Slashdot Mirror
Tim Cook: "Weakening Encryption Or Taking It Away Harms Good People"
Patrick O'Neill writes: Over the last year, Apple CEO Tim Cook has repeatedly made headlines as a spearpoint in the new crypto wars. As FBI director James Comey pushes for legally mandated backdoors on encryption, Cook has added default strong encryption to Apple devices and vocally resisted Comey's campaign. Echoing warnings from technical experts across the world, Cook said that adding encryption backdoors for law enforcement would weaken the security of all devices and "is incredibly dangerous," he said last night at the Electronic Privacy Information Center awards dinner. "So let me be crystal clear: Weakening encryption or taking it away harms good people who are using it for the right reason."
Too many things these days that don't make sense. If you have a hole in a system it will be abused by malicious people.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Two Words: The Fappening
Imagine Government has access to your private files LEGALLY, such that exposure of your files, your property, your life is completely unprotected by legislation?
Are you honest person? You have something to hide?
Yes, every honest person has a lot to hide and it is called privacy! And it is important that everyone would value their privacy and encrypt everything just in sake of others rights for privacy!
If some authority has problems, they are free to come to knock on my door or call me. I can talk on front door or in the phone.
I think guns should be strongly encrypted and acknowledge that I set the "do not shoot" bit on myself.
Anybody who stands to lose more by having their (illegal) activities uncovered compared to being penalized for using (banned) encryption will still use it, so only the good guys, who don't use it to cover up their criminal activity will stop using encryption. At the same time they will be more exposed to data and identity theft, blackmail and illegal snooping. This just shows how little actually the FBI cares about the safety of common, law-abiding citizens. They don't see their mission as protecting people from becoming victims in the first place, but rather as catching criminals after the fact. It's logical if pretty evil - the more crime there is in USA, the more money and power the FBI gets. But folks - which one of those is better for us? Prevention or prosecution?
This is an exclusive OR. Choose only one.
"Either we build our communications infrastructure for surveillance, or we build it for security. Either everyone gets to spy, or no one gets to spy", as Bruce Schneier says.
"The more prohibitions there are, The poorer the people will be" -- Lao Tse
The advantage Apple has is that they don't rely on advertising for any significant part of their revenue. Which means people who buy their products are still customers, not products. That's a good thing.
"First they came for the slanderers and i said nothing."
But the director of the FBI, would must know what he is talking about, and must know that its just completely wrong.
Of course he knows. He knows better than most people do. When he talks of breaking encryption, he's talking about weakening your encryption, not his. He's going continue to use the most robust tools at his disposal to protect his privacy. But he's the good guy, at least in his mind. You, he's not so sure about.
In the end it doesn't matter what he wants. It's a foolish request that can't be implemented. The tools to communicate securely over unsecure channels are freely available to everyone at no cost. More importantly, we have the math. You can't outlaw math.
Guns have strong offensive uses.
Which are only effectively countered by people defending themselves with guns.
God created Man. Sam Colt made them equal.
Grandma (and the physically disabled, young women, etc) has a chance against a young, fit, male attacker if she has a gun. More than without a gun. Much more than blowing a "rape whistle" and peeing herself, or waiting for police who, in many small towns including the one I live in, typically wait at the donut shop until the shooting is over before arriving to take a report and have the body(s) removed. As one cop told me in a moment of frankness; "I ain't dodging gunfire for no $70k a year and a pension!"
Police in the US have no legal obligation to protect citizens.
Police handle the paperwork. Citizens are the true "first responders".
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
is the same is saying we should not allow people to lock their cars/houses because criminals might hide something behind a locked door.
A bullet may have your name on it but splash damage is addressed "To whom it may concern."
In order to distinguish "right" and "wrong" reasons for privacy, you'd need to look into the communication. Which abolishes privacy.
The whole point of privacy is not to look into communication. In a way, not to let Schrödinger's cat out of the bag.
"None of your business" does not distinguish good and bad business. So I don't really like the pitch of Cook here:
Weakening encryption or taking it away harms good people who are using it for the right reason.
Because it will be immediately followed up by "so let's only weaken encryption and take it away from people who are using it for the wrong reason." And then we get an oversight committee which decides about which reasons are right and wrong, erring on the "safe" side.
Looks like someone at MoneyCNN has an axe to grind.
There has never been any evidence, or any good reason to believe that anyone hacked into iCloud to get pictures of "celebrities". On the other hand, plenty of evidence that there were easy to guess username / password combinations. Plus, the article title is "Tim Cook didn't address Apple's real privacy problem", when the first statement it makes is that Apple actually _did_ address a problem.
You can't distributed signed binaries without having it signed by Apple's CA. Nope. Hence "signed" and "We verify these guys are not doing anything malicious, or we revoke this signature and tell the asshole to piss in the wind and keep the program from launching any more". It's a whopping $100 to go through that process too, mostly so they can establish your identity and proof your not some asshole submitting a thousand pieces of malware an hour in the hope that one or two get through because its completely free to do.
If you're a programmer starting up your own business and can't afford the whopping $100 fee to get your program signed once the entire development cycle is done with, there are several easy workarounds. You can open the program holding down the option key while loading it, or going into preferences and telling it to ignore these checks to begin with. You can then run any code you want without ever seeing the warning again. It's really really hard to do. Its 4 mouse clicks. 4. Or you could not be a cheap ass and be willing to obtain the free developer kit and then $100 for the digital signature and identity verification/non malicious code checks.
Quit frankly, if it's that easy for Tim Cook to fuck your ass, you better not ever go to prison, or you're going to be a world of hurt (literally and figuratively). Same if anyone in the real world ever calls you a bad name or something. Grow a damn spine, man and get real. Or stop posting bullshit. Or get a clue. or all of the above.
