The Washington PostDemocracy Dies in Darkness

At CES, Apple, Facebook and Amazon are preaching privacy. Don’t believe the hype.

Privacy-washing is all the rage at tech’s biggest event — and not what we need.

People attend opening day of the 2020 CES tech conference in Las Vegas. (David Mcnew/AFP/Getty Images)

LAS VEGAS — Apple, Facebook, Amazon and heaps of other companies gathered here for the CES tech conference are preaching privacy.

Don’t believe the hype.

Apple made waves last year by putting up a billboard outside the giant annual convention — which it didn’t present at — touting, “What happens on your iPhone stays on your iPhone.” This year, Apple appeared formally at CES for the first time in decades, as part of a panel discussion on privacy. I was first in line to ask a question.

I said: What is Apple doing to make its billboard actually true? Last spring, I ran an experiment on my iPhone to watch what happened to my data while I slept. Turned out, iPhone apps were beaming my personal information to all sorts of tracking companies I had never heard of. Apple vets apps in its store but doesn’t make them comply with the stay-on-your-iPhone mantra.

Apple had nothing of substance to say in response. “We’re constantly innovating, including in operating process,” said Jane Horvath, Apple’s senior director of global privacy.

What's the buzz at CES 2020

That moment sums up so much of what’s corroding our trust in consumer tech right now. Lots of the companies that have gotten wealthy from selling us data-collecting devices — or from collecting our data — have learned to talk the talk on privacy. But they’re very often defining privacy in ways that serve their own interests first.

It’s a big deal that techies are even talking about privacy; CES has long been the epicenter of cheerleading for connecting everything to the Internet. But this isn’t the solution we need. Call it privacy-washing: when tech companies market control and transparency over data but continue gobbling it up.

Apple may, in fact, be one of the lesser offenders. Facebook’s privacy chief Erin Egan was also on that CES panel and said, with a straight face, “I think privacy is protected today for people on Facebook.” A few months ago, the social networking giant agreed to pay a $5 billion fine to the Federal Trade Commission to settle a privacy investigation.

As part of its privacy-champion marketing, Facebook introduced in time for CES a new version of its “privacy checkup” page, which simplifies some of its many privacy knobs and controls but doesn’t give us new powers to stop the social network from surveilling us.

Elsewhere at CES, Google pitched its always-listening voice Assistant as designed for privacy because you can now tell it, “Hey, Google, that wasn’t for you,” when you notice it randomly recording your family’s intimate conversations. Cool, thanks.

Ivanka Trump CES keynote address sparks backlash

And Amazon’s Ring video doorbell company introduced a privacy and security dashboard that also doesn’t change most of its (insufficient) default privacy and security settings. (Amazon chief executive Jeff Bezos owns The Washington Post, but I review all tech with the same critical eye.)

Fortunately, one other panelist at Tuesday’s CES privacy panel — FTC Commissioner Rebecca Kelly Slaughter — was there for a reality check. Shortly after Facebook’s Egan made her pronouncement, Slaughter said: “I don’t want to talk about specific services or products, but as a general matter, no, I don’t think privacy is generally protected.” (Slaughter began her remarks by clarifying she was speaking only for herself and not the FTC.)

Under the growing threat of fines and new privacy laws, tech companies have taken to emphasizing how they give us “transparency” and “control” over our data, like those privacy dashboards. Facebook’s Egan said the word “control” again and again in remarks Tuesday.

Apple did, too: “At Apple, the way we define privacy is to put the consumers in the driver’s seat. They should have control over the data,” Horvath said.

But as the FTC’s Slaughter pointed out, there’s no way any of us could be in control — there’s just too much data flowing out into too many hands. “I also am concerned about a universe where the entirety of the burden to protect one’s data lies with the consumer,” she said.

“The amount of information that you have to process to figure out what is happening with your data is untenable for most people,” Slaughter said, including herself in that group. Same goes for me as a journalist who spends a lot of time studying gadgets and apps.

How do we fix this? Companies have to actually see this from the consumer perspective — and understand what they do to protect our data is part of how we’re going to judge them.

Apple takes pains to encrypt and minimize some of our data it collects for its own services, Horvath said at the panel. It also requires apps to seek your permission before it collects your location and other highly sensitive data.

But what Horvath didn’t say is vetting the third-party iPhone apps Apple sells for their tracking behavior would be time-consuming and costly for the company, so it conveniently gets defined as beyond its responsibility. After my investigation last summer, Apple said it would stop children’s apps from using outside trackers — but why not all apps?

Vetting iPhone apps for privacy, like last summer’s brouhaha about the Russian-owned FaceApp, is apparently a responsibility Apple thinks lands on our shoulders as customers.

Some executives at tech companies and other businesses that collect our data haven’t really understood the issue. They think privacy is something only an older generation or tinfoil-hat types care about. At another CES panel on Tuesday, Gary Shapiro, who leads the tech industry association that puts on CES, said essentially that concerns about privacy shouldn’t outweigh free online services. He recounted a conversation he had with some leaders from developing nations who called privacy a “first-world problem.”

First of all, everyone in the world deserves the human right of privacy. Second, companies should see it as a brand trust issue. When consumers lose faith in products and an industry, it’s bad for business. If we don’t trust what tech products are doing with our data, we won’t adopt them as quickly. And that could hinder the kind of progress we all want.

Photos from CES 2020: Flying taxis, toilet paper robots and more

Jan. 9, 2020 | Attendees play with a Dell Technologies Inc. Alienware Concept UFO game console at CES in Las Vegas. (Bridget Bennett/Bloomberg News)

Read more from our Secret Life of Your Data series:

Alexa has been eavesdropping on you this whole time

It’s the middle of the night. Do you know who your iPhone is talking to?

The spy in your wallet: Credit cards have a privacy problem

Goodbye, Chrome: Google’s Web browser has become spy software

I found your data. It’s for sale.

You watch TV. Your TV watches back.

Think you’re anonymous online? A third of popular websites are ‘fingerprinting’ you.

What does your car know about you? We hacked a Chevy to find out.

How we survive the surveillance apocalypse