Privacy is a growing concern in today’s world. Follow along with all our coverage related to privacy, security, what Apple and other companies are doing to keep your information safe, and what steps you can take to keep your information private.
Apple’s strong position on privacy and encryption has been at odds with the United States government’s pressure to step up its national security efforts in the wake of recent terrorist attacks across the globe. In short, iPhones are encrypted to protect customer data from prying eyes, and law enforcement agencies believe that gives criminals a safe haven for communication that can’t be traced.
The Obama administration including the former and current attorney general and FBI director have strongly voiced opposition to Apple’s position, and Tim Cook reportedly pressed the White House to back strong encryption as recently as this week. So it’s no surprise that Tim Cook and Apple came up at the end of last night’s Republican presidential debate hosted by the Fox Business channel where at least one candidate was asked to address his position on the subject.
Apple’s rocky iAd advertising platform is about to see some major changes, says Buzzfeed’s John Paczkowski. According to the report, Apple plans to dismantle its iAd sales team and stop its role as a middleman between publishers and customers:
While iAd itself isn’t going anywhere, Apple’s direct involvement in the selling and creation of iAd units is ending. “It’s just not something we’re good at,” one source told BuzzFeed News. And so Apple is leaving the creation, selling, and management of iAds to the folks who do it best: the publishers.
Apple is phasing out its iAd sales force entirely and updating the iAds platform so that publishers can sell through it directly.
The big news, Buzzfeed notes, is publishers that play ball will take home 100% of the ad revenue generated rather than a 70/30 split with Apple.
Nobody who watched the news coverage of the terrorist attacks in Paris could fail to be moved by the scenes and the stories emerging from it. It was undeniably a horrific series of events, and it’s only human nature to want action to be taken to reduce the likelihood of future such atrocities.
But there is always a danger at such times that emotion, rather than rational thought, will drive government policy-making. I won’t get into the broader theme there, as there are more appropriate forums for that, but there is one aspect that is very much on-topic for us: the battle between Apple and governments over encryption.
There have already been unattributed reports that the terrorists in Paris used encrypted communication. I have no idea whether there is any specific evidence for that, but it would hardly be damning were such evidence to emerge: it would be frankly astonishing if they hadn’t.
There are three reasons why Apple is right to maintain that it will continue to offer end-to-end encrypted communication no matter how much governments in the USA, UK and elsewhere may protest …
Expand
Expanding
Close
In a wide-ranging interview with the Telegraph, Apple CEO Tim Cook has hinted that the company may launch more health-focused products in future – but will keep those separate from the Apple Watch. The reason, he says, is that the FDA approval needed for full-on health devices would slow down the pace of innovation of the Watch.
Cook hints that Apple may have more plans for the health sphere, in a revelation which will intrigue Wall Street, but he doesn’t want the watch itself to become a regulated, government-licensed health product. “We don’t want to put the watch through the Food and Drug Administration (FDA) process. I wouldn’t mind putting something adjacent to the watch through it, but not the watch, because it would hold us back from innovating too much, the cycles are too long. But you can begin to envision other things that might be adjacent to it — maybe an app, maybe something else.”
This represents a significant change from expectations …
Wikipedia founder Jimmy Wales has tweeted that Apple should stop selling iPhones in the UK if the British government succeeds in passing a “stupid” new law completely banning end-to-end encryption. The tweet was reported by the Independent.
[tweet https://twitter.com/jimmy_wales/status/661604239794376704 align=’center’]
The Investigatory Powers Bill would require all Internet and technology companies to hand over to the government any communications data it requests. As things stand, Apple would be unable to comply with this requirement as it uses end-to-end encryption for services like iMessage and FaceTime.
As an illustration of the technological illiteracy of the government’s proposals, it originally wanted to ban encrypted communication altogether. It had to be pointed out to ministers that this would make Internet banking and online shopping illegal …
Apple has come under fire in the U.S. for its uncompromising stance on the privacy of customer data, with DOJ and FBI officials complaining that was Apple winning the PR battle. Apple lobbied Obama to reject similar proposals in the USA.
