Slashdot Mirror
Should Edward Snowden Trust Apple To Do the Right Thing?
Nicola Hahn writes: As American lawmakers run a victory lap after passing the USA Freedom Act of 2015, Edward Snowden has published an op-ed piece which congratulates Washington on its "historic" reform. He also identifies Apple Inc. as a champion of user privacy. Snowden states: "Basic technical safeguards such as encryption — once considered esoteric and unnecessary — are now enabled by default in the products of pioneering companies like Apple, ensuring that even if your phone is stolen, your private life remains private."
This sort of talking point encourages the perception that Apple has sided with users in the battle against mass surveillance. But there are those who question Snowden's public endorsement of high-tech monoliths. Given their behavior in the past is it wise to assume that corporate interests have turned over a new leaf and won't secretly collaborate with government spies?
Is that you don't trust nobody.
I can't imagine actually 'trusting' Apple or any other corporation or government. Give them a pat on the back for making security easier - sure. Trusting them, not so much.
Faster! Faster! Faster would be better!
None of the tech companies have been shown to be co-operating voluntarily with government spies. Telecoms have but not Google / Apple / Microsoft.
said Betteridge. https://en.wikipedia.org/wiki/...
He's been a security focused sysadmin for years. Look him up on Wikipedia
The only real change as a result of this law is that the telecoms have to pay to collect & store the information that the Feds used to do themselves.
So now they'll have to get their secret court to rubberstamp a warrant for them instead of just emailing a request downstairs when they want some information on someone. Big whoop!
"I do not agree with what you say, but I will defend to the death your right to say it"
Anyone characterizing that single line as an endorsement is just clickbaiting. It is absolutely appropriate to give apple praise for improving their baseline. Just because you recognize the improvements they've made doesn't mean you've left them off the hook for continuing on that path.
The article's author seems to be taking the tact that nothing short of perfection is worthy of praise. That's a recipe for maintaining the status quo.
It's still an open question how much we should trust companies like Google and Apple... with regards to their internal motivation and plans. However (anecdotally, at least) it seems pretty obvious these companies learned from Snowden's leaked documents just how much the government was screwing them, and they've seen how it's hit their bottom line - any trust that might've previously existed is gone.
Remember the (anecdotal) reaction of the Google engineers when they heard how the NSA was tapping their unencrypted intra-datacenter communications?
#DeleteChrome
The only way to win is not to play as a prisoner - so trust is not possible if you put two people in two separate rooms - or even less than that, one person in a room, with the threat of losing rights to property, freedoms... the "other guy" always looses. It's never like tv.
The poster's interpretation seems completely off-base to me; not only is Snowden not encouraging us to blindly trust Apple et al with our privacy, he explicitly warns of the very danger the OP brings up.
As an iOS developer, my perception is certainly not that Apple is trying to grab our data instead of the government - in recent years, they have started a major cultural shift toward real protections of user data - simply not collecting it, encrypting it in transit, etc., etc., even if it's a burden on third-party developers to make the transition. This is a Good Thing, full stop. Props to Apple (as well as Google, who is also making its own efforts).
Why do you assume that Snowden is not an NSA operative? An active one. He took a story which was in the public eye (the SLC building is huge so everyone knew about it) and turned it into a story about him for at least half of the population. He could have stayed anonymous. Instead he made the story that would have galvanized 80% of the population against NSA into a story that galvanized 30% of the population against him, 40% against the NSA and 30% not care at all. He couldn't do NSA a bigger favor if he tried.
Any guest worker system is indistinguishable from indentured servitude.
You seem to be upset that Snowden leaked information containing the horrible acts of our Government and it's military, yet you're not upset that the government and it's military were doing these horrible things. I think your priorities are askew.
I trust corporations to do the "right thing" inasmuch as PR dictates there is a public perception that this is important.
But I do not trust corporations to ever do the "right thing" out of a corporate sense of morality.
I expect corporations to act like vicious sociopaths trying not to be noticed and miming "the right thing" without actually giving a damn.
