The FBiOS Affair: Why Advertisers Should Care

Trust and confidence form the foundation of any market. They are, to put it grandly, the vault upon which the cathedral of capitalism rests. In some markets, the value of the asset being exchanged is virtually inseparable from the confidence of the actors in that market. Currency is one example. You and I can both be confident that 20 US dollars will buy in a week what it can buy today; people holding Argentine pesos, Russian rubles, or even Chinese yuan do not feel the same.

Digital advertising offers another example. In this market, the asset being purchased by advertisers is user attention, an asset which, under the right conditions, can be transformed into brand revenue and — hopefully, one day — enduring brand love. This, in a nutshell, is the logic fueling much of the$570 billion in global advertising spend. Over time, as the delivery of such media has shifted from atoms (print) to wavelengths (TV, radio) to bits (digital), the delivery platform itself has become both highly technical and an intrinsic part of the end user experience.

Today, frictionless interactivity has become an assumed part of the consumer media experience. The foundation of that experience, now and for the foreseeable future, is the smartphone, and all that we implicitly or explicitly trust it with.

The dispute between Apple and the FBI / Department of Justice is not about unlocking the iPhone of one dead terrorist. It is, as many have reported, about setting precedents. For Apple, precedent in this case is a Gordian knot of legal questions (how many similar requests will follow this one?), economic issues (how will this impact sales in China?), and technical concerns.

Ostensibly, the government has asked Apple to build new firmware giving them exceptional access to a specific iPhone, not all iPhones, thus qualifying this request as a firmware change, not an open backdoor.

This nuance will be lost on the broader public. Even it were possible to guarantee that one firmware change will not end up undermining the overall security of iOS devices in general (as many think it will), it doesn’t really matter. That’s because the fundamental issue here is trust. The value of advertising is based partly on its ability to capture and engage user attention. Insecurity at the platform level means that consumers will take that attention to trusted, scaled environments beyond the reach of advertising (see Telegram). Mobile is not a neutral platform, and advertising is not guaranteed.

Companies that really care about trust take pains to protect their customers’ private data. In the smartphone space, no one does this better than Apple. As a cybersecurity friend recently shared with me, there is a reason no one asks Google for permission to hack into an Android device — Android devices are already quite hackable.

Remember ad fraud? It’s still with us. According to a detailed study by the ANA and cybersecurity firm White Ops, advertisers lost $6.3 billion to global ad fraud in 2015. In 2016, that number is expected to be around $7.2 billion. To date, the vast majority of that fraud has occurred on desktops and laptops, but in 2016 we can look forward to much more fraud originating on mobile devices. This is partly due to the increased power and connectivity that is intrinsic to the smartphone development cycle (making smartphones more attractive to fraudsters), but also due to extrinsic factors like weaker encryption and increased OS vulnerability. The FBiOS affair does not help us here.

But it does help us in one regard: it drags the debate around end-to-end cryptography out of the crypto alleyways and into the public forum, where it belongs. For further evidence that the topic deserves wide and robust debate, consider this: we are staring down the road at a near future in which billions of potentially hackable IoT devices — our cars, homes, TVs, baby monitors — will connect to the Internet. Insert scary Skynet joke here.

The words “confidence” and “confidential” are both derived from the same single Latin root, confidere, meaning “to have full trust.”

There is a reason for that.

(originally published in MediaPost)