nettime's_speculator on Fri, 1 Apr 2016 23:33:13 +0200 (CEST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Charlie Stross > Follow the money: Apple vs. the FBI

< >

Follow the money: Apple vs. the FBI

By Charlie Stross

A lot of people are watching the spectacle of Apple vs. the FBI and the
Homeland Security Theatre and rubbing their eyes, wondering why Apple
(in the person of CEO Tim Cook) is suddenly the knight in shining armour
on the side of consumer privacy and civil rights. Apple, after all, is a
goliath-sized corporate behemoth with the second largest market cap in
US stock market history -- what's in it for them?

As is always the case, to understand why Apple has become so fanatical
about customer privacy over the past five years that they're taking on
the US government, you need to follow the money.

Apple wasn't very good about customer security in the early days of iOS.
Early iterations of the iPhone notoriously lied about the security of
SSL connections to email servers; my understanding is that this led to
them being banned from some corporate and government accounts for a few
years. But then they seem to have realized that security wasn't merely a
useful feature to pitch to their customers, but a necessity. And the
reason it's essential is Apple Pay.

It used to be a truism that General Motors was an insurance company wit
a car-manufacturing subsidiary. GM's pension fund had grown so large
(over most of a century) that GM had to invest the money somewhere in
order to generate a return on investment that would keep the pensioners
going: selling cars was simply not a big enough business. And today
Apple is sitting on the largest cash stockpile in US corporate history.
Its legendary $120-150Bn in cash has attracted the attention of activist
investors like Carl Icahn, but even share buy-backs will only get you so
far when you're taking 90% of the profits of the entire global
smartphone industry. Some analysts have opined that if Apple maintains
its current turnover and earnings, and continues to buy back shares at
the current rate, by 2024 AAPL will revert to private ownership ... and
still be sitting on $100Bn in cash.

Of course, if you have a tenth of a trillion dollars you can't just rock
up to a bank and say "please accept this deposit, how much interest do
you pay"? For one thing, if you have $0.1Tn, you have enough money to
buy several banks. For another thing, money doesn't exist when it's not
moving: it's a coefficient of economic velocity. Money needs to be
invested and generate a return. Over the past decade Apple leveraged
their cash pile to ensure they had a lead over their competitors. Given
a five year product roadmap, they could project the need for some
critical piece of hardware -- synthetic sapphire phone displays, for
example, or 5K monitor panels -- years in advance. Such components
didn't actually exist, but they knew suppliers who could provide them if
someone loaned them the cash to build a factory (typically in the high
hundreds of millions to low billions of dollars). So Apple would find a
company like Sharp and say, "we're going to need a million 27 inch 5
megapixel displays in four years time. We'll front you the money to set
up the factory at just 1% over the bank base rate, in return for an
exclusive option to buy the first million quality-compliant components
to come out of it". Everyone wins: Sharp get a factory that can
mass-produce new high resolution display panels, Apple gets an exclusive
lead on these panels for consumer sales, and Apple also gets to invest
its money in a way that generates far more profit than merely handing it
over to an investment house.

But ... Apple has too much money. From roughly 1998, when Steve Jobs
returned, Apple began growing like a dot-com startup, at high
double-digit annual percentage growth rates -- only it started doing so
from a billion dollar a year turnover base, not two guys in a garage. By
2008 it was probably clear to Steve Jobs and Tim Cook that if their
strategy of becoming the dominant company in the consumer side of the
post-PC world succeeded, the problem of where to find enough mattresses
to stuff the $500 bills was only going to get worse. When you're making
$50-100Bn a year in profit, you can't put the money in a bank: you have
to become a bank. And that's what Apple Pay is about, and that's why
Apple have become fanatical about customer privacy and electronic civil
rights (in one very narrow field).

I'm going to assume you know what Apple Pay is: you use your iPhone,
iPad, or Watch as a trusted, authenticated identity token in a shop to
pay for stuff. It ties into your bank account and basically your phone
swallows your debit and credit card.

Ultimately the banks are going to discover -- the hard way -- that
getting into bed with Apple was a bad idea, about the same way that
getting into bed with Amazon over ebooks was a bad idea for the Big Five
publishers. Apple is de facto an investment bank, right now: all it
needs is a banking license and the right back end and regulatory
oversight and risk management and it will be able to go toe-to-toe with
the likes of Chase or Barclays or HSBC as a consumer bank, too. And
Apple has a very good idea of how risky their customers' behavior is
because unlike the banks and the credit card settlement network they're
not running on incrementally upgraded legacy infrastructure designed in
the 1950s. Note those two words a couple of sentences ago: "risk
management". Banks are not in the business of holding your money or
making loans; they live or die by how well they manage risk. Apple, like
Google, has a much richer relationship with their customers than any
bank. They can (for example), with a customer's position, know roughly
where the customer's phone or watch is moving, and thereby spot faked
payment credentials if someone clones the device and tries to use it to
buy something a thousand miles away. The CC networks have velocity
checking but it's a really crude metric for spotting fraud: Apple can
massively improve on it.

But that's not where anti-fraud methods begin and end. For example,
Apple have got reasonably good fingerprint readers on their current
devices, backed by long PINs and password management. The newer phones
have trusted hardware stores for the cryptographic tokens that are used
to unscramble the addresses where data is written in the phone's
on-board storage: they support (and encourage the use of) two-factor
authentication. Some analysts report Apple is working on improving their
front-facing cameras to the extent that they can do iris or retina
scanning. On the long-term horizon, there are already [11]ultra-compact
low-cost DNA sequencers out there; if you really want to authenticate a
user via biometrics, about the ultimate trust level is a combination of
a shared secret (their password) with a mixture of biometrics tested
simultaneously -- a fingerprint reader that can quickly confirm a match
for their genome while the front camera recognizes the retina of the
person holding the device. Their phones are, in many respects, more
secure than the ATMs and credit card infrastructure we've used to
accessing our bank accounts. And that gives the phone vendors an
opportunity to leapfrog over the existing banking infrastructure in the
efficiency of their risk management protocols, by reducing fraud while
simultaneously knowing much more about their customers' habits and being
able to spot potentially risky activity patterns early enough to reduce
their exposure.

Here's my theory: Apple see their long term future as including a global
secure payments infrastructure that takes over the role of Visa and
Mastercard's networks -- and ultimately of spawning a retail banking
subsidiary to provide financial services directly, backed by some of
their cash stockpile.

The FBI thought they were asking for a way to unlock a mobile phone,
because the FBI is myopically focussed on past criminal investigations,
not the future of the technology industry, and the FBI did not
understand that they were actually asking for a way to tracelessly
unlock and mess with every ATM and credit card on the planet circa 2030
(if not via Apple, then via the other phone OSs, once the festering
security fleapit that is Android wakes up and smells the money).

If the FBI get what they want, then the back door will be installed and
the next-generation payments infrastructure will be just as prone to
fraud as the last-generation card infrastructure, with its card skimmers
and identity theft.

And this is why Tim Cook is willing to go to the mattresses with the US
department of justice over iOS security: if nobody trusts their iPhone,
nobody will be willing to trust the next-generation Apple Bank, and
Apple is going to lose their best option for securing their cash pile as
it climbs towards the stratosphere.


#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info:
#  archive: contact:
#  @nettime_bot tweets mail w/ sender unless #ANON is in Subject: