Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

Posted by timothy on from the our-cooperation-was-strictly-reluctant dept.

Apple CEO Tim Cook insists that Apple doesn't read -- in fact, says Cook, cannot read -- user's emails, and that the company's iCloud service wasn't hacked. ZDNet presents highlights from Cook's lengthy, two-part interview with Charlie Rose. One selection of particular interest: Apple previously said that even it can't access iMessage and FaceTime communications, stating that such messages and calls are not held in an "identifiable form." [Cook] claimed if the government "laid a subpoena," then Apple "can't provide it." He said, bluntly: "We don't have a key... the door is closed." He reiterated previous comments, whereby Apple has said it is not in the business of collecting people's data. He said: "When we design a new service, we try not to collect data. We're not reading your email." Cook went on to talk about PRISM in more detail, following the lead from every other technology company implicated by those now-infamous PowerPoint slides.

25 of 191 comments (clear)

  1. Is this technically impossible - no. by queazocotal · · Score: 4, Interesting

    Is it legally possible... Not everywhere certainly.
    http://www.cnet.com/uk/news/in...
    Is he required to lie about this?

    1. Re:Is this technically impossible - no. by Pieroxy · · Score: 5, Insightful

      He makes a fair point. The data stored at Apple does not generate revenue for Apple, at the contrary of Google - where your emails are scanned for content to target ads at your eyeballs.

      Now, jumping from that to "We cannot do it even if we wanted to" is quite a leap forward. I'm not sure I trust that part of the statement.

      --
      Write boring code, not shiny code!
    2. Re:Is this technically impossible - no. by fustakrakich · · Score: 5, Insightful

      Is he required to lie about this?

      Very likely, if I can read my mail, so can he. It's only logical.

      --
      “He’s not deformed, he’s just drunk!”
    3. Re:Is this technically impossible - no. by Anonymous Coward · · Score: 5, Insightful

      Wrong! They have the ability to reset your password without losing your data so they would need to have either have access to the password itself or the keys to decrypt stored data.

    4. Re:Is this technically impossible - no. by mean+pun · · Score: 4, Informative

      For these people, with their resources, your "encryption", unless it's a one time pad, is no better than ROT13.

      From the Snowdon leaks it looks like even the NSA cannot crack properly used strong encryption. That's why they try to harvest or weaken keys, try to get in before or after encryption, or use traffic (metadata) analysis.

    5. Re:Is this technically impossible - no. by Anubis+IV · · Score: 5, Informative

      Very likely, if I can read my mail, so can he. It's only logical.

      The fact that an organization acts as a conduit for delivering messages does not necessitate that they have the ability to read the contents of those messages. The one does not follow from the other. It may be likely that the two go hand-in-hand, but by no means is it logical that they would do so.

      The various white papers and other security documents Apple has released over the last year or two make it clear that they claim they do not hold the private keys necessary to decrypt their users' data. Those private keys reside on the devices of the users, with unique keys being generated for each device and unique copies of the data being maintained separately for each device. For instance, in the case of iMessages, here's how Apple claims they work:
      1) I type up an iMessage to send to another Apple user and press Send.

      2) My device queries Apple's servers for the public key(s) of the recipient, which could be numerous if they've configured iMessages to arrive on multiple devices.

      3) My device creates and encrypts one copy of the message for each device, using the public key that is specific to each device for the copy going to it.

      4) My device signs the copies using its private key.

      5) The iMessage is sent to Apple, who then forwards it and immediately deletes it, unless they can't deliver it, in which case it'll stay queued for up to 7 days.

      6) The recipient's device verifies the signature against my public key and then decrypts the message using its own private key.

      Assuming the system works as described, Apple shouldn't have access to the content of the messages. Whether or not you believe that it works as described is a matter of how much faith you put in corporations and/or the governments that might be compelling them to insert backdoors. For instance, there are trivial ways that they can circumvent their own systems to gain access to messages, without having to compromise the private keys at all. The easiest way I can imagine would be to simply provide the public key of a wiretapping device in addition to the other keys in step #2 above. Unless you're sniffing your own traffic to ensure that you're sending EXACTLY what you're expecting to send, you'd never notice that you've sent out an extra copy of the message, and would be entirely unaware that it had landed on a government agent's device as well.

      But again, it isn't logical that they would have that sort of access. "Likely", given the state of things? Sure. But logical? By no means. Again, the one does not follow from the other. Particularly so in the case of Apple, since their money comes from hardware sales, not from monetizing the user's information, so it's in their best interests to make those devices as secure to use as possible.