Trusting the moral compass of a corporation is a pathetic joke and a lie.
Lost at C:>. Found at C.
There is no proof that he handed secrets to the Russians or Chinese. The whole article on that was made up by its authors.
BTW: People criticising the USA normally criticise the politics and actions of the USA. To call them America-haters is totally wrong. In two ways. First, there is a lot more America then only the USA. Use google maps if you do not believe me. Second, its the actions abroad that cause you low reputation. And three, your tourists often help to foster such reputation. Even though the last thing is hardly something that can be changed. We all have parts of our population which go on vacation and ruin our reputation. Ask the Germans and the British or even better ask the Italian and Spanish on the reputation of Germans and the British.
Murica!!!
Place something witty here
Apple technically has end-to-end encryption, but the problem is the key exchange. Apple retains the keys for all of your devices, which is how one iMessage can be sent to multiple devices. The way it works is that the sender communicates with Apple's servers to obtain a list of public keys for devices registered to the recipient. The sender then encrypts the message once per key, and sends the encrypted messages to Apple, who then distributes them to each device. In theory, and likely in practice, Apple cannot see the contents of the messages transiting its servers, since it doesn't have the private keys.
But, as the custodian, Apple could add keys to this list at any time, including their own, or one at the behest of a TLA. This may or may not happen, so it's really a question of what risk you're willing to take. Their current method, if implemented properly, would prevent your plaintext messages from being swept up in mass collection, but without knowing the encryption method and the security details surrounding the keystore, you could still be targeted. Add to that that iMessage silently falls back to SMS, so if someone had the ability to block your tcp/ip traffic, the iDevice would transmit in the clear. It's an improvement over pure plaintext, but it's still fraught with risk and insecurities that will likely be exploited at some point, if the past experience is any indication.
https://www.eff.org/https-everywhere
Given their behavior in the past is it wise to assume that corporate interests have turned over a new leaf and won't secretly collaborate with government spies?
No, but it is wise to use free market forces to force corporate interests to offer encryption, to be seen as encryption friendly, and eventually to even be friendly to end-to-end user-controlled encryption.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
What are yours?
His are that he was trusted as an admin in one of the most secret places you can imagine, and found that they were doing appalling things.
Lost at C:>. Found at C.
Apple certainly makes sure that your private life remains private and don't collaborate with government spies...
Both have proven themselves untrustworthy in my view.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Why would you even ask that question?
They will do what's best for them, not "the right thing". That what Steve Jobs did.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
A little PR statement showing he can play ball and voila! I am interested to see what he brings with him, but that will be classified for a very long time...
And no, don't trust Apple. That would be absurd. All this stuff is for pacification.
“He’s not deformed, he’s just drunk!”
you mean after he blew the whistle.
For apple maybe. Will they do the right thing for you? I highly doubt it. And if Mr. Snowden thinks they will, I would advise him to brush up on his history of that company.
If it ain't broke, don't fix it.
His statement reads like an Apple marketing "press release."
Or, maybe he's dead, and his identity assumed by a State Actor.
Well, since we're not at war with Russia or China I'm not terribly worried about them having our secretes.
(Do remember the NSA isn't a weapons manufacture or a military organization. If top secret weapons plans or troop movements can be extrapolated form what the NSA does watch (public and private civilian communications) than the secrets were probably already out as other nations have equivalent agencies.
Anything we're doing that it would be a problem if they knew about we shouldn't have been doing in the first place.)
Which really is the main point here. The NSA is doing a lot of stuff it shouldn't be. In a democratic republic the voters need to know when this shit happens because the only way it gets fixed is if we hold the elected officials who hold the leash to task with the ballot box. Otherwise the preverbal dog juts keeps shitting in out collective lawn and tearing up our garden.
Kidnapping, torture and war... for starters.. The spying? Eh...
“He’s not deformed, he’s just drunk!”
