The ethics of pushed updates

There are very few organisations which are capable of bringing hundreds of millions of people around the world to a grinding halt, without the use of weapons.

Such is the world’s dependence on Apple’s iOS and OS X products that, if it were to push out a silent security update which rendered those devices incapable of operating usefully, that is exactly what would happen.

Apple has just had a small-scale dress rehearsal, with the dreadful flawed security update which it pushed out to OS X users on 26 February. I have already abreacted to that here and here in a catharsis which leaves me feeling little better. Scale that sort of silent update to include iPhones and iPads as well as Macs, and you can imagine the havoc that would result.

Such power might be the wildest dream of government security agencies, perhaps even a few governments (I am sure that North Korea would be one), and maybe the most malevolent of malware authors. For desktop systems, maybe Microsoft still holds such sway, but if all the world’s few Windows Phones were to be bricked, it would probably not even reach the tech headlines. Cisco might have sufficient penetration in the Internet hardware market as to be in a similar position, but the effect would surely be a significant degradation rather than total collapse.

With great power should come even greater exercise of responsibility. If you can push out flawed updates which have such devastating effects, then the checks and balances to ensure that this does not happen by mistake, or even worse deliberately, should be beyond question. Yet Apple is, and always has been, such a secretive corporation that none of us knows what they are.

Where, in a democracy, governments are able to exercise great power, the checks and balances normally operate in a fairly open, auditable, and accountable way. In some, a single person – such as the President of the US – enjoys a focus of power, but there are checks and balances in the form of Congress, the Senate, and ultimately the American people. Although governments can engage in hostile action against other nations, their immediate influence and effect is limited to their own territory.

Many of us, perhaps most, are heavily dependent on smartphones and computers in their various guises. Larger organisations may have sufficient control over the devices used by their employees as to be able to control the propagation of updates and patches, but for most of us we have to trust Apple. Currently Apple provides very little information about those updates which we choose to install; patches and updates which are applied silently are not even notified to its own Security Announcement mailing list. Silent updates like this, about which we have no choice and do not even know that they have been installed, pass in total silence.

This albeit confined fiasco raises serious ethical issues. Under the normal ways in which corporates conduct their business, it is up to them, and their shareholders, to square up to these. With such a stranglehold over the world, Apple can no longer operate under those rather quaint and naïve rules.

Apple has vociferously made its case on our behalf to protect our privacy. I have huge respect and much gratitude for that. But it also needs to demonstrate that its checks and balances are capable of protecting its services on which we now depend. Loss of public confidence in Apple would be far more serious and longer-lasting than changes in market growth.

If Apple is to continue to push such updates to our computers and devices, it needs to be seen to take extraordinary measures to protect us from adverse effects of those updates.