As has been widely reported, Apple is embedding its customers' names and email addresses in the clear into files purchased from the iTunes Store. Apple has apparently been doing this for some time. Both the new iTunes Plus "DRM-free" downloads and FairPlay-restricted downloads are affected.

As Playlist explains, the name/email embedded into the file can easily be found with a couple terminal commands. And the iTunes software itself reveals the name/email of the purchaser in "info" pane for each song. In other words, anyone who later comes into possession of the song, and who knows where to look, will be able to see the original purchaser's name and email address.

Admittedly, this is not a "data Valdez" disaster. Names and email addresses are not the most sensitive forms of personally identifiable information (PII). But there is simply no good excuse here for Apple to embed PII in the clear into every song purchased from the iTunes Store. Especially when they didn't inform customers that they were doing so. How would customers feel if Barnes & Noble, without telling anyone, began imprinting purchasers' names and emails in invisible ink on the back flap of every book purchased?

Several commentators have taken the position that Apple's practice is "no big deal," offering an array of justifications that, in the end, are unpersuasive.

1. "It's just your name and email, so who cares?"

Sure, for some people, a name and email address are not terribly sensitive information. It certainly could have been worse. But there are many people who would prefer not to have their name and email address floating around in these files, especially where there is no reason for it. At a minimum, many would have appreciated it if Apple had notified them in some conspicuous way. Even after the recent media attention, it's safe to assume that the vast majority of iTunes customers still have no idea that their names and email addresses are embedded in these files.

2. "People should know they can be traced if their music shows up on P2P networks."

Even if you accept this premise, it doesn't justify embedding PII into media files in the clear. Encrypting this information in the file would have been just as effective for this purpose. And if deterrence of P2P file sharing was the goal, it's hard to see why Apple (or the record labels) should have kept this "forensics feature" under wraps.

3. "This is just a proof-of-purchase solution for Apple's own internal use."

While many online observers have jumped to the conclusion that the embedded name and email are intended to deter P2P uploaders, Apple has refused to comment one way or the other. Other commentators, however, have suggested more benign explanations. They suggest that it could be just a "proof of purchase" mechanism for Apple's own internal uses, such as figuring out who is eligible for special upgrade pricing on albums and iTunes Plus files. If that's true, it's still no excuse for embedding PII in the clear. An encrypted version of the information or non-PII alternative would have worked just as well.

So, Apple, why is my name and email embedded in the clear in the songs I've bought? Why won't you explain what it's for and why it's necessary that my PII be in the clear?

Meantime, it's worth repeating what eMusic had to say to USA Today when asked about their DRM-free MP3 downloads: "We don't put any identifying info on our files," said Cathy Halgas Nevins, a spokesperson for eMusic.

Related Issues