Apple’s UK run-in: Privacy may matter less to its customers than it thinks
Apple’s tensions with the UK over encryption finally reached breaking point last week. Rather than submit to the government’s demand for a backdoor to customer data, the iPhone maker instead killed end-to-end encryption for all British customers of iCloud. It’s a principled gamble that seems to rely on public outrage, but Apple may discover that privacy matters more in marketing than in reality for its customers.
For those unfamiliar, data that is end-to-end encrypted can’t be accessed by anyone, not even Apple, except the holder of the encryption keys (in this case the iCloud customer). This is the gold standard for securing data in banking and many online services.
But the UK has for several years been making an unreasonable push for special access to penetrate this security layer on the argument that it’s needed to help its intelligence agencies stop terrorists and for prosecutors to secure criminal convictions.
If it didn’t comply with the order, made under Britain’s Investigatory Powers Act of 2016—also known as the ‘Snoopers’ Charter’—Apple faced the threat of criminal charges and financial penalties.
Also Read: Think different: Consider a smartphone tariff cut to sustain an Apple-led export boom
But the ‘backdoor’ London wants would create a portal that can be exploited just as much by the bad guys as the good guys. That’s why Apple has repeatedly resisted efforts by US authorities trying to investigate crimes and even mass murders to break into the encrypted iPhones of alleged perpetrators. “As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will,” Apple has consistently said.
Now, Apple is effectively telling the UK: ‘Fine. You want a backdoor? How about no house at all?’ British iCloud customers are unable to access Advanced Data Protection (ADP) to give their data the highest possible security. I’m an iCloud customer myself, and trying to activate the feature now leads to [disappointment].
For those who already had ADP turned on, it will likely be removed at some point in the near future. Thus the British government is getting more than it demanded.
It doesn’t need a backdoor to iCloud any more; Apple would technically be able to respond to a court order to supply data stored by any UK citizen on the platform, where people cache emails, photos and documents. But bad actors will have an easier time getting to those files as well. And, as independent analyst Benedict Evans notes, “What will the UK government say when China… orders Apple to to hand over UK citizens’ data?”
Also Read: Mint Quick Edit | India’s new privacy rules: A mixed bag
This is a pyrrhic victory for Apple. It has maintained its opposition to backdoors and defended its global iCloud customers from UK government prying, but its British users are losing out.
Perhaps Apple hopes to deter other governments from kicking up a fuss like the UK has done, betting that the prospect of killing end-to-end encryption elsewhere will be sufficiently unpopular to deter other governments from also demanding special access. That would be a gamble.
There’s been little pushback, much less uproar, from Brits about Apple’s policy change. The reaction might be bigger if Apple was pulling similar protections for iMessage and FaceTime (it isn’t), but the muted response suggests something troubling for Apple: Customers don’t care about thir privacy as much as the company seems to think.
The so-called privacy paradox, well-documented in academic research, refers to the gap between the concerns people say they have about their data and what they actually do about it.
Some 92% of American consumers have said they should be able to control information about themselves on the internet, according to a 2019 PriceWaterhouseCoopers report, but most don’t act on that concern. Just 45% said they updated their privacy settings on products, for instance, and only 16% stopped using a company’s services because of data misuse, according to another 2019 report by IBM.
Also Read: Mint Primer | Will Apple’s UK move spell doom for privacy?
Apple hasn’t disclosed what proportion of its iCloud customers had end-to-end encryption turned on. But if the number is low, that would be another illustration of the privacy paradox. Apple encrypts all notes sent through iMessage by default; would there be a fuss if that was taken away too? It’s quite possible that many of its customers don’t understand the technology enough to care about it.
Perhaps these are the early signs of diminishing returns for Apple on privacy, which until now has been a powerful marketing tool that helped it differentiate its products. But its UK retreat may reveal a hard truth: Privacy features may not be worth the regulatory battles they create if consumers don’t care. ©Bloomberg
Post Comment