Apple’s attempted crackdown on child sexual abuse leads to a battle over privacy

Apple CEO Tim Cook. Photo (cc) 2017 by Austin Community College.

Previously published at GBH News.

There is no privacy on the internet.

You would think such a commonplace observation hardly needs to be said out loud. In recent years, though, Apple has tried to market itself as the great exception.

“Privacy is built in from the beginning,” reads Apple’s privacy policy. “Our products and features include innovative privacy technologies and techniques designed to minimize how much of your data we — or anyone else — can access. And powerful security features help prevent anyone except you from being able to access your information. We are constantly working on new ways to keep your personal information safe.”

All that has now blown up in Apple’s face. Last Friday, the company backed off from a controversial initiative that would have allowed its iOS devices — that is, iPhones and iPads — to be scanned for the presence of child sexual abuse material, or CSAM. The policy, announced in early August, proved wildly unpopular with privacy advocates, who warned that it could open a backdoor to repressive governments seeking to spy on dissidents. Apple cooperates with China, for instance, arguing that it is bound by the laws of the countries in which it operates.

What made Apple’s efforts especially vulnerable to criticism was that it involved placing spyware directly on users’ devices. Although surveillance wouldn’t actually kick in unless users backed up their devices to Apple’s iCloud service, it raised alarms that the company was planning to engage in phone-level snooping.

“Apple has put in place elaborate measures to stop abuse from happening,” wrote Tatum Hunter and Reed Albergotti in The Washington Post. “But part of the problem is the unknown. iPhone users don’t know exactly where this is all headed, and while they might trust Apple, there is a nagging suspicion among privacy advocates and security researchers that something could go wrong.”

The initiative has proved to be a public-relations disaster for Apple. Albergotti, who apparently had enough of the company’s attempts at spin, wrote a remarkable sentence in his Friday story reporting the abrupt reversal: “Apple spokesman Fred Sainz said he would not provide a statement on Friday’s announcement because The Washington Post would not agree to use it without naming the spokesperson.”

That, in turn, brought an attaboy tweet from Albergotti’s Post colleague Christiano Lima, complete with flames and applauding hands, which promptly went viral.

“We in the press ought to do this far, far more often,” tweeted Troy Wolverton, managing editor of the Silicon Valley Business Journal, in a characteristically supportive response.

Even though the media rely on unnamed sources far too often, my own view is that there would have been nothing wrong with Albergotti’s going along with Sainz’s request. Sainz was essentially offering an on-the-record quote from Apple.

(Still, it’s hard not to experience a zing of delight at Albergotti’s insouciance. Now let’s see the Post do the same with politicians and government officials.)

Apple has gotten a lot of mileage out of its embrace of privacy. Tim Cook, the company’s chief executive, delivered a speech earlier this year in which he attempted to position Apple as the ethical alternative to Google, Facebook and Amazon, whose business models depend on hoovering up vast amounts of data from their customers in order to sell them more stuff.

“If we accept as normal and unavoidable that everything in our lives can be aggregated and sold, we lose so much more than data, we lose the freedom to be human,” Cook said. “And yet, this is a hopeful new season, a time of thoughtfulness and reform.”

The current controversy comes just months after Apple unveiled new features in its iOS operating software that made it more difficult for users to be tracked in a variety of ways, offering greater security for their email and more protection from being tracked by advertisers.

Yet it always seemed that there was something performative about Apple’s embrace of privacy. For instance, although Apple allows users to maintain tight control over their iPhones and iMessages, the company continues to hold the encryption keys to iCloud — which, in turn, makes the company liable to a court order to turn over user data.

“The dirty little secret with nearly all of Apple’s privacy promises is that there’s been a backdoor all along,” wrote privacy advocates Albert Fox Cahn and Evan Selinger in a recent commentary for Wired. “Whether it’s iPhone data from Apple’s latest devices or the iMessage data that the company constantly championed as being ‘end-to-end encrypted,’ all of this data is vulnerable when using iCloud.”

