Letters Home From The Privacy Wars: Apple Vs. Google And Facebook

Dear Mother, The Privacy War is going splendidly! We are testing the latest iteration of the secure enclave, and the rebels will soon be on the run! Love, Your Son, Gen. Timothy Cook. Mathew Brady

Battle Lines

Now that the Corn Syrup Wars have thankfully ended without further loss of life, it is time to turn our attention to the other battle raging in corporate America: tech companies fighting over user data privacy. It's not quite the WWE (WWE), but I find it pretty exciting.

Apple (AAPL) opened up this war years ago both as a matter of necessity and long-term strategy. Apple took stock of the growing consumer services market, led by Google (NASDAQ:GOOG) (NASDAQ:GOOGL) and Facebook (FB), and as usual did not look to compete directly with the established leaders, but rather for what Apple's unique contribution to the market would be, and how that would benefit the user experience.

Unless they began collecting data on their customers at scale, they were never going to be able to compete. Even then, their ability to compete would be hampered by the head start their competitors had on them. Apple decided that their advantage would be to not engage in the massive data collection of their competitors. In typical fashion, they designed a variety of hardware and software technologies to protect privacy, and limit data collection to themselves and third parties, and this has been an increasing part of their marketing pitch.

It all sort of culminated with this ad, from March:

The message is clear: whom do you trust?

Google and Facebook are fighting back, but they have a central tension that will always be a problem. Their highly successful ad platforms are highly successful because of the amount of personal data they collect from users, and what they do with it. Any steps they take to limit data collection will hurt their ad businesses, which are cash cannons that no one wants to silence.

The Apple Model: Explicit Pricing

In his May 7 New York Times Op-Ed, Google CEO Sundar Pichai inadvertently made Apple's case for them:

...privacy cannot be a luxury good offered only to people who can afford to buy premium products and services. Privacy must be equally available to everyone in the world.

I come helpfully equipped with a BS-to-English translator:

Apple makes the cost of technology explicit. We do everything we can to hide the cost from the user. It's how we make money, after all.

The Apple model is that you get everything with the price of the phone. A few examples that no Android phone can match:

• Tight integration with your computer, tablet, watch, set-top box
• Free software and security updates for life of product (currently 6 years)
• Effective app store malware security
• Most data stored and processed on-device, leveraging encryption, the neural engine and secure enclave
• No call tracking
• No email data harvesting
• Messaging with end-to-end encryption
• Cloud services with no data harvesting
• Fine controls over how apps are allowed to use your hardware
• Native apps for word processor, spreadsheet, presentation, audio recording/editing/mixing, video editing, and photo editing
• Free classes at an Apple Store near you

These things are "free" with your iPhone, but of course, they are not free. They are all part of the high price tag. You get it all, whether you want it or not.

This is changing a bit with the new services they are rolling out, which come with monthly subscriptions. But Apple was pretty clear during the March services event that their commitment to privacy extended to the new services.

• News: "We don't know what you read, and we don't allow advertisers to track you."
• Card: Apple and Goldman (GS) will not be collecting data on what you purchase.
• Arcade: Apple will not collect data on what you play and the games cannot do so either.
• TV: Apple will not be collecting data on what you watch.

Moreover, this lack of collection has become a major sticking point for media partners, who very much want this data. Apple's lack of success in attracting a wide range of video content to Channels is more due to this than the fear of Apple grabbing revenue with both hands.

It also hurts Apple because Siri will always lag its competitors without the feast of data that Google's and Amazon's (AMZN) services swallow every moment of the day.

But Apple is willing to take those hits, because the long-term strategy of being The Privacy Company is more important than getting Netflix (NFLX) subscriptions into the Channels interface.

The Google Model: You Are the Product

Google provides a variety of fantastic services for "free," but of course, they are not free. Every time you do a Google search, use Maps/Waze, or Google Now, the tracking begins, and it never ends. You are the product.

