Revolutionary Measures

Will the FBI take a bite out of Apple?

Apple has built itself into the largest quoted company in the world by being different. From the early days of the Macintosh computer, through the iconic iMac and onto the iPod, iPad and iPhone, its products have challenged the orthodox approach with a combination of design and features.

English: The logo for Apple Computer, now Appl...

It has extended this into the virtual world. Unlike competitors such as Google and Facebook, which have built businesses essentially based on collecting and selling personal data to advertisers, Apple has positioned itself as a champion of privacy. In a speech in 2015 CEO Tim Cook stated, “We believe the customer should be in control of their own information.

This approach extends to protecting personal information stored on Apple devices and within iCloud. All iPhones and iPads are encrypted by default, meaning that even Apple itself cannot access the data on them. This obviously gives an unprecedented layer of protection for personal data, which has been particularly welcomed after Edward Snowden’s revelations of widespread snooping by intelligence services on electronic communications.

However protecting normal citizens against hackers, criminals and terrorists is one thing, but what happens when the iPhone in question actually belongs to a terrorist? This is the current case, being hotly debated in the media and on social media. Following the San Bernadino terrorist shootings last year, the FBI recovered one of the perpetrator’s iPhones. Obviously this is locked with a 4 digit passcode, and simply cycling through all possible combinations is impossible – after a number of failed tries iPhones are programmed to erase all data to combat this type of brute force attack.

Consequently, the FBI has asked Apple to help, removing the erase feature from this specific phone and allowing it to try and guess the password electronically, rather than having to type in the potential 10,000 combinations. It has refused, rejecting a court order and issuing an open letter stating that it will not ‘hack itself’ and create an insecure back door into its products that could be exploited by others.

In many ways Apple has a point – even without the Snowden revelations, governments have a poor record of keeping backdoors safe. This was demonstrated by the US Transportation Security Administration, which mandated that all luggage manufacturers created a skeleton key that could be used to open any suitcase. A photo of the master key was accidentally printed in the Washington Post, allowing criminals to model and create it using 3D printers.

At the same time, the FBI is adamant that it is not asking for access to the backdoor itself – it says it is happy for Apple to disable the erase feature itself and provide access to the data, without telling the Feds how it was done. Essentially Apple is putting itself above the law, which has potentially chilling ramifications given its size, number of users and global reach. It isn’t the plucky underdog it was when the Mac first went up against the PC.

The high profile nature of the case, and the fact that it involves a proven terrorist further complicates matters – most right-thinking people would want to help the government in this scenario. Perhaps the wisest words have come from Bill Gates, who is calling for a wider debate on the balance between privacy and accessibility, irrespective of the case in hand.

As I’ve said before, a reputation for protecting user information is a central part of the Apple brand – and is only becoming more important as the company branches into payments (Apple Pay) and personal health data. Therefore its principled stance makes perfect sense from a marketing point of view. It may well have to eventually comply in some way, but it will have lived up to its promise to fight for privacy, keeping the rest of its community happy, and consequently protected its brand. However what the whole case shows is that we need a grown-up, rational debate about who has access to our personal data, under what circumstances and how they can access it.

February 24, 2016 Posted by | Marketing, PR, Social Media | , , , , , , , , , , , , , , , , , , , , , | 3 Comments

Talk Talk – how to turn a crisis into a PR disaster

Last week’s announcement from Talk Talk that its website had been hacked and customer details (including bank account information) had potentially been stolen has turned into a disaster for the company. The stock price slumped by over 10% and MPs have called for an inquiry into whether the firm’s failure to encrypt data put customer information at risk.TalkTalk

Could things have been handled differently – and would they have changed the reaction of both the public and the media?

Firstly, it is worth re-stating that Talk Talk has been the victim of a crime. Initial fanciful rumours that the perpetrators were Russian Jihadis now look wide of the mark, with the police instead arresting a 15 year old boy from Northern Ireland, but the fact remains that its site was hacked. Additionally some of the press coverage has been incredibly sensationalist, with lurid stories of customers having their bank accounts cleared out by fraudsters, even though they were not necessarily linked to the hack itself.

