Every time Apple attempts to inject a little more privacy into the digital world, it faces pushback – but the evidence suggests opponents would be better off going along for the ride.
A bigger business with more privacy
Take Do Not Track for ads and the move to quash IDFA tracking in iOS 14. When Apple first announced its plan, critics across the ad industry complained it would damage their business.
Apple counter-argued that it would simply inspire advertisers to think more creatively about how to reach customers — while also providing more privacy to those customers.
You get to decide. But it seems relevant to consider that the latest App Annie State of Mobile report claims the mobile ad market climbed 22.6% last year, despite moves to limit data tracking. That’s clear evidence to suggest the mobile advertising industry is now healthier than ever before — even as users gained a little more privacy.
Now iCloud Private Relay faces pushback, too
This pattern of resistance to change is occuring again. Apple’s iCloud Private Relay service is smart. It works to protect a user’s Safari browser traffic by making it impossible to relate browsing habits to identity.
It does so by sending the request via one route while receiving the website by another. The effect of Private Relay is a little like VPN, and means no one, not Apple and not the carrier, can easily tell what sites you visit online. You’d think everyone would welcome this.
You’d be wrong.
Carriers are complaining about the move. In Europe a consortium including T-Mobile, Telefonica, Orange, and Vodafone have told the European Commission that Private Relay prevents them from managing their networks and accessing vital network data and metadata.
They complain that Apple has become a “digital gatekeeper” with the move. I expect Apple’s army of lawyers is tooling up for a fight. After all, they will see that the carrier’s argument makes little sense, given that Private Relay effectively gets rid of the gate. Who can keep a gate that does not exist?
It is worth noting that T-Mobile is one of a handful of carriers to have been accused of blocking the service, but it says the problem is with Apple.
“Customers who chose plans and features with content filtering (e.g. parent controls) do not have access to the iCloud Private Relay to allow these services to work as designed. All other customers have no restrictions,” T-Mobile said.
Why do carriers want this stuff?
Carriers may have been quietly using this information to benefit their businesses. (It is also possible that some may be required to gather this information under some national security regulations.)
A BT Group submission to the UK government complained that these technologies would make it difficult to monitor and censor content: “The encryption developments such as DNS over HTTPS and Apple iCloud Private Relay pose significant challenges for implementing such Access Restriction Orders,” it said.
No one can collect such information if it does not exist.
What’s strange about this is that most carriers will permit you to use VPN services (assuming you can find a trustworthy provider). And carriers have always been able to gather location data and usually some insight into app use.
Dig a little deeper
Security experts think the carriers have little reason to complain, with perhaps one of the larger rationales being the potential universality of this protection. While VPNs aren’t routinely used, this service is available to every user and enabling it may obscure some information around network usage.
“Telecom operators should already be comfortable with network neutrality, so simply managing the lower technical layers of the networks,” privacy researcher Lukasz Olejnik told Wired.
He argues that they can achieve pretty much the same results in terms of network optimization and provision of advanced network services by digging deeper into network infrastructure.
What happens next?
I think carriers will dig into network infrastructure to deliver advanced services and will still enjoy rapid business growth, just as the ad market is experiencing. They just need to find a new approach that isn’t data intrusive.
I am, however, concerned about the potential consequences if part of the problem carriers are having with Private Relay reflects the need to monitor content in line with security regulation in some places. If that is the case, Apple may be forced to remove the service from additional nations.
(The beta service is not available in China, Belarus, Colombia, Egypt, Kazakhstan, Saudi Arabia, South Africa, Turkmenistan, Uganda, and the Philippines.)
But I also fear that Apple may be pushed to extend its currently quiescent CSAM protection system to monitor for other forms of online harm. That, of course, is precisely what privacy advocates have warned about.
Apple would simply argue that privacy is maintained for all “law-abiding” users, whatever that means in any given jurisdiction.