Disabling iPhone security features at the request of the UK weakens the reasonable privacy expectation in cloud services and exposes the hypocrisy of the digital ecosystem by Andrea Monti – Initially published in Italian by Italian Tech – La Repubblica
Unlike what happened in 2016 regarding the refusal of Tim Cook to cooperate with the FBI to unlock the iPhones used in the San Bernardino massacre, this time Apple complied with the request of the United Kingdom to access encrypted data of its customers.
Technically the two situations are different, but conceptually they are two faces of the same coin, that of the right (or rather, the power) of Big Tech to oppose government requests in the name of protecting user rights (or more pragmatically, their own business models).
A problem that has been known about for some time
So, after agreeing to leave the data of Chinese users in data centres located in the Middle Kingdom, again in response to a political request, Apple disabled the Advanced Data Protection feature for British users. It will be interesting to see what Apple will do when the EU imposes Client Side Scanning, i.e. the preventive and automatic search of smartphones and tablets for ‘illegal content’, which is already part of Apple’s strategy and also supported by the UK.
Irony of fate aside (Apple gave in to the demands of a democratic, western government, not those of a Middle Eastern theocracy or a capitalist-socialist power), the question requires addressing two issues.
Company’s choices don’t have to be ethical, as long as they’re legal
The first is why Apple’s decision to give in on protecting the rights of its customers has caused such a stir.
Apple’s only responsibility, like that of any company, is first and foremost to its shareholders, and then (perhaps) to its employees. Everything else, including the narrative about rights, is marketing, i.e. a sales tool that is used as long as it is useful, and set aside when it is no longer useful. The parade of Digital Robber Barons in front of the new US President and the clear change of direction of Meta and other companies on the issue of inclusion, or the one imposed by Jeff Bezos on the Washington Post, are self-explanatory of a choice inspired by that ruthless pragmatism that characterised Frank ‘Kevin Spacey’ Underwood, the main protagonist of the mighty House of Cards.
So, in what capacity would it have been reasonable to expect a company to give up the Chinese and British markets, and who knows what others, in the name of a principle, and then be shocked when this doesn’t happen?
Rethinking trust in cloud services
The other issue to consider is the impact of choices such as Apple’s on the industrial model based on cloud services, from device activation, to software as a service, to remote storage of content and information, to social networking platforms, i.e. on an entire ecosystem in which everything is in the hands of the service providers and nothing is under the control of those who use them.
The greatest mistrust that had to be overcome in order to persuade citizens, businesses and institutions to transfer their existence to someone else’s computers, was the possibility that someone, either of their own accord or on ‘orders from higher places’, could access data and information for the most diverse purposes. This explains the enormous efforts made by Big Tech to build infrastructures that are metaphorically nuclear attack-proof. Reassured by this show of force, customers have also been persuaded, probably trusting that ‘government agencies’ would ‘respect their rights’.
The illusion of ‘digital rights’
However, despite the fact that today there is a widespread belief that ‘digital rights’ are sacred and inviolable and that not even governments can question them, this is not exactly the case.
A State, any State, even a Western, liberal and democratic State has the power and the duty to investigate anyone if there is a suspicion that crimes have been committed or if there are dangers to public order and safety. The difference with other regimes that do the same thing is the existence of independent controls that prevent — or punish — the abuse of these powers.
That said, after years of this, one should be convinced that the inaccessibility of information held by Big Tech on behalf of users is not so absolute and therefore cannot be guaranteed. Whether this is right or wrong is another matter, because here and now the point is to ask ourselves if the time has come to regain control of our informational identity (that is, the set of data and information that tells who we are) and of the management of public infrastructures.
The genie is out of the bottle (or Pandora has opened her box)
Unfortunately, such a prospect is simply unrealistic. Of course, nothing prevents us from ‘bringing back’ storage, email, videoconferencing, messaging and ‘productivity’ systems, but at what cost? And how long will it take? But above all, with what software? And even if a certain number of users were to stop using technologies that subject them to the constant and continuous control of Big Tech, this number will never be large enough to trigger a change in their strategies.
In short: companies will continue to adapt, and users will have to choose between accepting this reality or trying to take the difficult, perhaps utopian, step towards increasingly expensive and complicated technological independence.
The reality is that cloud platforms and digital services have never really been ‘out of reach’ of the authorities, but the myth of an impenetrable ecosystem has fuelled the blind trust of users for years. Today, the power dynamics that influenced Apple’s choice demonstrate once again that data protection is always a negotiable issue.
The illusion of absolute protection has collapsed
Ultimately, therefore, the British case is just one battle in the never-ending war between state powers and Big Tech. After years in which the tech giants have dictated the agenda to governments, the pendulum is now starting to swing in the other direction, towards the progressive alignment of digital infrastructures with state interests, regardless of the political regime in question.
In all of this, only one thing is certain: the hope that the data in the hands of Big Tech is (or can be) shielded from public interference has definitely faded.