    6. Re:Is this technically impossible - no. by unrtst · · Score: 3, Interesting

      Assuming the messages are encrypted on Apples servers at all, they would likely be encrypted with a random key, and a copy of that key would then get encrypted with your password, and another copy encrypted with something support can use (ie. apple owned), so that changing your primary password does not change the underlying key, but just changes the encryption on the copy. There may be multiple layers in there, and public key/private key stuff, etc, but that's one simple description of how, for example, you can send an S/MIME encrypted email to multiple recipients (primary message is encrypted once; its key is encrypted by the public key of each recipient and attached to the email; their private key can decrypt the key and read the message).

      That said, my gut doubts there's much encryption going on. This quote:

      such messages and calls are not held in an "identifiable form."

      ... I've heard similar from many C-line (ceo/cto/etc) calls and RFC's (ex. discussing PCI-DSS or SSN security). It generally means there's just an extra hop between foreign keys. I mean, it's obvious that the messages are identifiable from some perspective (your phone), so the breadcrumbs are there somewhere. Things that get downloaded or are real time (SMS and calls)... maybe they remove the lookup and leave the original data? There's still some ID on them.

    7. Re:Is this technically impossible - no. by Trailer+Trash · · Score: 5, Insightful

      People are conflating the "iMessage & Facetime" part of the quote with the "email" part. He says that they cannot (that is to say "do not have the ability") to read iMessage & Facetime. He then states that they do not read your email. People are pulling the "cannot" along with them when they read that sentence, but it doesn't say that they cannot read email, only that they choose to not read your email.

      Your description of the iMessage encryption is good, but what the original poster said was true given a few constraints. So let me restate it in a logically consistent manner: if I can read my icloud email on any browser then apple also has the ability to read it.

      But, but, maybe they encrypt it using your password on their server! If they did, "change password" would always require the old password and if you forgot your password your email would be lost forever. So, no, they're not doing that.

      The bottom line is that if they can show me my email in any browser (which they can) then they can also read it trivially.

      This isn't inconsistent with Cook's statement - he merely says that they choose to not do that.

      --
      Do you have ESP?
    8. Re:Is this technically impossible - no. by Tuidjy · · Score: 4, Interesting

      I personally don't believe that the NSA can't crack strong encryption.

      I'm not quite sure what you are saying. It sounds to me as if you think that there is no encryption strong enough that the NSA cannot crack it. This is completely false.

      A simple example is using one time pad encryption. Without the pad, you you cannot even theoretically crack it. Try every possible pad, and you will get every possible message of the proper length - some of them will make perfect sense, so you will not be able to find the right one.

      Taking it a bit further, there are encryptions that would take too long to crack, if they are properly executed, and the NSA does not have a backdoor. And by too long, I mean that there is not enough time before the heat death of the Universe.

      Hell, I am perfectly sure that I could establish communication with some of my friends from college that could not be cracked, even theoretically. I would have to exchange some information with them in a secure manner before hand, of course. But I would never take the risk of doing something like this. It would attract the wrong kind of attention.

      --
      No good deed goes unpunished...
    9. Re:Is this technically impossible - no. by Tuidjy · · Score: 3, Interesting

      One time pads are not worthless in practice, at all.

      Whether you are a criminal, or a government agent, at some point you will be in a secure location, and you will be able to exchange the pads. The USB stick in my pocket can hold more data than I expect to exchange with any of my friends in the course my lifetime. How long to you think encrypted messages need to be?

      But even that is less secure than what you could do.

      Hell, if I was writing a novel about smart criminals, and wanted them to be capable of secure communication, this is what I have them do:

      They would meet in the big boss's hacienda, and they would agree to use one of the 50000 books available on project Gutenberg. The page to use as an one time pad would be selected via a function of the day the message is sent. The function would be simple enough to memorize.

      When one of the party wants to send a message, they would take a picture they have a plausible reason to send, and would use a hex editor, on a PC physically disconnected from the Internet, to manually change a subset of low-significance color bits. Again, the subset will be determined by a rule that is easily memorized.

      Yes, the process is laborious, and I would have them do it twice, and then compare the two resulting pictures. If they do not match, they will have to do it again. Once the pictures match, wipe (properly) the originals (from everywhere: camera, usb, secure computer) and send the modified picture, accompanied with an innocuous and appropriate message.

      Obviously, the encrypted messages would need to be short, but this process will not attract any attention, and will rely on memorized rules, publicly available data, and programs that would not draw anyone's attention.

