Kyle Rankin, Purism:
We agree with Apple that security is at the heart of all data privacy and privacy rights. Where we disagree is in who holds the keys. Your data isn’t truly private or secure, if someone else holds the keys. It’s true that Apple goes to great lengths to lock down their devices from attackers, but like with Google and other proprietary vendors, those locks also lock you out. These devices tightly restrict what applications can run on them in the name of security, but that restriction conveniently also means that everyone has to get the vendor’s permission to install their software.
More importantly, these locks mean that you don’t have freedom or control. In fact, some device vendors are paid to install applications by default that you aren’t allowed to remove. You only have to look at the underground market of sketchy software that promises to “root” your phone to see the lengths that people have to go to so they can try to wrench control of their hardware back from vendors.
This isn’t just a hypothetical argument about freedom. Apple’s decision to hold all the keys to their hardware has real world impacts on freedom and human rights. Alex Stamos (Stanford professor, previously Chief Security Officer at Facebook) gives a great example of the real world impacts these locks can have:
I agree with almost everything Tim Cook said in his privacy speech today, which is why it is so sad to see the media credulously covering his statements without the context of Apple’s actions in China. The missing context? Apple uses hardware-rooted DRM to deny Chinese users the ability to install the VPN and E2E messaging apps that would allow them to avoid pervasive censorship and surveillance. Apple moved iCloud data into a PRC-controlled joint venture with unclear impacts.
We agree that privacy is a human right, but you shouldn’t have to exchange your freedom for your privacy. We believe that freedom is essential to security and privacy and any solution that aims to secure your privacy must also protect your freedom. This means avoiding software solutions that restrict what you can do with your own devices and building security solutions that ensure that you hold the keys. Removing the freedom to control your own hardware and software, even if it’s in the name of security, (but more likely for vendor lock-in) is not enough to protect your rights.
What’s your plan for tomorrow? Are you a leader or will you follow? Are you a fighter or will you cower? It’s our time to take back the power.