There has been much discussion lately about the personal customer information contained in the DRM-free AAC files being sold through the iTunes store. The privacy advocates are complaining that these files reveal too much information and are a potential risk should these files get stolen.
I am no Apple apologist, but I have say that in this case, the complaining just seems to be whining to me. For years, advocates of freedom were asking Apple to make the music store DRM-free. Once Apple and EMI did that, people are not complaining that the DRM-free files contain personal information. If, as the advocates claimed, having no DRM is abour fair use and not about being able to pirate copyrighted content, why complain that there is personal information contained in these DRM-free files? The argument about personal information being revealed if the files get stolen is ridiculous because no one can seriously expect not to reveal personal information should their computer/files get stolen. Everyone keeps personal information on their computers, what makes these music files so special? As far as I know, these files only contain the name and the email address, both of which are usually public knowledge anyway. If someone wants to be sure that they don’t inadvertently reveal information, they can easily keep all their data on an encrypted disk.
Another claim that is being made is the consequence of having one of these files stolen from the buyer and being made available on P2P networks. Does this information imply non-repudiability? I am more inclined to agree with Command Line (TLCP 2007-06-10), who says that we should wait and see the implications of this before we jump to any conclusions.