On Tuesday, Apple was awarded a patent that describes a way to pollute online data to promote privacy. The patent, "Techniques to pollute electronic profiling," was first issued in 2007 and initially was assigned to Novell.
Apple acquired a number of Novell patents in February, following approval from the U.S. Department of Justice. The company did not respond to a request to confirm that this patent was among those acquired from Novell and to comment on whether it sought specifically to acquire this patent.
[ Another tech fight is underway. Read Google Battles YouTube-To-MP3 Conversion Website. ]
The patent covers a method for enhancing privacy by generating fake online identities to confound personal profiling efforts. It describes how concerns about "Big Brother" government surveillance have been supplanted by worries about "Little Brothers," automated programs that monitor people's Internet activities.
Apple hasn't been much concerned with fighting Big Brother since its highly regarded "1984" commercial. But since then, it has found, as Microsoft has, that supporting user privacy can advance its competitive interests and enhance its standing among regulators.
Since Google became Apple's primary competitor, Apple has taken steps to support privacy initiatives that limit the ability of third-parties to collect data useful for advertising. For example, Apple last year added support for the do-not-track browser header in OS X Lion. Its Safari browser also defaults to blocking cookies from third-party websites, a feature Google bypassed (and got in trouble for) as a way to resolve conflicting user preferences.
Apple has also had its privacy proclivities reinforced as a result of the controversy over its storage of unprotected location data on the iPhone and of iOS developers' use of the UID identifier as the key to data profiles of iPhone users.
Apple's profile pollution patent, written in 2005 by or on behalf of inventor Stephen R. Carter for Novell, describes how computer users are taking counter-measures to combat data gathering. "In fact, users are becoming so concerned about dataveillance that a booming industry has arisen that attempts to thwart the data collection. Some examples include 'anonymizers' and 'spyware killers.'"
The patent suggests resistance is futile, as the persistence of concerns about data gathering over seven years suggests. "In a sense if the user engages in any Internet activity, information may be successfully collected about that user," it states. "Thus, even the most cautious Internet users are still being profiled over the Internet via dataveillance techniques from automated [Little] Brothers."
The patent document actually says "Litter Brothers" rather than "Little Brothers" in this one sentence. The typo that turns out to be an apt name for what the patent contemplates: "Techniques to pollute electronic profiling" proposes a way to attack invasive data collection by creating a fake identity, or clone.
The patent describes the "clone" as "another identity that is associated with a principal and appears to be the principal to others that interact [with] or monitor the clone over the network."
The clone performs activities in an assigned field of interest, which would typically not reflect the actual interests of the user. Its purpose is to deceive data gatherers.
"Any network eavesdroppers, which are performing dataveillance on a principal, are polluted by the transactions that are in fact divergent from the true principal's areas of interest," the patent says. "In this manner, data collection is not prevented; rather, it is intentionally polluted so as to make any data collection about a principal less valuable and less reliable."
Apple may not ever implement this patent in any of its products, but the impulse to defend oneself against invasive tracking is likely to sustain the development of countermeasures for the foreseeable future.
Don't worry though: Litter Brother will cover your tracks.
Black Hat USA Las Vegas, the premiere conference on information security, features four days of deep technical training followed by two days of presentations from speakers discussing their latest research around a broad range of security topics. At Caesars Palace in Las Vegas, July 21-26. Register today.