Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsPrivacy by Design: User Identification Headphones
Apple always seems to be on the cutting edge of privacy. Their new plan for AirPods continues the tradition, in an excellent example of privacy by design. Recognizing the very close integration between our personal lives and our technology, Apple intends to have their AirPods recognize their owner.
Ear buds can become very knowledgeable and very helpful digital assistants, sharing with the user anything from the content of text messages to upcoming appointments. These are features that are very valuable in some settings, but deliberately only available in privacy-controlled settings, such as audio intended directly for the user’s ear or accessible only after unlocking the phone.
Apple has shown that they have thought through the “What if?” or “What could go wrong?” scenarios related to ear buds being as helpful as they are. There are plenty of reasons that someone might lend their AirPods to someone else. There are urgent need situations and need for distractions, among others.
Your roommate needs to study for a test, but your friends are being noisy. Your neighbor’s kids are bored while the adults are talking after dinner. In either situation, you might think it’s a good idea to lend them your AirPods. Your roommate can play gentle instrumental background noise to drown out the voices. The kids can use an AirPod each and watch a movie or video. But ‘what if’ your mom texts you asking about your embarrassing health condition and the roommate/kids curiously tap the AirPod to have the message read aloud. ‘What could go wrong’ is that suddenly the neighbor kids are asking their parents about XXXX health condition. Your roommate is a bit of a gossip and shares the discovery to some of your mutual friends.
Apple has thought through these situations. They have come up with a solution and applied for a patent for “user identification using headphones.” This would allow someone to share their ear buds without creating a whole host of privacy concerns. They seem to have two approaches for user identification. One approach is based on proximity, the other is based on coordination. The proximity-based approach involves playing an ultrasonic tone from the iPhone and checking to see if it is detected by the ear buds. The presumption is that if the person with the ear buds is also close to the phone, that person must be the owner. The coordination approach involves three or more Apple devices in use at the same time tracking in at least some base level, the user’s bodily movements. If the movement of the user’s head (AirPods), wrist (Apple Watch), and hip (iPhone) seem to be correspondent, then presumably it is the same individual with all three devices, and that person is presumably the owner of the devices.
Now, looking at the scenarios where an owner would lend their AirPods to someone else, the proximity approach would assume that your roommate is the owner of the AirPods, they would likely have your phone and AirPods, so they could control the music they were listening to. The neighbor kids would also have the phone and the AirPods so they could watch something on the phone and based on device proximity, each of the kids would be assumed to be you. However, the coordination approach would properly distinguish between the owner and the lendee of the AirPods. In the absence of a third device, the coordination approach would treat them as non-owners and wouldn’t divulge private information to them.
I am sure there are scenarios where the proximity approach would correctly distinguish between an owner and a lendee, but the fact that the other approach would distinguish and thereby identify the owner is very important.
One of the most “privacy by design” elements of Apple’s approach is that they do not gather more information about you in order to identify you. The identification is done solely by context clues, not by sensing the moisture level of your skin, the temperature of your ear canal, or some other intrusive means.
Privacy by design is a great approach to maintaining data privacy. But it is just one method of many. Clarip provides data compliance solutions for companies that collect data, but still need to comply with data privacy laws. We offer fully automated data subject request fulfillment, data mapping, website scanning, vendor management, consent management, and much more data privacy solutions. Visit us at www.clarip.com or call us at 1-888-252-5653 to learn more.
Other Articles on this Topic
Privacy by Design: Privacy throughout the engineering process
Privacy by Default: The practical application of simplified privacy