Of course, you might argue that there ought to be reasonable limits to privacy. Just as the First Amendment does not protect obscenity, libel or serious breaches of national security, privacy laws — or, in this case, a powerful company’s policies — shouldn’t protect child pornography or certain other activities such as terrorist threats. Fair enough.

But as the aforementioned Selinger, a professor of philosophy at MIT and an affiliate scholar at Northeastern University, argued over the weekend in a Boston Globe Ideas piece, there are times when slippery-slope arguments, often bogus, are sometimes valid.

“Governments worldwide have a strong incentive to ask, if not demand, that Apple extend its monitoring to search for evidence of interest in politically controversial material and participation in politically contentious activities,” Selinger wrote, adding: “The strong incentives to push for intensified surveillance combined with the low costs for repurposing Apple’s technology make this situation a real slippery slope.”

Five years ago, the FBI sought a court order that would have forced Apple to provide the encryption keys so they could access the data on an iPhone used by one of the shooters in a deadly terrorist attack in San Bernardino, California. Apple refused, which set off a public controversy, including a debate between former CIA director John Deutsch and Harvard Law School professor Jonathan Zittrain that I covered for GBH News.

The controversy proved to be for naught. In the end, the FBI was able to break into the phone without Apple’s help. Which suggests a solution, however imperfect, to the current controversy.

Apple should withdraw its plan to install spyware directly on users’ iPhones and iPads. And it should remind users that anything stored in iCloud might be revealed in response to a legitimate court order. More than anything, Apple needs to stop making unrealistic promises and remind its users:

There is no privacy on the internet.

Why newspaper apps still matter

IMG_0026
The Washington Post’s new iOS app.

Remember when the iPad was going to save the news business? How did that work out? But if the redemptive qualities of tablets turned out to be overblown, they are nevertheless a compelling platform for consuming all kinds of text and multimedia material, including news.

This morning I spent way too much time with The Washington Post’s new iOS app, which is detailed at the Nieman Journalism lab by Shan Wang. It is beautiful, with large pictures and highly readable type. I was already a fan of what the Post is now calling “Washington Post Classic.” But this is better.

So do I have a complaint? Of course. The Classic app is more complete; it includes local news (no, I have no connection to the Washington area, but it’s nice to be able to look in on occasion), whereas the new app is aimed at “national, international audiences.”

And both apps rely more on viral content than the print edition, a sluggish version of which is included in Classic.

Quibbles aside, this is a great step forward, and evidence of the breakthroughs that are possible with technology billionaire Jeff Bezos in charge. In fact, the new app is a version of one that was released last fall for the Amazon Fire. So it’s also heartening to see that Bezos isn’t leveraging his ownership of the Post entirely to Amazon’s advantage.

IMG_0024
The Boston Globe’s new app.

Another paper with a billionaire owner has taken a different approach. Several months ago John Henry’s Boston Globe mothballed its iOS replica edition — that is, an edition based on images of the print paper — and replaced it with an app that is still print-centric but faster and easier to use. It was developed by miLibris, a French company.

The first few iterations were buggy, but it’s gotten better. In general, I’m not a fan of looking at the print edition on a screen. But I find that the Globe’s website is slow enough on my aging iPad that I often turn to the app just so I can zoom through the paper more quickly, even if I’m missing out on video and other Web extras.

One big bug that still needs to be squashed: When you try to tweet a story, the app generates a link that goes not to the story but, rather, to the Apple Store so that you can download the app. Which, of course, you already have.

IMG_0025
The Boston Herald’s app.

Finally, it’s worth noting that the Boston Herald has a pretty nice iOS app, developed by DoApp of Minneapolis. It’s based on tiles, so it’s fast and simple to use. It’s so superior to the Herald’s creaky website that I wish there were a Web version.

Do apps for individual news organizations even matter? We are, after all, entering the age of Apple News and Facebook Instant Articles.

My provisional answer is that the news organizations should both experiment with and push back against the drive toward distributed content. It’s fine for news executives to cut deals with the likes of Tim Cook and Mark Zuckerberg. But it would be a huge mistake if, in the process, they let their own platforms wither.

Also published at WGBH News.