Former Facebook security chief questions Apple's privacy double standard in China
Following Apple CEO Tim Cook's impassioned speech on privacy delivered at a privacy conference in Brussels, former Facebook chief security officer Alex Stamos questioned the tech giant's motives and current policies in a hot take posted to Twitter.
Stamos said he agreed with "almost everything" Cook said during his keynote address at the 40th International Conference of Data Protection and Privacy Commissioners in Brussels on Wednesday, but noted the tech giant's aspirational view on privacy is not universal.
In China, Apple's most important growth market, the company at the behest of government regulations implements system-level iOS and Mac restrictions that disallow the installation of certain VPN and end-to-end encrypted messaging apps. These services, Stamos suggests, are important privacy tools that let users "avoid pervasive censorship and surveillance" in a regime known for implementing such policies.
Further, Stamos notes Apple recently migrated Chinese iCloud data to in-country servers run by partner Guizhou-Cloud Big Data Industry Co. Ltd., again to conform with government laws. The initial move stirred its fair share of controversy, but a so-called "infrastructure agreement" with state-owned Tianyi Cloud service seemingly flew in the face of Apple's assurances against government snooping.
"We don't want the media to create an incentive structure that ignores treating Chinese citizens as less-deserving of privacy protections because a CEO is willing to bad-mouth the business model of their primary competitor, who uses advertising to subsidize cheaper devices," Stamos said, referring to Cook's ICDPPC speech.
Cook earlier on Wednesday presented barbed commentary on the state of modern consumer data collection practices.
"Our own information is being weaponized against us with military efficiency," he said, adding, "We shouldn't sugar-coat the consequences. This is surveillance. And these stockpiles of personal data only serve to enrich the companies that collect them."
Cook did not name names, but Google and Facebook were clear targets of what amounted to a 15-minute rebuke of data monetization strategies. He went on to call for U.S. privacy regulations crafted in the same vein as Europe's GDPR, saying any proposed legislation should require companies to adhere to four main tenets to be effective: data minimization, transparency of data collection practices, easy access to stored data and security.
"Cook is right, the US needs a strong privacy law and privacy regulator, and advertising companies like Google, Facebook and Twitter need to collect less data and minimize more often," Stamos said.
Still, the ex-Facebook executive said Apple's push for data protections in its domestic market — and an endorsement of the same worldwide — are seemingly at odds with its Chinese operation.
"Apple needs to come clean on how iCloud works in China and stop setting damaging precedents for how willing American companies will be to service the internal security desires of the Chinese Communist Party," Stamos said.
For its part, Apple maintains the VPN app takedown and iCloud migration were both conducted in compliance with Chinese regulations. Privacy advocates, however, argue Apple willingly kowtows to China as it fights similar calls for conciliation in other markets, including the U.S.