Slashdot Mirror

← Back to Stories (view on slashdot.org)

Should Edward Snowden Trust Apple To Do the Right Thing?

Posted by timothy on from the manifold-motives dept.

Nicola Hahn writes: As American lawmakers run a victory lap after passing the USA Freedom Act of 2015, Edward Snowden has published an op-ed piece which congratulates Washington on its "historic" reform. He also identifies Apple Inc. as a champion of user privacy. Snowden states: "Basic technical safeguards such as encryption — once considered esoteric and unnecessary — are now enabled by default in the products of pioneering companies like Apple, ensuring that even if your phone is stolen, your private life remains private." This sort of talking point encourages the perception that Apple has sided with users in the battle against mass surveillance. But there are those who question Snowden's public endorsement of high-tech monoliths. Given their behavior in the past is it wise to assume that corporate interests have turned over a new leaf and won't secretly collaborate with government spies?

11 of 196 comments (clear)

  1. The basic tenet of security by ColdWetDog · · Score: 5, Insightful

    Is that you don't trust nobody.

    I can't imagine actually 'trusting' Apple or any other corporation or government. Give them a pat on the back for making security easier - sure. Trusting them, not so much.

    --
    Faster! Faster! Faster would be better!
    1. Re:The basic tenet of security by praxis · · Score: 5, Insightful

      You must trust some things some times with some data, or you can get no meaningful work done. Balancing that trust (the risk) with that data (the value) is what security is about. I put this data, that I just wrote, on this website, because it is low value and low risk. I wouldn't post here my social-security number because that would be high risk. I wouldn't post my private key here either, but I do store my private key on a hard drive I did not build myself nor did I verify myself running an OS I did not build myself nor did I verify myself because while it's high value, it is low risk due to the many rounds of secure math protecting it.

      As to trusting Apple or any other corporation or government. You implicitly trust your hardware manufacturers, all of them, unless you build your own hardware from scratch. Same goes for software, even open source software.

    2. Re:The basic tenet of security by nine-times · · Score: 4, Insightful

      I trust nobody

      Bullshit. As praxis pointed out, you trust some people, sometimes, with some data. Otherwise you wouldn't post here. At a bare minimum, you've trusted Slashdot with your username and password, and you've trusted us, the Slashdot readership, with the contents of your post. What's more, whatever computer you're working on has at least hardware (with BIOS/firmware), an OS, and a web browser. You've trusted whoever made all of those things. Even if you are using FOSS, unless you've performed a thorough code review of the sort that you would perform on a suspected virus, you've trusted the community to review the code and remove security threats. Even if you encrypt your data, you're trusting whoever wrote the encryption software, along with the people who created the platform that the encryption software runs on, to be both honest and competent.

      What praxis was pointing out, which is entirely correct, is that security is not about being "absolutely secure". It's about balancing "making things accessible to those who I'd like to grant access" against "making things inaccessible to those who I would not like to have access." It inherently includes trusting authorized users, but also it pretty much always includes some level of trust (not necessarily absolute trust) of some 3rd parties. When you put money in the bank, you're putting some trust in the people who own the bank, in the bank's guards and tellers, in the police to protect the bank, and in the government to oversee the whole system and provide legal recourse if anyone else violates your trust. You don't have to trust any of those people absolutely, but that's because of the security practice of dispersing trust among multiple parties.

      So no, you're trusting someone, whether you admit to it or not.

  2. What reform? by CrimsonAvenger · · Score: 4, Insightful

    The only real change as a result of this law is that the telecoms have to pay to collect & store the information that the Feds used to do themselves.

    So now they'll have to get their secret court to rubberstamp a warrant for them instead of just emailing a request downstairs when they want some information on someone. Big whoop!

    --

    "I do not agree with what you say, but I will defend to the death your right to say it"
  3. Re:Behaviour in the past? by gstoddart · · Score: 4, Insightful

    None of the tech companies have been shown to be co-operating voluntarily

    Quite honestly, does it matter if this is voluntary?

    When you have secret laws which say "give us this or else", WTF difference does 'voluntary' matter?

    Even the transparency reports say "we can't actually tell you what we did because we're under a gag order".

    Unless the government no longer has secret laws, or tech companies stand up to them and implement tech which doesn't have built in security bypass ... voluntary don't mean a damned thing.

    --
    Lost at C:>. Found at C.
  4. There appears to have been a sea change by 93+Escort+Wagon · · Score: 3, Insightful

    It's still an open question how much we should trust companies like Google and Apple... with regards to their internal motivation and plans. However (anecdotally, at least) it seems pretty obvious these companies learned from Snowden's leaked documents just how much the government was screwing them, and they've seen how it's hit their bottom line - any trust that might've previously existed is gone.

    Remember the (anecdotal) reaction of the Google engineers when they heard how the NSA was tapping their unencrypted intra-datacenter communications?

    --
    #DeleteChrome
    1. Re:There appears to have been a sea change by Anonymous Coward · · Score: 2, Insightful

      It's still an open question how much we should trust companies like Google and Apple... with regards to their internal motivation and plans. However (anecdotally, at least) it seems pretty obvious these companies learned from Snowden's leaked documents just how much the government was screwing them, and they've seen how it's hit their bottom line - any trust that might've previously existed is gone.

      Remember the (anecdotal) reaction of the Google engineers when they heard how the NSA was tapping their unencrypted intra-datacenter communications?

      Snowden's revelations have either hurt or in some cases come close to ruining the business of many US companies. While it is the norm on this forum to assume the worst about large corporations in particular, In many cases companies have suffered damage without collaborating in any way with the NSA that has yet been proven. Cisco for example has been losing sales not because they allowed the NSA to screw around with their equipment but rather because the NSA intercepted their shipments. I don't expect corporations to be reluctant to cooperate with the NSA in future out of some moral idealism, companies will be reluctant to cooperate with the NSA simply because this affair has taught them that cooperating can result in a serious impact on their bottom line and if there is another Snowden that impact might be even worse.

    2. Re:There appears to have been a sea change by 93+Escort+Wagon · · Score: 3, Insightful

      Snowden's revelations have either hurt or in some cases come close to ruining the business of many US companies.

      No, in reality it is the NSA's formerly-hidden behavior that has hurt these businesses.

      If you are stealing from your employer, and I provide documentation of that fact which results in your getting fired - I'm not to blame for the loss of your job, you are.

      --
      #DeleteChrome
  5. Re:why is Eric snowden an expert on security by Anonymous Coward · · Score: 5, Insightful

    You seem to be upset that Snowden leaked information containing the horrible acts of our Government and it's military, yet you're not upset that the government and it's military were doing these horrible things. I think your priorities are askew.

  6. Right thing == PR ... by gstoddart · · Score: 4, Insightful

    I trust corporations to do the "right thing" inasmuch as PR dictates there is a public perception that this is important.

    But I do not trust corporations to ever do the "right thing" out of a corporate sense of morality.

    I expect corporations to act like vicious sociopaths trying not to be noticed and miming "the right thing" without actually giving a damn.

    Trusting the moral compass of a corporation is a pathetic joke and a lie.

    --
    Lost at C:>. Found at C.
  7. No reason to trust by endus · · Score: 5, Insightful

    I see no reason to trust Apple or any similar companies whatsoever. They have betrayed consumers' trust in the past, have cooperated with illegal surveillance programs, etc. If a given company has cleaned up its act, great, but independent verification, open standards, etc. are the only way to gain assurance. Trust is irrelevant.