Former Facebook security chief questions Apple's privacy double standard in China
Following Apple CEO Tim Cook's impassioned speech on privacy delivered at a privacy conference in Brussels, former Facebook chief security officer Alex Stamos questioned the tech giant's motives and current policies in a hot take posted to Twitter.
Stamos said he agreed with "almost everything" Cook said during his keynote address at the 40th International Conference of Data Protection and Privacy Commissioners in Brussels on Wednesday, but noted the tech giant's aspirational view on privacy is not universal.
In China, Apple's most important growth market, the company at the behest of government regulations implements system-level iOS and Mac restrictions that disallow the installation of certain VPN and end-to-end encrypted messaging apps. These services, Stamos suggests, are important privacy tools that let users "avoid pervasive censorship and surveillance" in a regime known for implementing such policies.
Further, Stamos notes Apple recently migrated Chinese iCloud data to in-country servers run by partner Guizhou-Cloud Big Data Industry Co. Ltd., again to conform with government laws. The initial move stirred its fair share of controversy, but a so-called "infrastructure agreement" with state-owned Tianyi Cloud service seemingly flew in the face of Apple's assurances against government snooping.
"We don't want the media to create an incentive structure that ignores treating Chinese citizens as less-deserving of privacy protections because a CEO is willing to bad-mouth the business model of their primary competitor, who uses advertising to subsidize cheaper devices," Stamos said, referring to Cook's ICDPPC speech.
Cook earlier on Wednesday presented barbed commentary on the state of modern consumer data collection practices.
"Our own information is being weaponized against us with military efficiency," he said, adding, "We shouldn't sugar-coat the consequences. This is surveillance. And these stockpiles of personal data only serve to enrich the companies that collect them."
Cook did not name names, but Google and Facebook were clear targets of what amounted to a 15-minute rebuke of data monetization strategies. He went on to call for U.S. privacy regulations crafted in the same vein as Europe's GDPR, saying any proposed legislation should require companies to adhere to four main tenets to be effective: data minimization, transparency of data collection practices, easy access to stored data and security.
"Cook is right, the US needs a strong privacy law and privacy regulator, and advertising companies like Google, Facebook and Twitter need to collect less data and minimize more often," Stamos said.
Still, the ex-Facebook executive said Apple's push for data protections in its domestic market -- and an endorsement of the same worldwide -- are seemingly at odds with its Chinese operation.
"Apple needs to come clean on how iCloud works in China and stop setting damaging precedents for how willing American companies will be to service the internal security desires of the Chinese Communist Party," Stamos said.
For its part, Apple maintains the VPN app takedown and iCloud migration were both conducted in compliance with Chinese regulations. Privacy advocates, however, argue Apple willingly kowtows to China as it fights similar calls for conciliation in other markets, including the U.S.
Stamos said he agreed with "almost everything" Cook said during his keynote address at the 40th International Conference of Data Protection and Privacy Commissioners in Brussels on Wednesday, but noted the tech giant's aspirational view on privacy is not universal.
In China, Apple's most important growth market, the company at the behest of government regulations implements system-level iOS and Mac restrictions that disallow the installation of certain VPN and end-to-end encrypted messaging apps. These services, Stamos suggests, are important privacy tools that let users "avoid pervasive censorship and surveillance" in a regime known for implementing such policies.
Further, Stamos notes Apple recently migrated Chinese iCloud data to in-country servers run by partner Guizhou-Cloud Big Data Industry Co. Ltd., again to conform with government laws. The initial move stirred its fair share of controversy, but a so-called "infrastructure agreement" with state-owned Tianyi Cloud service seemingly flew in the face of Apple's assurances against government snooping.
"We don't want the media to create an incentive structure that ignores treating Chinese citizens as less-deserving of privacy protections because a CEO is willing to bad-mouth the business model of their primary competitor, who uses advertising to subsidize cheaper devices," Stamos said, referring to Cook's ICDPPC speech.
Cook earlier on Wednesday presented barbed commentary on the state of modern consumer data collection practices.
"Our own information is being weaponized against us with military efficiency," he said, adding, "We shouldn't sugar-coat the consequences. This is surveillance. And these stockpiles of personal data only serve to enrich the companies that collect them."
