It's time for the right to remain private

I'm going to something so controversial I'm not even sure I fully agree with it, at least not yet. This is complex, nuanced, life, death, and the future of our society stuff, and the absolute last thing I'm going to do is take any of it lightly.

Instead, I'm going to take several things that happened this week, break them down, and then suggest how we as a people can move forward.

Don't want to read? Watch the video version and subscribe for more!

January 14, 2018: Statement from Ring

A Ring spokesperson sent me the following statement on the allegations raised by The Information and The Intercept:

"We take the privacy and security of our customers' personal information extremely seriously. In order to improve our service, we view and annotate certain Ring video recordings. These recordings are sourced exclusively from publicly shared Ring videos from the Neighbors app (in accordance with our terms of service), and from a small fraction of Ring users who have provided their explicit written consent to allow us to access and utilize their videos for such purposes. Ring employees do not have access to livestreams from Ring products.We have strict policies in place for all our team members. We implement systems to restrict and audit access to information. We hold our team members to a high ethical standard and anyone in violation of our policies faces discipline, including termination and potential legal and criminal penalties. In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them."

I'd like to see what both The Information and The Intercept have to say regarding this statement and how, if at all, it reconciles with their previous reporting.

"What happens on iPhone, stays on iPhone."

That's the message Apple plastered across CES this year, on an epic, building-sized poster that wasn't just a clever play on "What happens in Vegas, Stays in Vegas," or clever marketing given the lack of attention they got by not showing up in Vegas last year, but a swift and brutal rohambo on Google, Facebook, and Amazon — Companies that primarily suck up your data to operate on it in the cloud, but also to store and exploit it for their own gain, and in stark contrast to Apple, who has made it a point of both differentiation and pride to keep your data on device to operate on it there, exploiting it not at all.

Some loved it. Others hated it. Some found it spot on. Others found it duplicitous. Some would have preferred Apple to stay away. Others would have preferred Tim Cook show up at the show and deliver the message in person, as a full-on, privacy focused keynote, similar to the one he gave last year at the 40th International Conference of Data Protection and Privacy Commissioners.

Why is any of this even a thing?

Ringing in the New Year

Ring, now owned by Amazon, was yet again caught with it's privacy pants down. Sam Biddle, writing for The Intercept:

Beginning in 2016, according to one source, Ring provided its Ukraine-based research and development team virtually unfettered access to a folder on Amazon's S3 cloud storage service that contained every video created by every Ring camera around the world.

According to one source of The Intercept. Another publication, The Information (opens in new tab), reported on some of this last month as well, interviewing two dozen current and former dozen employees, and business partners, and reviewed scores of internal documents, presentations, communications, and more.

At the time the Ukrainian access was provided, the video files were left unencrypted, the source said, because of Ring leadership's "sense that encryption would make the company less valuable," owing to the expense of implementing encryption and lost revenue opportunities due to restricted access.

I'm not sure what "lost revenue opportunities" means here, unless Ring thought watching the video would give them new product ideas or, horrifically, intended to monetize what was coming off those feeds in some way?

The Ukraine team was also provided with a corresponding database that linked each specific video file to corresponding specific Ring customers

So, they didn't just get to see what, they got to know who.

At the same time, the source said, Ring unnecessarily provided executives and engineers in the U.S. with highly privileged access to the company's technical support video portal, allowing unfiltered, round-the-clock live feeds from some customer cameras, regardless of whether they needed access to this extremely sensitive data to do their jobs.

Only an email address was apparently needed to get into anyone's home, which sounds absolutely conspiracy-theory nuts, until you remember Uber was caught doing something similar back in 2016, using a "god-mode" to spy on exes, politicians… Beyonce.

A second source, with direct knowledge of Ring's video-tagging efforts, said that the video annotation team watches footage not only from the popular outdoor and doorbell camera models, but from household interiors.

Your location: For Sale. Cheap.

Earlier this week, Vice's Motherboard reported that cell phone carriers had again been caught selling our location data to bounty hunters, debt-collectors, and others. Joseph Cox:

I gave a bounty hunter a phone number. He had offered to geolocate a phone for me, using a shady, overlooked service intended not for the cops, but for private individuals and businesses. Armed with just the number and a few hundred dollars, he said he could find the current location of most phones in the United States.

$300 to be exact.

The bounty hunter sent the number to his own contact, who would track the phone. The contact responded with a screenshot of Google Maps, containing a blue circle indicating the phone's current location, approximate to a few hundred metres.

And how does this all work?

