There is no privacy on the internet.
You would think such a commonplace observation hardly needs to be said out loud. In recent years, though, Apple has tried to market itself as the great exception.
“Privacy is built in from the beginning,” reads Apple’s privacy policy. “Our products and features include innovative privacy technologies and techniques designed to minimize how much of your data we — or anyone else — can access. And powerful security features help prevent anyone except you from being able to access your information. We are constantly working on new ways to keep your personal information safe.”
All that has now blown up in Apple’s face. Last Friday, the company backed off from a controversial initiative that would have allowed its iOS devices — that is, iPhones and iPads — to be scanned for the presence of child sexual abuse material, or CSAM. The policy, announced in early August, proved wildly unpopular with privacy advocates, who warned that it could open a backdoor to repressive governments seeking to spy on dissidents. Apple cooperates with China, for instance, arguing that it is bound by the laws of the countries in which it operates.
What made Apple’s efforts especially vulnerable to criticism was that it involved placing spyware directly on users' devices. Although surveillance wouldn’t actually kick in unless users backed up their devices to Apple’s iCloud service, it raised alarms that the company was planning to engage in phone-level snooping.
“Apple has put in place elaborate measures to stop abuse from happening,” wrote Tatum Hunter and Reed Albergotti in The Washington Post. “But part of the problem is the unknown. iPhone users don’t know exactly where this is all headed, and while they might trust Apple, there is a nagging suspicion among privacy advocates and security researchers that something could go wrong.”
The initiative has proved to be a public-relations disaster for Apple. Albergotti, who apparently had enough of the company’s attempts at spin, wrote a remarkable sentence in his Friday story reporting the abrupt reversal: “Apple spokesman Fred Sainz said he would not provide a statement on Friday’s announcement because The Washington Post would not agree to use it without naming the spokesperson.”
That, in turn, brought an attaboy tweet from Albergotti’s Post colleague Christiano Lima, complete with flames and applauding hands, which promptly went viral.
“We in the press ought to do this far, far more often,” tweeted Troy Wolverton, managing editor of the Silicon Valley Business Journal, in a characteristically supportive response.
Even though the media rely on unnamed sources far too often, my own view is that there would have been nothing wrong with Albergotti’s going along with Sainz’s request. Sainz was essentially offering an on-the-record quote from Apple.
(Still, it’s hard not to experience a zing of delight at Albergotti’s insouciance. Now let’s see the Post do the same with politicians and government officials.)
Apple has gotten a lot of mileage out of its embrace of privacy. Tim Cook, the company’s chief executive, delivered a speech earlier this year in which he attempted to position Apple as the ethical alternative to Google, Facebook and Amazon, whose business models depend on hoovering up vast amounts of data from their customers in order to sell them more stuff.
“If we accept as normal and unavoidable that everything in our lives can be aggregated and sold, we lose so much more than data, we lose the freedom to be human,” Cook said. “And yet, this is a hopeful new season, a time of thoughtfulness and reform.”
The current controversy comes just months after Apple unveiled new features in its iOS operating software that made it more difficult for users to be tracked in a variety of ways, offering greater security for their email and more protection from being tracked by advertisers.
Yet it always seemed that there was something performative about Apple’s embrace of privacy. For instance, although Apple allows users to maintain tight control over their iPhones and iMessages, the company continues to hold the encryption keys to iCloud — which, in turn, makes the company liable to a court order to turn over user data.
“The dirty little secret with nearly all of Apple’s privacy promises is that there’s been a backdoor all along,” wrote privacy advocates Albert Fox Cahn and Evan Selinger in a recent commentary for Wired. “Whether it’s iPhone data from Apple’s latest devices or the iMessage data that the company constantly championed as being ‘end-to-end encrypted,’ all of this data is vulnerable when using iCloud.”
Of course, you might argue that there ought to be reasonable limits to privacy. Just as the First Amendment does not protect obscenity, libel or serious breaches of national security, privacy laws — or, in this case, a powerful company’s policies — shouldn’t protect child pornography or certain other activities such as terrorist threats. Fair enough.
But as the aforementioned Selinger, a professor of philosophy at MIT and an affiliate scholar at Northeastern University, argued over the weekend in a Boston Globe Ideas piece, there are times when slippery-slope arguments, often bogus, are sometimes valid.
“Governments worldwide have a strong incentive to ask, if not demand, that Apple extend its monitoring to search for evidence of interest in politically controversial material and participation in politically contentious activities,” Selinger wrote, adding: “The strong incentives to push for intensified surveillance combined with the low costs for repurposing Apple’s technology make this situation a real slippery slope.”
Five years ago, the FBI sought a court order that would have forced Apple to provide the encryption keys so they could access the data on an iPhone used by one of the shooters in a deadly terrorist attack in San Bernardino, California. Apple refused, which set off a public controversy, including a debate between former CIA director John Deutsch and Harvard Law School professor Jonathan Zittrain that I covered for GBH News.
The controversy proved to be for naught. In the end, the FBI was able to break into the phone without Apple’s help. Which suggests a solution, however imperfect, to the current controversy.
Apple should withdraw its plan to install spyware directly on users’ iPhones and iPads. And it should remind users that anything stored in iCloud might be revealed in response to a legitimate court order. More than anything, Apple needs to stop making unrealistic promises and remind its users:
There is no privacy on the internet.
GBH News contributor Dan Kennedy’s blog, Media Nation, is online at dankennedy.net.