Apple's Crocodile Tears

By Omri Ben-Shahar

Posted on March 2, 2016


After a federal judge ordered Apple to help the FBI break into the encrypted iPhone used by the San Bernardino attackers, Apple's CEO Tim Cook issued a defiant letter pledging to oppose the order. Developing a "backdoor" into smartphone data, Cook wrote, would undermine data protection for consumers of tech products. Google's CEO Sundar Pichai echoed the same concern: Encryption protects people, and compliance with the court order would "compromise users' privacy." The entire tech industry seems to be on a mission, fighting tooth and nail to protect consumers' privacy.


This is awfully rich. The industry that makes a highly profitable living off of people's data, now parading as the crusader of privacy.


Let's get a few basic facts right. Apple, Google, Facebook, and other voices in the righteous band that has spontaneously formed to fend off government data prying, are not in the business of data protection. Privacy is not what they sell. On the contrary, it is the biggest threat to their business. Despite what they now claim in court proceedings or to the media concerning their commitment to users' privacy, Apple is in the business of platforms for data mining and data trading. Much of the value of Apple's devices and of many other tech firms owes to the widespread practice that they cultivate -- collecting users' information and selling it to other commercial entities, all for large (and well-earned) profits. The amount of information the tech giants collect and sell to advertisers and other business partners is orders of magnitude greater than the amount of information the government is seeking.


The iPhone is a wonderful portal into an environment where enormous amounts of users' data are abundantly exposed. Famous among the data collectors are Google and Facebook, whose main source of living is cashing in on the personalized profiles they have amassed on each user -- dossiers of information that advertisers are happy to rent. Almost every website, every smartphone app, every device, collects private information for commercial purposes. Some of it is needed for functionality -- Google Maps must know your geo location and WhatsApp needs to know your contacts -- but many do not. Does the Flashlight app (which only turns on the built-in LED light) need to know the geo location? Does Angry Birds need to access your phone calls (such Curious Birds...)?


The immense personalized tracking that the smartphone environment has created renders Apple and other device makers vulnerable to pressure from privacy groups and lawmakers, demanding that privacy protections be added to the devices. So how do you add data protections to new iPhone models without undermining the central business proposition of data-collection, which generates the profits that come from trading in people's personal information? What can Apple do to quiet the privacy alarmists?


The smartphone industry -- Apple and Android alike -- found a genius solution: protect the data only against the government, while continuing the full throttle harvest of data for commercial use. Beginning in the post-Snowden era, smartphones have been encrypted so that governments cannot break into them nor order the phone makers to provide access. The iPhone 6 made it impossible for NSA and FBI to crack the encryption, allowing Apple to publicly brandish its privacy protection credentials, and market their phones as safer than their competitors'. This was not a false claim. We are now learning that it is indeed impossible for the investigative agencies to access even dead terrorists' encrypted smartphones.


But it is only half the truth, or rather a small sliver of the truth. Apple's privacy pretense is misleading, because the specks of information encrypted against government seizure are dwarfed by the mountains of unencrypted information that the iPhone and its apps continue to harvest. Apple's "Privacy Policy" makes it abundantly clear that users' activity is recorded and saved, including information where people use their devices and for what purposes, what they buy and when, their occupation, age, address, and endless more. And like any online service, they plant cookies in people's devices to learn much more -- including activity that has nothing to do with functionality of the service, like browsing history. This information is analyzed and shared for commercial purposes, not least of which is advertising. And while some limited "do not track" options are made available by device makers like Apple to consumers who are sophisticated enough to turn them on after every software update, the industry has by and large resisted such restraint, which would threaten to dry up its sources of revenue.


The government is right in claiming that Apple's refusal to break into terrorists' iPhones is a marketing strategy. Tim Cook is now commended by privacy specialists for "leveraging his personal brand and Apple's to stand on the side of consumer privacy." Apple appears the champion of privacy, free to continue its own grand enterprise of developing platforms for commercial data mining.


Civil libertarians may nevertheless applaud Apple. The risks of government overreach, they would say, are greater than those arising from commercial sharing of personal data. They may be right, although Big Data should perhaps activate some of the same worries as Big Brother. Much of the recent regulatory action in the European Union in defining privacy as a fundamental right is fueled by this concern, of the uses big companies make of the information disclosed.


Others may rightly applaud Apple, Google, Facebook and other information-rich devices and services for providing to their clients excellent services at great value. It is difficult to identify what the harm is when Apple and mobile apps collect Big Data and profit from it. The practice allows users to receive valuable services free of charge. Even targeted advertising is less annoying than spam. It is surely better for most consumers to pay for the services like Google and Facebook with the new currency -- the quid pro quo of surrendering some personal information -- instead of paying cash.


But all this suggests that the tech industry is not the guardian of privacy. Apple's participation in the business of commercial data collection may not do much harm and may even do some good, but it is a far cry from putting Apple on the side of consumer privacy. To say, gullibly, that Tim Cook is the "bulwark of digital privacy," to quote him proclaiming privacy a "civic duty" of Apple and that "People have a basic right to privacy," is to let the fox guard the henhouse.



The preceding is republished on TAP with permission by its author, Omri Ben-Shahar, law professor and Kearney Director of the Coase-Sandor Institute for Law and Economics at the University of Chicago Law School. “Apple's Crocodile Tears” was originally published February 26, 2016 in The Huffington Post.