Apple and the limits of its user-privacy commitment

Apple has long trumpeted its unshakeable commitment to user privacy, and touts its business model—which doesn’t rely on advertising, as its competitors’ models do—as a badge of honor. The company seems to see itself as a lone protector, the only one that is concerned more about a user’s welfare than the value of their data. (“Apple wants to be the only tech company you trust,” read a Verge headline from 2019.)  The company just rolled out new privacy-protection which require users to explicitly opt-in to have their data collected or shared by the apps they use—a move that has been relentlessly publicized as a win for user freedom.

Apple coverage from technology-centric news outlets often congratulates the company for the purity of its approach, which relies solely on selling you expensive pieces of hardware rather than engaging in targeted advertising. Such cheery coverage has accompanied Apple’s latest protections. But there are some uncomfortable facts about Apple’s business that critics say raise questions about how deep its alleged commitment to privacy goes, and yet are rarely mentioned.

A recent feature in the New York Times took aim at one rather large blind spot in Apple’s commitment. While Apple has made a point of publicizing its fight with law enforcement in the US when the authorities want to get data from one of its phones—as they did in the case of a mass shooting in San Bernardino in 2016—it doesn’t like to admit that it does the opposite in China. As the Times notes, all of the data on Apple users who live in China is kept on government-owned servers, as required by a Chinese law passed in 2016, and companies beholden to the Chinese government not only control access to the data but also the software keys required to decrypt it.

“Chinese state employees physically manage the computers where the data is stored,” the Times says, in what amounts to a country-specific version of Apple’s iCloud. “Apple abandoned the encryption technology it used elsewhere after China would not allow it. And the digital keys that unlock information on those computers are stored in the data centers they’re meant to secure.” Tim Cook, Apple’s chief executive, says that these are just technicalities. But if Chinese government employees control access to the servers, they can probably get a user’s data any time they want to, and Apple can’t do anything about it except pull out of China, which seems unlikely.

Data storage isn’t the only place where Apple has made concessions to the Chinese government in ways that arguably harm its user privacy. The company has also removed apps from its Chinese app store that give users what are called virtual private networks, or VPNs, a way of connecting to the internet without giving away a user’s specific location or IP address. 

And it’s not just VPN apps. According to the Times story—which was based on internal Apple documents, interviews with 17 current and former Apple employees, and new filings made in a US court case—the company has removed apps from foreign news outlets and gay dating services from the Chinese App Store, as well as encrypted messaging services, and tools for organizing pro-democracy protests. “Apple has become a cog in the censorship machine that presents a government-controlled version of the internet,” Nicholas Bequelin of Amnesty International told the newspaper.

Sign up for CJR's daily email

Apple generates an estimated $55 billion in revenue from its operations in China, where iPhones are manufactured. “China knows its importance to the company’s business and has used it as leverage to extract concessions everywhere,” Alex Shephard writes for The New Republic. “The result is an authoritarian nightmare, in which Apple has effectively given the country access to its data and written it all down as the cost of doing business, and fattening profits.” Many news outlets nevertheless seem to be happy to give Apple plenty of space to talk about its alleged commitment to user privacy—and to fawn over its new hardware at invitation-only launch events—without asking the hard questions about its behavior in China.

Here’s more on Apple and China:

  • Risks: When Apple first announced that it would be storing its user data in China in government-controlled data centers, Amnesty International wrote about what this would mean for users and their privacy. “Companies have a responsibility to respect all human rights wherever they operate in the world,” Amnesty said. “Users of their products and services need to be given clear and specific information about risks they might face to their privacy and freedom of expression.”
  • Apple TV: In 2019, BuzzFeed News reported that while some of Apple’s TV shows were being developed, the company told the producers of some of those programs not to portray China in a negative light. Sources told BuzzFeed these instructions came from Eddy Cue, Apple’s senior vice president of internet software and services, and Morgan Wandell, its head of international content development. The directive was seen as part of Apple’s efforts to remain in China’s good graces after a 2016 incident in which Beijing shut down Apple’s iBooks Store and iTunes Movies.
  • Clean: When Tim Cook gave a speech about the company’s commitment to privacy in 2018, he said the stockpiles of data collected by platforms like Facebook “should make us very uncomfortable,” and that Apple treats its users’ data “like the precious cargo that it is.” But Alex Stamos, the former head of platform security for Facebook who now runs the Stanford Internet Observatory, said the company needed to “come clean on how iCloud works in China, and stop setting damaging precedents for how willing American companies will be to service the internal security desires of the Chinese Communist Party.”

