Back to News & Commentary

Apple Throws Down Privacy Gauntlet

Chris Soghoian,
Principal Technologist and Senior Policy Analyst,
ACLU Speech, Privacy, and Technology Project
Share This Page
September 18, 2014

Apple made big news today by announcing that they are no longer able to extract data from iOS devices for law enforcement agencies. The company had, for several years, offered a popular service for police in which it would extract data from seized PIN- or password-protected devices (if you don’t have a PIN or password, then the government doesn’t need Apple’s help to get your data). The message from Apple is clear: they don’t like being in the surveillance business, and are doing everything they can to get out of it, while still offering usable products to the general public.

In the wake of the Snowden disclosures, many big tech companies have announced major security improvements, including encrypting the links between data centers, turning on default HTTPS encryption for website visitors, and encrypting the connections between email servers.

Such steps have made it more difficult for the government to spy on users without the companies’ help. The use of HTTPS by Google, for example, means that Verizon can’t help the NSA spy on its customers’ web searches. But none of those changes impacted the companies’ own ability to see data, and thus government agencies’ ability to force the company to turn it over. Apple’s new move is interesting and important because it’s an example of a company saying they no longer want to be in the surveillance business–a business they likely never intended to be in and want to get out of as quickly as possible.

This was a big step for Apple, and one that likely required significant engineering work. What is so interesting and smart about this move is that rather than telling the government that they no longer want to help the government, they re-architected iOS so they are unable to help the government. Think of it as Apple playing a game of chicken, and the company has just thrown the steering wheel out of the window.

That’s something that’s going to be difficult for most tech companies to do, because so many of them have built their businesses around access to user data. If the companies can search and analyze that data, they can be forced to turn it over to the government. Apple’s business model—selling expensive, luxury hardware to consumers—gives them the freedom to lock themselves out of access to their customers’ data. Apple doesn’t care what you store on your phone as long as you buy a new one every two years.

Although today’s announcement is certainly big news, in many ways, it is far less significant than Apple’s success in delivering end-to-end encrypted text, voice and video communications to the hundreds of millions of people using iMessage and FaceTime. To date, these apps have been advertised as free and easy ways for people to stay in touch with loved ones and family. However, the company could and should start advertising them as a much more secure alternative to regular telephone calls and text messages.

If Apple CEO Tim Cook’s open letter and recent interview with Charlie Rose are any guide, the company thinks it can compete on privacy, particularly against Google. Perhaps prompted by Apple’s announcement, Google revealed today that it, too, will be taking steps to better protect the data stored on Android devices. This is a great first step, and perhaps a sign that the big tech companies may be ready to compete on privacy. If Apple has indeed started a Silicon Valley privacy war, consumers will be the ones that ultimately come out on top.

Learn More About the Issues on This Page