Although many users may be unaware of the practice, telecom companies in the United States sell access to their customers' location data to other companies, called location aggregators, who then sell it to specific clients and industries. Last year, one location aggregator called LocationSmart faced harsh criticism for selling data that ultimately ended up in the hands of Securus, a company which provided phone tracking to low level enforcement without requiring a warrant. LocationSmart also exposed the very data it was selling through a buggy website panel, meaning anyone could geolocate nearly any phone in the United States at a click of a mouse.It's bad enough that access to highly sensitive phone geolocation data is already being sold to a wide range of industries and businesses. But there is also an underground market that Motherboard used to geolocate a phone—one where Microbilt customers resell their access at a profit, and with minimal oversight.

And that's just this week. But the stories come out every week. Google and Facebook, so many times. And so much that we risk being desensitize to it. That the horrific risks becoming accepted.

That's what Apple is tackling with its very public, incredibly pro-active stance on privacy. It's betting a large part of its competitiveness and credibility on it.

Regulations

At the 40th International Conference of Data Protection and Privacy Commissioners, Tim Cook used his keynote to advocate for privacy regulation:

We at Apple are in full support of a comprehensive federal privacy law in the United States. There, and everywhere, it should be rooted in four essential rights: First, the right to have personal data minimized. Companies should challenge themselves to de-identify customer data—or not to collect it in the first place. Second, the right to knowledge. Users should always know what data is being collected and what it is being collected for. This is the only way to empower users to decide what collection is legitimate and what isn't. Anything less is a sham. Third, the right to access. Companies should recognize that data belongs to users, and we should all make it easy for users to get a copy of…correct…and delete their personal data. And fourth, the right to security. Security is foundational to trust and all other privacy rights. Now, there are those who would prefer I hadn't said all of that. Some oppose any form of privacy legislation. Others will endorse reform in public, and then resist and undermine it behind closed doors. They may say to you, 'our companies will never achieve technology's true potential if they are constrained with privacy regulation.' But this notion isn't just wrong, it is destructive.

Fines are good, fines are great. But so are criminal charges for companies and employees who spy on us and steal our data, or enable violations and abuse, whether it's through a window or doorbell camera, stalking or selling location data.

But that's the government protecting against abuse by companies. What about protecting against abuse by the government?

Rights

Everything from the Snowdon disclosures to the FBI's attempt to force Apple to unlock iPhones beyond the scope of any existing laws, the government has proven not just as incapable of self-regulating, but intent on regulating access that would cripple encryption and — no hyperbole, none, zero — destroy functional privacy for everyone.

I don't have an easy answer to that. I only have a hard one — the right to remain private.

The recognition that our devices have become external storage not just for our data but for our minds — our memories, our ideas, our finances, our health records, our diaries, our sex lives, our most personal and private thoughts and dreams.

And, as technology progresses, our external storage will become internalized, and our biological minds will become readable, by some for of cybernetics.

And, if we don't start talking about and preparing for the need to protect ourselves now we'll have a much harder time doing it then.

At the extreme, we should discuss not just the type of privilege extended to spouses, priests, lawyers, and doctors, but the type of rights against self-incrimination some jurisdictions, including the U.S., already holds sacred.

Yes, it will make law enforcement harder, the same way the lack of finger-printing and DNA scanning at birth makes law enforcement harder, but the entire purpose of human and civil rights is to put the interests of the individual before the interests of the state. To make their work harder in order to keep our rights safer.

Privacy

Some people content the age of privacy is over. That we've lost it and we'll never have it again. Not even the expectation of privacy. That we should just make peace with governments listening in to all our communications, service providers selling all our data, internet companies putting cameras and mics in our bedrooms, living rooms, children's rooms.

That the cost savings and convenience are more than payment enough for stripping us effectively naked and spreading us eagle across the internet.

