Poll Shows Falling Trust in Tech Companies' Security Amid Disclosure of Chip Flaws

A nationwide survey conducted shortly after the disclosure of major security flaws in chips widely used in computers and smartphones found that consumer trust has declined over the past six months when it comes to companies like Apple Inc. and Google Inc. keeping personal data safe.

Still, majorities of respondents in the Jan. 4-5 poll said they trust the security practices by Apple, Google, Microsoft Corp. and Amazon.com Inc. -- all companies that offer products or use servers running cloud computing services with microprocessors that are vulnerable to hacking due to the chip bugs known as Meltdown and Spectre.

Fifty-three percent of respondents said they trust Apple with their data, with 32 percent saying they didn't have trust in Apple and 15 percent saying they had no opinion. On Jan. 4, the company said all of its Mac systems and iOS devices, save for Apple Watch, are affected by the chip flaws, which were publicly revealed the previous day by security experts.

The poll of 2,201 U.S. adults has a margin of error of plus or minus 2 percentage points.

Compared with a similar survey in June, consumer trust in Apple is down 7 percentage points, and trust in Google has fallen 5 points, to 60 percent. Amazon fell 6 points, to 63 percent, while 61 percent of poll respondents said they trust Microsoft Corp. to keep their data secure. The June poll did not ask about Microsoft.

“We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers,” Microsoft said in a Tuesday email statement in response to an inquiry from Morning Consult.

The company added that it has posted online guidance for customers about the fixes made to cloud services and security updates, and said that as of Tuesday it had not received any information that indicates the recently revealed vulnerabilities have been used to attack its customers.

Amazon, Apple and Google did not respond to requests for comment.

After researchers disclosed the security issues, Amazon, Google, Microsoft and Apple pushed out software updates for the vulnerabilities, many of which require consumer action to update their operating systems.

The vulnerabilities affect processing chips made by manufacturers like Intel Corp., Advanced Micro Devices Inc., ARM Holdings and Qualcomm Inc., meaning anyone using a desktop, laptop, smartphone or cloud service from Apple, Google, Amazon or Microsoft is vulnerable to hacking.

Yet because almost all the world's computers are affected by the chip flaws, news about the vulnerabilities is not likely to affect people's electronics buying habits or cause them to blame a specific company, said Jamil Jaffer, founder of the National Security Institute at George Mason University’s Antonin Scalia Law School.

“This feels a bit like Y2K,” Jaffer said by email Monday, referring to widespread fears in 1999 that computers would not be able to recognize the year 2000 because programmers used only two digits to record the year. “It’s one of those problems that’s just so massive, people are having a hard time relating to it and figuring out how to deal with it.”

"This situation will continue to encourage companies to identify these kind of problems in the future and take actions to remediate them,” he added. “They recognize this doesn’t help their bottom line either."

The fast-moving nature of technology means glitches are inevitable, and few tech companies correctly communicate those issues with consumers, said James Norton, president of homeland security and cybersecurity firm Play-Action Strategies LLC.

“With technology does come a responsibility that companies haven’t necessarily accepted yet,” Norton, who was a senior official at the Department of Homeland Security during the George W. Bush administration, said in a Monday interview.

That necessary cooperation between multiple parties, including the consumer, to ensure a fix is what differentiates this threat from previous security concerns like last year's Equifax data breach, according to Megan Stifel, cybersecurity policy director at digital rights group Public Knowledge.

Stifel said in an interview Monday that the Meltdown and Spectre bugs, as well as similar incidents, should push companies to publish transparent criteria about their security practices that can easily be communicated to consumers, similar to how they promote their environmental policies by putting out reports about their green practices.

“Did the company follow good developing practices when they put it together? Have they made identifiable processes for vulnerabilities?" she said. "We need to think about cybersecurity much more holistically."