      What is the NSA doing to do? Suspect anyone sending pictures to his friends? Try, as a one time pad, every page on every book available on Gutenberg, or the myriads of pirated book libraries in China, Russia, Ukraine, etc?

      I cannot think of any weakness of this system. Can you? And even if it is completely stupid, I bet you two things: there are plenty of people who can come up with a better one, and plenty of people who are getting away with using a worse one.

      --
      No good deed goes unpunished...
  2. Poor Apple by obarthelemy · · Score: 4, Interesting

    It seems they've picked "privacy" as a fighting point vs Google. They don't seem to realize that people either
    1- don't care anyway
    or
    2- care, and know Apple is bullshitting.

    --
    The Cloud - because you don't care if your apps and data are up in the air.
  3. Re:Lie. by Sockatume · · Score: 4, Informative

    ...because that's not what he actually said. He has previously stated that iMessage and Facetime, by design, can't be intercepted (it's all encrypted client-side); in this new interview he stated that they don't read your email, and that as a general principle they try to design systems so that they can't capture data, or at the very least aren't capturing anything they don't need to do what they're supposed to be doing.

    --
    No kidding!!! What do you say at this point?
  4. tanslation for the masses: by nimbius · · Score: 4, Interesting

    Tim cook, talking head who has only ever held managerial roles in various fortune 100 companies, expels platitudes about the sanctity of the iGalaxy for users who slept through FISA and NSA backdoors and only recently began giving a shit when selfies and nudes were leaked from the magical cloud by notorious hacker 4chan.

    --
    Good people go to bed earlier.
  5. Re:If true thats great by binarylarry · · Score: 4, Funny

    Yeah I can't wait until he starts saying:

    "Bono and the Edge totally pulled a fast one on us. Apple has no way of automatically installing horrible music on your devices with your permission."

    --
    Mod me down, my New Earth Global Warmingist friends!
  6. Re:Not Hacked? by jratcliffe · · Score: 5, Insightful

    Actually, it's more the distinction between "they broke into the bank vault and went through your safety deposit box" and "they pickpocketed you, and used your key and a fake ID to get into your safety deposit box."

  7. iAD http://advertising.apple.com/ since iOS4 by tuppe666 · · Score: 4, Informative

    "With iAD you can get your message out to millions of people worldwide who use Apple products every day. Connect with users as they listen to music on iTunes Radio or while they use their favourite App Network. Find your audience using targeted tools built upon a foundation of registration and media consumption datahttp://www.youtube.com/watch?v... start at 44 Min The idea is you spy on people in Apps not in search, because people spens 97% of their time in apps

  8. Re:Lie. by jddj · · Score: 3, Insightful

    Look, where would ./ be if posters read TFA?

    Looks to me like the ./ summary is claiming something that the ZDNet article does not. So yeah, not a lie on Cook's part, or not one the ZDNet article demonstrates anyway.

    I still wouldn't trust any company not to hand over my information to the government. Lavabit was one hell of an exception, and one geeks the world over should be proud of.

    Neither would I trust that email content I didn't personally encrypt with my own keys couldn't be seen by others.

    Apple doesn't have to be relaying email for others in order for Apple to be able to see the contents of all SMTP traffic that transits or terminates at their mail servers. SSL for SMTP means nothing if the mail server is pwned or intentionally logging stuff due to a business mandate or government subpoena or pressure.

    So Tim Cook didn't tell that particular lie. Good. But "We don't read your email" is an assertion, and one generally impossible to prove true (though more easily possible to prove false, given a certain amount of evidence).

  9. The old Jackie Mason routine by superwiz · · Score: 3, Insightful

    Reagan was happy, he was always smiling

    They asked him, "what about the defiicit?"

    He said, "there is no deficit!"

    They told him, "but there is!"

    So he said, "so there is."

    ...

    30 years later

    There is is no emal theft! But there is!.... waaaait for it.

    --
    Any guest worker system is indistinguishable from indentured servitude.
  10. Re:Lie. by bberens · · Score: 4, Informative

    This can't be true. Or at least if it is true they have the encryption key. If your password was required to access the e-mail data, then if you lost your password you'd lose access to all of your historical data during a password reset.

    --
    Check out my lame java blog at www.javachopshop.com
  11. Re:Not Hacked? by fustakrakich · · Score: 3, Insightful

    It's why you can't sentence a corporation to death...

