The question I’ve been asking myself over the months since the SSL
vulnerability debacle has been ‘why?’ Why is a company who is
generally very well-rounded operationally, and like it or not,
produces extremely well-liked and complex devices so bad at
communicating about security?
The answer I’ve come up with, and this is just a personal theory,
is that Apple thinks about security communications in the same way
that it thinks about product communications. In other words, it
plays its cards incredibly close to the chest at all times by
default. These tactics have served it well in the consumer
products arena, creating a frenzy of attention around the releases
of new devices and services. And that’s great; I don’t mind a
little mystery around products as a consumer, even though my job
as a reporter is to figure out what Apple could do next and decide
whether that’s important enough to talk about publicly.
But in security, this kind of ivory tower comms strategy is a
losing game, especially as smartphones become an increasingly
information-rich repository of our personal lives.
Good piece, and I largely agree. Apple’s messaging on security- and privacy- related issues ought to come across as honest and straightforward, but instead it often comes across as evasive.