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

20 Comments

While I 100% agree with the privacy stance, IMO the greater issue is transparency. Some companies do well with being transparent with consumers, while others like to be opaque. Consumers are adults and can make their own choices, as long as terms are clear. Of course if you want better personal privacy, staying off the tech gadgets for days on end would help as well.
Doesn't matter how long you stay off them, they'll be collecting the data again once you come back. Everyone has different levels of how much of their privacy they want to protect, most people just don't want sensitive information taken
My thought was more towards going back to the dark ages of a landline and hand written communication, obviously being hyperbolic, but I definitely get your point and agree.
Apple gave the iCloud keys to the Chinese government. Hardly a great respect for privacy rights.
Apple decrypts iCloud data and gives it to US and foreign governments when requested, they disclose it in their transperancy reports. They also state they can review your data in the iCloud Terms of Service. What happens on iPhone needs to stay on iPhone in order to protect your privacy, if you let it leave your phone then its available because apple controls the key.
It's less bad if Apple controls the keys. They can pushback against requests. They gave China the rights to access any backup they want at any time. That's the issue.
How is it less bad when Apple controls the key because they pushback? They still can and do decrypt customer data when requested to. Apple is selling the idea that your data is private when it is private only if it stays on your phone, Apple’s cloud services makes your data less private
Can and do aren't the same. Ideally, it's better that they don't have the key at all, but if I had to pick the government having it or Apple, I'd pick Apple. Even then, it's not opensource so you can't say Apple's Cloud is any less private than the OS itself since you can't audit it.
"And so much that we risk being desensitize to it"
"That the horrific risks becoming accepted."
"interviewing two dozen current and former dozen employees"
"and our biological minds will become readable, by some for of cybernetics"
"Some people content the age of privacy is over" Some people contend the age of proofreading is over. But seriously, "internet companies putting cameras and mics in our bedrooms, living rooms, children's rooms". I don't know of any "internet companies" doing that. However, I DO know lots of stupid people putting "smart speakers" in every room. The last thing in this world I want or need is an internet-connected speaker that listens to everything I say and "learns" about me. Am I the only person who finds that creepy? I did buy one such speaker, a Harman/Kardon Invoke. It uses Cortana, but I have never used it. Cortana is completely disabled - the microphones are off and there is no internet connection - but it is a superb-sounding bluetooth "dumb speaker" for the $60 fire sale price. People buying internet-connected cameras and internet-connected microphones in "smart speakers" and then complaining about "privacy" are idiots. While you are at it, why not leave all of your doors open and window curtains open, and then complain that the neighbors are spying on you.
"I DO know lots of stupid people putting "smart speakers" in every room. The last thing in this world I want or need is an internet-connected speaker that listens to everything I say and "learns" about me. Am I the only person who finds that creepy?" I don't find it creepy, I find having smart speakers in every room could be useful (albeit expensive) and it being able to learn is great because then you don't have some generic response for everyone. The problem is the transparency and how the data is handled. A smart speaker should be able to listen and learn, but the learning process should be sending your transcribed conversations over an encrypted connection, and stored encrypted whereby only the receiving cloud computer can read your conversation, so no humans can pry on your conversations. "People buying internet-connected cameras and internet-connected microphones in "smart speakers" and then complaining about "privacy" are idiots." The problem is you _can_ set your own devices up so that you can connect to them through the internet without the use of a cloud service so your privacy is protected, but it's not plug-and-play. You can buy a camera, connect it to your network, open the necessary port on your router then connect via IP or DDNS, and know your privacy is safe, but the average person doesn't know about opening ports and setting up DDNS or how to get the IP address. These cloud services (which create the privacy issue) provide a plug-and-play way of accessing your devices through the internet, so it's hard to know who to blame here. I guess ISPs, router manufacturers and people who create these smart devices should work together to make a simple process for setting up things like cameras so that you don't need to rely on a cloud service.
The transparency angle could be rectified if they released the source and sold the service. As we've discussed in the past, open source can still make money, like RedHat does when CentOS is *literally* the same thing minus logos. If that MyCroft speaker is ever released, I'll do that. I unplugged my Alexa and GoogleHome. There's no way you can verify that they aren't sending data, or even living up to their "transparency report" without the source code. "open the necessary port on your router then connect via IP or DDNS, and know your privacy is safe" no. You have a wide open port that Shodan or whatever will have mapped in minutes. Best would be to have it setup with some form of sync setup, SyncThing and BTSync both work without opening ports. Only issue is iOS won't let them sync to your phone without being active. Maybe PushBullet or alike.
Closed-source exists for a reason, it protects people's ideas from being stolen. Linux users may believe that all software should be open-source, but we live in the real-world which is capitalism. You can monitor the network requests on your network, the data will probably be encrypted so you can't see what it is, but you'll at least know how often data is being sent. And you could open a port on the router and put it behind login protection, but yes there are other methods.