    Ah, but you can. Its charter can be revoked, should we ever vote for people who would do such a thing, but that's not very likely.

    --
    “He’s not deformed, he’s just drunk!”
  12. Re:What infamous PPT? by Anubis+IV · · Score: 3, Informative

    The PRISM PowerPoint slides leaked by Snowden.

  13. Re:Not really a lie by H0p313ss · · Score: 3, Informative

    iCloud.com addresses are required for most of iCloud's services. Without iCloud loses a lot of functionality.

    Guess what I don't have

    Not true, you can register with iCloud with another email address, however it will then automatically allocate an iCloud.com address for you, but you don't have to use it nor does it limit the functionality. (This is what I do...)

    --
    XML is a known as a key material required to create SMD: Software of Mass Destruction
  14. Re:If true thats great by ahaweb · · Score: 4, Funny

    That's like calling spam "free advice".

  15. False Headline by Bob9113 · · Score: 4, Insightful

    Tim Cook Says Apple Can't Read Users' Emails,

    No he didn't.

    Apple previously said that even it can't access iMessage and FaceTime communications, stating that such messages and calls are not held in an "identifiable form." [Cook] claimed if the government "laid a subpoena," then Apple "can't provide it." He said, bluntly: "We don't have a key... the door is closed." He reiterated previous comments, whereby Apple has said it is not in the business of collecting people's data. He said: "When we design a new service, we try not to collect data. We're not reading your email."

    He said they cannot read iMessage and FaceTime, and they are not reading your email. That is a very important distinction. It might be one he was hoping you would miss, and you did miss it, but he did not say they can't access your email.

    And I'm not blowing sunshine up his skirt. I came here intending to kick him in the balls (metaphorically, of course) for lying, but he didn't.

    Pro-tip: If any system includes a password recovery mechanism that allows you to get back messages, then the administrator of the password recovery system can read your back messages.

    --
    Stop-Prism.org: Opt Out of Surveillance
  16. Subject & summary disagree by Aaden42 · · Score: 3, Interesting

    Article subject says, “email,” but TFS says, “iMessages.” Those are different things, and the security of them is handled very differently because the mechanism of access is very different.

    Apple being unable to access emails is impossible since they must deliver them in plain text to plain-old IMAP clients that don’t support decryption or key storage.

    Apple being unable to access iMessage contents is plausible. My understanding of the protocol is something like this:

    Alice starts texting Bob’s phone number. Alice’s iDevice contacts Apple’s servers to see if Bob’s phone number is registered with iMessage. If not, Alice’s device sends a plain-old SMS. If it is, Alice’s device receives a list of public keys for each of Bob’s registered iDevices. Alice’s iDevice encrypts the message with a session key, then encrypts that session key to each of Bob’s public keys. Her device transmits the encrypted message to Apple’s servers which then transmit it to each of Bob’s devices as they become accessible. Each of Bob’s registered devices can use its private key to decrypt one of the encrypted session key blocks, then use that to decrypt the message.

    The private key to decrypt session keys never leaves Bob’s device. The session key never travels in the clear outside Alice’s or Bob’s devices. Apple can retrieve sender/recipient info (ye olde metadata), but no message contents.

    The one gotcha to all of that is that since Apple controls all SSL certs involved in the process, they could MitM attack the process if they so-choose (or were so-ordered). There’s no certificate pinning or checking implemented, so Alice’s iDevice has no way of knowing if the public keys it retrieved for Bob’s iDevices might also include an extra key held by Apple or LEO.

    Assuming Apple is compelled to intercept messages from Alice starting at a particular date, messages sent before that date at rest on their server should remain secure (unless they’re lying and are currently MitM or escrowing keys). New messages sent while the MitM was active could be decrypted and provided to LEO. Whether or not they’re performing an MitM at present should be detectable by analyzing the traffic during new device registration or sending messages — IE if Alice checks the keys received and confirms them all with Bob manually (jailbreak most likely required). If they don’t match or there’s an extra key, something’s wrong.

    There’s an in-depth protocol analysis of iMessage here: http://blog.quarkslab.com/imes...

    Scroll to the bottom for the tl;dr on that analysis. That post also includes proof of concept software to check for an active MitM attack, at least on iMessage for Mac.

    tl;dr: Apple is in a trusted position where they could intercept message on a per-user basis if compelled to do so, but the general case of iMessage working as intended leaves messages encrypted on their server with keys they don’t have. I’m not aware of any way that Apple could perform that attack in an undetectable fashion, though performing that detection is well beyond the ability of most users.