The Tyranny of a Thousand Zooms

The Department of Justice’s antitrust suit against Apple is one of the worst calamities to hit computer privacy in recent memory. If we want to understand where this could very well take us, we don’t need a hypothetical future horrible privacy mess, we need only look at Zoom video conferencing software.

Ostensibly, the DOJ is seeking to prevent corporate control of our lives and claims it is helping our privacy. This is the same bureaucracy, however, that sued (and won) an antitrust suit against Apple for the audacious act of trying to crack Amazon’s monopoly on the e-book market. The DOJ has a peculiar way of helping us out.

Since all of our computing devices started being connected to the Internet, there has never been a mainstream platform more successful at providing user security than iOS and iPadOS. Yes, carefully tweaked “hardened” Linux solutions can be more secure. But, hundreds of millions of devices later — unlike niche configurations — a user can buy an iPhone or iPad and expect never to deal with viruses or bad actors spying as he or she uses the device.

This has come about by Apple choosing the best defaults for most people. This is in contrast to when one boots up a Windows or Android device and needs a tweakathon to get to a (reasonably) secure place.

What does this have to do with Zoom? Everything.

Unless you were in stasis during the last four years, you know how omnipresent Zoom has become for video conferencing. It became this decade’s “Kleenex.” What many users do not know is Zoom’s horrendous security record. From easily intercepted communications to the company’s code actively disabling computers’ security systems as if it were malware, Zoom is a security nightmare.

Sheer ubiquity made avoiding Zoom hard for security-conscious folks like myself. How much more so if you work at a company or attend a school that insists you use it? Are you going to quit your job because they insist you video conference with insecure software?

Yet, thanks to Apple’s strict approach, allowing only apps from the App Store, when I couldn’t avoid Zoom entirely, I could use it on an iOS or iPadOS device for added safety. Yes, it’s still an insecure platform I’d never put confidential information on, but at least when I hit the hangup button I didn’t have to worry that Zoom blew a hole through my device’s security.

Apple won’t allow apps in its App Store to damage the system’s protective measures; each app is required to stay in its “sandbox.” This is not so on Windows nor with non-App Store Mac apps, where Zoom could do whatever it pleased. They could and did.

By Apple exerting its force that the DOJ now complains about on the platforms the DOJ now targets, it made countless millions of users — many compelled to use Zoom — safer. Quite a few of us choose Apple products specifically because they do this.

Imagine the DOJ’s preferred world: if Apple can’t enforce security on its platform, what is to stop companies from forcing their employees to install software that watches everything they do even at home? Schools from monitoring their students’ every movement?

Nothing. (And, if it works for those, then also malevolent hackers and Orwellian governments that come along for the ride, naturally.)

Right now, I cannot get a job that says, “You must install this draconian software on your iPhone,” because Apple’s created a system that doesn’t allow that. But if this device we carry with us constantly has to be as malleable as the computers we, thankfully, leave in our briefcase or on our desk, this will happen.

Companies like Zoom don’t spontaneously choose to be more secure on the iPhone than on a computer. They are made to be. Carriers like AT&T or T-Mobile, likewise, would not choose government spying-proof messaging by default, if they could weaken phone security for greater profit (or favorability with the government).

Security experts might be able to tweak Apple phones to be even more secure in the future the DOJ lays out, but normal users would inherit less secure devices. And many users — unable to change jobs or schools — would be foisted a whole pile of additional security nightmares just as I mentioned above.

This isn’t hypothetical. Consider stock Android, where much of this is reality. To the extent it isn’t, that may in part be thanks to Apple, whose security and privacy shtick pushes Android vendors to follow along adding measures they ignore until Apple does them.

A competitive market is at work in the way we’d expect. Since users can choose between Android and Apple’s ecosystem right now, no one is forced on Apple’s choices. But people want Apple’s choices, which is why Apple’s competitors do copy the iPhone maker’s approaches.

If Apple were a monopoly, it couldn’t be trusted with the sort of power they do have over iOS and iPadOS. Security gains aside, no one company should be the “gatekeeper” for every mobile device. But Android balances Apple: Apple has to use its control for (mostly) good or users will jump ship. The company doesn’t always use its power for good, to be sure, but competitive forces keep it from going too far.

We have two distinct, very different choices in mobile platforms right now without the DOJ’s help. Given its desires, the Justice Department’s efforts wouldn’t fix that — because the is no need for a “fix” — instead it would just force the Android-ification of Apple, eliminating a choice many of us want for its security and ease of use.

This case will not free us from the alleged oppression of Apple, but place us all under the far worse tyranny of a thousand Zooms.