Apple's big bet on consumer trust and privacy

The Apple Watch understandably took the limelight at Apple's big launch event today. But what is becoming increasingly clear is that to really understand the company we need to see it as so much more than simply a technology company. And we have to look beyond its products, however alluring they might be.

Nowhere is this more evident than in the area of corporate responsibility. For much of the past few years, the corporate responsibility community has been focusing hard on Apple's product supply chain. And for good reason, with a spate of labour violations plaguing the company (most recently from the BBC in December last year) despite some impressive commitments to responsible sourcing. But with the launch of the Apple Watch and its extended capabilities for health monitoring, research and diagnosis, along with the rapid growth of its Apple Pay system, it is the company's capabilities in data management and security that will likely define its reputation for corporate responsibility over the next decade.

As Tim Crook noted at the launch, the Apple Watch is "the most personal product we've ever made". It is not only wearable but collects real time data on users' health and fitness, enables them to make contactless payment direct from their financial services provider, and provides the possibility for a host of other applications relying on personal data. Keeping all of this data private and secure is going to be a big test for the company. Their success now will rely just as much on maintaining the trust of their consumers as it will on wowing them with cool new gadgets.

Apple is not alone in this of course. Other technology companies such as Facebook, Sony, Microsoft and Google have already learnt to their cost the necessity for maintaining the confidence of their customers in terms of privacy and security. Apple has had its own scares with breaches of its iCloud service, but its exposure to data security risks are only going to accelerate now that it is going increasingly personal. Apple is now not just in the technology industry but also in financial services and health services where the privacy and security concerns are accentuated even further.

Apple is making a big bet on consumer trust because it has a strong reputation for digital security already (say, compared to Microsoft) and it has less of the challenges in managing privacy compared to some of its others competitors. This is because it does not rely on ad revenue (and therefore intimate knowledge of its consumers) to drive profitability, unlike say, Google and Facebook. So it is already out ahead in many important respects. Whether it can maintain that pole position will remain to be seen. But what is clear is that Apple's reputation for corporate responsibility, and indeed its success in personal devices and services more generally, will increasingly be won and lost in the area of consumer trust and privacy rather than product design and execution alone.

Image copyright Martin Hajek. Reproduced under Creative Commons Licence. 

Top 10 corporate responsibility stories of 2013

Plus ça change in corporate responsibility. If nothing else, 2013 provided ample evidence that, contrary to popular belief, corporate responsibility issues, even the huge stories that dominate the media, do not exactly come out of nowhere. So many of the top CR stories of the year, like the Rana Plaza disaster, Apple's tax problems, and JP Morgan's huge fine, were already prefaced by the big stories of the previous year. Among our top 10 of 2012 were a Bangladesh factory fire, corporate tax avoidance, criticism of tech companies, and prosecutions in the financial sector. So the writing was already on the wall for most of the big stories of 2013. It would appear, as Ethical Corporation editor Toby Webb said recently, that with all the excitement about new opportunities and win-wins, companies are underestimating the importance of sound ethical risk management in the corporate responsibility equation. So, if you want to know what CR risks lie ahead for 2014, you could do worse than checking through our list of the big stories of 2013.

1. Rana Plaza building collapse
Back in April 2013, more than 1100 people, mostly garment workers, died when the Rana Plaza building collapsed near Dhaka in Bangladesh. It was probably the single worst garment factory disaster yet, in an industry that has suffered more than its fair share of needless fatalities. But Bangladesh had already seen a series of major industrial accidents leading up to Rana Plaza, which had been met with little tangible response from business and government leaders. Rana Plaza looks to have at last changed that. The Accord on Fire and Building Safety in Bangladesh, signed by nearly 100 global retailers, as well as labour unions and NGOs is a legally binding agreement to ensure worker safety through independent factory inspections, mandatory repairs, financial support, and sanctions for noncompliance. More than 2m vulnerable Bangladeshi garment workers are already covered by the Accord. A competing agreement, signed by Walmart, Gap, Target and other North American companies was criticized for having weaker enforcement and failing to involve labor unions. Nonetheless, both pacts are evidence that factory safety in Bangladesh is finally getting the concerted attention it deserves.