Photo: Apple Store in Regent Street, London (Foster & Partners)
As expected, Tim Cook today took the stage at the Wall Street Journal Digital Live conference for an interview. During his time on stage, Cook discussed a variety of topics, ranging from iPhone to Apple Watch and to Apple Music. The main points are below:
Code analytics platform SourceDNA has found hundreds of apps on the App Store that used private APIs to collect private user data, like email addresses and device identifiers, slipping under Apple’s radar in the approval process. The code got into these apps through the inclusion of a mischievous third-party advertising SDK, which secretly stored this data and sent it off to its own servers.
Apple has now verified the SourceDNA report and is removing all of the apps that included the advertising SDK from the store, as using private API calls is a breach of App Review Guidelines. Apple has also patched its approval processes to prevent any more apps that use this technique to make it onto the App Store.
A New York federal judge has indicated that he is likely to refuse a government request to compel Apple to unlock a customer’s iPhone, but will first ask Apple to explain why decrypting iPhones would be “unduly burdensome.” The iPhone concerned is apparently not running iOS 8 or 9, and so Apple would have the technical ability to decrypt it.
The Washington Post reports that Magistrate Judge James Orenstein of the U.S. District Court for the Eastern District of New York is an activist judge who is believed to be attempting to open up public debate on the issue of privacy versus law enforcement …
Expand
Expanding
Close
Update: While Google has not commented directly on Porsche’s reported rejection of Android Auto, the company made a statement to The Verge in which it denied that it currently collects any of the data mentioned in the original report. It does not go as far as saying that it has not requested access to such data.
“We take privacy very seriously and do not collect the data the Motor Trend article claims such as throttle position, oil temp, and coolant temp,” Google said in a statement to The Verge. “Users opt in to share information with Android Auto that improves their experience, so the system can be hands-free when in drive, and provide more accurate navigation through the car’s GPS.”
Sportscar manufacturer Porsche has approved CarPlay for the 2017 version of its famous 911, but rejected Android Auto because Google demands access to too much data, reports Motor Trend.
As part of the agreement an automaker would have to enter with Google, certain pieces of data must be collected and [sent] back to Mountain View, California. Stuff like vehicle speed, throttle position, coolant and oil temp, engine revs—basically Google wants a complete OBD2 dump whenever someone activates Android Auto …
Apple has updated its Privacy website with details about how the company uses your data to serve the newest iOS 9 and iPhone 6s features, like Apple Pay, Apple News and Hey Siri. Consistent with Apple’s messaging, they reiterate how everything they make is designed to store as little personal information as possible with anonymity wherever possible. Contrary to other reports, the Tim Cook cover letter fronting the Apple Privacy page is not new and has been posted on the website for some time.
After announcing new iPhones and iPads plus an updated Apple TV in San Francisco last week, Tim Cook is taking a slight victory lap in New York City with a media blitz that leads to an interview with Stephen Colbert tonight on CBS’s The Late Show. Before a surprise visit yesterday at NYC’s iconic Fifth Ave store with Eddy Cue, the Apple CEO gave a quick interview with Buzzfeed. In it he told John Paczkowski that his Apple Store visit really is a surprise to everyone.
“I almost always go in unannounced,” he says. “It’s rare that I tell anyone that I’m going. But I do try to go to stores every time I’m traveling to a new city. It’s important.”
Cook also discussed the privacy implications of an always-listening Siri, what he likes best about the iPhone 6s, and even the possibility of being able to delete system apps in the future…
Reuters reports that Apple is working on significantly increasing the number of artificial intelligence specialists it employs as it works to make Siri smarter, but that the company’s commitment to user privacy imposes constraints.
As part of its push, the company is currently trying to hire at least 86 more employees with expertise in the branch of artificial intelligence known as machine learning, according to a recent analysis of Apple job postings. The company has also stepped up its courtship of machine-learning PhD’s, joining Google, Amazon, Facebook and others in a fierce contest, leading academics say.
Machine learning relies heavily on large-scale data-crunching to figure out what users are likely to want to know. But while Google analyses the data of Android users en-masse, Apple’s approach to privacy means that far less data is sent from the iPhone to its servers, making it more challenging to increase Siri’s intelligence …
Expand
Expanding
Close
Spotify’s CEO Daniel Ek published a blog post today apologizing and attempting to clarify its recently updated privacy policy that proved to be controversial among some users and press. In the post, Ek explains that updated terms granting Spotify access to more of users’ personal information is only to further customize the Spotify experience and that giving up that data will be entirely an opt-in experience for users:
In our new privacy policy, we indicated that we may ask your permission to access new types of information, including photos, mobile device location, voice controls, and your contacts. Let me be crystal clear here: If you don’t want to share this kind of information, you don’t have to. We will ask for your express permission before accessing any of this data – and we will only use it for specific purposes that will allow you to customize your Spotify experience.
