When reports recently circulated about Apple’s plans to implement a new feature to automatically scan personal devices for abusive content, the tech giant subsequently backtracked and put the plans on hold.
Some of the industry’s top players, including WhatsApp CEO Will Cathcart, weighed in on the measures, voicing concerns over the data privacy and rights of Apple users. But was Apple right to backtrack on the feature and who would it have benefited the most – the victims of child abuse or the data and insights team at Apple?
Despite the promise of keeping customers’ data secure and the move being in the interest of consumers, the proposed update would have seemingly given Apple an exclusive window into its users’ data.
The EU and UK governments are taking steps to regulate how the powerful US tech giants store and use consumer data. The EU has an antitrust investigation following complaints in 2019 from Spotify. In the UK, the Digital Markets Unit, part of the Competition & Markets Authority, may be able to suspend, block and reverse decisions by tech giants and issue fines of up to 10% of turnover. Yet at the same time, Apple has been under government pressure in the US for increased surveillance of encrypted data. Governments and agencies are pressuring all large organisations that have any sort of end-to-end or even partial encryption enabled, stating CSAM and possible terrorist activities as rationale to argue for measures. It’s a confusing message.
Who is really leading the charge here? Whether it is tech giants or governments, it is concerning. Matthew Green, cryptography researcher at John Hopkins said it could be used to frame innocent people or weaponised, and said it will lead to “bulk surveillance of phones and laptops.” Not all governments and organisations in the world have the benevolent wellbeing of their citizens at heart. In 2020, there were reports of organisations using phone location data to track and spy on Black Lives Matter protesters, and in Jordan, the World Food Programme collected migrants’ biometric data, requiring refugees to submit it to have access to food in camps.
Privacy campaigners have said that there are dangerous ramifications and question whether this is a backwards step in digital security. WhatsApp has come under fire for having less robust privacy policies, which came to the fore when it was relaunched back in May, and now Apple is being criticised for infringing privacy.
But where does responsibility for privacy lay?
Smart devices and technology are embedded in our everyday lives, and most consumers trust them – because it’s easier to do so. Few of us read the privacy notices. We accept that Alexa, and thus Amazon, knows when we’re home, when we leave the house, when we go to bed, because it makes life convenient. Each of these devices or companies in silo might be ok, but what if Amazon start telling authorities when you’re home based on your Alexa?
We can’t just blame the tech behemoths – we all need to take responsibility to make a shift towards a less invasive approach. Consumers have to be confident that they are using a platform that genuinely has privacy at its core. Whether that’s through reading the policies or only selecting the data you wish to share or choosing platforms that allow you to store encrypted data in select locations, it is essential to take responsibility. As more lawsuits and regulations come to the fore, we may find a more cautious approach being taken.
At the same time governments must not only conduct public consultations into antitrust or bring in measures seemingly about privacy at times of crisis, or when they are worried about competition and market share – which may be the real issue here. There should be more uniform regulation where possible with collaboration between different countries. This is especially important considering the growth in population migration and multi-residencies. There is a discrepancy in what data sovereignty means for each country, to reign in tech sovereignty. A consistent approach and regulated data flows need to be made a priority.
With the industry moving at lightning speed, the line between consumer rights and innovation should not be overlooked or overstepped at the expense of the customer. Technology companies need to uphold their commitment to the fundamental privacy rights that users deserve, and not rely on technological advancements to misuse customer data for their advantage. Reaping the rewards of such advancements are sure to be short-lived, as regulation and legislation in the favour of the consumer will not be far behind.
However, where success will happen is in ensuring the emphasis is put back on the user, not pitting regulation against innovation. The real winners here will be the companies who strive to be compliant while duly reassuring their users – the ones who focus on building consumer trust and understanding, a trait that people truly crave from businesses today.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.