Privacy and Repairs

Apple’s announcement last month that it would soon sell users the parts they need to repair devices themselves reignited discussion about the perceived advantages and drawbacks of self-repair, and promoted questions about how many users would actually take advantage of the program. My guess is that it will be proportionate to the number of people who repair their own vehicles: not many. That is a shame because replacing an iPhone’s display or a MacBook Air’s battery is not very difficult, and I find it emotionally rewarding.

Regardless of whether that resonates with anyone else, one reason more people should be able to repair their own devices is to maintain control over their data. This is not theoretical.

Michael Brice-Saddler, reporting for the Washington Post in November 2019:

It was a sense of foreboding that prompted Gloria Fuentes to delete several apps from her phone ahead of an Apple Store appointment last week in Bakersfield, Calif.


It turns out Fuentes’s initial concerns were legitimate. When she got home, Fuentes turned on her phone and noticed a text that had been sent to an unknown number, she wrote. The message’s contents were even more harrowing: Fuentes alleged that the Apple employee had gone through her photos, retrieved a private picture and texted it to himself.

The picture in question was taken more than a year ago, she added.

In this article, Brice-Saddler mentions a handful of similar incidents from years past.

James Titcomb, reporting for the Telegraph in June:

Apple paid millions of dollars to a student after iPhone repair technicians posted explicit photos and videos from her phone to Facebook, legal documents have revealed.

The tech giant agreed a settlement with the 21-year-old after two employees at a repair facility uploaded the images from a phone she had sent to Apple to be fixed, resulting in “severe emotional distress”.

The repair facility was operated by Pegatron, but customers are not aware of that when turning their phones in to Apple for repair.

Ryne Hager, AndroidPolice:

Over the week, two Pixel owners have publicly reported that devices sent back to Google for warranty service and replacement were used to violate their privacy. In one instance, someone allegedly took “nudes” from the device and posted them on a customer’s social media account before stealing a small sum via PayPal. Game designer and New York Times bestselling author Jane McGonigal also later tweeted out her own report detailing someone’s attempts to secure similar information from her account, trawling her Gmail, Google Drive, and other data backup sources after she sent her phone to Google for repair.

Stories of repair technicians taking advantage of their position are as disgusting are they are common. Employees like these are present in official channels, at contractors, and at independent repair shops. But even though the problem is a common one, it should surprise nobody that all of these stories are about men violating the privacy of women through their broken devices.

It is not as though other professions do not have their share of creeps. But medical professionals and lawyers have more to lose. When a doctor violates the confidentiality of their relationship with a patient, their name makes the news, and they may get stripped of credentials or expelled from colleges. In many cases, the repair technicians who are found to be responsible for similarly egregious violations are nameless, and could easily get hired elsewhere.

Other professions requiring a high degree of trust in confidential information have codes of conduct their practitioners must adhere to, and governing bodies that can discipline rule-breakers. Repair technicians do not; the qualifications Apple requires of Genius Bar staff are similar to those of retail floor staff. Perhaps that is something which ought to be considered: a self-governing body that sets a minimum standard of expertise for consumer-level repairs,1 and can de-certify anyone who abuses their position.

The above cases are symptomatic of the objectification of women, almost always by men, that is commonplace at all levels of society and which we desperately need to correct. But privacy concerns are not limited to these flagrant violations. There are also items that all of us have on our computers that would make us concerned if a technician accessed them. These privacy incursions are certainly less egregious, but are damaging in their own way. We keep records of our conversations, banking history, health, and so much more on devices we would be reluctant to hand to a stranger on the street.

If you are concerned about someone else handling your device — and I think there are perfectly good, non-criminal reasons for being wary — a self-repair option might make sense for you. We should all expect privacy from technicians, and those who choose a full-service option are in no way asking to be taken advantage of. But self-repair offers another level of reassurance. Your device never leaves your hands. That peace of mind may, for some, be worth the modest learning curve.

  1. I am familiar with the kinds of certifications available to system administrators. ↥︎