I see no reason to trust Apple or any similar companies whatsoever. They have betrayed consumers' trust in the past, have cooperated with illegal surveillance programs, etc. If a given company has cleaned up its act, great, but independent verification, open standards, etc. are the only way to gain assurance. Trust is irrelevant.
Regardless of how bad a corporation or government agency has been in the past, there's nothing wrong with lauding them whenever they take a step in the right direction. It might not get them all the way to the place you want them to already be, but they're all going to move in the direction of encouragement and what gets them better results. And the faster they get the positive or negative feedback, the more effective it will be. Continuously lambasting Apple today for something that Jobs did in the past will only make them not care about your opinion even more, since we're all pretty sure they're not going to be able to convince Jobs to change his view and publicly apologize at this point. The company will follow what gets them good PR and more money - so we've got to give them a visible path to what they want, that just happens to be sitting on top of what we want. Negative reinforcement is much better at convincing people to not get caught more than it does to just not do it.
Why is it that when the government does something that he doesn't like, it's "big government run amok" but when it's something that I don't like, I'm "an America hater"?
What would the Founding Fathers, which most conservatives uphold to be the absolute pinnacle of what our government should strive to be, say about the NSA's data collection on it's own citizens? I personally think they made it perfectly clear in the 4th Amendment, but that's just me.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
A source "with detailed knowledge on the matter" told Reuters that hiring screeners for Booz Allen had found some details of Snowden's education that "did not check out precisely," but decided to hire him anyway
Resume falsified, yup sounds like a typical "expert" to me.
You have bought into the administration smear campaign and government propaganda. Booz Allen isn't necessarily lying, here, but this statement, along with the ridiculously picayune reasons for rejecting candidates based on some detail not being perfect, it's likely something as innocuous as listing the wrong day of the month for a graduation, or misspelling of an instructor's name.
You might educate yourself by checking out the form Snowden was required to complete. I challenge anyone to be able to fill it out completely and include nothing that does not "check out precisely".
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
ad hominem attacks are an indicator of evil, hidden agendas and ignorance
If we really "trusted nobody", then nobody would ever build another electronic device. Heck, we'd have to pretty much destroy all of them we've got in use already.
(Say we're simply talking about a "security appliance" for your network like a box that handles junk mail filtering, or even a firewall. If you don't place any trust in the idea that the components making up the units aren't back-doored at the factory, secretly allowing leaks of the data that passes through them? Then why buy and implement them at all? Same goes for the firmware or software running them.)
I don't think the original poster was suggesting any company get a "free pass" .... Rather, it's an ongoing process where a company establishes trust over time by putting out products that get widely used and tested, and appear to be working as advertised. When it's discovered they didn't do so, then that trust level evaporates quickly and people look at other options.
So right now, yes, I have a fair amount of trust in Apple to protect my privacy. I don't "trust them absolutely" by ANY means. But the nature of the marketplace indicates to me that Apple has some strong motivations right now to make it a priority. (EG. They're competing with cloud services, head to head, with Google at the present time -- so they need to be able to show their products are advantageous over Google's because your data is safer from misuse or resale with them.)
We can only judge them on what we know they have done and are doing, not on what they MIGHT do in the future or don't know they are doing.
Apple is a profiteering corporation; not a human being. As such, it has only one purpose - the bottom line (profit$). Take as much as you can, and give back as little as possible.
Trust Apple? Sure, trust them to do what they will to increase profits. Trust them to make moral decisions? Nope. Not unless it prevents cuts to their bottom line.
"Trusting" a corporation is about as foolish as believing that a corporation "cares" about you. Corporations do not care because they cannot care. They are a legal fiction, not human beings.
It's all about the money. Always will be.
Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
You're a troll or a moron. Look at this interview with Tom Harper, the author of that hit piece: http://edition.cnn.com/videos/...
All he says, repeatedly (besides "ummm"), is that he has no idea if the facts are true and he just wrote what people in the government told him to write. He's a stenographer, not a reporter.
