encrypt their wicked designs and not incorporate the information in plain text and then make it easily viewable using Get Info.
This information is published nowhere but your own computers and iPods unless you do it.
PS Did you know that Microsift seceretly includes user information in every Office file? And what about those iptc headers that Adobe and others incorporate. Quick! Put on your aluminum foil hat!
Apple already knows who you are. You told them when you signed up on the iTMS. They already know every song you bought from them. That’s how they can offer to upgrade them, or replace them. They already had the information when they embedded into the song file. They don’t need to collect it again.
If you’re worried about what happens to the information in files you publish on the internet, remember the case where a young girl loaned her iPod to a friend, and it was stolen. That’s right, there’s always a lawyer around when you need one. So don’t worry about what Apple’s lawyers will do, because there is always another lawyer that will do more.
You may think that’s a non sequitor – unlike the article I am commenting on.
According to my iTunes purchased music files (Get Info) all DRM files have your name and account name on therm. This is nothing new. The question is when ripping the DRM files to mp3s (CD burn method) did that erase this information?
Um, what is the problem, they ALWAYS had this info in your files – the only difference is now you can (illegally) post them online and have it tracked back to you. They changed nothing in terms of what they put in the file – personally I think they should watermark the files and go after the few offenders, so as us law abiding music purchasers can have less and less restrictions on our music. If I don’t give the song to the whole world, then everyone will not know who purchased the song….
Grow up people – there is nothing wrong with embedding this info!
I’m encouraged by the number of clear-headed responders to this non-issue.
You could post music online before DRM-free just as easily, if you wanted to be duplicitous. Burning your DRM music then re-importing it would have done the trick. Nothing different between the two, except for the quality. FUD all the way.
I agree with Nathan as well. Like the past ‘hacks’ that stopped DRM from being applied the DRM is applied AFTER the file is downloaded by your machine to the file. JHymn used to intercept that.
What’s to say iTunes 7.2 doesn’t do the same thing when it’s doing the little tiny bit o stuff it does right at the end of the download?
I’ve not been able to play with it as I’m on the road for the last week and the next week, but I really think a line from the Princess Bride applies:
I do not think that means what you think it means