Slashdot Mirror
Tim Cook Talks About Encryption, Right to Privacy, Public Safety, and DOJ (time.com)
TIME reporters sat down with Apple CEO, Tim Cook, to talk about encryption, public safety, and right to privacy among other subjects. The wide-ranging interview captures Cook's discomfort with how his company has been treated by the Department of Justice. Following are some interesting excerpts from the interview: The thing that is different to me about Messages versus your banking institution is, the part of you doing business with the bank, they need to record what you deposited, what your withdrawals are, what your checks that have cleared. So they need all of this information. That content they need to possess, because they report it back to you. That's the business they're in. Take the message. My business is not reading your messages. I don't have a business doing that. And it's against my values to do that. I don't want to read your private stuff. So I'm just the guy toting your mail over. That's what I'm doing. So if I'm expected to keep your messages, and everybody else's, then there should be a law that says, you need to keep all of these. [...] Law enforcement should not be whining about iPhones; it should be rolling around in all the other free information that criminals and terrorists are spewing through social networks and Nest thermostats, surveillance cameras and Hello Barbies. [...] Going dark -- this is a crock. No one's going dark.
He understands them much better than you and 99% of the people on this site, that's for sure.
The DOJ obsessing over the locked phone of a dead shooter in the guise of protecting America, while being totally silent about the insane privacy violations of Windows 10, seems rather hypocritical.
The "going dark" theory doesn't seem to hold water. There is vastly more information available now, in a very "hoover-able" (able to be sucked up) fashion, than ever before.
The law enforcement community in the US complained that with the digitization of telephone service, they would not be able to tap phones when needed - so they got a law that requires all phone switches be remotely "tappable" and voila, better access than ever before by law enforcement. We have all taken to using mobile phones, smart phones, and e-mail; all of which places all kinds of information in an electronic form that can be easily captured when before it was in ephemeral conversations and/or a million pieces of paper that couldn't be easily trolled through in a million years.
Sure, there has been a change in how law enforcement gathers information, with some ways going away, but new ways being made available. Overall it seems to me (without being in any way an expert) that there is probably a substantially larger amount of information available more easily today than 30 years ago before the explosion in personal digital communications. Encryption may impede some access, but overall it seems like a net gain.
Having said that, it doesn't necessarily make it a simple job to get the goods on someone to have all of the information available. It still has to be analyzed, assessed, and linked together with all of the other bits in order to be useful in an investigation. Its easy to see why law enforcement wants to make this process as easy as possible. But that's why we have constitutional protections - to help lay out the ground rules for finding a balance. I'm not surprised that there are some in the law enforcement community leaning on the scales as hard as they can, probably with the hopes of making sure the balance tips just a little bit more towards making their jobs easier.
I generally dislike Apple because they're so damn expensive for what you get hardware-wise. I also haven't noticed that the usability of a OS10.whatever or iOS is any better than the competition once you get everything set up. Be that as it may, Apple is the most profitable company in America, and they have gotten to that point without yet dipping into the revenue stream that everyone else seems to be dipping into. You know, the one where they take as much data as they can, make valid and invalid inferences about it, then sell it to the highest all the way down to the lowest bidder. So that's nice. Grudging props Apple.
I disagree with Cook on the "going dark" only in that if a criminal wants to go dark, they have so many options today without needing Apple. If the FBI forces Apple to do what it wants, all that means is that criminals might avoid Apple products but it doesn't stop them at all.
Well, there's spam egg sausage and spam, that's not got much spam in it.
John Oliver with his commentary on the matter. Funny and fairly balanced.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Cooks posturing may make him feel good and noble, but whether he wins or loses this case is irrelevant to privacy and security. iOS source code and signing keys are almost certainly in the hands of numerous intelligence agencies already, if not through secret legal orders, then through simple leaks and industrial espionage. Instead of this incessant posturing, Cook should build phones that just cannot be broken into, not even by someone with full access to the source code, firmware signing keys, and hardware. That's the traditional standard of cryptographic security, and it's easily achievable for phones.
Switzerland should make Cook an offer: move your entire company here and we will give an inviolable covenant to protect your IP and products from any and all backdoor requests, foreign and domestic.
Apple talking about the right to privacy is like Erdogan talking about freedom of press.
Tim Cook talks about a bunch of things he doesn't actually understand.
And Slashdot files the article under "Democrats".
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
If a hermit wants to go dark, that is called "freedom." If he's also the unibomber, that just means police work is hard.
That's OK, they're paid really well because their job is dangerous, even if it doesn't make the top 10 in actual danger.
I'm confident that when this gets to the Supreme Court, they'll remind the FBI that their job is to enforce the law, not prevent crime.
