What's really ridiculous about this whole thing is that I could, right now, write an application for any version of Windows, OS X, or Linux that uploaded your address book without a single prompt. Hell, I could do this with any file owned by your user. I could log your keystrokes and upload them too.
I'm not saying it's ok to do any of this. I'm not saying Apple shouldn't have better controls on what apps access your personal information. I'm saying that members of Congress have demonstrated that they haven't even an inkling of a clue as to what the fuck goes on inside a computer, and should probably stay out of this while these companies figure out better ways to protect consumers, then fill in the shortfalls.
I think this letter is silly, but it is a partly a problem that Apple helped create.
The closed nature of the App store leads people to think that apps purchased through it can never be malicious, they probably think Apple check every line of code (if they think about it at all).
I am not suggesting that it is Apples fault, but in a closed ecosystem higher security is expected.
Basically this is the same problem we have been dealing with since the rise of Windows, users have no clue about security.
How do you expect Congress to get more knowledgeable? On the face of it, asking questions of knowledgeable people sounds like a reasonable response, as does asking involved parties for their version of the events. I'm not saying Congress is particularly effective in general, but I think it's reasonable that they should investigate whether to get involved, rather than just leaving everything in the hands of the same parties who created the situation in the first place. If we want a better-informed Congress, then we need to meet them half-way and help guide them from ignorance to knowledge when they ask for it.
The difference is that I know not to install random crap on my PC. I don't do it for exactly this reason.
The App Store has a "vetting" process, which leads you to believe that apps aren't doing malicious things to you and your data.
Also, most people have THE authoritative set of their contacts in their phone. I don't know anyone who keeps contacts on local files on their computer.
First of all, iOS is not "inside a computer", and the fact that they are laying the blame at iOS shows a keen understanding of the needs of mobile OSs - better said: Android does this already, why don't you guys.
The fact that Apple is jumping when told to jump shows they know where the fault lies as well.
"I could, right now, write an application for any version of Windows, OS X, or Linux that uploaded your address book without a single prompt. Hell, I could do this with any file owned by your user. "
I agree for the most part but "any version" is stretching it. There are solutions, but they're not sufficient imho. Theoretically Linux users can use AppArmor/SELinux/Tomoyo and a restrictive profile for the application. Unfortunately there is no "white-list" capability in those (open to correction on that) and they're not exactly easy to set up. Windows users can use security applications like Comodo's Defence+ and custom settings which, although powerful, gets rather annoying with popups.
Apple takes a 30% rake on all app sales. The customer buys from Apple's store and only Apple's store. It is very reasonable that many would expect Apple is providing value above and beyond the 2 to 5% rake a credit card company provides for such a transaction. I have been programming for 30 years, know very well what a privileged program can do to your information...And yet, this business with Path and apparently many others stealing your address book...totally caught me by surprise.
Totally ridiculous letter. Instead the DOJ should be going after the companies that are illegally stealing user data, and take them down hard.
This letter to Apple is pathetic. Congressman obviously is a tool of the corporations that steal data and is working on their behalf to distract attention from their crimes.
How do you think a member of Congress, accustomed to getting what he wants, is going to feel about getting blown off? It's easier to respond and do a better job of regulating yourself than it is to have Congress regulate for you. These people are completely out of touch with reality and are clueless when it comes to technology.
Besides, what Waxman is asking for isn't unreasonable nor is it anything many users aren't also asking for. Apple will let this bozo have his little moment, make some changes, send a letter back and he'll buzz off. There's no point in drawing the ire of lawmakers when it's not even something worth fighting over.
I would send a response back and request that Congress make a policy for the government to ask for my permission to access my location data and other personal information in return.
On the other hand, Apple brings this scrutiny on themselves (as does Microsoft and any other heavily curated repositories). If you're in the business of censoring (for good or for bad) content, you have an obligation to not make mistakes.
It's election season and it's a win-win. No one is going to lambast you for trying to protect constituents' privacy (at least not when the government isn't the one snooping).
I would love that too. Hopefully Tim is smarter than than -- all he has to do is send a nice, not dangerous letter back with a bunch of meaningless words in it. It is mostly about making it seem like the congressman is actually doing his job, he doesn't care that much.
It may also be time for Apple to call its lobbyists. They appear to be slacking of.
Is this letter "from Congress", or merely from a Congressman? If it's the latter, it's less "Congress can begin an investigation" as much as "this one Congressman can try to convince the other members of his subcommittee that it's worth launching such an investigation, if he thinks it's sufficiently worth exercising the political capital".
On one hand, I'd like to see Apple get better at this. On the other, I'd like to see Congress get better at basically everything, including paying attention to things much more important than this.
I'll take congress's concern for privacy seriously when they start applying it to themselves. For instance, in the draft of the so-called "stimulus" bill I read, it called for centralizing all medical records under federal control. The federal government doesn't respect americans privacy in anything- even in much more private areas of their lives, such as financial dealings. (You're compelled to reveal these to the IRS every year, and all the banks give individual transaction data to the government upon request, they don't even need a court order.)
I'm not saying it's ok to do any of this. I'm not saying Apple shouldn't have better controls on what apps access your personal information. I'm saying that members of Congress have demonstrated that they haven't even an inkling of a clue as to what the fuck goes on inside a computer, and should probably stay out of this while these companies figure out better ways to protect consumers, then fill in the shortfalls.