What changed under Obama? Nothing Good
When you have secret laws which say "give us this or else", WTF difference does 'voluntary' matter?
Lawyers.
If it is involuntary, the company pays intelligent lawyers to use the law to (1) hold the government to the law, even if secret and even if it's less protective than it should be. This in turn (2) makes the government less likely to make absurd requests and (3) costs the government resources, which provides at least some limitation on what they do.
It's not enough, of course--we really need more robust protections on the secret side by cleared personnel with automatic publication a decade or two down the line as a good first step--but it's a lot better than nothing.
One thing I tell everybody who fills out the SF86 is, KEEP A COPY OF YOUR SF86. You'll probably fill it out more than once in your career. Starting from scratch is a gigantic pain and errors creep in if you have to look up older stuff from primary sources.
An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
How many countries on the American continents have "America" as part of their name, other than the USofA aka America? Do you really want the phrase "United States of America haters" to become a thing?
You are absolutely correct, and especially correct in the context where the company has the power to decrypt the user's data. However, if the user's data cannot be decrypted by the company, then all it can provide is the encrypted gobbeldygook.
It isn't clear to me that Apple's system is perfect: https://www.apple.com/privacy/... It looks like the messages are encrypted in transit and Apple cannot read that data, but it also sounds like decrypted messages are backed up to its iCloud service, in which case the transit encryption is totally defeated. A lot of the stuff in that link is marketing bullshit, but the line I've bolded should be clearer. It seems pretty obvious that Apple could be required to turn over decrypted data (such as backed up messages) stored on their servers, and they should come right out an say that because a lot of people won't understand that:
What is the default? Anything that stores or transmits plaintext in a manner accessible by a third party should be opt IN, not opt out, because most people won't understand the implications but fall for the marketing hype about security.
What changed under Obama? Nothing Good
If 'Right Thing' means lining the pockets of upper management, then yes he can.
putting the 'B' in LGBTQ+
"Bullshit" that is. Why should I "implicitly" trust hardware as praxis stated? You seem to be happy defending him, so explain that position. I assume risk using Software, but with hardware it's only full and unqualified trust or nothing? How on Earth do you come to that conclusion? Do you know what you are defending?
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
There is no continent called America. North, yes. South, yes. Central even, yes.
~The grand unifying truth is that the State's power to change us now exceeds our power to change the State.
What you have to understand in all this is motivation.
Google has ALWAYS has a significant monetary motivation to collect and analyze as much data as possible about you.
Apple has NEVER had that motivation. They just have never had a need to collect information about you because it doesn't do them any good, therefore collecting it is only an added expense with no return.
Now it turns out that no only does Apple not gain by collecting user data, in fact they have figured out how to PROFIT from not collecting user data - witness the current marketing push that makes the argument you should buy Apple gear because Apple values your privacy. That is a very clear, and very powerful message.
I don't think people here (or really anywhere) understand just what it means to the world that Apple is firing up its ginormous marketing engine to make privacy desirable...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
While the position you have taken is reasonable, proving a negative "There's also no proof he didn't," is not possible. I have rubbed elbows with Italians while on vacation and it is my experience they are the most rude, loud and inconsiderate lot in all of non-'Murica.
~The grand unifying truth is that the State's power to change us now exceeds our power to change the State.
AFTER Blackberry? Blackberry routes its messages through its own servers. It keeps copies. On a number of occasions they turned these messages over to governments when it was demanded. India was one of those countries if you want to look it up. Apple's work in this area includes 1) the encryption of data that Apple itself cannot break, 2) reducing the amount of information about you that Apple has as a result of your using their products (e.g. Apple Pay doesn't have your CC or see your transactions, 3) refusing to sell that information to third parties and 4) not allowing applications to collect data about you without your consent. Overall, that's better than Blackberry ever did. Yes, its take awhile to get this far, but they are moving in the right direction.
Very often, people confuse simple with simplistic. The nuance is lost on most. - Clement Mok
... feed the tuna mayo.
