New Napster Will Look Out For You
Though its Web site is still up, Napster’s file-swapping service and servers are currently down for a system upgrade to support its "new file identification technology." We’re all well aware of the recent court actions and the legal requirement for Napster to prevent illegal trading of files on its system, so I won’t bore you with those droll details. Instead I’ll talk about your personal privacy, which will be different under the new Napster — whenever it does come back online.
The newest versions of the Napster client (2.0 beta 10.3 for Windows, 1.0 beta 2 for Mac), which are downloadable right now, will be required to access Napster upon its return. All previous versions of the Napster client have been disabled. Use the new client, or use no Napster.
With the new client comes mandatory acceptance of a new privacy policy. Privacy policies are a bit of an odd thing because almost none of us —assuming that if there were anything threatening we’d hear about it through some sort of popular outcry — actually read them. After all, it’s called a Personal Privacy Policy, not a Personal Publicity Policy. So I’ve dissected the Privacy Policy to help you understand exactly what it means to you as a Napster user.
What Do You Know?
What information does Napster gather? Primarily, a user name and an e-mail address. It also asks for some demographic information, though this is optional. Your e-mail address is designated the only "Personally Identifiable Information" requested during the registration process. Napster further states that your PII is not associated with your user name or with your demographic information. No doubt, the database is very capable of joining your PII with your user name, but Napster promises not to do it unless they tell you first in a notice posted on the Web site and client welcome screen.
When you log in, your IP address, date of login and user name are recorded. Again, "it is not currently linked to any Personally Identifiable Information you provide." And again, this means they could easily link all that information to your PII at a later time, as long as they first change the privacy policy and put up a notice to that effect on their Web site and in the client’s welcome screen.
When you log in, the Napster service also collects (associated with user name) connection speed and identification information on the files you have chosen to make available. For the vast majority of Napster users — those who don’t monkey with their download/upload directory information — all files they download are also "made available" and thus recorded. However, this is a user choice and can be avoided if desired by not sharing any files.
To search the Napster shared file index, you must provide search criteria and a list of files is returned. "Currently your searches are not recorded or stored by us, nor are the identities of any files you choose to share or transfer," states the policy. Sounds like they respect your privacy here, but the repeated use of the word "currently" may be making some of you nervous by now. And rightly so.
Speak Out
Napster’s SpeakOut section allows music lovers to e-mail Congresspeople, ostensibly to express support for unencumbered file swapping. When you do this, Napster archives your name, your mailing address, and your e-mail address, as well as the text of your message. It will pass the information on to a company called Capitol Advantage, which is not allowed to archive your information, just to get it to the appropriate Congressperson.
Remember, though, Napster keeps the info, including the text of your message. And although it claims it does not associate any of your PII (name, address, e-mail) with your Napster account, anybody who has used a database can tell you that this information is easily associated with your other data via, if nothing else, the e-mail address. This means that your letters to Congress can be linked back to your IP address and the lists of files on your system.
Again, that’s a technical possibility only, and perhaps you need not worry because Napster does not (currently) associate the information it gathers through SpeakOut with the rest of their information. But Napster could if it wanted to, and if you don’t check the Web site or use the client and read the welcome screen you may never know.
Safe and Sound
Napster assures you that they have taken special security measures to ensure the inviolability of your PII. Of course, there’s a tinge of irony in having Napster look out for your security interests. Still, it does secure your information, and in all likelihood it will probably do it well. Unlike file identification, this is a straightforward process.
Your information can be shared by Napster with third parties under a few circumstances. If you violate Napster’s End-User Software License Agreement, Terms of Use, or any of Napster’s rights or property; if there is a legal process requiring the release of the information; or if Napster is sold. Considering how long the company has been operating without making any money, a sale could easily occur, and then all your information would go to the buyer, and the Privacy Policy says nothing about the new owner of your personal information being obligated to retain Napster’s Privacy Policy. Finally, Napster can share your information if you give Napster your express consent.
Privacy Matters — Maybe
There, now you don’t have to read the Personal Privacy Policy if you don’t want to. Sure, it could be perceived by some as evil, but in all likelihood it's no more evil than a million other privacy policies on a million other sites that you enjoy. Of course, I don’t know that for sure about the other sites’ privacy policies. I haven’t read them yet. They might be worse.