Apple CEO: We Don't Covet Your Data

Apple CEO Tim Cook highlights the company's commitment to privacy in an open letter.
 Apple's Next Chapter: 10 Key Issues
Apple's Next Chapter: 10 Key Issues
(Click image for larger view and slideshow.)

Apple CEO Tim Cook declared Wednesday that the company is committed to customer privacy, doesn't read customers' email messages, and doesn't create backdoors in its services for authorities.

In a new privacy section on the company website, Apple draws a contrast between the company's commitment to its customers and the privacy-compromising practices of ad-based businesses.

"We don't build a profile based on your email content or Web browsing habits to sell to advertisers," Cook said in an open letter on the site. "We don't 'monetize' the information you store on your iPhone or in iCloud. And we don't read your email or your messages to get information to market to you. Our software and services are designed to make our devices better. Plain and simple."

Would that it were so simple. Cook acknowledges that Apple, too, is an advertising company, through iAds, but he stresses that iAds is a small part of Apple's business, and that the ad service doesn't rely on data from other Apple services or customers.

Cook never mentions Google by name, but it's clear that Google -- the company he recently cited as Apple's primary competitor -- is one of the "other companies" referred to in the paragraph about FaceTime security.

Regarding FaceTime, Apple's website says, "So unlike other companies' messaging services, Apple doesn't scan your communications, and we wouldn't be able to comply with a wiretap order even if we wanted to."

[Privacy is one thing. But how are sales doing? Read Have Apple's iPads Peaked?]

That's Gmail Apple is talking about. Google scans consumers' Gmail messages to generate targeted ads. Despite the fact that the practice is not meaningfully different from Amazon's recommendation of products based on customers' past purchases -- in each case, automated systems are scanning potentially sensitive data in an effort to provide information the customer hopefully may want -- automated content scanning remains an albatross around Google's neck. Microsoft has also taken aim at Gmail in its Scroogled ad campaign.

But Apple isn't simply repackaging Microsoft's disparagement. The company long ago recognized that it can afford more privacy than ad-dependent Google. That's why it has implemented privacy features like third-party cookie blocking in Safari, the Limit Ad Tracking setting in iOS, and MAC address randomization during passive WiFi network scans in iOS 8. Cook's declaration of commitment to privacy represents a continuation of this strategy.

Perhaps the most intriguing aspect of Apple's evolving view on privacy is its shift toward a zero-knowledge posture, a position until now favored only by the most the most forward-thinking security companies. "On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode," Apple says on its website. "Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."

As the security researcher Jonathan Zdziarski points out in a response to Cook's letter, Apple is taking a brave and welcome stance in defense of privacy, but that doesn't mean government authorities can't access an Apple customer's data anyway. Despite improvements in iOS 8 that close some holes that Zdziarski previously identified, Apple's decision to allow users to access files and apps while a mobile device is locked means that videos, images, media files, and third-party application data can still be accessed using forensic tools if a trusted paired device (a Mac running iTunes for synchronization and backup) is available.

It's also worth noting that, though Apple claims iOS 8 device data is beyond its reach, the company makes no such claim about iOS 8 device data copied to Apple's iCloud service.

Nonetheless, Apple has raised the bar for privacy and security on mobile devices.

Do you need a deeper leadership bench? Send your most promising leaders to our InformationWeek Leadership Summit, Sept. 30 in New York City, for a day of peer learning and strategic speakers.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing