“If you are one of the 10 million people who have purchased an Apple iPod, you’ve almost certainly loaded it up with songs from your favorite CDs,” Bob Sullivan writes on MSNBC.com.
But watch out. As the subtitle to his story so ominously puts it, “Database company provides song titles and quietly tracks digital music listener habits.”
According to Sullivan, Privacy advocates” (not them again!) are concerned that a company called Gracenote is collecting data whenever you load a CD onto your computer and then onto your iPod.
Gracenote, as the article describes, has been doing this for years, whether you’ve noticed it or not. Usually when you insert a CD into your computer for the first time, it will send some information about that disc to Gracenote’s servers, which send back the album information–the artist, album name, track list, etc. That way, you don’t have to type it all in yourself. And after that, your computer stores the information instead of contacting Gracenote.
And Gracenote, as a company, seems to take privacy pretty seriously. To begin with, its network protocol includes no personally identifying information. (I wrote a Gracenote client a few years ago, when it was called CDDB.) It doesn’t even put a cookie on your computer or assign you a serial number. As a result, the company can’t really track what CDs you’ve put on your computer.
And it really doesn’t try to, either. Gracenote spokeswoman tells Sullivan that the company does not even keep users’ IP addresses, a way of identifying computers on the Internet, after they look up an album. But even if the company did, it wouldn’t make much difference: many users are behind firewalls and share a single IP address with dozens or thousands of other users. And among those non-server computers that get their own IP addresses, most only keep a single address for a few days or a week before they are assigned a new one. If Gracenote did log IP addresses, the most it could tell is that some unidentifiable user at a particular network address inserted into his or her computer, for the first time, a certain list of CDs.
What data does Gracenote collect? It can tell what client you’re using–whether it’s iTunes, MusicMatch, or whatever. It can tell, very roughly, what region you’re in–for example, the Washington metropolitan area, but usually not your city and certainly not your neighborhood or street address. And it can tell what the CD you put into your computer is–assuming that you haven’t turned this feature off in your software. (It’s a prominent preference item in iTunes.) That’s about it.
Gracenote can’t even tell if your CD is real or a copy because of the way that it works.
In that context, this seems a bit shrill:
“The user has immediate benefit, but the potential trade-offs are very unclear,” said Alessandro Acquisti, an expert on the economics of privacy at Carnegie Mellon University. “This is a problem for us on the Internet. It is difficult to assign a value to our data… and there is a future cost which is uncertain. Under these conditions, we often opt for immediate gratification.”…
“It is a technology that could be privacy diminishing,” Ponemon said. “People are starting to become more sensitive to things that relate to your hobbies, interests, your reading habits. To some people, that’s really sensitive. … What music they listen to may be a surrogate for what political beliefs they have.”…
“If the data is there, at some point, I’d bet somebody would find a way to make use of it in the particular, not just the general,” he said. While he hasn’t studied Gracenote, O’Harrow is an expert in marketing practices, and fears the chilling effect that could be produced if people know someone else knows their musical tastes.
“Those joyful moments when you are listening to Jimmy Page, maybe they aren’t as carefree anymore,” he said.
So what’s the beef? The real issue is probably that Gracenote sells some aggregate data to marketers. And once again, this raises “privacy advocates'” hackles. It’s not privacy that bothers them so much, it seems, as capitalism. Note that FreeDB, a less-comprehensive and less-reliable Gracenote knockoff run as a non-profit, doesn’t even merit a mention or complaint–even though it publishes pages like this and this!
But in this case, the critics are even more anti-consumer than usual. Think about it this way: Is it to your benefit, as a music listener, for an advertising exec to learn that, say, the Fiery Furnaces are gaining steam in Washington, D.C.?
Think about that the next time you’re watching television and marveling at how tone-deaf all of Madison Avenue must be.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.