Security news that informs and inspires

Apple’s Cook Decries User Surveillance, Calls For U.S. Privacy Law

In what may become a landmark in the escalating debate over privacy rights and regulation, Apple CEO Tim Cook disavowed the prevailing practice in Silicon Valley of amassing vast stores of user information, labeling it the “data industrial complex”, and called for a national privacy law in the United States to address the problem.

Cook, speaking in front of European Union privacy commissioners Wednesday in Brussels, had harsh words for the companies that have built their business models on gathering user data, tracking people’s movements around the web, and generating persistent profiles of every user they encounter. Without naming any companies specifically, Cook criticized the concept of monetizing user data and said that it should worry everyone, users, executives, and regulators alike.

"Today that trade has exploded into a data industrial complex. Our own information, from the everyday to the deeply personal, is being weaponized against us with military efficiency,” Cook said.

“We shouldn’t sugarcoat the consequences. This is surveillance. And these stockpiles of personal data serve only to enrich the companies that collect them. This should make us very uncomfortable. It should unsettle us.”

Apple has been using privacy and security as marketing pegs for its products for many years, but recently the company has been making these priorities much more public. Last week, Apple launched a new privacy portal that allows customers to get a copy of all the data Apple has gathered on them and lays out exactly what privacy features and protections the company’s products and services have. Users also can correct any mistakes in their data that Apple has and even delete their entire profile if they choose.

In his speech Wednesday, Cook said Apple would like to see a comprehensive federal privacy regulation in the U.S., something to match what’s been put in place in Europe through the General Data Protection Regulation (GDPR). He also described four principles he said should be the foundation of such a law.

"Some oppose any form of privacy legislation. Others will endorse reform in public, and then resist and undermine it behind closed doors."

"We at Apple are in full support of a comprehensive federal privacy law in the United States. There, and everywhere, it should be rooted in four essential rights: First, the right to have personal data minimized. Companies should challenge themselves to de-identify customer data—or not to collect it in the first place. Second, the right to knowledge. Users should always know what data is being collected and what it is being collected for,” Cook said.

“This is the only way to empower users to decide what collection is legitimate and what isn’t. Anything less is a sham. Third, the right to access. Companies should recognize that data belongs to users, and we should all make it easy for users to get a copy of, correct, and delete their personal data. And fourth, the right to security. Security is foundational to trust and all other privacy rights.”

Right now, there is a tangle of various state regulations that address certain aspects of personal privacy, including data breach notification laws. But there is no comprehensive federal law, despite many legislators pushing for such a measure. Cook acknowledged that there is considerable resistance to a federal privacy law in the U.S., particularly from other technology companies.

“Now, there are those who would prefer I hadn’t said all of that. Some oppose any form of privacy legislation. Others will endorse reform in public, and then resist and undermine it behind closed doors. They may say to you, ‘our companies will never achieve technology’s true potential if they are constrained with privacy regulation.’ But this notion isn’t just wrong, it is destructive,” Cook said.

Image by Mike Deerkoski, CC By 2.0 license.