Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

Posted by timothy on from the our-cooperation-was-strictly-reluctant dept.

Apple CEO Tim Cook insists that Apple doesn't read -- in fact, says Cook, cannot read -- user's emails, and that the company's iCloud service wasn't hacked. ZDNet presents highlights from Cook's lengthy, two-part interview with Charlie Rose. One selection of particular interest: Apple previously said that even it can't access iMessage and FaceTime communications, stating that such messages and calls are not held in an "identifiable form." [Cook] claimed if the government "laid a subpoena," then Apple "can't provide it." He said, bluntly: "We don't have a key... the door is closed." He reiterated previous comments, whereby Apple has said it is not in the business of collecting people's data. He said: "When we design a new service, we try not to collect data. We're not reading your email." Cook went on to talk about PRISM in more detail, following the lead from every other technology company implicated by those now-infamous PowerPoint slides.

9 of 191 comments (clear)

  1. Not Hacked? by rainwater · · Score: 2, Informative

    Technically it wasn't hacked but Apple's poor security practices for password resets is what led to user's accounts to be compromised.

  2. Re:Lie. by Sockatume · · Score: 4, Informative

    ...because that's not what he actually said. He has previously stated that iMessage and Facetime, by design, can't be intercepted (it's all encrypted client-side); in this new interview he stated that they don't read your email, and that as a general principle they try to design systems so that they can't capture data, or at the very least aren't capturing anything they don't need to do what they're supposed to be doing.

    --
    No kidding!!! What do you say at this point?
  3. iAD http://advertising.apple.com/ since iOS4 by tuppe666 · · Score: 4, Informative

    "With iAD you can get your message out to millions of people worldwide who use Apple products every day. Connect with users as they listen to music on iTunes Radio or while they use their favourite App Network. Find your audience using targeted tools built upon a foundation of registration and media consumption datahttp://www.youtube.com/watch?v... start at 44 Min The idea is you spy on people in Apps not in search, because people spens 97% of their time in apps

  4. Re:Lie. by bberens · · Score: 4, Informative

    This can't be true. Or at least if it is true they have the encryption key. If your password was required to access the e-mail data, then if you lost your password you'd lose access to all of your historical data during a password reset.

    --
    Check out my lame java blog at www.javachopshop.com
  5. Re:Is this technically impossible - no. by mean+pun · · Score: 4, Informative

    For these people, with their resources, your "encryption", unless it's a one time pad, is no better than ROT13.

    From the Snowdon leaks it looks like even the NSA cannot crack properly used strong encryption. That's why they try to harvest or weaken keys, try to get in before or after encryption, or use traffic (metadata) analysis.

  6. Re:Is this technically impossible - no. by Anubis+IV · · Score: 5, Informative

    Very likely, if I can read my mail, so can he. It's only logical.

    The fact that an organization acts as a conduit for delivering messages does not necessitate that they have the ability to read the contents of those messages. The one does not follow from the other. It may be likely that the two go hand-in-hand, but by no means is it logical that they would do so.

    The various white papers and other security documents Apple has released over the last year or two make it clear that they claim they do not hold the private keys necessary to decrypt their users' data. Those private keys reside on the devices of the users, with unique keys being generated for each device and unique copies of the data being maintained separately for each device. For instance, in the case of iMessages, here's how Apple claims they work:
    1) I type up an iMessage to send to another Apple user and press Send.

    2) My device queries Apple's servers for the public key(s) of the recipient, which could be numerous if they've configured iMessages to arrive on multiple devices.

    3) My device creates and encrypts one copy of the message for each device, using the public key that is specific to each device for the copy going to it.

    4) My device signs the copies using its private key.

    5) The iMessage is sent to Apple, who then forwards it and immediately deletes it, unless they can't deliver it, in which case it'll stay queued for up to 7 days.

    6) The recipient's device verifies the signature against my public key and then decrypts the message using its own private key.

    Assuming the system works as described, Apple shouldn't have access to the content of the messages. Whether or not you believe that it works as described is a matter of how much faith you put in corporations and/or the governments that might be compelling them to insert backdoors. For instance, there are trivial ways that they can circumvent their own systems to gain access to messages, without having to compromise the private keys at all. The easiest way I can imagine would be to simply provide the public key of a wiretapping device in addition to the other keys in step #2 above. Unless you're sniffing your own traffic to ensure that you're sending EXACTLY what you're expecting to send, you'd never notice that you've sent out an extra copy of the message, and would be entirely unaware that it had landed on a government agent's device as well.

    But again, it isn't logical that they would have that sort of access. "Likely", given the state of things? Sure. But logical? By no means. Again, the one does not follow from the other. Particularly so in the case of Apple, since their money comes from hardware sales, not from monetizing the user's information, so it's in their best interests to make those devices as secure to use as possible.

  7. Re:What infamous PPT? by Anubis+IV · · Score: 3, Informative

    The PRISM PowerPoint slides leaked by Snowden.

  8. Re:Not really a lie by H0p313ss · · Score: 3, Informative

    iCloud.com addresses are required for most of iCloud's services. Without iCloud loses a lot of functionality.

    Guess what I don't have

    Not true, you can register with iCloud with another email address, however it will then automatically allocate an iCloud.com address for you, but you don't have to use it nor does it limit the functionality. (This is what I do...)

    --
    XML is a known as a key material required to create SMD: Software of Mass Destruction
  9. Re:Is this technically impossible - no. by Anonymous Coward · · Score: 0, Informative

    They are apple, they don't need to, they have the crypto keys and server to force anything that want on your phone, if they want you email it's rather trivial to force an app onto the phone that gives you the key. See the U2 thing, they forced mp3s onto phone and called it a feature. From a technical standpoint it's rather trivial, though Apple probably doesn't bother with that, you never know really. I suspect they do give the NSA access to do that if they want to.