Tim Cook is right about privacy & security, but over-reaches in his accusations against ad-based revenue models.
Last week, Apple CEO Tim Cook was honored with an award for corporate leadership at the Electronic Privacy Information Center (EPIC) Champions of Freedom event. He spoke extensively on consumer rights to privacy, security and encryption and called on attendees to take a look at the concerns that Apple and fellow tech giants must navigate on these matters.
Security and privacy, as Cook notes, are moral and ethical concerns. It’s good that he and other company leaders are thinking and talking about it. He stated that encryption of customer data and communications should be implemented without government backdoors, and he’s absolutely right on this important issue. See Bruce Schneier’s recent book “Data and Goliath” for a detailed discussion of the societal and business harms done by backdoors. Cook also correctly states that privacy and security are often falsely presented as a tradeoff. See Daniel Solove’s excellent book “Nothing to Hide” for extensive discussion of this topic. I applaud Cook and other company leaders who are taking a strong stance on these issues.
Cook further argues that people are too often lulled into accepting and using free services by companies that use their data for other purposes, especially targeted marketing. He places a value judgment on this: he says it is bad for companies to do so and states that Apple does not use their customers’ data in this way. However, this is a debatable point, and it’s really no surprise that he would take this position: Apple primarily sells devices (devices which I love and have happily used for the past decade), and it is far behind companies like Google and Facebook on its cloud software offerings. The latter companies primarily make money through ads. Without the ads, people would need to pay subscriptions for access to the software. New models can and should be considered for that, and it’s a valid to consider whether people are comforted into complacency by free services which use them as the product. After all, Google and Facebook’s actual paying customers are advertisers, not the people who use their services. However, we shouldn’t forget that there are strong positive network effects to ad-based revenue models like those of Google and Facebook: more people using those services means the services themselves become better, or even interesting at all. After all, who wants to be on Facebook if nine-tenths of the people you know wouldn’t use it if they had to pay for it?
If we accept that ad-based revenue models are okay (think about TV since its inception), then improved targeting can be a very good thing. My family has recently been plagued by YouTube ads that are completely inappropriate for our kids (six and two years old). For example, episodes of Magic School Bus get interrupted by ads for violent movies–we have to be ready to turn the screen and press mute. If YouTube did a better job of selecting ads based on the content and who is watching it, that would be a very welcome improvement. We pay for services like Netflix and Amazon Prime, but there is lots of great content on YouTube we can’t find on those ad-free services. My biracial family would even cheer to be targeted by the wonderful Cheerios ads which amazingly shows a biracial family just being a family. That’s still very rare for marketing, and we’re in a micro-segment that greatly appreciates when marketers acknowledge our existence and our normality in American society.
Aside from ads, companies use customer data all the time to provide greater value. Spotify uses my listening history to inform me of new releases by musicians I like and provides recommendations for new groups I haven’t checked out yet. Amazon suggests products based on the current shopping cart that might complement the items in it or be good alternatives. Facebook curates my feed so that I don’t have to scan every post by every person in my network and end up bored. Facebook also knows that I’m my mother’s son and that she definitely wants to see anything I post about her amazing grandkids, and just as important, it also knows that many of my academic colleagues have no interest whatsoever in those same posts.
A key principle in all this discussion is for customers to be able to understand how their data is used and potentially shared. The importance of establishing ethical guidelines and communication around personal data is paramount. This is especially urgent given the advent and development of the so-called Internet of Things, with its interconnected devices in our homes and on our persons that record and transmit data about our habits and preferences. Many of the issues around customer data, the value it provides businesses, the value it provides to customers themselves, and the rules governing collection and processing are clearly discussed in the recent Harvard Business Review article “Customer Data: Designing for Transparency and Trust”.
Cook also doesn’t directly address data breaches. This is arguably far more important than whether a company uses your data to deliver ads to your eyeballs. As Schneier discusses in Data and Goliath, companies are currently not held fully accountable for data breaches:
“…corporations find it cheaper to spend money on PR campaigns touting good security, weather the occasional press storm and round of lawsuits when they’re proven wrong, and fix problems after they become public. This is because most of the cost of privacy breaches falls on the people whose data is exposed. In economics, this is known as an externality: an effect of a decision not borne by the decision maker. Externalities limit the incentive for companies to improve their security.” (pp. 191-193)
It is worth noting that Cook’s stance on encryption backdoors is important in this regard: if companies allow them so that governments can hack customer data, that makes it easier for others actors to exploit the same backdoors, making us all less secure.
In sum, I cheer the emphasis Cook is putting on privacy and security, but let’s not confuse those issues with whether ad-based revenue models are okay and whether companies can deliver better products by using customer data. Let’s instead consider specific privacy and security issues in the context of ad-based revenue models. I’d also love to see Apple put its tremendous weight, resources and influence behind creating actual viable alternatives to ad-based revenue models for cloud based services. Finally, let’s not lose sight of other, perhaps bigger, practical concerns such as accountability for data breaches.
Recent Comments