Why the hell don't we all just give it up and sign off on FOIA to each other?
I mean, all the people on the planet.
I'll know your shit; mine; theirs and everybody can have mine and stuff.
--
You may say I'm a dreamer
But I'm not the only one
I hope someday you'll join us
And the world will be as one
~ John Lennon
It little behooves the best of us to comment on the rest of us.
those files are in the posession of multiple news organizations. they obviously had to decrypt them while working on them. after all the n.s.a. tools, snowden revealed, i find it highly unlikely, that russia and china were unable to obtain unencrypted copies of those files from news organizations who 1) employ a lot of people and have a lot of networked, unsecured computers standing around in their office and 2) employ a lot less than tech savy people (e.g. typical journalists).
Especially as a publicly held company, apple could change management literally tomorrow.
The new management could monetize user data instantly.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
What would the Founding Fathers, which most conservatives uphold to be the absolute pinnacle of what our government should strive to be, say about the NSA's data collection on it's own citizens?
This is a bipartisan issue, but you brought up conservatives, so that is what I will address:
The conservatives are NOT conservatives. They call themselves that but they clearly are not. They have expanded the scope of government as much as the liberals and they have definitely NOT followed any philosophies expounded by the founding fathers. (No, not capitals, they were just people. Extremely respectable people but capitals would elevate them too far.)
In summary conservative, liberal, democrat, republican, etc. None of these are what they seem. Their outward appearance is purely manufactured. You have to look at their actions to see who they are and then not use words to label them as the words themselves have become corrupted.
"Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
If they are encrypted what makes you think that they are being stored in plain text?
"So long and thanks for all the fish."
the juxtaposition of the first and second sentence, the first saying how great the encryption is, the second implying that the backups aren't encrypted by the fact you can disable it if you want to -- it implies a lesser level of security by its silence on whether the data is only available to the user. But more to the point, the iCloud section states pretty clearly that Apple can access the data:
What changed under Obama? Nothing Good
Flamebait, eh?... Good Lord....
I have been following news, somewhat.
I know Snowden has leaked a lot of intelligence materials and as far as I remember, it was mostly about (mostly illegal) surveillance, which, as such, doesn't qualify as "terrible act" in my books.
But torture, eh? He did make statements about it, but it was a fucking senate report: WTF did he "leak" about torture?
http://www.dailydot.com/politi...
And, oh, I live in Germany. And, nope, I don't care about Merkel being spied on. Considering what a pathetic motherfucker our previous chancellor was, I even feel a bit safer, if an ally keeps an eye on them.
That, to me, implies that it is not stored in plain text. It seems that it is stored in an encrypted format but can be decrypted as needed. Maybe I am not getting something?
Anything that stores or transmits plaintext in a manner accessible by a third party should be opt IN, not opt out, because most people won't understand the implications but fall for the marketing hype about security.
Then your quote below states that it is encrypted "in most cases" in addition to being always encrypted when it goes out to third parties. (How, pray tell, the third party is able to use encrypted data that they are not being given access to is a bit of a mystery to me but we can safely skip that for now.) I think the salient point is that it is encrypted in most cases *AND* it is always encrypted when they share the data. Again, why they are sharing encrypted data is beyond me - they should just save the bandwidth and not share that at all.
Anyhow, it looks like the data is typically encrypted though it may not be but that is, hopefully, only trivial data such as meta information or the likes. Their terms are "in most cases" so I would not assume that private data is stored in plain text by default but, perhaps, I am giving Apple too much credit. Additionally, I could be not understanding something. I have certainly missed things in the past, it seems only logical to believe that I will do so in the future.
"So long and thanks for all the fish."
Resume falsified, yup sounds like a typical "expert" to me.
And your qualifications?
The part that concerns me is that it appears for some data Apple does not have the key and has no access even if it has possession of the data. For other data it does have the key and can thus decrypt the data. The first instance is secure and protects user privacy (given a good passphrase), the second is barely secure and subjects user data to the Third Party Doctrine -- this gives the government the ability to grab it whenever it wants to. If this is so, it will confuse unsophisticated users who think encryption _is_ information security, which is true in only certain circumstances, and not true if a third party can decrypt the data.
