Make no mistake: Almost no one sympathizes with the now-deceased San Bernardino attackers, who murdered 14 innocent people and severely injured 22 others. Apple CEO Tim Cook certainly doesn’t. But at the same time, Apple’s refusal to honor an FBI order to unlock the one of the attacker’s cellphones has little to do with the case at hand. “This case is not about one phone,” says Apple general counsel Bruce Sewell. “It is about the future and how we protect our safety and our privacy.”
According to a recent New York Times article, most in Silicon Valley agree. However, there are a few detractors.
“Critics of Apple’s approach believe that the company could have quietly complied with the government’s request to help break into the iPhone and then taken a public stand in a more favorable case,” says the Times. “But Apple has said that once a tool exists for extracting data from the phone, that tool cannot be made to disappear.” The concern at hand is granting access to private data in the first place, and how — regardless of the intent — such an action sets a dangerous precedent.
For small businesses lacking in a multi-billion dollar international valuation, this issue can seem quite distant. Yet, as digital marketing practices evolve, the stand Apple is making could come to represent the general population’s struggle to maintain privacy in an increasingly digital world.
Who Owns Whose Data?
Central to this issue is the concept of data ownership. Gunman Syed Rizwan Farook’s iPhone was actually owned by his employer, which consented to the FBI to search the device in the first place. When the FBI made a blunder that locked them permanently out of the account, they raised demands to Apple, who balked.
Apple’s argument is that they should not be forced to create a backdoor means for governments to infiltrate their encrypted phones. Doing so could allow for unsolicited access in the future, they warn. The assertion that encrypted accounts should be protected against the companies that helped create them, regardless of the circumstances, lent comparisons to a court ordering a document shredding company to piece together shredded documents.
If the technology world followed Apple’s example with software in general, Facebook would have no right to hand over protected account data to law enforcement. The user would be the one obligated under law to provide the information according to a warrant, or the FBI would have to find a way to break in themselves with court-ordered permission.
Similarly, landlords cannot consent to a search of their tenant’s homes without being forced to under warrant. In Apple’s case, they refuse to produce a tool that could create a set of keys to the building. If the FBI really wants in, Apple says, they will have to break the door down themselves.
How This Battle Could Trickle Down to the Little Guy
For smaller companies, a crossroads potentially emerges in the way they view user data. Collecting emails, browsing information through cookies and private data from third-party vendors like Facebook can be seen as a direct violation of privacy. The current argument goes that users give all kinds of permission just by signing up for an account or visiting a site, but these permissions assume that users wanted to “opt in” just by visiting a site or creating a social media account.
Transparency is the key element lacking in this logic. End User Agreements are so dense and routinely ignored that South Park even made a whole episode lampooning the idea that everyone reads them. While the assumption is that they all say the same thing, perhaps a movement should be started to point out the more privacy-sensitive elements. In other words, users should explicitly give permission for their private information or accounts to be used by others. Such a model may be difficult with software, but with online platforms like eCommerce sites and social media, “opt out” should be the default and “opt in” granted as a special request. Currently, it’s typically the other way around.
Recognizing the problems such a model could create, companies like beacon developer Estimote stand adamantly behind “opt in” models. They write on their site: “Many customers ask us if it’s mandatory for users to have an app installed on smartphones in order to receive beacon-triggered notifications. And when they learn the answer is yes, some of them want to know if there are ways to work around this. The answer is: no, it’s not possible and we strongly discourage this kind of thinking.”
Examples of user privacy protection like Estimote’s and Apple’s used to be the exception, not the rule. But, as the problems of an assumed lack of privacy become more evident, tech companies and other businesses are realizing that they must take a stand for user privacy before it is too late.
Worried About How You Are Handling User Privacy? EverSpark Interactive Can Help
EverSpark Interactive is far from a digital security company, but our knowledge of digital marketing best practices can help you steer clear of actions that could lead to a backlash.
If you have any questions about the privacy implications of your site’s user agreements or how secure the user data you obtain for digital marketing is, do not hesitate to contact us.