Pixel Envy

Written by Nick Heer.

Commitments to Privacy Are Necessarily Long-Term Obligations

Casey Johnston, the Outline:

Multiple segments of Apple’s Worldwide Developers’ Conference keynote presentation today indicated that Apple is rushing into spaces where other tech companies have already deeply soured customers’ ability to trust them. The presentation doubled down on Apple’s recent privacy-themed advertising campaign, but the problem with this kind of privacy has never been company’s intentions in the moment; it’s that they appear to be unable to resist the intense pull of how lucrative customer data can be. As Apple moves into services while its hardware sales slow down, the recent betrayals of other tech companies who implicitly or explicitly promised to be careful with their users’ data loom very large.

Johnston gives examples of how Google and Facebook started out as ostensibly privacy-aware, but have caved to exploiting user data; she questions whether Apple will be different over the long term, and how we can trust them not to be. What happens if the next CEO doesn’t care at all about privacy? Surely, users are owed a deeper commitment to the privacy of their data than company culture.

I think Apple mostly gets that right by encrypting user data in ways that the company cannot decrypt — in other words, it’s only accessible by the user. Therefore, it is less necessary to trust that they will not abuse user data, as they are not collecting it in a way where they can abuse it. If you have iCloud Backups turned off, much of this data isn’t stored by Apple at all.

This article raises a really great point about privacy’s long-term commitments. Maciej Cegłowski has previously highlighted a hypothetical instance of a queer Russian blogger writing on LiveJournal before its acquisition by a Russian company; shortly thereafter, Russia passed strict homophobic laws, which could put that blogger at risk. Or consider how many apps have scooped up your contact list with your permission — who owns those lists now? What if an indie developer with your contact list in its database gets acquired by a social media giant with a pathological objection to privacy for anyone but its CEO?

It is therefore critically important that user data is encrypted in a way that is impossible for anyone else to decode. Users should be entirely in control of their own data now and forever.