In defying a court order to help unlock Syed Rizwan Farook’s iPhone, Apple depicted itself as a righteous crusader for consumer privacy, fighting against the creation of a ‘backdoor’ for hackers. By virtue of the FBI’s taking matters into its own hands, and successfully unlocking the iPhone without Apple’s assistance, Apple’s reputation as a privacy guardian has been tarnished. Clearly, the security of the iPhone is not absolute.
While the FBI emerges as victorious, the real winners—counterintuitively—are Apple customers. True, iPhone users may feel more vulnerable to know with certainty that a ‘backdoor’ is out there. But the fact that the FBI was able to override Apple’s security features in a relatively short time frame shows that the iPhone software was always vulnerable to hacking—and now customers are merely more aware of that reality. Awareness that Apple products are susceptible to breach is inherently better for consumers than a false sense of privacy.
Indeed, transparency and consumer awareness have always been the guiding principles of the federal government in policing companies’ privacy policies. According to the Federal Trade Commission, the primary agency in charge of protecting consumer privacy, a company wishing to use its customers’ private data could do so—but only to the extent that its practices were not “unfair or deceptive.” In other words, companies must be transparent about their use of consumer data, in order to empower informed choices among consumers.
Unfortunately, the Federal Communications Commission is considering undermining the FTC’s reasonable choice-based approach, opting instead to keep consumers in the dark as to their actual privacy vulnerabilities. Emboldened by the network neutrality rules, which usurped the FTC’s authority over the broadband industry, the FCC today is proposing privacy rules that would categorically ban broadband providers from using a customer’s Internet activity data in the absence of express consent. Chairman Wheeler has justified this inflexible framework on the grounds that broadband providers are the gatekeepers of the Internet, with comprehensive and unique access to users’ online activity.
But in touting the proposed FCC privacy regulations for broadband providers as a comprehensive solution, Chairman Wheeler creates false privacy expectations and potentially misleads consumers. Aside from the fact that consumers typically use multiple devices and multiple networks, with no single broadband provider privy to the entirety of a customer’s data, broadband providers constitute only a sliver of the Internet. Social networks, search engines, messaging services, and operating systems arguably have much deeper access into a consumer’s online activity and private information. However, since the FCC lacks legal authority over these companies, they would be immune from the Commission’s proposed privacy rules.
Some of these exempt companies are infamously prolific in their data-mining practices. In a speech from last summer, Apple CEO Tim Cook implicitly attacked Facebook and Google for profiting on account of their users’ data in the absence of their informed consent:
"Some of the most prominent and successful companies [in Silicon Valley] have built their businesses by lulling their customers into complacency about their personal information."
Just as using an iPhone is by no means an insurance policy against hackers, regulating broadband providers is in no way a privacy panacea for consumers. Insofar as other Internet companies are engaged in the very same conduct proscribed for broadband providers, the stricter FCC rules will at best give unfair advantages to such companies as Facebook and Google, creating winners and losers in the Internet industry. At worst, the proposed rules could deceive consumers as to the strength of their data security.
The FCC is poised to erect the very same illusions as Apple in its proposed rules for consumer privacy. The Internet is composed of many entities, from social networks to foreign hackers, and it is naïve to think that any single company or government agency can offer comprehensive protection. The Commission ought to be forthright with respect to the flaws and limits of regulating broadband providers, and stop propagating a false sense of privacy.