Sunday, 19 Sep 2021

Opinion | The Illusion of Privacy Is Getting Harder to Sell

Even iPhone users with nothing to hide could be forgiven for being a little creeped out that Apple will scan their photos and see if they match existing databases of known illegal pornographic images. Privacy experts called the idea a potential backdoor for governments to request or demand scans for other images or files. Some of Apple’s own employees are reportedly pushing back on the idea.

It’s a good indication that things are headed in the wrong direction when your company’s anti-child pornography initiative gets panned.

A major reason for the failure of Apple’s defense is that the photo-scanning program confirms a fear many users already harbor: Personal data, even the most sensitive, is effectively out of users’ control, accessible at the flip of a switch.

Apple says, relentlessly, that privacy is the central feature of its iPhones. But as the photo scanning demonstrates, that’s true only until Apple changes its mind about its policies.

The iPhone is a gluttonous collector of user information. The devices beam location data as well as information about Wi-Fi usage and internet usage to Apple’s servers, even when we think the devices are slumbering. That type of data opens up iPhone owners to alarmingly accurate tracking by third parties, including their whereabouts, political leanings, job and family status, ethnicity and net worth.

A particular concern around the photo-scanning initiative is that countries may compel Apple to use the technology for their own ends, which Apple says it will resist. But, through a third party, Apple has made Chinese users’ data accessible to the Chinese government, as The Times reported, a sleight of hand that allows the company to say it doesn’t directly turn the information over. That makes it hard to believe that Apple might not act similarly where its business interests demand it — even at home in the United States, where technology companies fulfill secret personal data requests daily.

It’s not just the child pornography project that should give users pause. Apple received plaudits, including from me, for rolling out an option earlier this year to prevent apps from tracking users’ activity as they surf the mobile web. But the tracking was enabled in the first place by something Apple created called an “identifier for advertisers,” which turned on the fire hose of personal data available to marketers for the purpose of targeted ads. If Apple believes that tracking is anathema to privacy, why not disable the identifier itself, or disable tracking as a default?

“The do-not-track option didn’t really solve privacy,” said Patrick Jackson, chief technology officer of the privacy firm Disconnect. “It was designed to make users feel like they could press a button and fix it.” Mr. Jackson said advertisers and others can still use a process known as fingerprinting — which relies on things like phone model, operating system version and screen resolution — to identify a user and continue keeping tabs on them.

Apple is also building out its own online advertising business, portions of which a French privacy watchdog said may run afoul of European laws. The agency said that Apple doesn’t appear to require users’ consent for tracking, as it now does from other app makers, meaning it could benefit from the targeted advertising that its “do not track” feature is meant to hinder.

Google’s Android mobile software also has a voracious appetite for data, but may be less vulnerable than the iPhone to broad attacks, such as the recently uncovered one affecting tens of thousands of phones reportedly targeted by NSO Group’s Pegasus software. That’s because Android runs on many different phone types, each with slightly different versions of the software, said Zuk Avraham, C.E.O. of the cybersecurity firm ZecOps. Pegasus software reportedly collected all manner of personal information, such as emails, voice mail messages, passwords, contacts, call logs, social media posts, web browsing history and photos, and it can remotely activate a user’s phone camera and microphone, according to The Washington Post.

Of course, no software will be invulnerable to every type of hack, but when your marketing states, “What happens on your iPhone stays on your iPhone,” the bar ought to be set higher.

One way to keep prying eyes off your data is to resist putting files into Apple’s iCloud service, but that means potentially choosing another service, with its own privacy concerns. The child pornography scanning project, Apple says, is only for consumers who store their photos in iCloud. Apple also has access to text messages that it says are otherwise encrypted when they are backed up in iCloud, a workaround that’s apparently necessary to aid law enforcement. But for most consumers it’s a distinction without a difference — photos and text messages are primarily created and accessible on the phones that Apple tells us are sacrosanct.

Apple could take a big lead over its rivals by supporting a single setting at the browser level, known as the Global Privacy Control, to prohibit companies from selling your data to others. That would take the place of prohibiting such actions site by site. (The initiative is supported by a host of privacy and media organizations, including The New York Times, as well as California’s attorney general).

Tech companies would like users to believe that they hold the keys to their own privacy. But, locked into Apple’s or Google’s ecosystems, our data is as secure as their policies. I’d like to trust that the biggest technology companies have the best intent, but when they have to say out loud that our privacy is paramount, it sure is difficult.

The Times is committed to publishing a diversity of letters to the editor. We’d like to hear what you think about this or any of our articles. Here are some tips. And here’s our email: letters@nytimes.com.

Follow The New York Times Opinion section on Facebook, Twitter (@NYTopinion) and Instagram.

Source: Read Full Article

Best News