In a world in which privacy is a hot-button issue, we might have expected Brits to be outraged that their government was responsible for Apple withdrawing Advanced Data Protection from the UK. In reality, it’s gone largely unremarked.
A new Bloomberg piece suggests that’s because people care far less about privacy than they claim. While I do think there’s some truth to that, it’s not the primary reason …
What is Advanced Data Protection?
To start from the beginning for non-techies, there are two primary forms of encryption. In standard encryption, the company storing the data holds a copy of your encryption key, so if a government comes along and demands that it hand over your data, the company can do so.
With strong encryption, aka end-to-end encryption (E2EE), only your devices hold the key. If a government asks Apple to hand over copies of your iMessages, for example, it cannot do so because the company doesn’t have the key needed to decrypt them.
Apple has historically used a mix of weak and strong encryption, but Advanced Data Protection (ADP) allows you to switch on E2EE for almost all of your data. Apple introduced this as an option just over two years ago. You can learn more in our video explainer below.
Brits losing ADP
The British government wasn’t very happy about ADP, and demanded that Apple build a backdoor into iCloud – not just for the personal data of British citizens, but for all iCloud users worldwide.
As we noted at the time, we knew from Apple’s past behavior that it was never going to agree to this.
Sure enough, the company refused, stating that it would instead withdraw access to ADP for UK customers. This took immediate effect for those not yet using it, who are now unable to toggle it on, while existing users have been told we’ll have to switch it off at some point or lose access to iCloud.
Bloomberg suggests Brits don’t care
Despite what I described as an outrageous move, there’s been remarkably little fuss about it in either UK media or on social media. Bloomberg’s Parmy Olson suggests this is because people don’t care as much about privacy as they claim.
There’s been little pushback, much less uproar, from the Brits about Apple’s policy change. The […] muted response suggests something troubling for Apple: Customers don’t care about privacy as much as the company thinks.
The so-called privacy paradox, well-documented in academic research, refers to the gap between the concerns people say they have about their data and what they actually do about it.
I do think there is some degree of truth to this. There is certainly evidence that people will sacrifice privacy to get or retain access to products and services they like.
But it’s mostly that people don’t understand this stuff
But the main reason there’s been little fuss about the loss of ADP in the UK isn’t that people don’t care about the loss of privacy, but because they didn’t even know the feature existed.
Apple kept it toggled off by default, and that’s for understandable reasons. When Apple holds a copy of your encryption key, it can help you regain access to your data if you forget your iCloud password even if you didn’t set up a recovery option. If you use ADP, then Apple won’t be able to help because it doesn’t have access.
But because ADP needs to be manually enabled, there’s no reason a non-techy user would even have heard about it. Even Olson – a technology journalist for Bloomberg – seemingly wasn’t using it herself.
I’m an iCloud customer myself, and trying to activate the feature now leads to [the error] message.
The lack of outrage isn’t surprising, but does matter
So the lack of outrage isn’t surprising. Most people don’t know the difference between weak and strong encryption, had never heard of ADP, and don’t have it enabled.
Top comment by Zaire Sofian
I understand how this can seem shocking but we gotta understand people barely understand how these phones work at all. They know camera, safari, email, maybe an app or two.
When I worked at the Apple Store there were customers who legitimately did not know how to turn an iPhone on or off. Or that their phone had a flashlight. Or that do not disturb is why they can’t get calls.
We give the general consumer base way too much credit with technical knowledge.
But it does matter. The UK is hardly the only country to want backdoor access to our data, and when other governments see the lack of fuss over this, they are likely to make the same demand so that Apple is forced to switch off ADP in their country too. That most certainly includes the US.
If Apple wants to head that one off at the pass, it needs to make this a major issue. Brief mainstream media on exactly what all this stuff means, and why it matters. Generate (justifiable) outrage in the UK to deter other governments from doing the same thing.
It will be much easier for Apple to fight for ADP in the US if its customers already know what it is, why they should be using it, and have it enabled.
Photo by Philipp Katzenberger on Unsplash
FTC: We use income earning auto affiliate links. More.
Comments