Tim Cook: "Weakening Encryption Or Taking It Away Harms Good People"

Patrick O'Neill writes: Over the last year, Apple CEO Tim Cook has repeatedly made headlines as a spearpoint in the new crypto wars. As FBI director James Comey pushes for legally mandated backdoors on encryption, Cook has added default strong encryption to Apple devices and vocally resisted Comey's campaign. Echoing warnings from technical experts across the world, Cook said that adding encryption backdoors for law enforcement would weaken the security of all devices and "is incredibly dangerous," he said last night at the Electronic Privacy Information Center awards dinner. "So let me be crystal clear: Weakening encryption or taking it away harms good people who are using it for the right reason."

Re:How do you "take away" encryption?

[GrahamCox]

WTF are you talking about? I can and do write code on my iOS and Mac devices and Mr Cook and his company provide the tools to do it.

Re:How do you "take away" encryption?

You can't distributed signed binaries without having it signed by Apple's CA. Nope. Hence "signed" and "We verify these guys are not doing anything malicious, or we revoke this signature and tell the asshole to piss in the wind and keep the program from launching any more". It's a whopping $100 to go through that process too, mostly so they can establish your identity and proof your not some asshole submitting a thousand pieces of malware an hour in the hope that one or two get through because its completely free to do.

If you're a programmer starting up your own business and can't afford the whopping $100 fee to get your program signed once the entire development cycle is done with, there are several easy workarounds. You can open the program holding down the option key while loading it, or going into preferences and telling it to ignore these checks to begin with. You can then run any code you want without ever seeing the warning again. It's really really hard to do. Its 4 mouse clicks. 4. Or you could not be a cheap ass and be willing to obtain the free developer kit and then $100 for the digital signature and identity verification/non malicious code checks.

Quit frankly, if it's that easy for Tim Cook to fuck your ass, you better not ever go to prison, or you're going to be a world of hurt (literally and figuratively). Same if anyone in the real world ever calls you a bad name or something. Grow a damn spine, man and get real. Or stop posting bullshit. Or get a clue. or all of the above.

Re:Signs you are in trouble

[IamTheRealMike]

The advantage Apple has is that they don't rely on advertising for any significant part of their revenue.

That's the theory Apple is peddling. It doesn't match up very well with reality though.

Firstly, don't get me wrong, I love Tim Cook's stance. I love that Apple is pushing encryption. I don't want to see them stop. But Silicon Valley needs to move as one here, and this sort of competitive sniping isn't really helping.

The only product Apple has that's actually end to end encrypted is iMessages. But WhatsApp is also encrypted in the same way, and that's owned by Facebook, which makes its money by advertising. So much for that theory.

All the other cloud products Apple has work in exactly the same way as their competitors do: you upload unencrypted documents to Apple, who then store and process them for you. And this is a technological constraint, not a business model constraint. Keeping servers fully blind as to the data they're working with is an open field of academic research. It's not something that Google or Facebook or Twitter or DropBox or whoever are holding back from because they hate privacy. It's just a really hard problem.

And finally Apple does of course have an advertising product. It has iAds. That has not been a successful product for them, but it's not for lack of trying.

So when you actually examine the details of Apple's products, you see that they're not really any different to what their competitors are doing. Cook's statements sound good to the non-expert listener, but it's just marketing.

What's more, there's a rather problematic assumption underlying Cook's position. Apple indeed makes most of its money from the extremely fat margins it makes from iPhone buyers, who consistently pay way over the odds for what they're getting. But it's only possible for Apple to subsidise its cloud offerings via fat hardware margins because Apple ignores the low end of the market. Indeed, given their attempts to destroy Android, it's fair to say Apple not only ignores the low end but would be quite happy if people too poor to buy an iPhone had no smartphone technology at all. Advertising as a business model may not be perfect but it's the reason that people in Africa can buy smartphones for $30 and use services like Google Maps, Search, Photos, etc. People who live outside affluent countries matter too.

Re: Signs you are in trouble

[IamTheRealMike]

How is this a hard problem? The Spideroak cloud storage service does this; uploaded files are encrypted before they leave your machine. Even the file names are secret; the servers have zero knowledge of the file's name or type or contents.

Services like SpiderOak sacrifice features people want, in order to get that. For instance, no search. No web preview or editing. Clunky sharing. No password recovery if you forget.

Still, I was mostly thinking about other services. If you look at some of the features Google Photos has like being able to do text search for untagged photos using image recognition, there's no technical way to do that in a blind manner right now.