The post goes on to clarify exactly why Spotify is requesting each new type of data and for what it will be used. While most of the data is being used to personalize the listening experience for users, the caveat is that it does reserve the right to share data with advertisers, rights holders, and mobile networks:
Sharing: The Privacy Policy also mentions advertisers, rights holders and mobile networks. This is not new. With regard to mobile networks, some Spotify subscribers sign up through their mobile provider, which means some information is shared with them by necessity. We also share some data with our partners who help us with marketing and advertising efforts, but this information is de-identified – your personal information is not shared with them.
But how does that compare to other music services? Wired put together a good breakdown of exactly what user data competing music services reserve the right to access via their privacy policies. The majority of the services all request similar data, although a few differ on accessing contacts and media files and sharing with third-parties, while others don’t have much disclosure regarding location tracking.
Apple’s strong support of user privacy — specifically including end-to-end encryption uncrackable by the government — could be setting the company up for civil suits based on the Antiterrorism Act and other laws, a legal blog has noted in a series of controversial posts. Writing for Lawfare, Benjamin Wittes and Zoe Bedell penned a two-part article suggesting that Apple’s encryption practices could, under specific circumstances, be found by a court to have “violated the criminal prohibition against material support for terrorism.” Apple could then be held responsible for foreseeable resulting damages to victims. As Wittes and Bedell concede, the article has provoked strong reactions from privacy advocates, decrying its conclusions.
Winston Crawford, a former advertising executive, has left Apple to join Drawbridge. The move comes at an interesting time given Tim Cook’s recent comments on user data and privacy.
Drawbridge is a relatively new company which helps marketers track user data across multiple mobile devices like smartphones and tablets. He joined as COO to help expand the tracking technology to new areas like offering the ability for retailers to show the same online shopping cart to a single customer across multiple devices.
What’s interesting about this move is Crawford’s comments about Apple’s way of doing ads. Going back to those thoughts shared by Tim Cook about not being in the business of harvesting user data for profit, and looking at what Drawbridge does, it’s quite a startling contrast between the two.
Expand
Expanding
Close
Apple and Google have co-signed a letter calling on President Obama to reject any government proposal to allow the government backdoor access to encrypted data on smartphones and other devices. The Washington Post says the letter, due to be delivered today, is signed by more than 140 tech companies, prominent technologists and civil society groups.
The signatories urge Obama to follow the group’s unanimous recommendation that the government should “fully support and not undermine efforts to create encryption standards” and not “in any way subvert, undermine, weaken or make vulnerable” commercial software.
Apple uses end-to-end encryption for iMessages, meaning that Apple has no way to access the data even if presented with a court order. Tim Cook stated last year “it’s encrypted, and we don’t have the key.”
The FBI has been pushing increasingly hard to require tech companies to build in backdoor access to their encryption systems to allow access by law enforcement, even going so far as to say that Apple could be responsible for the death of a child. U.S. Attorney General Eric Holder has also cited child safety as a justification for demanding access to encrypted data.
The letter calling on Obama to reject this argument is also signed by five members of a presidential review group appointed by Obama in 2013 to assess technology policies in the wake of leaks by former intelligence contractor Edward Snowden.
Many in the tech industry have pointed out that, aside from the obvious concerns over government intrusion into the private lives of its citizens, any backdoor used by the government could potentially be discovered and exploited by hackers and foreign governments.
Apple recently voiced concerns over the potential sale of its customer data as part of RadioShack’s bankruptcy filing. As an authorized reseller of Apple’s products, RadioShack is sitting on a collection of customer data of Apple product owners. According to Law360, Apple has formally objected to any data on its product sales through RadioShack being made available for sale citing the reseller agreement between the two companies and its interest of protecting personal data.
Expand
Expanding
Close
LA’s Cedars-Sinai Medical Center is now integrating HealthKit data into patient records to provide doctors with a more comprehensive picture of the health of the patients they are treating, reports Bloomberg.