It's not just because their customers want access to their banking history but because there are federal laws such as the Bank Secrecy Act (https://www.fdic.gov/regulations/safety/manual/section8-1.pdf) that require banks to keep banking information to aid in the governments monitoring of criminal activity and money laundering. If the federal government can compel banks to keep this information I'm not sure what prevents them from compelling Apple as well. This is not to say that I support the government's position on this - I'm wholly in Apple's corner. But Cook's analogy to the banking industry is actually a case against Apple rather than one that supports it.
you have a right to privacy Only when we can't figure out some way to monetarise your information!
Going dark -- this is a crock. No one's going dark.
This is key. Their main argument is bullshit. They are not going dark. If anything, they have massively more surveillance than they did, let's say, 50 years ago. Or 30 years. Or virtually any time.
20 years ago, what chances did police have to get a recording or transcript of a conversation between criminals one month after the fact? Unless they already were watching and wiretapping them, almost none. Today, chances are quite good that you will find some e-mails, chat log or other exchange.
10 years ago, what chances did police have to find out where someone was on a given day one year later? Unless they were already shadowing him, almost none. Today, he checked in on Facebook or Foursquare or his phone location data gives him away.
Maybe there was a high point a few years ago, when most of what we have today was already there, but encryption was lagging behind. Maybe compared to that short golden period they now see less - but it is still vastly more than ever before in the history of police work.
And when someone lies to get something, you already know they can't be trusted, so giving them something that can potentially be abused would be really, really, very, very stupid.
Assorted stuff I do sometimes: Lemuria.org
Attempting to discern useful information from the flood of data that law enforcement has access to is like trying to find a yellow plastic needle in a haystack. Except instead of searching the hay, divvying up the hay to make it easier to search, or trying to develop a technology to isolate the needle, we have law enforcement organizations that look at the stack, poke it once, declare that there are no needles in it and that they need more needle-infused hay.
Yes, I know the "big data" buzzworders promise that with enough information they can find whatever it is you might be looking for accurate and quickly. I had the dis-pleasure of taking over the analysis for one such project, it's all a lie. There is no meaning to the lists of checkboxes about people. There are a few demographic categorizations with stronger trends in a few other subjects, but those correlations don't apply useful indicators in reverse. (While the members of a demographic may have a 70% trend toward some secondary trait, over 80% of that secondary trait in the general populace will not fit the demographic of concern. There are a lot of one-way correlations like that.)
And the final point, back to the worthless case still being debated, governmental agencies had control of all the data they could've wanted from this phone on multiple occasions. If they hadn't messed up dramatically at least 3 times (that I know of as someone not actively following the case), they'd have all the logs and be able to use whatever evidence they can find in there to arrest whatever wrong-number the deceased called at some odd time or other. More than anything else, I think this should end as a lesson to law enforcement not to destroy evidence, even if they think someone else can rebuild it for them.
But can at least we all agree that everyone should ?
Exactly. The last point is important. The FBI and local law enforcement fucked up the evidence. This is the equivalent of not properly locking down a crime scene and all the fingerprints being smudged out, and then blaming the owner of the building where the crime scene was located.
The world's burning. Moped Jesus spotted on I50. Details at 11.
"My business is not reading your mails"
Nope, because you make craptons of cash selling hardware.
I was going to say the usual "overpriced" hardware but...what price your privacy?
My wife and I are happy with android, but we upgrade regularly.
With the effective demise of blackberry, soon might be Apple is only option
If you read between the lines of TIME's interview of Tim Cook, the FBI blew it when they directed the county to reset the iCloud password. The FBI took the iPhone back to the shooter's WiFi and it failed to backup. Now the iPhone has to be unlocked to enter the new iCloud password and get a new backup to iCloud.
If the FBI could direct Apple to restore the original iCloud password hash for the shooter's iCloud account (un-reset the password), then put the iPhone on the shooter's WiFi, it would perform a new iCloud backup, which the FBI could then obtain from Apple via subpoena again. It might update all the installed apps as well...
Of course if all that worked and the FBI got what they want from this one iPhone, they would still proceed now that this whole mess has gone as far as it has. Next the FBI would want the ability to force iCloud backup turn-on, force OTA, force app install, force uploading authorized WiFi AP BSSIDs, and on and on. None of that is so bad as long as it has to go through a judge for each iPhone and it turns up on Apple's transparency report.
Or, even better, had the County employee(s) in charge of managing the phones done their job and put MDM software on the phone, this wouldn't be an issue. The County could have been given the court order to unlock the phone and ten seconds later told the FBI, "Here ya go."
As I have said in previous posts, I did this for a government agency I worked for. I was the one put in charge to develop the procedures to secure the phone, including turning off Siri and cloud backup (the users were told no documents were to be put on the phone). Without exception every iPhone we got had MDM software put on it despite the whining from some about being tracked. As I told one guy, "We're not tracking you, we're tracking the phone. We don't care about you. We care about our equipment."