 

Other notable stories:

  • Faculty at the Hussman School of Journalism at the University of North Carolina wrote an open letter to the Board of Trustees about its failure to award tenure to Nikole Hannah-Jones, who has won both a Pulitzer Prize and a MacArthur Foundation “Genius” grant for her work on The 1619 Project, the New York Times Magazine’s effort to show slavery’s role in the formation of the United States. The board’s refusal was first reported by NC Policy Watch. The journalism school has since offered Hannah-Jones a five-year appointment, which doesn’t require board approval. Over 100 faculty members of other journalism schools across the country also signed a letter of criticism.
  • Two amateur computer coders in China have pleaded guilty to “stirring up trouble and picking quarrels” in a case that highlights Beijing’s growing crackdown on online activity, according to a report from Al Jazeera. Chen Mei, 28, and Cai Wei, 27, created an online archive that stored articles that had been censored from the Chinese internet and an accompanying forum that allowed people to discuss them anonymously. According to Al Jazeera, family and friends believe what got the two men in trouble was archiving articles that challenged China’s official narrative about its coronavirus response just as the country started facing questions over its handling of the initial outbreak.
  • WhatsApp groups are fueling mob violence against Palestinians in Israel, a report in the New York Times says. Extremists have formed more than 100 new groups on the Facebook-owned messaging app in recent days, according to the Times report, and they are using them to target attacks on Palestinians. This behavior is difficult for the company to track because messages in WhatsApp are encrypted, so even Facebook can’t access the data in them.
  • Subscription-based news site The Information has hired 22 people in the past year, and plans to add more in the future as it tries to build its audience, Digiday reports. Founder and editor Jessica Lessin says her goal is to reach “hundreds of thousands” of subscribers from the “tens of thousands” of subscribers that the company has today (she declined to share specific numbers). Lessin said she expects to hit that goal within the next few years.
  • Ariana Pekary, CJR’s public editor for CNN, writes about the network’s coverage of the violence between Israel and Palestine, and how it seems to give a lot more time and space to the Israeli government’s position than to that of the Palestinians who are being shelled and fired upon by the Israeli military. “CNN aired a two-hour special on the brewing crisis from 3pm to 5pm Eastern Time without explaining why it was happening,” Pekary writes. “Almost every guest was located in Israel; the network didn’t feature a single person in a Palestinian territory or neighborhood.”
  • Amazon’s Ring “smart doorbell” is the largest civilian-surveillance network the US has ever seen, writes Lauren Bridges, a PhD candidate at the Annenberg School for Communication at the University of Pennsylvania. One out of every 10 US police departments can access videos from millions of home-security cameras without getting a warrant, Bridges says. “In a 2020 letter to management, Max Eliaser, an Amazon software engineer, said Ring is ‘simply not compatible with a free society’ [and] we should take his claim seriously.”
  • Rumble, a video-sharing platform that has become popular with right-wing commentators, is being funded by a group of conservative venture capitalists including Peter Thiel and JD Vance, author of Hillbilly Elegy, according to a report from the Wall Street Journal. The funding is being led by Narya Capital, a Cincinnati-based fund co-founded by Vance, as well as Colt Ventures, founded by former Trump adviser Darren Blanton.
  • Erik Wemple, a media columnist for the Washington Post, writes about Sally Buzbee, the newly-appointed executive editor of the New York Times, and her reputation when she was at the Associated Press. “A former colleague of Sally Buzbee recalls the time some big shot at the FBI told the Associated Press that it shouldn’t publish some details in his story. At the time, Buzbee was the wire service’s Washington bureau chief, a post that routinely fields suppressive suggestions from D.C. bureaucrats. ‘She had a polite, corporate way of saying ‘f— you,’ recalls the former colleague.”

Has America ever needed a media watchdog more than now? Help us by joining CJR today.

Mathew Ingram is CJR’s chief digital writer. Previously, he was a senior writer with Fortune magazine. He has written about the intersection between media and technology since the earliest days of the commercial internet. His writing has been published in the Washington Post and the Financial Times as well as by Reuters and Bloomberg.