2. Apple's tax avoidance
Corporate tax avoidance had been a growing story in the UK and elsewhere prior to 2013, as evidenced by our top stories listing of 2012. But the issue exploded onto the public consciousness when Apple's CEO Tim Cook was forced to testify to a Senate committee in Washington back in May of this year. The company had avoided paying literally billions of dollars in tax by exploiting various loopholes in international tax treaties and funnelling its European profits through a shell company in Ireland. All completely legal, of course, but hardly what the public expects of a good corporate citizen. Now that attention to corporate tax avoidance has gone global, and with inequality and government debt the two biggest global risks today, the obvious questions are which country will be next in taking aim and which company will be in the firing line? Corporate tax reform is also undoubtedly going to loom even larger in the coming year.

3. NSA spying
Without doubt, Edward Snowden's whistleblowing on the US National Security Agency's (NSA) mass surveillance programs was the story of 2013. Nothing else even got close. However, the corporate responsibility dimensions still remain somewhat murky, which is why it doesn't quite make it to the top of our list. We do know, however, that telecoms companies like Verizon are required to hand over all call records  (or "metadata") to the NSA about cell phone calls made in the US. We also know that none of these companies ever sought to challenge the legality of the action. Another revelation was that the secret PRISM spying program allows the NSA to tap into the servers of internet companies like Google and Microsoft to access customer data. We also know that NSA pays millions of dollars to these same companies. We do not yet know exactly how complicit tech companies have been in the whole mess but one thing for sure is that they now realize that the NSA spying story is undermining their customers' trust and are calling for government reform. Expect much more to come in 2014.

4. JP Morgan's $13bn misconduct settlement
Our annual list of major corporate responsibility stories would not be complete without an entry from the finance industry. As we predicted at the beginning of the year, 2013 was marked by the return of government and some major financial sector scalps. None of these was bigger than the whopping $13bn fine landed on JP Morgan for misleading investors in the same of mortgage backed securities in the lead-up to the financial crisis. To date, it is the settlement ever between the US government and a corporation, and will come as some (though probably not enough) relief to those who have viewed most of the finance sector giants as getting away with the crisis relatively unscathed. On the other hand, JP Morgan is probably pretty sore about catching the flack for misconduct that was less about their own practices and more down to firms like Bear Stearns that they were encouraged by the US government to acquire at the height of the meltdown. No one comes out of this looking good.

5. Europe's horse meat scandal
At the beginning of the year, the big news was all about horse meat turning up in products it wasn't supposed to be in. Like those clearly labelled as "beef". The scandal started in the UK, quickly spread to a suspect supplier in Ireland, and soon rocked much of Europe. Customer trust rapidly evaporated as it became clear that effective oversight of the food industry was sorely lacking. Companies acted quickly to withdraw potentially contaminated products and shore up confidence but further revelations of large scale criminal activity in the food supply chain will do little to restore trust in a thoroughly compromised industry.

6. India's new CSR law
The world's largest democracy now has the world's most extensive CSR legislation. But that is not necessarily a good thing. Under the new Companies Act, passed by the Indian Parliament in August 2013, large Indian companies must spend at least 2 per cent of their net profits on CSR each year from 2014 onwards. It also requires firms to set up a CSR board committee and institute a CSR policy. The new CSR legislation has met with a mixed reaction, especially as it seems to institutionalize a somewhat backward looking approach to CSR which emphasizes philanthropic giving whilst ignoring the core strategic business of the firm. It will also be incredibly hard to enforce in a country already hamstrung by an overburdened legal system. On the plus side, the legislation does force many of India's laggard companies to finally take some responsibility for the various social problems faced by the country's citizens. For better or worse, CSR is no longer something that can be ignored in India.