On a few occasions I was asked by a user to unlock their phone because they forgot their passcode so I know how easy this procedure is. As I said above, it is literally ten seconds to unlock the phone with this software installed.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Let's be clear. Tim Cook is lying. He has already caved to Chinese government. He did that to win in China, and he won big. The Chineese government has some tool to be able to see inside all seized iphones. We don't know what or which, but it's clear they have.
Additionally, they lost the moral high ground when they advertised the iphone as a tool to defeat law enforcement.
If a criminal wanted to "go dark" 60 years ago, there were still forms of encryption and communication that the United States Government couldn't do fuck-all about. Somehow it's different now, than it was 60 years ago if someone used a one-time pad and a telegram?
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
See this article:
http://www.mprnews.org/story/2...
Note:
The so-called "Caliphate Cyber Army" posted the details of 36 officers on the encrypted messaging app Telegram
Get that? It was posted on an "encrypted messaging app" - although oddly the police and FBI were able to read it.
You'll see more and more of this in the news - linking encryption and ISIS.
Do you have ESP?
I wonder... does Apple actually overwrite the existing credential record when a password is changed, or do they create a new record and mark the old one as invalid? If they do the latter, they can roll back to the old password and allow the backup to take place. The FBI should, perhaps, ask about this.
You hear that, FBI? I know you're following these stories and reading these comments. Follow up.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
I suspect the FBI has been waiting for any excuse to force Apple to unlock the phone for them. Any other practical solutions is not likely to be entertained as they have already said that even if they had all the iCloud backups, they need to check everything on the phone.
Well, there's spam egg sausage and spam, that's not got much spam in it.
you may look up that Crypto AG affair.
Cough Cough Cough.
What kind of dust did you kick into the air ?
I'm pretty sure you're right. I mean, I and the AC I was replying to can't possibly have thought of that before the bright minds at the FBI, right? The issue, then, is that they think we're all dumb enough to not see through the bullshit. Here's the thing, though: they're smart, and they've all been kids, which means they were smart kids; kids call other smart kids dumb all the time and, having been smart kids, they'll have experienced that. And, being smart people, they know how infuriating (and motivating) it is for a smart person to be called dumb. Unless they want to be on the wrong side of a revolution, they may want to check themselves; there are a lot of smart people following this, most of whom have to be just about done being played for fools. This thread contains only a handful of us.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
I suspect the FBI has been waiting for any excuse to force Apple to unlock the phone for them. Any other practical solutions is not likely to be entertained as they have already said that even if they had all the iCloud backups, they need to check everything on the phone.
They've been waiting for the right excuse so they can set a precedent on a case the public won't care about it.
I think "going dark" is actually about "we need to see everything", i.e. not about enforcing laws at all, but about creating strong chilling effects. There is a special kind of despicable human being that cannot stand others having independent "unauthorized" thoughts and, worse, putting them in writing. Traditionally, an all-seeing, all-knowing God took care of that. These days not even most religious people fall for the idea that "God" would enforce the agenda of all-too-flawed worldly "authorities", so they are now trying to enforce that "you cannot hide your thoughts" by technological means to make people self-censor and self-oppress.
For the case at hand, this means this is not about the phone at all and not about the firmware Apple is requested to write. It is about that said despicable individuals cannot deal with being told "no" when they want to demonstrate that nobody is safe from them. While I am sure not all of the FBI and DoJ is like that, the current "leaders" there have the mind-set of the Inquisition and the GeStaPo and are a huge threat to free society.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Police work _must_ be hard. They _must_ be limited in what they can do. It is not and has never be the task of the police to catch every criminal. It is their task to keep the problem enough under control so society continues to function. As soon as police work becomes too easy, they expand into areas they were never supposed to go and control everything. Police-persons just cannot help themselves, that is their mind-set. The result of a failure to strongly limit the powers of the police is a police-state and that almost universally evolves to full-blown fascism over time.
Don't get me wrong, we need them. There are enough bad actors that need to be kept under control. But the police itself immediately becomes such a bad actor if not controlled tightly. Handing them the rains is about as stupid as handing it to the military or to the big corporations: They all place their own agenda far before the welfare of society.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Might be a conspiracy-theory, but I now consider it possible that this was by intent.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Without exception every iPhone we got had MDM software put on it despite the whining from some about being tracked.
This always amuses the hell out of me.
Small company, 20 employees, and we had MDM on our laptops for both security reasons (numerous stolen laptops over the years) and technical reasons (the number of times I've had hours wasted solving non-problems - and this in a company of techies).
Frankly, MDM was shit (one laptop showed up as three different devices, all with differing amounts of RAM, in spite of never being touched/upgradted/downgraded), but I digress: never underestimate the paranoia of pot-smoking stoner devs. I ended up simply not even mentioning MDM after a while, just to avoid the bullshit.
