Apple stepped forward this week into the unexpected role of privacy regulator, banishing Facebook’s ethically fraught data harvesting application from its devices. Apple’s willingness to stand up to Facebook’s data practices raises the tantalizing question of how device manufacturers like itself could potentially help rid our devices of unethical applications as governments refuse to penalize the highly profitable world of the surveillance economy. In particular, what if Apple simply banned all use of facial recognition for anything other than authentication?
Governments throughout the world have been reluctant to reign in the extraordinarily profitable world of data harvesting that powers the modern internet. Those that have tried have ultimately yielded to the demands of corporate lobbyists, ensuring the resulting laws have been so watered down as to be almost useless. In some cases technology companies have actually weaponized new legislation to reverse the previously strong privacy laws that had prevented them from rolling out particularly sensitive technologies like facial recognition.
Since governments won’t step in to save their citizenry, could device makers play the role of patron saint of privacy?
Our digital lives are increasingly lived through our smartphones, smart watches, tablets and other mobile devices. Companies like Apple wield near absolute control over their application ecosystems, directly approving each app that is permitted to be installed onto their devices.
This was the power that Apple leveraged this past week to deactivate Facebook’s entire suite of internal applications with the flip of a switch.
Yet, could Apple use that same power to enforce a strict prohibition on ethically fraught data practices?
Facial recognition has proven to be an increasingly controversial application of AI. While many applications of facial recognition do not involve smartphones, there are plenty that do, including the mass facial recognition performed by social media companies like Facebook.
What if Apple enacted a policy that banned the use of imagery generated by its phones from being used for facial recognition tasks other than application authentication? Apps that want to use the user’s face to authenticate the user in lieu of a password could still do so, as long as they agreed to use the biometrics exclusively for authentication and not for any other task.
Any usage of the authentication biometric data for other tasks would result in an immediate lifetime ban for the developers from Apple’s ecosystem. While it would be difficult for Apple to identify every misuse entirely on its own, it would grant it the leverage to take immediate action against bad actors when it discovered them.
Most facial recognition tasks are performed remotely in the cloud, rather than entirely on the local device. For example, Facebook’s mobile application uploads images to Facebook’s server farm where it runs its facial recognition models and tags the image with the people it contains.
Apple could easily accommodate this in its terms of service for application developers, requiring them to agree not to perform non-authentication facial recognition in the cloud on any images taken by that device.
In Facebook’s case, such a rule would mean Facebook would not be permitted to perform facial recognition on any images submitted by its Apple users, cutting it off from harvesting the biometric information of a broad swatch of its user base.
In essence, Apple users would become privacy privileged netizens, granted the right to use their phones without having themselves monetized into digital biometric models powering Facebook’s surveillance engine.
Of course, Facebook in particular has taught us how creative companies can get in pushing the boundaries of their legal contracts or even violating them outright. However, this has largely been because companies have faced few penalties for violating those restrictions. Even the Facebooks of the world would think twice about risking being entirely banned from Apple devices even temporarily.
Larger companies could get around these rules by forming shell companies to perform the actual facial recognition and allowing those shells to be banned without impact to the parent company, though Apple could easily adjust its legal contracts to address this. Smaller startups would likely be the ones taking the risks to build illegal facial databases, but here again Apple could add contractual language legally encumbering these models from being used by any reputable company, dramatically reducing their value and permanently blacklisting their programmers from the Apple ecosystem.
Given the immense economic havoc this would wreak to the surveillance economy, it is likely that companies like Facebook would respond by lobbying for new legislation that would enshrine their right to mine our biometrics and make it illegal for any company to protect us from having our bodies harvested and replicated into the digital world.
Putting this all together, Apple’s sharp rebuke of Facebook’s data practices this week has awakened a slumbering giant and shown us the power of the device companies like Apple to take a stand and protect us from unethical data practices. Likely Apple will quietly go back to the status quo, but it is worth considering what might be possible if Apple stepped forward and took a leadership role against some of the most egregious tactics of the online world like biometric harvesting for facial recognition. Perhaps Apple could become the new patron saint of our digital privacy.
