Op-Ed: Apple can’t protect your privacy. But you can

Privacy is Apple’s brand. The company brags that it has created “the most secure consumer platform in the world” — but its pretenses are misleading, and that does real harm.

Last month, researchers led by Amnesty International revealed that an Israeli company had developed spyware that had breached the vaunted iPhone, allowing it to track all your phone calls, messages and digital transactions.

That shouldn’t be so shocking. Privacy is ever vulnerable in the digital age. The supreme connectivity that digital technology offers necessarily means our lives are increasingly exposed, and the more we live our lives digitally, the more we are exposed.

Inevitability doesn’t excuse obfuscating risk.

Apple trumpets its privacy protections and oversells the virtues of its products, giving consumers a false sense of security that lulls us to let down our guard and only makes us easier targets for spies. If Apple is doing all that it can to protect us, great — it should say so. But any such claims should avoid giving users the impression that they have digital privacy.

We must give credit where it’s due: Apple did take a huge step this year when it spurned Facebook and other digital marketers with a new privacy feature on the iPhone. It allows users to opt out of being tracked across their digital transactions. Three-quarters of iPhone users took up this offer.

Also this year, Apple introduced a location tracking device called AirTags, a Bluetooth-enabled fob intended to help iPhone users find a missing object such as their keys or wallet. The company introduced it with restrictions intended to protect privacy and prevent stalking, for instance alerting you if the system thinks someone else’s AirTag is moving with you and reporting your location.

Among the tech behemoths, Apple takes a lonely, moral stand for privacy, which CEO Tim Cook has described as a human right.

Precisely because Apple touted its security, investigative journalists, political activists and human rights workers around the world have opted to use iPhones for their often sensitive and dangerous communications. Amnesty International revealed that the iPhones on which they rely could be compromised by spyware known as Pegasus, and that the vulnerability has existed for at least five years.

Perhaps most devastatingly, Pegasus is a “zero click” exploit, meaning you don’t have to click on a dubious message or link to enable it. Simply receiving it in a disguised message will implant the spyware. And then you are bugged by your own cellphone.

The Israeli company behind this spyware, NSO Group, sold its product to governments. Among 50,000 phone numbers of potential surveillance targets, researchers found heads of state, journalists and activists, as well as related contacts such as members of slain journalist Jamal Khashoggi’s family. It is unclear how many were successfully bugged.

Everyday users are wooed by Apple’s emphasis on empowering users to protect their privacy. It’s quite ingenious, simultaneously boosting Apple’s moral standing when it comes to privacy protection and giving us a sense of control. Apple’s privacy tool suggests we can pick and choose with whom we share our data, and how and when. It suggests we have an idea how our spies operate, how they follow us, what they want, and to what end.

However, all along, the notion that we may attain some degree of parity with our spies is delusional.

Apple must play a constant game of catch-up with surveillance innovators such as NSO Group. It’s asymmetric warfare: Apple’s defenses would have to be 100% flawless to succeed, but the hackers and spies need only an infinitesimal success rate.

Some privacy advocates even fear that Apple’s latest security measure, technology announced Thursday to detect sexual images of children or being sent to children, leaves iMessage more vulnerable to spying. It had been encrypted between sender and recipient, but now content is monitored and can be reported to third parties.

Increasingly, spies don’t even need our data to keep tabs on us; our metadata will do. Analysts can identify us by the way we hold our cellphones — at what angle — and how we swipe the screen. Apparently, they have determined this is distinctive to each of us. And digital marketers can circumvent Apple’s protections against tracking through a method called fingerprinting, which uses information such as screen resolution, operating system version and phone model to identify a user across multiple apps. No hacking required.

How are we to stay ahead of constantly innovating spies? We won’t. Act accordingly.

Be responsible in what you do and say, to whom, and how. Reflect, slow down, and think about what you share. Assume that someone is always listening.

Apple could remind us to protect ourselves by dropping the pretense of privacy.

Firmin DeBrabander, author of “Life After Privacy,” is a professor of philosophy at the Maryland Institute College of Art.