Apple: A Privacy Monopoly?

There’s a lot of Apple news to cover this week, including a looming DOJ anti-trust investigation, and a new, privacy-oriented “Sign in with Apple” feature. Also the United States is wildly overproducing Red Delicious, but that’s enough fodder for a whole other column.

The antitrust and privacy developments, though, have become problematically linked as we look at the future of Apple’s strategic development. It’s worth walking through them both in turn, along with their likely impact on the identity space at a moment when the regulatory spotlight on big tech is particularly glaring.

The antitrust investigation

The week began with a rather unorthodox turf war between U.S. regulatory agencies. The FTC announced that it would be spearheading antitrust investigations into Facebook and Amazon, while the Department of Justice would preside over probes into anti-competitive practices at Apple and Google. Scrutinizing big tech has become one of the few areas of bipartisan agreement on Capitol Hill – the right protesting against perceived free speech violations, the left against disinformation, and the whole lot against the proliferation of data breaches and erosion of privacy. When it comes to Apple specifically, the Supreme Court has already ruled to allow developers to sue over app pricing, and some of the announcements at the company’s Worldwide Developer Conference (WWDC) this week may also add fuel to the antitrust fire. Speaking of which:

Sign in with Apple

The keynote at WWDC covered a lot of territory – a new Mac Pro, the demise of iTunes, Airpods for Animoji – but the announcement that got the most buzz from privacy advocates and identity nerds was a new “Sign in with Apple” federated login service. Similar to existing SSO options from the likes of Facebook and Google, the feature will allow customers to use their Apple IDs for authentication into third party apps. Unlike those existing services, though, Apple will offer users the option to control what information is shared with those third parties, including the ability to use a randomly-generated email address for each transaction rather than the email account associated with a user’s Apple account. This checks quite a few of the boxes we look for when we talk about good identity practice: user control, data minimization, portability, and support for additional factors like biometrics, for example. Apple’s clearly continuing its push to be the big tech good guy on issues surrounding privacy, and is even being touted as “the privacy-as-a-service company.” So, add PaaS to your acronym list.

Where privacy and antitrust intersect

What do these two major developments mean for one another? Since the initial announcement of Sign in with Apple at WWDC on Monday, we’ve gotten a few more details about its implementation that don’t exactly seem like they’re trying to encourage healthy competition. First, the company’s developer site indicates that including Apple’s new SSO feature will be mandatory for all apps in the App Store that use third party identity providers. So that means anywhere there’s a login with Facebook option, there must be a Sign in with Apple button as well. Plus, according to newly released design guidelines, the Apple button has to appear above any other third party authentication option on apps’ login pages. It’s not a great look at a time when the company is trying hard not to smell like a monopolist.

In addition to those implementation concerns, though, the new sign in service puts Apple right at the center of the identity ecosystem for millions of users – and that position comes with an elevated level of control over user data. In the absence of proactive federal regulation surrounding privacy and data protection, Apple as IDP means the company once again is acting as “our de facto privacy regulator.” By most accounts it’s a role Apple has performed well in the past, but consumers shouldn’t have to simply trust that companies should do the right thing with their digital identities.

What next?

Sign in with Apple will be commercially available before the end of the year, at which point mandatory inclusion for apps allowing SSO will begin. Over that same period of time, we anticipate that investigations will begin in earnest on the company’s competitiveness. That will be a long, arduous process – one that will figure prominently in the 2020 elections – but we’ve already seen the first moves toward legal action against Apple, both from private lawsuits and public regulation. With privacy in the crosshairs, we’ll be watching where Apple might bend when faced with an uphill regulatory battle.