In a regulatory submission, obtained by MediaNama under RTI, Apple has opposed a provision in TRAI’s SMS Spam regulation which would force handset makers to give blanket permissions to TRAI’s DND 2.0 spam-reporting app. This provision had raised fears that Apple’s iPhones would effectively be banned in India if it did not cave in to TRAI’s demands.
Note that this sets a precedent for the TRAI to release under RTI, documents marked confidential.
Apple said in the filing that its App Store guidelines forbid the kind of access to call logs and SMS records that TRAI’s regulations are seeking. It cited the Supreme Court privacy judgement, saying that the company’s policies were consistent with the court’s verdict upholding privacy records.
The submission, signed off by Apple’s Indian head of public policy Kulin Sanghvi, said, “iOS and Apple’s App Store Review Guidelines do not enable a mobile app to transmit a customer’s personally-identifiable information and usage history to a third party automatically, without the user directing that action….Enabling that functionality would open the door to Apple users being tracked by third parties in ways that the users have not invited and might not even realize, and that might expose them to harm.”
The TRAI has for months been hounding Apple, which accounts for 3% of India’s smartphone market by devices shipped, to open up its App Store for the DND app. Apple recently developed an extension that it said would preserve consumer privacy while allowing users to report spam.
Apple refused to comment on the submission on being contacted by MediaNama.
Public consultation, confidential response
Apple marking its submission ‘Confidential’ is notable since it was responding to a public consultation process, while other responses to that process are public on the TRAI website. This raises the question of just how many regulatory submissions are confidential and not disclosed as a part of the consultative process. After submissions are initially received, TRAI often holds a ‘counter-comment’ phase, where stakeholders can respond and rebut points made by others. This is not going to be possible for a submission if it is marked confidential.
In a Twitter Q&A, MediaNama asked chairman RS Sharma why Apple’s response to this consultation was not made public. Sharma responded that TRAI ‘religiously and secularly’ uploads all submissions made by stakeholders, unless the submission is marked confidential, “and if it is not coming under the consultation, then that’s a separate issue”. Even after being disclosed under RTI, the submission hasn’t been uploaded on the TRAI website.
Read Apple’s submission to TRAI
Response to Draft Telecommunications Commercial Communications Consumer Preference Regulations, 2018
Thank you for this opportunity to comment on the recently-circulated draft Telecommunications Commercial Communications Consumer Preference Regulations of 2018. We recognize the inconvenience caused by unsolicited commercial communications, and we are committed to working with the Telecom Regulatory Authority of India (TRAI) to address the issue for users of Apple products in India.
At Apple, we strive to make world-class products and deliver the best experience possible to our customers. Consistent with that philosophy, we have made a commitment to protect the privacy of all of our users, including our users in India.
Every Apple product is designed from the ground up to protect personal information and empower our users to choose what they share and with whom. We provide our users with a variety of tools related to app installation, to ensure their apps come from sources they trust.
We recently announced a new feature in iOS 12 to enhance spam SMS and call reporting (https://developer.apple.com/documentation/sms_and_call_reporting/sms_and_call_spam_reporting). The new feature provides developers with the ability to create an app extension that allows users to report both unwanted SMS messages and unwanted calls as spam. To report unwanted SMS messages or unwanted calls, the user enables an Unwanted Communication extension in the Settings app. Then, to report a call, the user swipes left on the item in the Recents list and selects Report. For an SMS message, the user presses the Report button when it appears in the Messages transcript. When the user reports an unwanted SMS message or unwanted call, the system launches the Unwanted Communication extension.
We believe we’ve proved time and again that great experiences don’t have to come at the expense of privacy and security. Instead they can support them. Because we’re committed to retaining our customers’ trust, we begin by respecting their privacy and doing everything we can to safeguard their data.
Comments on the Draft Regulations
Draft Regulation 34 would require each access provider to “ensure that all devices registered on its network shall support all permissions required for the functioning of such Apps as prescribed in Regulation 6(2)e and Regulation 23(2)d.” Those two referenced draft Regulations would require each access provider to offer its customers, free of charge, a mobile app developed or approved by TRAI “to register, modify or de-register preference(s)” and “to make compliant or to report violation of regulations.” Read together, the above draft Regulations would require each access provider to ensure that all devices on its network support all permissions required for the functioning of one or more TRAI-commissioned mobile apps that enable customers to register, modify, or de-register their preferences and to make complaints and report regulatory violations.
The draft regulations do not appear to specify further the functionality of any TRAI-commissioned mobile app or apps that would enable customers to register, modify, or de-register their preferences. But, draft Schedule III of the draft Regulations indicates that an app enabling “[c]omplaint registration” would help a customer easily to—
- select a text message or voice call the customer believes was spam;
- compose a message of complaint;
- send the suspected spam communication and the complaint, along with information on the source of the suspected spam communication, to the access provider; and
- keep a record of the complaints the customer has sent to the access provider.
iOS and Apple’s App Store Review Guidelines allow a mobile app to enable a customer — as per draft Regulation 6(2)(e) — to register, modify, or de-register the customer’s preferences with the customer’s access provider.
iOS and Apple’s App Store Review Guidelines also allow a mobile app to enable a customer — as per draft Regulation 23(2)(d) — to register complaints with the customer’s access provider, including in the ways described in draft Schedule III.
But iOS and Apple’s App Store Review Guidelines do not enable a mobile app to transmit a customer’s personally-identifiable information and usage history to a third party automatically, without the user directing that action. Enabling that functionality would open the door to Apple users being tracked by third parties in ways that the users have not invited and might not even realize, and that might expose them to harm. We would not be able to enable the transmission only by certain third-party apps, to only certain third-party recipients.
We believe the above protection provided by iOS and Apple’s App Store Review Guidelines is supported by the Supreme Court’s decision last year in Justice K.S Puttaswamy (Retd.) v. Union of India and Ors. We therefore respectfully request that the final Regulations not seek to direct or authorize any third party — including an access provider — to “derecognize from its telecom networks such devices that do not permit functioning” (draft Regulation 34) of an app that would transmit a customer’s personally-identifiable information and usage history to a third party automatically, without the user directing that action.
Thank you again for this opportunity to provide our comments. We further request that TRAI please refer to our letter dated 12 April 2018. We look forward to working wth TRAI to address the issue of unsolicited commercial communications, while simultaneously ensuring that we fully honor our commitment to protect the privacy and security of our users. – medianama