Kids, if you're using work-issued hardware, your work has access to that hardware. Unless they're an incompetent county, it seems.
If the FBI could direct Apple to restore the original iCloud password hash for the shooter's iCloud account (un-reset the password), then put the iPhone on the shooter's WiFi, it would perform a new iCloud backup, which the FBI could then obtain from Apple via subpoena again. It might update all the installed apps as well...
Wouldn't work. The phone and iCloud negotiate a secure token for the session. If the password is changed or un-set the phone erases the token. Resetting the password hash in iCloud won't let you generate a new token unless you can log in to the phone ... and if they could do that, they wouldn't need to mess with trying to get the phone to back itself up.
I wonder... does Apple actually overwrite the existing credential record when a password is changed, or do they create a new record and mark the old one as invalid? If they do the latter, they can roll back to the old password and allow the backup to take place. The FBI should, perhaps, ask about this.
There is no "credential record".
All the data on an iPhone is encrypted. There is a master key that can unlock all the encryption keys that are used. That master key is not stored anywhere. Instead, it is calculated from three components: A device key, stored on the flash drive, and easily readable. Another key stored in the CPU, not known to anyone, and not accessible to anyone. And your passcode. If you have the device key, the right CPU, and the correct passcode, then the masterkey can be calculated.
If you want to change the passcode, then you need the old and the new passcode. With the old passcode, you calculate the old master key. With the new passcode, you calculate a new master key. Then you take all the keys on the device which are encrypted with the old master key, decrypt them with the old master key, and write them back encrypted with the new master key. You then forget the master key and the new passcode.
If you are talking about the iCloud password, there is no record of that either. Not of the old password, not of the new password.
We certainly are talking about the iCloud password, if you were paying attention to the thread, so 90% of what tou wrote was pointless. The other 10% is flat-out wrong.
As for there being no record of the password, there is certainty a hash to compare against for login purposes, otherwise how would Apple's systems know if you entered the correct password? Freakin' magic? No. There is a record to compare against and, if Apple retains the old hashes, rather than overwriting them, they can roll back to the previous one, which the iPhone is attempting to use for its iCloud backups.
Take it from someone who does this for a living, there is certainly a record of some value that can be determimistically generated from the password entered by the user. These things aren't magic.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Law enforcement gets easy wins by going after the dumb criminals. They've done this forever. Everyong applauds for having the suspect found so quickly. The evil mastermind however has always been hard to catch, and when they're caught it's because someone else was stupid (like printing out the plaintext). Where law enforcement is panicking is because cryptography is so common place now that even the dumb criminals have access to it. Not as much low hanging fruit anymore.
Wall Street silently grins and nods their collective heads in unison.
And in an unrelated news story today is St Patric's Day.
Sounds like your company was incompetent. Especially you.
In Yakima, WA, the bad actors are the ones that wear the badges, which makes it easy for the cops to keep them under control...oh, wait...
We don't care about you.
And that is why you should always turn off your work phone when walking out the door.
Tim Cook talks about a bunch of things he doesn't actually understand.
And Slashdot files the article under "Democrats".
Where exactly did they file that? Did they label this under Democrats somewhere that we can't see or are you just being a "tea-partier" and exercising your anti-Obama hate speech at the easiest outlet you can for the day?
I want to know, are you trying to make a legitimate point or are you just that pissed off still that Obamacare has not been overthrown yet?
I tentatively judge you to be a moron until you clarify your point.
Aside from the one-time pad (which the KGB showed us was easy to mess up), I don't know of any encryption a criminal would have access to that the US couldn't break. Cipher machines were really expensive (except that the Brits scooped up as many Enigmas as they could to sell cheap to emerging countries that didn't know the Brits could crack them), so criminals wouldn't have them. Aside from that, there were plenty of pencil-and-paper ciphers available to people who knew them that quite a few people in the American Cryptogram Association practiced breaking for fun.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
There's a string of statements that Cook makes where he immediately repeats the thing he just said. He just repeats exactly what he said. There are so many spokespeople, politicians etc. who seem to do this. A lot of them just do this. Why? Why do they do it? Is it their own mental quirks, or do they know they have to repeat things or people won't process it? Is it them or us?
Why stop at twice though? Why not repeat more than twice? Why not three or more times? Obviously the repetition works, and everyone should do it. It just works. It works at what it does. It does what it does, and that works. It just works to repeat things. Everyone should do it. They should just do it. Because it works. It's like building a huge wall, and I'm going to do that, because it works and that's what I'm going to do, I'm going to build a wall, and I'll do it.
There's reasons why I use my stuff for my purposes and company stuff for work purposes (and Slashdot).
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes