Exploring the trade off between convenience and security with consumer products
In September, Apple launched its newest round of iPhones—the iPhone 8 and 8 Plus, with the iPhone X shipping in November—in what has become a familiar spectacle. In many ways, each launch is a snapshot of the technological developments that have recently come to the fore. Not necessarily new technology, exactly, but tech that will suddenly become very widespread and move beyond its creators’ intent, like a new species of creature created in a laboratory being released into the wild. As such, these markers provide a glimpse into the opportunities and challenges these advances present for society, not just the individual consumers.
It shouldn’t be the case, but it too often is, that it feels like a zero-sum battle between convenience and security. Boil it down to its simplest expression, the lock screen. It’s annoying to have to type in a PIN every time you unlock your phone—often hundreds of times per day. How badly this battle is going is reflected by the fact that 28% of smartphone usersdon’t use a lock screen at all, leaving themselves at tremendous risk should their phone be misplaced or stolen. Manufacturers have attempted to make it easier without reducing security, with mixed results that usually favor convenience, not security. For example, swiping a pattern instead of a PIN. Biometrics began with fingerprint scanners, which is less secure than a PIN but very handy. (Or “differently secure” at best, since if you’re in the position of being coerced into using your fingerprint you’re also in position to be coerced into giving up your passwords. The comic XKCDsummed up this problem long ago.)
Biometric security is now taking its next big step in the market. The newFace ID feature built into the iPhone X replaces the fingerprint unlock on current models. Instead of having to press down on a home button, users now have only to look at their phones to start using them—the pinnacle of convenience. The option to use a passcode remains for users who harbor security concerns, but there is no doubt the new feature will be irresistible to many.
The implications for users that opt into Face ID are substantial. At the security level, your face is public information, not private, and using public info as a password is intrinsically risky. Second, the phone’s sensors must always be on in order to detect faces and unlock when prompted. As a result, we will be constantly watched by our phones. Nefarious actors can hack into these devices to spy on users, tracking their facial expressions, their reactions to the content they consume, and who they are with. The Face ID feature will also work withthird-party apps, to allow users to access all kinds of sensitive information, from their health records to financial transactions, with a mere glance.
Always-on video is only the newest element of an issue that has already become commonplace. The Amazon Echo is one of many “home assistant” devices that constantlymonitors users, and presents a similar conundrum. As in the case of the iPhone X, individuals can make a choice about how they want to interact with the device, choosing to disable Face ID on the iPhone or to continuously delete Alexa’s recordings on the Echo. But when they do so, they are giving up a tantalizing degree of convenience—a very tangible short-term benefit—to protect against a nebulous threat to their privacy. Expecting most people to even be aware of all the potential consequences of products they use constantly, let alone to change their behavior, is setting an unrealistically high bar. Touch ID and its kin created the largest fingerprint databases outside of the FBI, but people who would instinctively recoil at being fingerprinted at the bank, or even at the airport, happily give this data to Apple in exchange for convenience.
The companies creating these products must play a role in structuring the tradeoff between convenience and security, defining the playing field that then limits individuals’ choices. If an extensive history of recordings makes Alexa a more effective voice assistant, it is unlikely that users will periodically erase recordings, even if it means bolstered security. If they are opting in, they presumably want all the features to work as advertised. And what about those who don’t use these products but are nevertheless caught up in their nets of surveillance? If you enter a home with an Amazon Echo installed, is it the responsibility of the owner to inform you that your communication will be monitored, or is it up to you as a guest to safeguard your privacy by asking?
Companies should use their power to set the default behavior of their customers to better protect against the most egregious privacy and security threats, especially violations that have downstream effects beyond the individual. Otherwise they should leave people free to make their own informed choices—as long as those choices do not endanger other users.
It may seem hopeless to get a generation brought up sharing dozens of selfies every day to worry about privacy, but these issues won’t go away. The next big corporate hack, the next virus or exploit, will put security on the front pages only for a few days. These aren’t occasional blips or accidents, however. It’s how we now live—in a world where everything is shared, stored, and connected. There will always be crooks breaking into databases just like there are always crooks breaking into cars and houses. This doesn’t mean we should tolerate it, only that we should be realistic and, I hope, more cautious about the long-term impact of sharing so much so readily.
A few of myrecent conversations with Avast security experts about consumer behavior made me think of the old joke about the two campers surprised by a hungry bear while swimming. One starts to run while the other pauses to put on his shoes. “Why are you putting on your shoes?” says the first. “You still can’t outrun a bear.” “I don’t have to outrun the bear,” replies the second. “I only have to outrun you!” Your computer, phone, and data will never be 100% secure, but they are much safer if they are more secure than everyone else’s, so pause for a moment toput on your shoes.