Pando

Tim Cook's defense of Apple's privacy is incomplete at best

By Nathaniel Mott , written on September 16, 2014

From The News Desk

It's hard to imagine the mental acrobatics required to defend your company's data practices after just announcing it would start using your thumbprint in many applications and allow you to add your credit card information to its new payment service. But that's exactly what Apple chief executive Tim Cook did in the second part of his interview with Charlie Rose.

Here's what Cook said about data collection -- an especially important topic for Apple given its recent security stumbles and the ire it attracted when it was (wrongly) implicated in the leak of only-perverts-know-how-many personal photographs of a surprising number of female celebrities:

Our business is not based on having information about you. You're not our product. Our product are these, and this watch, and Macs, and so forth. And so we run a very different company. I think everyone has to ask, how do companies make their money? Follow the money. And if they're making money mainly by collecting gobs of personal data, I think you have a right to be worried. And you should really understand what's happening to that data, and the companies — I think — should be very transparent.
Cook might be right about people needing to care more about how companies like Google and Facebook use their personal data, but that doesn't mean Apple is the bastion of privacy he's trying to make it out to be. Besides the expansion of its thumbprint-recognition system and the debut of its payment service, Apple has also had many security failures in recent months.

First there was the revelation that it had failed to protect supposedly secure information by failing to properly implement a basic security feature. Then it tried to hide that failure from the hundreds of millions of people who might have been affected by it. It was also revealed that it didn't add a basic security feature to the website for its iCloud service.

Besides that, even Apple recognizes that companies can't really be transparent about what the government asks for in regards to user data. The company joined several others, including a few that Cook was trying to implicate while he defended Apple, in complaining about that last year:

At the time of this report, the U.S. government does not allow Apple to disclose, except in broad ranges, the number of national security orders, the number of accounts affected by the orders, or whether content, such as emails, was disclosed. We strongly oppose this gag order, and Apple has made the case for relief from these restrictions in meetings and discussions with the White House, the U.S. Attorney General, congressional leaders, and the courts. Despite our extensive efforts in this area, we do not yet have an agreement that we feel adequately addresses our customers’ right to know how often and under what circumstances we provide data to law enforcement agencies.
There are limits to what Cook can talk about when it comes to the National Security Agency. I get that. But it's hard to see him go on national television -- one of the few times he has ever granted the media a real interview -- and claim that Apple isn't part of the problem with the massive amounts of personal information left insecure against the NSA or other attackers.

No discussion of privacy is complete without a corresponding discussion of security. With the sheer number of people hoping to break into someone's online accounts or Internet-connected devices -- and yes, that includes intelligence agencies -- it isn't enough for a company to say that it's not interested in using personal data for financial gain. It also needs to protect that data.

Apple hasn't done that. It's getting better as more vulnerabilities are revealed, but it doesn't have the greatest track record at this point. So Cook's discussion on privacy is incomplete not just because of the limitations on what he can reveal about government data requests, but also because it doesn't address the full picture of how it protects consumer privacy.