Again, how does RedHat make money then? CentOS is a bit for bit copy only changing branding. You can monitor network requests, but that doesn't mean you'll catch everything. It could wait until it's unmonitored, or only monitor certain people. Correct, you'll know how often but not what. You can't *prove* it's not sending your private data with iCloud off. Can you explain how RedHat made money with CentOS literally being an identical copy (minus logos) if not for capitalism being fine with open source? Opening a port and putting a password protected login is still less secure than not opening any ports at all what-so-ever. The "login protection" could have a flaw, more so than "deny all unrequested packets".
Closed source is more to do with people stealing ideas and making money off that idea themselves, rather than being used to generate money per se. Yes, you can make money off open source, but you're also risking someone else making money off that product as well. Apple doesn't want other people making money off their software
Here's Apple's huge problem from a Privacy stance. They don't allow more granular controls of settings for those who want them. Why do I need to grant Imgur Read&Write to my photos in one prompt? Why can't I decide to give them write only access for saving memes, then get the prompt for "hey, they want to read photos, is that ok?" If it's opt-in, it can't be "this would confuse our users". With location, why can't I get an option to grant location this one time? Or after giving us the "While Using" permission, allow me to potentially break an app by giving it "While Using" but telling it I set "always"? PokemonGo demanded 24/7 access to my GPS for me to use the Go+. There's no need for it to have it, and it's overly tedious to turn the setting on and off each time. Would be better if I could have it only access location when it's in my background app list thing. Apple is also not super private as they meddle in what apps adults can see and what apps they can't. I know I harp on this, but when cry-babies* were freaking out over statues that were there as a "never again" monument, Apple removed games that used a certain 1860's Southern flag, even if they're set in that historical period. They left apps that used a 1930's German flag. They don't respect the privacy of people wanting to use a social media app that has channels for things Apple doesn't politically agree with. Once you hit 18, they should have zero say in what apps are approved from a speech angle, and just block malware and alike. I hope there's a HUGE lawsuit on them on the "platform or news source" thing that they're bringing against Spybook for deciding what's news and what isn't. When Apple decides which political opinions they want to allow, they're on the hook for what is said imho. *My family was personally impacted by the flag Apple left in games, and I wouldn't want monuments in Poland removed because they are there as "never again". (I can't say the name of the 30's German group since they censor it here)
You're the only person who I have seen complain about the granularity of the privacy controls, and them not being granular doesn't mean that your phone isn't doing a great job at protecting your privacy. Android's permission system isn't that much more flexible, it's just that you can get third-party apps (whether you trust them) to provide that functionality. "Apple is also not super private as they meddle in what apps adults can see and what apps they can't" This is a bit of a detour from the privacy we're talking about. This is more to do with Apple's censorship, and I don't agree with it. The only apps Apple should block are ones that appear malicious, or are cheap copies of other apps. Unfortunately, the only way we will see the censorship end, is by Apple allowing other app stores or the ability to download apps from anywhere.
Being the only one complaining doesn't invalidate the issue. Can you speak to the issue not the fact that others aren't vocal? The fact is that Apple could easily enable the settings I mentioned behind "you must login as a dev" or something to prevent accidental tweaks, but it is as a fact better for privacy to have the settings I mentioned. Maybe going from 90/100 to 95/100 while you say Android is under 90, but still, 95>90, and it's not much more code for Apple. It's kinda private in that they don't respect people's autonomy to run apps from the privacy of their own phone. They blocked 4chan apps until they made you jump through hoops to add the / you wanted to go to. They kinda allow you to download apps from anywhere, but you have to pay them $100 a year for the privilege of keeping the apps for over a week. You can use xcode if you have a Mac to install any open source app you want. It's just not right that they charge $100 for that right. Edit: The "privacy" app I have on my Android phones is trustable. 1) I have a 100% open source network control app, Netguard, that blocks Spybook and ads in general phone wide. 2) I have another app, Bouncer, that just removes permissions when I close out of an app. Bouncer isn't allowed to go online, and hasn't complained. And it's doing it's job.
I'd love for the iPhone to have a "log in as a dev" option which unlocked settings for people who know what they're doing, which would in turn give you the kind of flexibility you have on a desktop OS, with a terminal as well, but it's unlikely that will happen anytime soon. For now, a more granular permissions is a nice-to-have, rather than a must-have. In general Apple opens up the phone slightly more with each iOS release, so hopefully in time they will deliver something with helps you with what you want
Rene once again with the pom-poms cheering for Apple on privacy all while conveniently forgetting (or deliberately omitting) the fact that Apple regularly extorts concessions from Google to be the default search engine for Safari.
And you are here once again with your Google search engine nonsense. If you were Apple, and you were privacy conscious, you would still use Google Search simply because it's far better than the rest of the competition (trust me I've tried). Unless Apple make their own search engine, Apple will continue using Google search. It's not infringing your privacy on default settings and without being signed into Google

Show more comments