Wednesday, February 19, 2014

iSpy Denial: Why Firms Need to Do the Right Thing

The news on the activities of National Security Agency (NSA) include a story that has been overlooked by many: there is a leaked document about a piece of spyware software called "DROPOUTJEEP", which makes an iPhone reveal significant information about its owner, including details such as files stored, messages sent and received, phone calls, and location. Apple has issued a denial that it collaborated with NSA to make this program. The denial is interesting because the document says nothing about a role of Apple in creating this software, and the NSA is perfectly capable of making spy software without help from the maker of a device. In user forums there have indeed been allegations that Apple is involved, but such allegations typically happen and don’t have much weight if there is no supporting evidence.

So why does Apple care? We could take a hint from the reactions of other technology companies to information on NSA activities to monitor their users. Google, Facebook, and Yahoo have issued angry responses to reports that NSA were listening in on their user’s communications by doing the Internet equivalent of a wiretap. Google went a step further by using encryption so that NSA would be left with a decryption task if it was able to continue wiretapping Google’s communications. That is a hard slap, because listening in on the internet is fairly easy, but decrypting digital communications takes a lot of time and computing power.

Apple, Google and other firms are not against national security. They do, however, dislike any technologies that will let the government monitor their users without legal backing. And because their managers are practical with respect to what they like and dislike, we can conclude that they are well aware that their users dislike such monitoring too. We know that customers can react by backing off from transactions with firms that do things they are against. That finding was in a paper by Stefan Jonsson, Takako Fujiwara-Greve, and myself on how a scandal involving favoritism in an insurance company led to withdrawals from mutual funds that customers saw a similar to insurance.

But now there is new research on others who have opinions on what firms do, and can react to it. Amandine Ody-Brasier and Freek Vermeulen published a paper in Administrative Science Quarterly looking at the pricing of grapes to Champagne producers. One would think that grapes had a single price, or at least one that was only determined by quality, but in fact there is substantial variation in the pricing. And here is the interesting finding: Champagne producers who were doing (or suspected of doing) things that the grape makers disliked, such as having a non-French subsidiary or making Champagne under a store brand, were secretly punished by having to pay more for their grapes.

So firms that are concerned with keeping a distance between themselves and any rumors of misconduct and scandal are doing the right thing. Not only is misconduct an embarrassment, it can also be punished on both sides, by suppliers and customers. Walking the straight and narrow path seems to be the way to get to profitability.
Wakabayashi, D. 2013. Apple Denies Working With NSA on iPhone Backdoor. Wall Street Journal, 31.12.2013.