If you own an Android phone, it is constantly passively sending data back to Google. Professor Douglas Schmidt of Vanderbilt University studied what Android phones are doing when not in use. Key findings:

• A dormant, stationary Android phone (with the Chrome browser active in the background) communicated location information to Google 340 times during a 24-hour period, or at an average of 14 data communications per hour. In fact, location information constituted 35 percent of all the data samples sent to Google.
• For comparison's sake, a similar experiment found that on an iOS device with Safari but not Chrome, Google could not collect any appreciable data unless a user was interacting with the device. Moreover, an idle Android phone running the Chrome browser sends back to Google nearly fifty times as many data requests per hour as an idle iOS phone running Safari.
• An idle Android device communicates with Google nearly 10 times more frequently as an Apple device communicates with Apple servers. These results highlighted the fact that Android and Chrome platforms are critical vehicles for Google's data collection. Again, these experiments were done on stationary phones with no user interactions. If you actually use your phone, the information collection increases with Google.
• Google has the ability to associate anonymous data collected through passive means with the personal information of the user. Google makes this association largely through advertising technologies, many of which Google controls. Advertising identifiers - which are purportedly "user anonymous" and collect activity data on apps and third-party webpage visits - can get associated with a user's real Google identity through passing of device-level identification information to Google servers by an Android device.
• Likewise, the DoubleClick cookie ID - which tracks a user's activity on the third-party webpages - is another purportedly "user anonymous" identifier that Google can associate to a user's Google account. It works when a user accesses a Google application in the same browser in which a third-party webpage was accessed previously.

Ick. Some recent headlines:

• Google collects Android users' locations even when location services are disabled (11/21/2017)
• Google tracks your movements, like it or not (8/13/2018)
• Google will stop peddling a data collector through Apple's back door (1/30/2019)
• CNIL issues 50 million euro fine against Google in the first major GDPR infringement case (2/4/2019)
• Google uses Gmail to track a history of things you buy - and it's hard to delete (5/17/2019)

That last one is 10 days after Pichai's Op-Ed, where he wrote this:

To make privacy real, we give you clear, meaningful choices around your data. All while staying true to two unequivocal policies: that Google will never sell any personal information to third parties; and that you get to decide how your information is used...

A small subset of data helps serve ads that are relevant and that provide the revenue that keeps Google products free and accessible. That revenue also sustains a broad community of content creators, which in turn helps keep content on the web free for everyone. The data used in ads could be based on, for example, something you searched for or an online store you browsed in the past.

Or, for example, every single place your phone has ever been. Or, what you are emailing about. Their entire business is built on knowing everything about you, so that they can serve you up ads that will work. They are not shutting that money cannon down.

The Facebook Model: Everything, All the Time

Zuckerberg also recently took a backhanded slap at Apple over privacy in a March 6, 2019, Facebook post.

Upholding this principle may mean that our services will get blocked in some countries, or that we won't be able to enter others anytime soon. That's a tradeoff we're willing to make. We do not believe storing people's data in some countries is a secure enough foundation to build such important internet infrastructure on.

He is referring to the fact that Apple stores Chinese user data on servers in China. Though he goes on in the same post to praise encryption effusively, he totally elides the fact that all the data on Apple's Chinese servers is encrypted. Can't believe he didn't bring that up.

But more to the point, Zuckerberg wanted us all to know that he Got The Message. Things will be changing:

This privacy-focused platform will be built around several principles:

Private interactions. People should have simple, intimate places where they have clear control over who can communicate with them and confidence that no one else can access what they share.

Encryption. People's private communications should be secure. End-to-end encryption prevents anyone -- including us -- from seeing what people share on our services.

Reducing Permanence. People should be comfortable being themselves, and should not have to worry about what they share coming back to hurt them later. So we won't keep messages or stories around for longer than necessary to deliver the service or longer than people want them.

Safety. People should expect that we will do everything we can to keep them safe on our services within the limits of what's possible in an encrypted service.

Interoperability. People should be able to use any of our apps to reach their friends, and they should be able to communicate across networks easily and securely.

Secure data storage. People should expect that we won't store sensitive data in countries with weak records on human rights like privacy and freedom of expression in order to protect data from being improperly accessed.