Cook did not name names, but Google and Facebook were clear targets of what amounted to a 15-minute rebuke of data monetization strategies. He went on to call for U.S. privacy regulations crafted in the same vein as Europe's GDPR, saying any proposed legislation should require companies to adhere to four main tenets to be effective: data minimization, transparency of data collection practices, easy access to stored data and security.
"Cook is right, the US needs a strong privacy law and privacy regulator, and advertising companies like Google, Facebook and Twitter need to collect less data and minimize more often," Stamos said.
Still, the ex-Facebook executive said Apple's push for data protections in its domestic market -- and an endorsement of the same worldwide -- are seemingly at odds with its Chinese operation.
"Apple needs to come clean on how iCloud works in China and stop setting damaging precedents for how willing American companies will be to service the internal security desires of the Chinese Communist Party," Stamos said.
For its part, Apple maintains the VPN app takedown and iCloud migration were both conducted in compliance with Chinese regulations. Privacy advocates, however, argue Apple willingly kowtows to China as it fights similar calls for conciliation in other markets, including the U.S.
Comments
So that’s why Apple accepts billions every year from Google to be the default search engine in iOS?
Stamos stops short of using terms like ‘the Chinese government’ and ‘adheres to Chinese law’, I think intentionally using terms like ‘servicing the internal security desires’ and ‘the Chinese Communist party’ in an effort to suggest that Apple is willingly supporting the whims of those in China who would spy on the country’s citizens, as though Apple has a choice short of pulling completely out of that market. Watch what people say to see how disingenuous they can sometimes be.
Here’s a better comparison for you. Would you suggest a company making climbing rope pull out of the Chinese market because... the Chinese government, having unfairly convicted a dissident might use rope from that company to hang the dissident? That would be suggesting the rope manufacturer is somehow complicit in the bad acts of the Chinese government. Same thing here with Apple. Each company is creating and selling a tool; how it might actually be used is separate from its intended use. Apple is in no way aiding the Chinese government in spying on its citizens; those actions are the sole providence of the government. Chinese citizens, unlike victims of the holocust, are free to not be subject to the method of spying you feel Apple is complicit in enabling; they can simply chose not to buy an iPhone.
While the China situation sucks, it's better to have encrypted iMessage/Facetime rather than no secure services whatsoever. Advocacy in China can increase those protections - but also keep in mind that Apple alone can't do it, the population must have an appetite for it too.
Trump’s use of iPhones is another area where devices can be secured quite easily and “stingers” where listening in can be used can be defeated with several options in carrier/network profile management, but Intel community fails POTUS. Apple could further ensure corporate clients better security as well and NYT reporters are either stupid or revealing Apple’s leaving holes in US like they do in China for CCP!
Apple needs to defend privacy on an even higher leve than they have previously. We use strong encryption that works on the iPhone and secures our proprietary information. It detects stinger intercepts and we track everything.
Something tells me that your post is going to fly far, far above his head, considering the vapidness and idiocy of his post.
"Apple, while very successful in making money hasn't a shred of morality."
So, is Apple as a corporate entity able to have "morality"? Or is he claiming that all of Apple's employees or executives are amoral?
Still trying to beat that dead horse? Google doesn’t get personal data from iOS devices. So Apple can allow someone to pick Google for search without giving up your privacy.
Not sure why this is hard for you to understand, or why you need to keep repeating this.
There is no false equivalency. Apple uses “we follow the law” as an excuse to ignore their own supposed values. When it comes to your rope manufacturer, if the CEO is out there lambasting the Chinese government for hanging dissidents yet makes deals with the government so that his/her rope can continue to be sold, then yes, that CEO is complicit, or a hypocrite at the very least. If he simply doesn’t care and doesn’t talk about it, there’s no issue. See how that works?
No, what he says is that YOUR values are not necessarily THEIR (the Chinese) values, and sovereignty is also a value.
Should we have the right to be forgotten ? Can that ever actually happen by choice ? Or harmfully if not by choice ie. lost or stolen identity ? In my view Apple has been boiling the frog since the introduction of mac.com and the app store that maintains now not only which apps are downloaded yet even which iOS or mac are using such after iTunes 12.6...
Why does Find My iPhone need to be on vs being turned on when needed, as well as the data wipe feature...?
In an informal count roughly 75% of trade show sales leads surveyed used a 'free' email service - can we be surprised when AI allows any IP or advice provided via such to suddenly be competing with former content or service providers...?
Is the best way to maintain privacy to simply cut the cord ? https://www.bbc.com/news/world-europe-23282308