In recent years, Apple has bent much effort (and PR strategy) to positioning itself as the user privacy brand. While the company has made substantial advances in this area, smudges continue to appear on its record. In the midst of a battle over its user tracking changes that has developing antitrust elements, Apple is feeling pressure to reaffirm its privacy stance due to two recent news stories: its cooperation with subpoenas from President Donald Trump’s administration that saw phone data handed over for potentially political purposes, and a case in which iPhone repair techs took compromising photos from a woman’s phone and uploaded them to Facebook.
Trump phone data hunt casts shadow on Apple’s privacy record
Apple bought itself quite a bit of goodwill with its public refusals of FBI requests to unlock the encrypted phones of suspects and provide American law enforcement with a permanent back door into its devices.
That goodwill may be eroding with the public revelation that Apple complied with Trump administration subpoenas in 2017 and 2018 seeking phone data of House Intelligence Committee members tasked with investigating the administration along with their families, including at least one minor child.
The subpoenas came in response to the House Intelligence Committee’s investigation into possible ties between Trump administration figures and Russian nationals. This came during a period in which Trump repeatedly stated that his administration would “find the leakers” releasing embarrassing and potentially politically compromising information about his administration. Committee Chairman Adam Schiff and representative Eric Swallwell have confirmed that their phone data was subpoenaed by the Justice Department during this time, with requests for metadata including that of aides and an unspecified minor that is apparently a child of one of the members that were being monitored.
The subpoenas included a gag order on Apple that expired recently, with even the lawmakers themselves not becoming aware of the phone data seizure until last month. The Justice Department disclosed the existence of the subpoenas to the media earlier this month. The New York Times reports that Justice Department prosecutors also issued subpoenas for reporter records in an attempt to identify confidential sources as part of the leak investigations.
Apple has thus far declined to comment on the case. A source for the New York Times says that the phone data it released consisted of metadata and account information, but no messages or personal files such as photos or documents. The phone data does not appear to have provided the Trump administration with any of the evidence of leaks that it was looking for. Democrats called it an attack on the separation of powers, and current Justice Department inspector general Michael Horowitz has announced that he is opening a review of the agency’s actions during that period for improper conduct.
Vox’s Recode points out that tech companies have some ability to resist in cases like this, but they frequently cooperate. Apple says that between January and June 2020 it complied with 82% of government requests for phone data, and it appears to have been forced by a federal judge and grand jury to turn over the phone data in this case. Apple also said that it believed that other big tech companies received similar subpoenas, something that Microsoft confirmed later in the week.
Problems at home with iPhone repair technicians
Apple’s issues with the phone data of Congress members might be chalked up to legal orders that it could simply not fight, but the other privacy scandal it is dealing with is much closer to home.
It was recently revealed to the public that Apple settled a lawsuit that involved iPhone repair technicians accessing intimate photos and uploading them to a customer’s Facebook account. Searching a phone for photos of this nature would be bad enough on its own, but the iPhone repair techs took things a step further and used the woman’s logged-in Facebook account to post the compromising material as if she herself was doing it.
The incident happened in 2016 at Pegatron Technology Service, a California-based iPhone repair contractor. The amount of the settlement was not revealed, but the woman had been asking for $5 million in damages and court documents viewed by The Telegraph indicate that it was in the millions of dollars. A confidentiality provision in the settlement initially kept it out of the news, but it made it out to the public when Pegatron sued its insurance company for not covering its costs in reimbursing Apple for the damages.
Under its Independent Repair Provider Program, Apple contracts with “businesses of all sizes” to function as officially sanctioned iPhone repair centers that users can ship their phones to. These centers generally handle out-of-warranty repairs. As of July 2020 Apple said that it had some 700 of these iPhone repair contractors in the United States; one of the largest is uBreakiFix, which has hundreds of locations across the country. Another is Best Buy, which settled its own suit involving the theft of intimate customer photos in 2015 by “Geek Squad” members.
While Apple may be pro-privacy, it is staunchly opposed to “right to repair” laws that would guarantee its customers the ability to fix their own devices. Apple’s “walled garden” approach currently requires customers to go to its own “Genius Bars” or to contractors such as these for iPhone repairs, which not only puts the customer at the mercy of the repair fees but also may require entrusting sensitive personal data to strangers.