Apple Inc. (NASDAQ:AAPL) is known as purveyor of flawless future-tech for the present-day everyman; best-in-class devices connected to software and services that just work, often seamlessly together. We want to know that our iPads will light up less than a second after we touch the home buttons and our iPhones will complete calls and that our private stuff will stay private.
Apple has long sold us the story that its products “just work," but that reputation took a hit this week after iCloud’s role in a hack that lead to the release of hundreds of nude celebrity photos.
Apple issued a statement in response to the attack, which reads largely like a dodge of blame. While Apple was “outraged and immediately mobilized Apple’s engineers to discover the source,” the company also says that “none of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone.” Hackers running a “brute force” attack on an iCloud account aren’t actually breaking security, they’re simply guessing passwords over and over until one of them works.
This is a distinction that customers don’t care about. They will hear, in effect, “It’s not our fault hackers guessed your password.” This blame-the-user mentality is reminiscent of the 2010 release of iPhone 4. The phone’s antenna was exposed externally, and gripping the phone a certain way might cause your call to disconnect. Apple dismissed loads of complaints with what became a party line amounting to a joke: “You’re holding it wrong.”
This is 2014’s “You’re holding it wrong.” Blogger Michael Arrington thinks this is a big problem going forward. “Even if Apple fixes the problem, or has fixed the problem with the patch they just released, they’re still screwed, The damage, the massive damage, has already been done. Because everyone now understands that their phones aren’t secure. Even things they thought they deleted are vulnerable. That’s something that will haunt Apple for a decade.”
It's hard to know how this is sinking in for consumers. Asked if they're concerned about the safety of photos on iCloud, a poll of 538 iPhone users by the mobile research firm Qriously found some uncertainty: 32 percent said "yes," 41 percent said "no," and 27 percent said, "not sure."
Apple users loved Cupertino's closed garden in part for the security: it's been famously impervious to viruses that afflict the PC world. They also like Apple's transparency. They lock you in in hopes of selling you your next device, unlike Google, whose entire business model is to make money from your data through advertising.
Further, Apple's blame-the-user mentality comes as it wants customers to entrust it with even more sensitive data. The new iPhone 6 will be able to collect medical data though new sensors and its HealthKit software tools. It’s partnering with Visa, Mastercard, and American Express to turn the next iPhone into your credit card. (The iPhone’s thumbprint sensor may also play a role in payments, though that’s not yet confirmed.)
If the public is going to use an iPhone as its preferred payment method on the level that Apple wants, then the company needs to cash in all the ease-of-use-meets-security clout that it can get, so this iCloud hack is especially poorly timed news. Anil Dash tweets a corrollary that’s snarky but apt after today’s statement:
"Of course you can trust us with a perfect digital replica of your actual thumbprint! No, no one could possibly keep your photos secure."
— Anil Dash (@anildash) September 2, 2014
We already know Apple’s quite good at simplifying the hard stuff. Cordless screen mirroring via Apple TV. Instant Wi-Fi network setup by plugging in an Airport Express. Now is time for the company to rise to the occasion and invest in security.
The Macintosh 128K contained signatures from every member of the Macintosh team on the inside of its case. It's time for Apple to turn that pride of product onto its iCloud suite of services and turn them into something worth signing the inside of the case for.