7. Chevron's Ecuador pollution case
It has been a big year for Chevron and Ecuador in their long-running, aggressively-fought pollution case. In November, the Ecuadorean high court made its long-awaited appeal decision which upheld the original 2011 judgement requiring Chevron to pay $9bn to compensate for contaminating the rainforest during crude oil extraction over two decades ago. Chevron has never operated in Ecuador but inherited the lawsuit and its toxic legacy when it took over Texaco, the original operator, in 2001. For its part Chevron continues to dispute the legality of the ruling and has refused to pay. The appeal was at least partially successful for Chevron by halving the original $18bn damages bill, but not in overturning the decision. Chevron is now awaiting the outcome of a counter-suit heard last month in the US against the plaintiff's main lawyer, who the company claims engaged in bribery and fraud to secure the conviction. Meanwhile, attempts by the plaintiffs to seize Chevron's assets overseas to pay the fine also had their ups and downs in 2013. For example, Canada first denied them the rights of enforcement in May, only for a judge to overturn the decision on appeal in December. Other actions are underway in Brazil and Argentina. This has fast turned into a test not only of the Ecuadorean legal system, but of the global legal system's appetite to prosecute international legacy corporate responsibility issues.

8. Rosia Montana mining protests 
2013 saw major protests against mining operations all over the world, including Australia, Canada, Columbia, Greece, Niger, Peru, even Tibet. But the biggest of the lot was probably in Romania, which saw a mass protest movement arise in response to plans to mine around the town of Rosia Montana. If approved, it would be Europe's largest gold mine but critics claim that it would inflict untold social, environmental and cultural damage. Mass street protests erupted after the government proposed a new law that would enable the Rosia Montana Gold Corporation (majority owned by the Canadian mining company Gabriel Resources) to finally start operations after years of failing to acquire the necessary environmental permits. At stake here then is not just the proposed mine but the legitimacy of the democratic process, which protesters feel has been fatally undermined by the hastily forced through legislation. As one protester put it: "People today confront a corrupted political class backed up by a corporation and a sold out media; and they ask for an improved democratic process, for adding a participatory democracy dimension to traditional democratic mechanisms."

 9. New UN Global Compact 100 Index
There were several entrants to the new corporate responsibility standards and guidelines category in 2013, with the G4 guidelines of the Global Reporting Initiative probably being the most talked about. But September's launch of the Global Compact's new stock market index, the Global Compact 100, for us represented the most significant development. First, as John Entine noted, it offered a welcome new development in a social investing field "hungry for innovation and dogged by ideological correctness". But more than that it showed just how far the UN was willing to push the needle on its voluntary approach to corporate responsibility that heavily prioritizes incentives rather than enforcement. While many are still criticizing the Global Compact for not having sharp enough teeth to weed out laggards and green washers, the new index makes it abundantly clear that the UNGC is moving in a very different direction. Ten years ago it would still have been unthinkable, but the reality is that the UN is no longer just in the business of accords, declarations, and principles but is now also firmly in the finance industry.

10. South Korea's nuclear corruption scandal
GSK's corruption scandal in China may have got most of the headlines, but in our book, the corruption scandal that has engulfed South Korea's nuclear industry this year tops it for potential impact. Two short years after Japan's Fukishima disaster, neighbouring South Korea is also facing a devastating loss of confidence in its nuclear industry which supplies about a third of the country's energy needs. The scandal has centred on a swathe of faked safety certificates that have been issued for critical nuclear reactor parts over the years, and the bribes that have allegedly been paid to look the other way. Most commentators pin the blame on the closed structure of the nuclear industry in South Korea with only a single national operator and close ties between the operator, suppliers and testing companies. The prime minister has likened the industry to the mafia. A number of reactors have been shut down, trust in the industry has plummeted, a national energy shortage is underway, and now some 100 officials have been indicted for their part in the scandal. Corruption that compromises the safety of the nuclear industry is probably about as bad as it gets. And its unclear yet whether South Korea can really turn this one around.

Photo by rijans. Reproduced under Creative Commons licence

Will privacy and security be critical differentiators in cloud computing?

