Apple highlights privacy safeguards amid concerns over user data being compromised

Apple (NASDAQ: AAPL) put a major new focus on how it safeguards its users' private information and launched a website to keep its customers better informed of how their data is stored and protected. Meanwhile, amid concerns that its new iPhones and forthcoming Apple Watch wearable device will be collecting reams of health data, the company reportedly sent emissaries to quell concerns in Congress.

As the Wall Street Journal notes, the new privacy campaign from Apple comes after the company acknowledged that celebrities' iCloud accounts were recently compromised when hackers correctly guessed security questions to obtain their passwords, or when the hackers used phishing scams to get user IDs and passwords. The hackers then posted racy photos of the celebrities on the Internet, and the resulting furor led many to question how securely Apple protects users' data and to question the inadequacies of cloud security in general.

In a letter to customers on Apple's website, Apple CEO Tim Cook wrote that "security and privacy are fundamental to the design of all our hardware, software, and services, including iCloud and new services like Apple Pay." He noted that Apple encourages all customers to use two-step verification to protect their iCloud accounts. Cook wrote that Apple is going to ensure that customers get updates about privacy at Apple at least once a year and whenever there are significant changes to its privacy policies.

In the letter, Cook took direct aim at the business model of Google (NASDAQ: GOOG), Facebook (NASDAQ: FB) and other Internet companies that make money off of selling advertising and monetizing data about their users.

"A few years ago, users of Internet services began to realize that when an online service is free, you're not the customer. You're the product," he wrote. "But at Apple, we believe a great customer experience shouldn't come at the expense of your privacy."

"Our business model is very straightforward: We sell great products," Cook continued. "We don't build a profile based on your email content or web browsing habits to sell to advertisers. We don't 'monetize' the information you store on your iPhone or in iCloud. And we don't read your email or your messages to get information to market to you. Our software and services are designed to make our devices better. Plain and simple."

Cook did note that Apple does sell advertising through its iAd advertising network, which he characterized as a "very small part of our business."

"We built an advertising network because some app developers depend on that business model, and we want to support them as well as a free iTunes Radio service," he noted. "[I]Ad sticks to the same privacy policy that applies to every other Apple product. It doesn't get data from Health and HomeKit, Maps, Siri, iMessage, your call history, or any iCloud service like Contacts or Mail, and you can always just opt out altogether."

Cook also wrote that Apple has "never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will."

Notably, Apple disclosed that its latest software update, iOS 8, includes deep protection of customer data and that it cannot technically turn over customer data under the new software even if served by a warrant. Apple started rolling out iOS 8 to customers yesterday.

Apple noted that with iOS 8, users' personal data, such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders are all placed under the protection of a users' passcode. "Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data," the company noted. "So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."

Meanwhile, Politico reported that, according to unnamed sources familiar with the matter, Apple CTO Bud Tribble and Afshad Mistri, its health-product manager, briefed the House Energy and Commerce Committee recently on the health data Apple is collecting with its new HealthKit software and devices.

The executives specifically aimed to "provide an overview of Apple's new offerings, demonstrate the new products and discuss how Apple sees this market developing," according to a panel invitation obtained by Politico. The invitation also said the company's "chief privacy officer [would] also discuss how the company intends to secure and store consumer health data." Apple declined to comment, the report said.

For more:
- see this Apple post
- see this WSJ article (sub. req.)
- see this Reuters article
- see this WaPo article
- see this NYT article
- see this Politico article

Related Articles:
Leading German telcos face NSA, GCHQ spy probe
TeliaSonera latest to reveal authorities' communication-interception requests
European leaders discuss home-grown comms network to prevent U.S. spying
Deutsche Telekom launches mobile encryption app
NSA, GCHQ target 'leaky' apps to gather data on smartphone users, according to Snowden leak