In classic Zuckerberg fashion, he has completely stripped privacy of its meaning. The reason they can do all this is because they no longer need to listen in on your conversations to know who you are, and what you want, and what ads to serve up to you. There is plenty to be inferred from metadata, with whom you converse, where you are, etc. He will define privacy as these things, when they still have an unbelievably detailed and accurate profile on everyone using their service.

Here are some headlines, just since that Facebook post:

• Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years (3/19/2019)
• 'Beyond Sketchy': Facebook Demanding Some New Users' Email Passwords (4/2/2019)
• Facebook says it stored millions of Instagram passwords unencrypted on its servers (4/18/2019)
• Facebook says it 'unintentionally uploaded' 1.5 million people's email contacts without their consent (4/18/2019)
• Thanks to Facebook, Your Cellphone Company Is Watching You More Closely Than Ever (5/20/2019)
• Facebook facing most probes by Irish data regulator [11 out of 19 investigations] (5/27/2019)

Zuckerberg:

Frankly we don't currently have a strong reputation for building privacy protective services.

I wonder why? Again, they have the same problem as Google, but it is even more pronounced. Their entire business model is knowing everything about you and serving up the exact right ads from the exact right places. They are not retiring that cash cannon any time soon.

Apple Returns Fire on Memorial Day

Apple is famously the most obsessively secretive company in the world. Any time they let a journalist into one of their facilities, they have a very good reason for it. Today's reason was to let everyone know who the King of Privacy is.

Andrew Griffin of the UK Independent was given a guided tour of two different Apple facilities by Craig Federighi, SVP of Software.

1. The facility where they stress test the heck out of the secure enclave. Never failing is important with that one.
2. The facility where Apple employees put the Apple Watch through its fitness-tracking paces to further its development and the Health app's.

The points Apple was making:

1. We put more thought and effort into our secure enclave than other companies put into the entire phone.
2. We could easily collect user health data and anonymize it, but we pay people to collect the data instead, because the former is too dangerous. We can find other ways to make our services better than violating user privacy.

I am a little skeptical of that last claim, especially when it comes to Siri. But one thing about Apple: they will keep plugging away. I await the inevitable response from everyone else.

In any event, Apple got what they were looking for:

UK Independent screenshot

One More Thing...

A lawsuit was filed in California late on Friday, and Variety followed up today. Three plaintiffs from Rhode Island and Michigan are claiming:

1. Apple sold customer data to data brokers.
2. Apple revealed user data to app developers.

Explosive (if true)! What's their evidence?

1. There are marketing lists tagging individuals as "iTunes and Pandora music purchasers."
2. Some hand-waving.

I'll let Variety handle that first claim:

There doesn't seem to be any acknowledgement in the filing that data brokers could have gained access to that type of purchasing data through other means, including for instance third-party loyalty programs.

As far as the second goes, we will have to see. But if it is similar to the first claim, then it is also nonsense.

The Lukewarm War

There is just so far the companies can go here, since all three are dependent on one another, and that is not changing any time soon. The rapid artillery fire of the Corn Syrup Wars is unlikely to be duplicated. There is a reason they are subtweeting, and not saying each other's names out loud.

I have long thought that Apple is on the right side of this in the long term, and that there would be a privacy revolution where everyone would leave Facebook en masse out of disgust. I continue to be wrong, but things seem to be moving very slowly in that direction.

Facebook obviously now understands this, but they see it as a problem of image, not of substance. Bets on when the next head-shaking Facebook privacy-related headline comes? Tomorrow? The next day? The fines are just the cost of doing business the way they do it, and they will never match the revenue that privacy invasion produces. They will always push the envelope and apologize when caught.

Google has less of a problem for one simple fact - their services are incredibly useful, and their search is so ingrained in contemporary life that it is a verb - just Google it if you don't believe me. It's much harder to dump Google - believe me, I've tried. But the central tension still exists for them - the less they collect, the worse the services become at the primary goal: making money. Pichai can give all the lip service he wants to how they anonymize data, but they still know just about everything about not just their users, but anyone whose browser happens upon their site.

It's how they make money, and they would like very much to obscure that as much as possible.

Disclosure: I am/we are long AAPL. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.