However there are two questions that any business involved in crisis management needs to answer – did it meet the expected standards before the incident, and did it then deal with the situation in a way that reassured customers and other stakeholders?

I’d say that the response to both of these is a No. For a start, failure to encrypt customer details (at a time when people like Apple encrypt everything) is a glaring security hole that should have been filled. But as a PR person I’d point out five ways they’ve not managed the crisis well:

1          Telling press before customers
The first thing most customers knew about the hack was when they turned on the news or listened to the radio. The reason given by chief executive Dido Harding for making contact through the media, as opposed to directly speaking to customers, was that the sheer number of subscribers made this impossible. Talk Talk should have done both – customers wanted a direct response rather than just hearing about it on Radio 4.

2          Incomplete information
You can’t blame Talk Talk for initially overstating the scale of the attack – it obviously needed to get the announcement of the hack out as quickly as possible, rather than laboriously go through all its account details to see what had been compromised. And the story about the afore-mentioned Russian Jihadis came from other sources. However it didn’t provide a full picture to its customers early enough. I’m an ex-Talk Talk customer, and left six months ago – yet nowhere on its FAQ did it say anything about whether my details were at risk. Much later on Talk Talk admitted that ex-customer information could also have been hacked, but it demonstrates that the entire response was not well thought through.

3          Failure to stay on top of the story
After its initial apology, the story seemed to be going Talk Talk’s way, with pundits talking about the growing threat of cyber crime, and the company’s clear advice to change passwords being repeated across all media. But then the story changed, with the initial hack being downplayed and the press focusing on the failure to encrypt data. As Jacques de Cock of the London School of Marketing pointed out, it seemed to share its customers’ panic, rather than taking decisive action. The agenda shifted against Talk Talk, positioning it as culpable in its own downfall and not having a handle on what was going on.

4          Poor reputation
As I mentioned, I’m an ex-Talk Talk customer, and I found it a frustrating and unhelpful organisation to deal with. I kept getting regular sales calls, with agents trying to upsell me from my basic package and when I moved home it made me honour a month’s notice period on my contract – even though it said it couldn’t provide service at my new address. The impression I got was of an organisation that didn’t care about its customers, except for the money it could make from them, and that cut corners where it could to save a pound or two. Indeed I remember hearing Dido Harding on the Media Show on Radio 4, likening the firm to a clapped-out car being driven over the speed limit down the motorway, hanging onto the competition. Very few telecoms firms deliver good customer service, but I’m convinced Talk Talk’s poor reputation meant that commentators and customers automatically assumed the worst had happened.

5          Lack of empathy
Compounding customer annoyance, Talk Talk yesterday said that it would charge a termination fee to any customers looking to leave, unless they could prove that money had been stolen from their accounts due to the hack. Now, Talk Talk is obviously a business, and releasing all its customers from their contractual obligations could cause a huge dent in revenues – particularly given how badly the crisis has been handled. But the way the message has been delivered smacks of weakness and arrogance – it is almost as if it believes that customers would seize any excuse to leave, yet are stupid enough to forget the whole hack happened when it comes to contract renewal time. The company should have worked out some sort of half way house, allowing customers to shorten contracts or pay a reduced termination fee as a goodwill gesture. It may have cost it more in the short term, but would have been a valuable first step in rebuilding the company’s reputation – and any good publicity would be welcome at this stage in the process.

Handling a crisis in today’s real-time world is difficult. The combination of continuous news, social media and a desire for instant scapegoats means it is impossible to control the story in the same way as in the past. However Talk Talk should have done better – and is now facing the prospect of real damage to its reputation and bottom line by failing to take decisive action or appearing to care about its customers. Every company should take note and update crisis management plans so that they don’t fall into the same trap.

October 28, 2015 Posted by | Marketing, PR, Social Media | , , , , , , , , , | 2 Comments