A little while back I was putting together an iTunes playlist to give to my Mom as a gift, and found myself frustrated by the application’s user interface. It kept telling me that Mom already had one song after another, and refusing to let me complete the gifting process until I removed the duplicate song from the playlist.

After I did this three or four times I gave up, complaining to my girlfriend how clunky the process was. She replied “That’s not the real problem. The real problem is that iTunes is telling you what music someone else has.”

She’s right. I’ve been doing some poking around, and have found that it’s pretty straightforward for one person (let’s call him George Smiley, after John Le Carré’s master spy) to find out what music, video, and apps someone else (like me) has purchased or had gifted to them on iTunes.

Smiley doesn’t need to spend any money, or even have an iTunes account. He just needs a copy of the iTunes application (which is downloadable and free) and knowledge of the email address associated with my iTunes account. This is often not too hard to figure out; most of us use only a few different addresses, and everything I’ll show below can be repeated over and over with every email address Smiley knows or guesses for me until he hits paydirt. So for now, let’s assume Smiley knows that my iTunes email address is my standard gmail address.

Smiley would assemble a nefarious playlist of music — the tracks he wants to determine if I own. He then starts the iTunes gifting process (I believe the maximum size for gift playlists is 100 tracks):

After assembling a playlist, this is the first step in the gifting / snooping process.

Smiley clicks ‘Gift’ and is presented with the standard iTunes screen for gifting content. He fills in the requested fields:

The snooper George Smiley tells iTunes to gift me his nefarious playlist

After Smiley clicks ‘Continue,’ iTunes performs a number of checks in the background. One of them is to see if the intended recipient (me, in this case) already has in his library any of the music on the playlist. This is done with good intentions — to keep users from gifting music that the recipient already has — but the implementation of this feature opens up privacy concerns: if the check reveals duplicates, iTunes tells the gifter about one of them. The application presents this information to Smiley in red ink, before he has to sign in to his account, present credit card information, or take any other steps:

iTunes tells Smiley about one of the songs in my library

If he wants to explore the contents of my music library more, he deletes this song from the nefarious playlist, then resends it. He repeats this fishing expedition as often as he likes. I have no knowledge of these activities and no way to stop them. And the language Apple uses is not quite accurate. In the example above, I might not actually have purchased “Sleepyhead;” it might have been a gift. So Smiley’s learning about music that I didn’t even buy for myself, and might not ever have wanted.

Smiley’s technique also works for video…:

Smiley learns about video I've purchased from iTunes

and iPhone / iPad apps that cost money:

Smiley learns about one app on my iPad

This snooping process is iterative and cumbersome, but I’m pretty sure it could be at least somewhat automated. It’s also a little fluky; to learn what I have, Smiley has to gift media to me in the same form I bought it. For example, if he sent me only a single episode of “Breaking Bad” season 3 iTunes wouldn’t send him a message like the one above. This is because I bought the whole season at once, so Smiley has to gift me the whole season to learn about my purchase. Similar rules appear to hold for music.

Even though Smiley has to work a bit, I’m not thrilled that he (or anyone else) can so easily learn about my media purchases and tastes. If I want to share my iTunes holdings with my friends or broadcast them to the world Apple gives me tools to do so, but if I want to keep them private I can’t.

This strikes me as problematic. A person’s taste in media can be highly personal, yet all of Apple’s more than 10 billion song and 200 million TV and movie downloads are potentially traceable by the George Smileys of the world — the world’s spies, stalkers, yellow journalists, and opposition researchers. Of course, this is is nowhere near as big a deal as privacy holes in online health or financial information would be, so we should keep this issue in perspective. But it is an issue, I think.

Apple’s legal department will probably be particularly interested in the video example above, thanks in no small part to Robert Bork. During his contentious Supreme Court confirmation hearings in 1987, much attention was focused on Bork’s view that the US Constitution ensures no general right to personal privacy (legal scholars, please forgive me if my language is insufficiently precise here). In a highly personal exploration of his espoused theories, the Washington City Paper obtained and published the list of his rentals from a Chicago video store. Congress then quickly passed a law, the Video Privacy Protection Act, making such publication a federal offense (many states have since passed more restrictive laws in this area).

The VPPA concerns the “wrongful disclosure of video tape rental or sales records” and states that a ““video tape service provider” means any person, engaged in the business, in or affecting interstate or foreign commerce, of rental, sale, or delivery of prerecorded video cassette tapes or similar audio visual materials.” Apple might well qualify as such a provider; the act has been used as the base of class-action lawsuits against Facebook and Netflix.

As a comparison, I tried to send my Mom an Amazon Kindle book I knew she already had. Amazon let the purchase go through and told me nothing about her Kindle inventory. She received a message from the company that I’d sent her an e-book she already owned, and giving her a credit for its price. To put it mildly, this seems like a better approach to me.

Since taking the screenshots above I’ve changed the email address associated with my iTunes account. I hope that brings me a bit more privacy; I don’t want my fondness for Journey becoming public knowledge…

I’m a big user of Apple products and fan of the iCosystem they’ve built (see posts here, here, and here). But what I’ve described here is a privacy hole they need to plug, fast.