Apple may have denied that hackers breached its iCloud service to steal celebrities' intimate photos, but the reality is that the wave of news stories and blogs covering the hacks have damaged the company and its service's reputation, at least in the short term, said analysts.
An incredible amount of media coverage of the leaked photographs, seemingly all with the word "iCloud" in their headlines, has painted Apple with a tarred brush. And no words from the company can change that.
"Ultimately, though, it doesn't really matter if the hack is or is not Apple's fault; the damage has been done," said Ben Thompson, an independent analyst, in a Tuesday analysis on his Stratechery website (subscription required). "The 'iCloud' name is associated with this mess. [Whether it was or was not Apple's fault] won't matter because people are conditioned to assume iCloud sucks."
Thompson wrote that before Apple issued what was for it a detailed explanation. In a Tuesday statement, Apple denied that the photos had been stolen through a breach of either iCloud or its Find My iPhone feature, as many speculated over the weekend and on Monday. Instead, said Apple, the celebrities' accounts had been "compromised by a very targeted attack on user names, passwords and security questions."
But people held Apple accountable in any case. On Twitter, the actress Kirsten Dunst, one of those whose photos were circulated online, said simply, "Thank you iCloud," but then to make sure her sarcasm was understood, included emojis showing a slice of pizza and a pile of excrement, as in "piece of s***."
The torrent of coverage, which extended to the mainstream media, could not have come at a worse time for Apple, said Jan Dawson, chief analyst at Jackdaw Research.
"If you were thinking about the worst possible Apple story the week before an iPhone launch, it would be this," said Dawson, referring to the Sept. 9 event Apple will host in Cupertino to unveil its newest smartphones, and probably other products as well. "This is a clear and present danger to the underlying platform for things they want to launch. Whether it's payments, home [automation] or health care, the last thing Apple wants is you worrying about breaches."
The problem, as both Thompson and Dawson argued, is that the horse has left the barn. And Apple, while it has done damage control in the past, always seems slow to grasp the nettle. The statement it issued yesterday, for example, has not stopped the churn of stories about the hack; about the nude celebrity photos; about how the photos were obtained, bought and traded; or about Apple's failings to secure its iCloud backups and Photo Stream with two-factor authentication.
"If someone was trying to orchestrate an anti-Apple PR campaign, this would have been the best possible result," said Dawson.
But not everyone believed Apple had taken more than a glancing blow from the incident.
"Honestly, in the long term it doesn't matter at all," said Patrick Moorhead, principal analyst at Moor Insights & Strategy. "Apple has rebounded every single time over the last decade."
Moorhead cited more recent examples than 10 years ago, however, ticking off other times Apple took public relations blows, including "Antennagate" in 2010 and the original Apple Maps debacle in 2012. Both resulted in apologies of sorts from Apple, although Antennagate, a term former CEO Steve Jobs coined, was more argumentative than apology.
"Apple has amassed a lot of credit," said Moorhead, about customers' belief that the company can do no wrong.
Thompson begged to differ. In an updated analysis Wednesday, he pointed out that customers expect the worst from iCloud because Apple historically has done so poorly with online services. "Apple simply does not have any sort of reservoir of goodwill to draw on when it comes to anything having to do with the cloud," Thompson wrote.
Apple's empty reservoir, as Thompson put it, can be traced back to the complete bungling of the launch of MobileMe, iCloud's predecessor, in 2008. Apple managed to recover from the debacle -- heads rolled at the company -- but the firm has never shaken a reputation as an also-ran in online services.
Dawson agreed with Moorhead, saying that it was unlikely the incident would damage Apple's reputation -- iCloud's, specifically -- over the long haul. "It's terribly bad news this week and next, but it will have blown over after that," said Dawson. "I don't think this will have a lasting impact on Apple. Privacy and security concerns blow up occasionally, and it always seems like within 24 hours or so [those concerns] go back to their former levels."
Dawson's attitude wasn't cynical, but simply realistic: Customers demand easy-to-use services, and balk at anything, security provisions included, that get in their way. The continued use of easily-guessed passwords, the reuse of a limited number of passwords, the fact that so-called "security questions" often rely on publicly-available information; and the general distaste for two-factor authentication all are evidence of that behavior.
"The weak link is often the user," said Dawson. "We don't want things any harder than they have to be. So will it ever change? I don't know. Something like [Apple's] TouchID could potentially move us to a different security and privacy model."
The analysts also argued about whether Apple should do more, and say more, than it already has. Some, like Dawson, believe that if Apple did so, it would simply extend the lifespan of the story. "I don't think it's worth their while," Dawson said. "They should certainly ascertain and fix the underlying problems, but doing more would only help perpetuate the story and remind everyone that there was a story in the first place."
For the most part, that's Apple's PR strategy in a nutshell. Traditionally, the company has been extremely hesitant to go into detail about any of its gaffes or blunders. That goes double -- or triple -- when it comes to security issues. Compared to the kind of information that, say, Microsoft doles out about security vulnerabilities and its patches, Apple is a lead-lined box.
Gene Grabowski, senior strategist at Levick, a Washington, D.C. firm that specializes in crisis communications, thought that Apple should go a lot further than stick to the tight-lips policy. "Apple should get its leading [cloud] adopters, prominent businesses and individuals, to speak about the service, demonstrate that they trust the cloud," Grabowski said when asked what he would advise Apple to do.
Grabowski recommended expanding that to an advertising and marketing campaign -- "The whole nine yards," as he put it -- to promote the cloud and its benefits while educating users about the pitfalls.
"It's not just Apple's problem," said Grabowski. "Every major company has cloud-based services. They're all going to have to do some communications work to reassure people."
Why? Because the leak of private information -- and there's evidence that the nude photos of celebrities was just the tip of the proverbial iceberg, the hacking mass hidden under the waterline -- has damaged iCloud specifically, and off-premises services in general.
"Early adopters won't be rattled by this, but there are millions of people who have always been worried by the idea of the cloud," Grabowski said. "The cloud has been an iffy proposition for most business users and personal users of digital services. These nude photos have made global news, and set the cloud back a year or more."
"I get that the Internet has a dark underbelly and that determined perverts with a woman problem would do anything in their power to break into these accounts, but Apple would be in a much stronger position right now had they not had so many cloud missteps in the past," said Thompson.