You may have seen yesterday that Apple took another step in its recent efforts to become the public’s favorite privacy-protecting tech giant.  At WWDC, the company’s annual developer conference, CEO Tim Cook unveiled the new “Sign In with Apple” feature, a user authentication platform.  Like the secure sign-on (SSO) platforms designed by Google and Facebook, it allows users to access websites or authenticate by logging in with their existing, verified information that Apple already possesses internally. It’s a way for users to verify who they are without establishing unique account identifiers and credentials for every site they want to visit or every app they want to use.

Keep it Secret, Keep it Safe

The difference between Apple’s new platform and its rivals’ is the emphasis on privacy. In line with the company’s efforts to bolster its privacy credentials, it has created a depersonalization mechanism that insulates personal data.  As Apple chief software engineer Craig Federighi said,

A simple API allows a developer to add a ‘Sign in with Apple’ button right in their app. You just tap it, and you’re authenticated with FaceID on your device, logged in with a new account, without revealing any new personal information. . . . Some apps may want a name, and maybe even an email to send you information when you’re outside the app . . . We do allow them to request this information . . . but you can choose to share your actual email address, or you can choose to hide it.”

Of course, no Apple announcement on privacy would be complete without a fairly obvious subtweet at rivals Facebook and Google from Tim Cook:

You know, we’re not really taking a shot at anybody. We’re – we focus on the user. And the user wants the ability to go across numerous properties on the web without being under surveillance. We’re moving privacy protections forward. And I actually think it’s a very reasonable request for people to make.

The phrase “we’re not taking a shot at anybody” is best translated as “Facebook and Google we are directly firing at you.”  The implications for Apple’s rivals are pretty clear: every user who switches to Apple’s SSO will deprive Facebook and Google of a vast amount of valuable data.  Both companies use their SSO platforms to bundle their own code and API calls into outside apps to accumulate user tracking and ad performance/placement data. So when Tim Cook says that Apple is moving privacy protections forward and that it’s “reasonable,” the implication is obvious: Facebook and Google’s collection of personal data through SSO’s is unreasonable, and reasonable people will switch to Apple.

If You Give a Mouse an Apple

But if that information is so valuable, why would Apple ignore it?  If Apple is truly going to leave all of the user data it accumulates alone and not share with third party sites or apps, then it’s going to leave a huge amount of money on the table.  Why?  You could take the optimistic approach and say that Apple really does care about user privacy, and that it’s trying to shift the market towards a more humanized approach to data collection.  That’s a nice, simple answer, which means it’s almost certainly wrong.

Instead, consider the following.  Apple doesn’t derive its revenues from ad placement.  It’s a net consumer of advertising space, including the very ad space that Facebook and Google sell.  That means Apple’s revenue model doesn’t depend on its ability to sell ads from third parties on its platforms and services — it’s why you get commercials on Pandora or Spotify but not on Apple Music.  But while creating an SSO that doesn’t place Apple code or collect and bundle user data isn’t going to feed into Apple’s revenues, it will cut into Facebook’s and Google’s.  That has two benefits: it diminishes F/G’s  market position and makes the ads that Apple has to pay for cheaper, because F/G’s reach for their ads is going to be smaller.

Apple has been pushing its new privacy role hard – it was Tim Cook at the International Conference of Data Protection and Privacy Commissioners in Brussels who called for a more stringent global standard for data protection and privacy.  Other tech leaders followed suit, but it has only been Apple that made privacy a central component of its marketing model this year.

Why does this matter?  Because Apple is creating a lure for privacy-minded individuals.  Apple, for now, has embraced privacy-oriented technologies and platforms in an effort to create an image as a privacy-conscious corporation.  But that’s simply good business sense: research consistently shows that people who care about privacy are willing to pay for it.  Apple’s entire business model depends on luring customers into its pricey-but-exclusive ecosystem of polished aluminum bezels and $6,000 wheeled cheese graters.  That’s why Apple doesn’t do deep discounts on older products or do BOGO specials at Memorial Day — it depends on an image of luxury, because luxury goods are durable even in recession.  So, those users who care the most about privacy, and who also happen to be more capable of paying for privacy, now have a reason to start using Apple’s SSO.  And once you’re using Apple’s SSO more frequently, you’re more likely to start using iTunes or Apple Music, and then perhaps you’ll buy an iPhone….

Watching the Watchers

None of this should suggest a criticism of Apple’s decision.  It’s not a perfect solution, to be sure — we think it will cause dirty data problems and will make responding to DSARs or Article 17 deletion requests much more complicated — but it has its benefits, to be sure.  And we certainly don’t criticise Apple for attempting to outflank its rivals with a new program: it’s how the market works.

Instead, we want to highlight potential problems with the secondary effects of Apple’s new tool.  Even if we cast aside Apple’s clear economic motivations for this move, the intended effect among consumers and legislators is that Apple is striking a blow against surveillance capitalism, and that things might get a little better.  The purpose of these announcements is to generate buzz, yes, but also to create the impression that tech companies are capable of self-regulating, as they have done for decades now.  Apple’s position is slightly different than Facebook or Google or Amazon, but it remains a tech giant, and an onerous or punitive federal privacy law would be just as threatening in Cupertino as it would be in Mountain View or Menlo Park.

Put another way, Apple needs to at least create an impression that the AMGAF giants are moving in the right direction, because (unlike its rivals, it seems), it learned the lessons of Microsoft’s fight with the Justice Department in the 1990s: you can’t beat Washington.  Maybe that’s why Apple and Microsoft aren’t presently under investigation for antitrust violations, but Amazon, Facebook, and Google are.  Microsoft itself has spent a great deal of time lately mimicking Apple’s public commitment to privacy, even though its business model very clearly does follow the “you click, I track” model.

Will small tweaks like a more-private SSO be enough to fundamentally alter the privacy of consumers?  Not by a mile.  Will they be enough to forestall major privacy legislation or a shift in enforcement practices by the FTC?  Possibly.  Small changes let off steam, so to speak, in that they lower the aggregate amount of concern over privacy practices.  A major FTC fine against Facebook here, a better privacy policy there, and things start to look like they’re moving in the right direction.  But the problem with self-regulation like this is that it can become self-deregulation in an instant.  That’s the kind of situation that leads to a massive shift in government policy on a proverbial dime — consider the shift from Gramm-Leach-Bliley in 1999 to Sarbanes-Oxley just three years later.  Striking the right balance is going do be difficult, if it is possible at all.

In short, Apple’s SSO is, in itself, generally a good thing for consumers who want more privacy.  But we also think that it is part of a consciously designed strategy to draw users into the Apple ecosystem and reduce the risk of an aggressive movement against self-regulation in the tech sector.  Apple isn’t looking at its competitors to determine its moves as much as it is looking to Washington to consider how to establish its place the regulatory landscape.  Whether we’re witnessing the final days of the unregulated market or a slow shift towards oversight remains to be be seen, but Apple clearly wants to end up as the industry leader in either scenario.  Right now, it looks like it will.  Don’t forget: the one game on every Apple computer, for years, has been chess.