So using encryption properly is an offense in the UK.
That's the theory Apple is peddling. It doesn't match up very well with reality though.
Firstly, don't get me wrong, I love Tim Cook's stance. I love that Apple is pushing encryption. I don't want to see them stop. But Silicon Valley needs to move as one here, and this sort of competitive sniping isn't really helping.
The only product Apple has that's actually end to end encrypted is iMessages. But WhatsApp is also encrypted in the same way, and that's owned by Facebook, which makes its money by advertising. So much for that theory.
All the other cloud products Apple has work in exactly the same way as their competitors do: you upload unencrypted documents to Apple, who then store and process them for you. And this is a technological constraint, not a business model constraint. Keeping servers fully blind as to the data they're working with is an open field of academic research. It's not something that Google or Facebook or Twitter or DropBox or whoever are holding back from because they hate privacy. It's just a really hard problem.
And finally Apple does of course have an advertising product. It has iAds. That has not been a successful product for them, but it's not for lack of trying.
So when you actually examine the details of Apple's products, you see that they're not really any different to what their competitors are doing. Cook's statements sound good to the non-expert listener, but it's just marketing.
What's more, there's a rather problematic assumption underlying Cook's position. Apple indeed makes most of its money from the extremely fat margins it makes from iPhone buyers, who consistently pay way over the odds for what they're getting. But it's only possible for Apple to subsidise its cloud offerings via fat hardware margins because Apple ignores the low end of the market. Indeed, given their attempts to destroy Android, it's fair to say Apple not only ignores the low end but would be quite happy if people too poor to buy an iPhone had no smartphone technology at all. Advertising as a business model may not be perfect but it's the reason that people in Africa can buy smartphones for $30 and use services like Google Maps, Search, Photos, etc. People who live outside affluent countries matter too.
Services like SpiderOak sacrifice features people want, in order to get that. For instance, no search. No web preview or editing. Clunky sharing. No password recovery if you forget.
Still, I was mostly thinking about other services. If you look at some of the features Google Photos has like being able to do text search for untagged photos using image recognition, there's no technical way to do that in a blind manner right now.
The problem with weakening encryption is that weaknesses do not care who uses them and once discovered they cannot be corrected. And weaknesses WILL be discovered sooner or later. Probably sooner. There is no way to only let the "good guys" in while keeping the "bad guys" out. You cannot weaken encryption without making it completely useless in the process.
Grandma (and the physically disabled, young women, etc) has a chance against a young, fit, male attacker if she has a gun.
Only if she has it out, loaded, safety off, is capable of pointing it in the right direction before the attack occurs and is aware of where the attack is coming from. It's an absurd hypothetical strawman that NEVER actually happens in the real world. Do you really want granny carrying a sidearm at all times given the extremely remote chance of her actually getting attacked outside of your imagination? Personally that's not a society I care to live in. Firearms have their time and place and I'm not remotely arguing against the 2nd amendment but they aren't what keeps crime in check. Guns are used FAR more often to facilitate crime than to prevent it. Real security comes from a properly structured civil society. Guns play a role but it should be a very minor one.
As one cop told me in a moment of frankness; "I ain't dodging gunfire for no $70k a year and a pension!"
The number of cops that EVER discharge their weapon intentionally in the line of duty is miniscule. It's significantly less than one percent. If your story is true then it shouldn't be surprising at all - almost all cops never have to "dodge gunfire" or shoot at a live person. However if he really wanted a safe job and a pension then he should have picked another line of work. There are easier and safer ways to make a decent living.
Police in the US have no legal obligation to protect citizens.
Police have a legal obligation to enforce the laws and guess what? The laws (usually) protect the citizens. (unless you are a minority - then you are apparently on your own judging by police response times) Countries with far stricter gun control laws somehow miraculously manage to have even better crime statistics than the US and FAR fewer deaths by firearm. Having a civil society isn't merely a result of everyone packing guns and having a Mexican standoff.
Police handle the paperwork. Citizens are the true "first responders".
What a bunch of delusional macho BS. When was the last time you actually saw someone grab a gun and go be a "first responder" to a crime? You haven't. The notion that you are going to protect society with a firearm isn't justified by the evidence. The evidence shows that the odds are FAR higher that the gun will be used in a suicide or result in an accident. I don't have a problem with people owning guns but let's not pretend that the citizenry are marching out to fight crime. If we get to that point I'm moving to someplace civilized.
Although I agree with the comment having been marked improperly by trolls, the statement that elected officials are not there to help us is too broad. Most elected officials get into politics to help people by enabling change. Unfortunately some lose their way and some are bound by promises made which end up casting a shadow over the work they accomplished.
I have met a few people over the years that invested their own money (to avoid ties) with the objective of getting into municipal politics. I know of at least one that made it and did great things for his community.
I'm sure that some elected officials aren't clean but there are many that are even if you don't agree with their view of the future for our society.
So when you actually examine the details of Apple's products, you see that they're not really any different to what their competitors are doing.
Nah, if you work in ad-tech you'll see there's a difference between a company that relies on ads for revenue and one that doesn't.
When an ad company wants to increase revenue, they ask, "how can we show more ads?" or maybe, "how can we increase inventory?"
When a product company wants to increase revenue they say, "how can we get more people to use our product? or maybe, "what new product can we build that people will like?" The focus is still firmly on the customer.
"First they came for the slanderers and i said nothing."
The piece of this that hasn't gotten nearly enough attention is this: Requiring U.S. tech companies to put backdoors in encryption will make U.S. technology anathema in every other country on this planet. U.S. tech companies will lose virtually all of their non-US market immediately, and the rest of it as soon as alternatives become available. (Which they will; the demand will be huge.)