What changed under Obama? Nothing Good
5 Core members: Apple, Microsoft, Facebook, Google, Yahoo
Find out more.
Sadly, a Libertarian cannot force his views on another, and freedom cannot spread as does the cancer known as religion.
To start, you are talking about Apple now, .......
Your claim that Apple is now better than BlackBerry is, at best, a subjective conclusion. Objectively, BlackBerry is more secure because it is possible to completely disconnect from BlackBerry services and use your own and you can completely control what permissions an app has, and if you are talking about messaging security, even from governments, the best option is to use a different company's messaging system, not the phone manufacturers, and with BlackBerry "side-loading", it is possible to install an app without declaring to any untrusted parties which app is installed, which is the first step in trying to figure out how to intercept and crack messages.
Actually, it's nice to read a straight up comment about Blackberry.. Not only is it true, but I also developed a keen interest in any company that would purchase QNX and then fully intergrate their OS software in their products.I have subbed to QNX's mailings for over 12 years now, and always have been iompressed with the high level of their software that is used in life critical hospital equipment. I mean, did you ever wonder who makes the OS for that heart lung machine keeping you alive? Or that MMRI machine? Somebody has to.. Want it to be Windows? Or , heaven forbid, Apple .. Like "Oops your heart lung machine 's software is incompatible with the newest OSX upgrade. Mind holding your breath for a few days?"
There is no proof that he handed secrets to the Russians or Chinese. The whole article on that was made up by its authors.
There's also no proof he didn't. While I'd admit he probably didn't hand anything over to them, I'm pretty sure that both countries separated him from his laptops and imaged them so they could shunt decryption off to a series of networked computers. It's certainly possible that they've already cracked his encryption (maybe there is a bug in it that they know about and he doesn't). It's also possible that they haven't cracked it yet. But I think there is almost zero chance that they aren't even trying to crack it.
BTW: People criticising the USA normally criticise the politics and actions of the USA. To call them America-haters is totally wrong. In two ways. First, there is a lot more America then only the USA. Use google maps if you do not believe me. Second, its the actions abroad that cause you low reputation. And three, your tourists often help to foster such reputation. Even though the last thing is hardly something that can be changed. We all have parts of our population which go on vacation and ruin our reputation. Ask the Germans and the British or even better ask the Italian and Spanish on the reputation of Germans and the British.
Keep in mind that this is Slashdot and it's very common for European members to trash the US at every turn, including all of its citizens. I've seen people insist here many times that the US is a consistent threat to world peace and the world would be so much better off if we all died as soon as possible.
OK, so no proof that he did.. but also no proof that he DIDN'T. "So let's just go right ahead and charge him with having leaked files to China and Russia, since if there's no proof he didn't, he must be guilty".. Screw the constitution" He MUST have leaked secrets to Russia, especially if there's no evidence , let's make it up". Let's be just like the people he tried to expose"... That attitude all that is wrong with the country today, where people feel that violating constitutional liberties is OK to catch someone exposing violators of constitutional rights.. Sheesh... In rebuttal you agree he likely didn't actually intentionally do so, but how is Russia or China sending spooks to access his laptop while he's away, his doing, any more than a foreign agent stealing files from a diplomat's compter when they're away. You don't call the diplomat a traitor because his files were stolen. And I'm sure he's not only capable of noticing the incongruity of a chinese following him everywhere in Russa (!) but surely Snowden has the chops to encrypt his stuff a lot better than "martini sloshed" foreign diplomats..
THe news agencies decrypted NOTHING. They received them unencrypted,that was how the info was released in the first place. He wouldn't be much use as a whistleblower if he released totally encrypted files. ;-) And if you really think the typical newspaper has the tools to decrypt a CIA cypher, wow.. Wanna buy some swamp for a million bux?