This has been a good week for keynotes about privacy and human rights, and a bad week for companies who make the bulk of their revenue by collecting and exploiting user data.
First, on Monday, October 22nd, Purism’s CEO Todd Weaver spoke at All Things Open on “The Future of Computing and Why You Should Care” where he highlighted how the drive for greater profits in big tech companies has led to a present where people’s rights are ignored while their data is captured and exploited. In this talk Todd introduced the idea of five fundamental digital rights critical to protect the future of computing:
Then on Wednesday, October 24th, Apple’s CEO Tim Cook spoke at the International Conference of Data Protection and Privacy Commissioners and spoke out in favor of GDPR legislation and privacy as a human right and against what he termed the “data industrial complex.” In the talk he laid out four principles of his own:
First, we’d like to applaud Apple for joining Purism and other companies in speaking out in favor of user privacy and against the unethical data collection practices that fund so many tech companies. Having a high-profile company speak about privacy as a human right helps bring further awareness of these issues and puts even more pressure on big tech companies to change their practices. As more people become aware these issues, they hopefully will feel empowered to make decisions about what companies they want to support and what technology they want to use based on who best respects their rights.
The advent of the Internet as a universal medium for sharing information combined with an always-on and connected computer everyone carries with them and the prevalence of voice-operated computers in every home means that the steady stream of data every individual sends to big tech companies is enormous and hard to wrap your head around. It’s even harder for the average person to figure out just how that data is being used and abused. Yet when you look at the revenues for these big tech companies you can see one thing–this data is valuable. The data is so valuable in fact, there’s no real incentive for these companies to change their practices on their own.
If you look at the four principles Tim Cook laid out, the first three largely can be summarized by Todd’s “Right to be Forgotten” digital right. Indeed, the way that the tech industry operates today means that people are not in control of their own data. Big tech companies capture as much data as they can and are continually coming up with new ways to capture more in the name of providing you more targeted advertising.
It’s in Tim Cook’s fourth principle where on the surface it seems Purism and Apple seem eye to eye (and on the surface we do) but when you dig into the principle our paths starts to diverge. Compare these two statements:
We agree with Apple that security is at the heart of all data privacy and privacy rights. Where we disagree is in who holds the keys. Your data isn’t truly private or secure, if someone else holds the keys. It’s true that Apple goes to great lengths to lock down their devices from attackers, but like with Google and other proprietary vendors, those locks also lock you out. These devices tightly restrict what applications can run on them in the name of security, but that restriction conveniently also means that everyone has to get the vendor’s permission to install their software.
More importantly, these locks mean that you don’t have freedom or control. In fact, some device vendors are paid to install applications by default that you aren’t allowed to remove. You only have to look at the underground market of sketchy software that promises to “root” your phone to see the lengths that people have to go to so they can try to wrench control of their hardware back from vendors.
This isn’t just a hypothetical argument about freedom. Apple’s decision to hold all the keys to their hardware has real world impacts on freedom and human rights. Alex Stamos (Stanford professor, previously Chief Security Officer at Facebook) gives a great example of the real world impacts these locks can have:
I agree with almost everything Tim Cook said in his privacy speech today, which is why it is so sad to see the media credulously covering his statements without the context of Apple’s actions in China. The missing context? Apple uses hardware-rooted DRM to deny Chinese users the ability to install the VPN and E2E messaging apps that would allow them to avoid pervasive censorship and surveillance. Apple moved iCloud data into a PRC-controlled joint venture with unclear impacts.
We agree that privacy is a human right, but you shouldn’t have to exchange your freedom for your privacy. We believe that freedom is essential to security and privacy and any solution that aims to secure your privacy must also protect your freedom. This means avoiding software solutions that restrict what you can do with your own devices and building security solutions that ensure that you hold the keys. Removing the freedom to control your own hardware and software, even if it’s in the name of security, (but more likely for vendor lock-in) is not enough to protect your rights.