The hospital updated its online medical records system this weekend, turning on access to HealthKit for more than 80,000 patients, Darren Dworkin, chief information officer at Cedars-Sinai, said in an interview.
“This is just another set of data that we’re confident our physicians will take into account as they make clinical and medical judgments,” Dworkin said.
Tim Cook said back in February that he thought this type of use of HealthKit would be “profound” …
Expand
Expanding
Close
UK Safari users have been given the go-ahead to sue Google for continuing to drop cookies on their devices even after they had refused permission through their browser settings.
It was revealed in 2012 that Google bypassed the setting in Safari which instructed sites not to drop cookies, enabling it to deliver personalized ads. The FTC in the US fined the company $22.5M for the practice, with millions more in additional fines levied by 38 US states. There was no government action in the UK, but a group of British iPhone users took Google to court, seeking compensation for breaching their privacy.
Google had attempted to have the case dismissed, claiming that there was no case to answer as the plaintiffs had not suffered any financial harm, but the UK’s Court of Appeal has rejected this argument, allowing the case to proceed …
Apple is one of ten tech giants to once again call on the US Government not to reauthorize the Patriot Act in its current form. The Act expires on 1st June unless it is renewed by Congress. Apple was joined by AOL, Dropbox, Evernote, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo.
In an open letter to President Obama, NSA Director Admiral Rogers and other prominent government figures, the companies urge Congress to end the bulk collection of communications metadata–the logs that determine how and when ordinary citizens contact each other.
The letter says that mass surveillance must end, and that a revised bill must contain mechanisms to ensure that future government surveillance is both transparent and accountable …
Expand
Expanding
Close
Update: One of the approaches suggested – modifying Xcode to inject malware – has now been used, though we don’t at this stage know who was responsible.
The Central Intelligence Agency has conducted “a multi-year, sustained effort to break the security of Apple’s iPhones and iPads,” claims The Intercept, referencing new Snowden leaks of a document from the CIA’s internal wiki system.
A presentation on the attempts, focusing on breaking Apple’s encryption of iOS devices, was said to have been delivered at an annual CIA conference called the Jamboree.
Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.
One route reportedly taken by the CIA was to create a modified version of Xcode, which would allow it to compromise apps at the point at which they are created …
Expand
Expanding
Close
President Obama has publicly criticized China’s plans to expand ‘security’ policies that would effectively prevent U.S. tech companies like Apple selling their products in China without completely compromising data security.
Reuters reports that the Chinese government plans to require foreign tech companies to host in China all data servers used by their products, and to allow the government access to the data. As this would include iCloud backups, this would provide the Chinese government with complete access to all data stored on iPhones and iPads sold in China.
In an interview with Reuters, Obama said he was concerned about Beijing’s plans for a far-reaching counterterrorism law that would require technology firms to hand over encryption keys, the passcodes that help protect data, and install security “backdoors” in their systems to give Chinese authorities surveillance access …
Expand
Expanding
Close
Tim Cook appears to be using his international tour, which so far includes Israel, Germany and the UK, to push a second product every bit as hard as the Apple Watch: privacy. In an interview with the German newspaper BILD posted yesterday (paywall), Cook went as far as to praise Edward Snowden for his role in prompting discussion of the issue.
If Snowden did anything for us at all, then it was to get us to talk more about these things. [Apple’s] values have always been the same.
The comments follow a meeting with German Chancellor Angela Merkel, at which data privacy was reportedly a key topic. Cook also told the Telegraph last week that “none of us should accept that the government or a company or anybody should have access to all of our private information.” Cook has in the past resisted FBI pressure to compromise its strong encryption, and was the only tech CEO to attend a recent White House cybersecurity summit.
In the BILD interview, Cook reiterated Apple’s stance on privacy, and also said that as Apple had grown larger, it had taken deliberate decisions to be less secretive about some aspects of its business …
Expand
Expanding
Close
It seems Tim Cook had more on his schedule than a meeting with BILD during his visit to Berlin yesterday: the newspaper reports that he also met with German Chancellor Angela Merkel. Cook told BILD that they discussed security, net neutrality, environmental protection and education–but the key topic appears to have been data privacy.
Cook said that he could well understand Germany’s strong stance on data privacy, stating that Germans “have the same views on privacy as I do” …
Expand
Expanding
Close