Apple announced Friday that it would postpone its planned roll-out of user device surveillance technology that had come under heavy fire from the privacy and civil liberties community. We at Freedom of the Press Foundation wrote last month that the technology was a “threat to user privacy and press freedom,” and could, if abused, threaten whistleblowers and journalists working on sensitive stories.
We were far from alone in raising the alarm about Apple's plans. Nearly one hundred civil society organizations signed an open letter to the tech giant urging it to reconsider, joining thousands of individuals, including security researchers, cryptographers, and privacy experts on a second letter. The strength and virtual unanimity of this outcry is heartening, and clearly had an effect. As our board president Edward Snowden put it on Twitter: “Don't ever let anyone tell you that there's nothing you can do when a company announces a plan to screw you.”
But while a delay is welcome, it’s not sufficient. Apple should drop its plans for this backdoor technology entirely. As we previously said about the technology, “No backdoor for law enforcement will be safe enough to keep bad actors from continuing to push it open just a little bit further.” The qualms from the privacy community weren’t nitpicks about implementation details, but a rejection of the underlying premise.
The danger of untrustworthy devices to journalists and sources has never been clearer, as we come off a summer of revelations of powerful spyware targeting reporters and the disclosure by investigators that encrypted messenger metadata was used to identify at least one whistleblower behind a major piece of financial reporting.
It’s crucial, then, that the developers of our technology and software keep their interests aligned with the privacy needs of their users. Apple has marketed itself on these very values, and indeed has often led the field towards more privacy preserving practices. This proposal could have been a dangerous move backwards; dropping it would be a step towards regaining user trust.