The debut this week of Google's new web-only Chromebook laptop, coming hot on the heels of Sony's massive data security breach just a few weeks ago suggests that data security is becoming increasingly critical for the success of technology companies. Google, no stranger to accusations over infringements of privacy, is upping the ante with the release of a computer that, rather than running software and storing files on its own hard drive, will instead rely predominantly on cloud computing. Yes, that means everything that you'd usually keep stored on your laptop will actually be held somewhere in a vast data center run by Google ... and of course, everything that you do can be tracked and recorded because you're signed-in and doing it online.

Although the Chromebook itself may not become quite the challenger to Microsoft and their Windows operating system that Google hopes it will be, the shift to cloud computing (which anyone using Picasa, Google Docs, Dropbox or numerous other applications is already very much part of) is sure to continue apace. But cloud computing raises a number of troubling ethical issues. On the one hand there are the environmental problems associated with running servers capable of storing such huge amounts of data. And then, of course, there are the privacy and data security issues that are faced by any company storing so much personal data online.

In recent weeks, consumers have been made all too aware of these privacy and security issues because of several high profile data disasters. Last month, for example, Amazon, which has been a leader in cloud computing, was forced to shut down its service for several days. A number of companies using its services were paralyzed and some even lost potentially valuable data. Then Sony's travails with hackers reached a new zenith when the company was forced to concede that more than 20,000 of users of its online gaming system had their financial details stolen. Osama bin Laden even got in on the action when a swath of spam Facebook messages purporting to be photos and videos recording the death of the former Al Qaeda leader turned out, according to the Financial Times, to be malicious malware designed to phish for passwords and financial data from infected computers. Ironically, even as we tried to publish this post, Blogger experienced a service disruption that meant that we were unable to publish for more than 24 hours. So much for the instantaneity of social media! All of this added up to bad news for technology companies looking to convince customers of the safety and security of their products and services.

This then raises the question of whether data security and privacy protection will increasingly become critical areas of competition between leading technology companies, especially those relying on cloud computing, rather than just being a kind of necessary evil for everyone concerned. Microsoft, whose operating systems and internet software had long been plagued with security problems, certainly seemed to be thinking this way when it launched its Windows 7 operating system. The company has long been compared unfavourably in terms of security to Apple's Mac OS - but appears to have regained some ground with its latest version. But as more and more personal data moves to the cloud, and companies like Facebook and Google become increasingly involved in recording, using and selling data related to our usage stats and preferences, this is likely to affect a wider range of companies ... and potentially in an even more significant way. Yesterday's revelations that Facebook employed a leading PR company to plant negative stories in the media about Google's privacy policies gives some indication of just how high the stakes are becoming. And nothing focuses corporate attention more than the threat of multiple lawsuits, which is the latest ignominy faced by Sony in the fall-out from its hacking attack.

Despite all this, there are still reasons to doubt whether security and privacy will ever become major differentiators in the battle for technology market share. Unlike speed, performance and design, security is a tricky intangible that is difficult to evaluate up front. And besides, despite their criticisms of technology companies, most end users in practice tend to display a fairly carefree disregard for security issues, and even for their own privacy protection. After all, how many people actually read all of those terms and conditions when they download another Facebook app or install a new piece of software? With commercial users the equation is different, of course, but for the average Joe, security is a concern but not one that yet impacts significantly on their technology choices.

In the end, a better way of looking at this might be for technology companies to start looking at privacy and security as pre-competitive issues. That is, rather than competing on the quality of their privacy protections, why not collaborate with one another to improve standards across the industry. After all, a major hack at Sony, an outage at Amazon, or a spate of malware at Facebook threaten the reputation for security across the board not just for the individual company that is targeted. Problems at one company can spell reputational damage for the industry as a whole. Sure, healthy competition can drive innovation in new security systems. But so too can healthy cooperation. And in the long run it might just be more effective, and provide a better service for skeptical consumers unsure of how far they want to put their trust in tech companies.

Picture by samplereality. Reproduced under Creative Commons licence.