Apple faced public scrutiny when viral videos surfaced showing a glaring bug with Apple’s FaceTime feature that allowed the caller to hear conversations and even see video from the person being called before that person accepted or rejected the call. The bug appears to only appear during group chats (chats with more than 2 people), but this hasn’t stopped people from disabling FaceTime entirely. In response to the bug, Eva Galperin, director of cybersecurity at Electric Frontier Foundation, a leading international non-profit dedicated to digital privacy rights, brazenly wrote “Throw your iPhone into the sea.”
…this FaceTime bug follows the recent trend of not-so-privacy-conscious news stories related to Apple products.
Given that Apple frequently touts itself as being pro-privacy, this accident has left consumers wondering whether that pro-privacy stance is truly genuine. These concerns were exacerbated by the fact that media outlets recently began reporting that Grant Thompson, a 14-year-old out of Tucson, Arizona had noticed the bug more than a week before the issue became public. Thompson told his mother, a licensed attorney, about the issue and she reportedly “tried everything she could think of to get Apple’s attention,” including emailing, calling, and tweeting at Apple’s CEO Tim Cook, and even faxing a letter on her law firm’s letterhead.
Importantly, this FaceTime bug follows the recent trend of not-so-privacy-conscious news stories related to Apple products. Along with a 2014 leak of celebrities’ private iCloud photos, some consumers had also recently been growing increasingly paranoid about receiving advertisements for products related to something they had been talking about out loud when the phone was in the room, even when the phone was not in use at the time. This sparked huge concern that Apple was listening in to consumers and selling their information to third-party advertisers.
Sandy Parakilas, a former operations manager for Facebook, has said that he thinks large companies listening in to non-phone conversations is “very very unlikely” because collecting data constantly from iPhones would be too expensive. However, another cybersecurity expert explained that because the iPhone’s microphone, loaded with AI assistants, necessarily has to be able to be triggered by vocal commands like “Hey Siri,” the iPhone is constantly listening for those designated “trigger words.” This mechanism could just as easily allow Apple to listen in for trigger words that relate to products that certain advertisers request. Did the consumer mention the word “cold” or “heater”? Then perhaps that person will receive an ad from a heating repair company that Apple has contracted with. Similarly, a person mentioning “Disney World,” “Miami,” or the word “vacation,” a certain number of times could just as easily trigger an ad from a travel agency or airline. Although it is difficult to discover exactly what the trigger words are because of various encryptions, the possibilities with this technology are endless. The ads could be set to be displayed only if specific trigger words are said a certain amount of times within a certain period of days, or perhaps only if they are said in combination with other trigger words. Another expert explained that this listening in might happen but that “companies know so much about you already, they probably don’t need to eavesdrop.”
In a meeting with Congressmen, Apple specifically denied using these trigger words to listen in to its customers, but did admit, “Apple does not and cannot monitor what [third-party app] developers do with the customer data they have collected, or prevent the onward transfer of that data, nor do we have the ability to ensure a developer’s compliance with their own privacy policies or local law.”
Apple has said that they will fix the FaceTime bug by the end of the week, but this has not stopped lawsuits and government investigations from ensuing. An opportunistic attorney from Houston, Larry Williams II, filed suit for negligence, product liability, misrepresentation, and breach of warranty against Apple, claiming that the FaceTime bug allowed an unknown person to eavesdrop on his private conversation with a client. Williams is seeking compensatory and punitive damages against Apple and claims that Apple failed to notify users of the risks of using FaceTime and responded slowly to the risk, a sentiment expressed by other commenters as well. Furthermore, Letitia James, the Attorney General of New York, announced that her office would be opening an investigation into the FaceTime bug citing that the “FaceTime breach is a serious threat to the security and privacy of the millions of New Yorkers who have put their trust in Apple and its products over the years.” It is unclear how lawsuits against Apple or New York’s investigation will turn out; however, what can definitely be said is that trust in Apple has slowly been eroding as privacy concerns continue to fill the news. Likely, the last thing Apple wants is to have its reputation anywhere near Facebook who has been the subject of numerous privacy hearings and investigations.
Sebastian Brana, 31 February 2019