Slashdot Mirror
Tim Cook Talks About Encryption, Right to Privacy, Public Safety, and DOJ (time.com)
TIME reporters sat down with Apple CEO, Tim Cook, to talk about encryption, public safety, and right to privacy among other subjects. The wide-ranging interview captures Cook's discomfort with how his company has been treated by the Department of Justice. Following are some interesting excerpts from the interview: The thing that is different to me about Messages versus your banking institution is, the part of you doing business with the bank, they need to record what you deposited, what your withdrawals are, what your checks that have cleared. So they need all of this information. That content they need to possess, because they report it back to you. That's the business they're in. Take the message. My business is not reading your messages. I don't have a business doing that. And it's against my values to do that. I don't want to read your private stuff. So I'm just the guy toting your mail over. That's what I'm doing. So if I'm expected to keep your messages, and everybody else's, then there should be a law that says, you need to keep all of these. [...] Law enforcement should not be whining about iPhones; it should be rolling around in all the other free information that criminals and terrorists are spewing through social networks and Nest thermostats, surveillance cameras and Hello Barbies. [...] Going dark -- this is a crock. No one's going dark.
Tim Cook talks about a bunch of things he doesn't actually understand.
The DOJ obsessing over the locked phone of a dead shooter in the guise of protecting America, while being totally silent about the insane privacy violations of Windows 10, seems rather hypocritical.
just yet, but I'm long term suprvival been many, not the
I generally dislike Apple because they're so damn expensive for what you get hardware-wise. I also haven't noticed that the usability of a OS10.whatever or iOS is any better than the competition once you get everything set up. Be that as it may, Apple is the most profitable company in America, and they have gotten to that point without yet dipping into the revenue stream that everyone else seems to be dipping into. You know, the one where they take as much data as they can, make valid and invalid inferences about it, then sell it to the highest all the way down to the lowest bidder. So that's nice. Grudging props Apple.
John Oliver with his commentary on the matter. Funny and fairly balanced.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Cooks posturing may make him feel good and noble, but whether he wins or loses this case is irrelevant to privacy and security. iOS source code and signing keys are almost certainly in the hands of numerous intelligence agencies already, if not through secret legal orders, then through simple leaks and industrial espionage. Instead of this incessant posturing, Cook should build phones that just cannot be broken into, not even by someone with full access to the source code, firmware signing keys, and hardware. That's the traditional standard of cryptographic security, and it's easily achievable for phones.
Switzerland should make Cook an offer: move your entire company here and we will give an inviolable covenant to protect your IP and products from any and all backdoor requests, foreign and domestic.
Apple talking about the right to privacy is like Erdogan talking about freedom of press.
It's not just because their customers want access to their banking history but because there are federal laws such as the Bank Secrecy Act (https://www.fdic.gov/regulations/safety/manual/section8-1.pdf) that require banks to keep banking information to aid in the governments monitoring of criminal activity and money laundering. If the federal government can compel banks to keep this information I'm not sure what prevents them from compelling Apple as well. This is not to say that I support the government's position on this - I'm wholly in Apple's corner. But Cook's analogy to the banking industry is actually a case against Apple rather than one that supports it.
you have a right to privacy Only when we can't figure out some way to monetarise your information!
Going dark -- this is a crock. No one's going dark.
This is key. Their main argument is bullshit. They are not going dark. If anything, they have massively more surveillance than they did, let's say, 50 years ago. Or 30 years. Or virtually any time.
20 years ago, what chances did police have to get a recording or transcript of a conversation between criminals one month after the fact? Unless they already were watching and wiretapping them, almost none. Today, chances are quite good that you will find some e-mails, chat log or other exchange.
10 years ago, what chances did police have to find out where someone was on a given day one year later? Unless they were already shadowing him, almost none. Today, he checked in on Facebook or Foursquare or his phone location data gives him away.
Maybe there was a high point a few years ago, when most of what we have today was already there, but encryption was lagging behind. Maybe compared to that short golden period they now see less - but it is still vastly more than ever before in the history of police work.
And when someone lies to get something, you already know they can't be trusted, so giving them something that can potentially be abused would be really, really, very, very stupid.
Assorted stuff I do sometimes: Lemuria.org
But can at least we all agree that everyone should ?
"My business is not reading your mails"
Nope, because you make craptons of cash selling hardware.
I was going to say the usual "overpriced" hardware but...what price your privacy?
My wife and I are happy with android, but we upgrade regularly.
With the effective demise of blackberry, soon might be Apple is only option
If you read between the lines of TIME's interview of Tim Cook, the FBI blew it when they directed the county to reset the iCloud password. The FBI took the iPhone back to the shooter's WiFi and it failed to backup. Now the iPhone has to be unlocked to enter the new iCloud password and get a new backup to iCloud.
If the FBI could direct Apple to restore the original iCloud password hash for the shooter's iCloud account (un-reset the password), then put the iPhone on the shooter's WiFi, it would perform a new iCloud backup, which the FBI could then obtain from Apple via subpoena again. It might update all the installed apps as well...
Of course if all that worked and the FBI got what they want from this one iPhone, they would still proceed now that this whole mess has gone as far as it has. Next the FBI would want the ability to force iCloud backup turn-on, force OTA, force app install, force uploading authorized WiFi AP BSSIDs, and on and on. None of that is so bad as long as it has to go through a judge for each iPhone and it turns up on Apple's transparency report.
Or, even better, had the County employee(s) in charge of managing the phones done their job and put MDM software on the phone, this wouldn't be an issue. The County could have been given the court order to unlock the phone and ten seconds later told the FBI, "Here ya go."
As I have said in previous posts, I did this for a government agency I worked for. I was the one put in charge to develop the procedures to secure the phone, including turning off Siri and cloud backup (the users were told no documents were to be put on the phone). Without exception every iPhone we got had MDM software put on it despite the whining from some about being tracked. As I told one guy, "We're not tracking you, we're tracking the phone. We don't care about you. We care about our equipment."
On a few occasions I was asked by a user to unlock their phone because they forgot their passcode so I know how easy this procedure is. As I said above, it is literally ten seconds to unlock the phone with this software installed.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Let's be clear. Tim Cook is lying. He has already caved to Chinese government. He did that to win in China, and he won big. The Chineese government has some tool to be able to see inside all seized iphones. We don't know what or which, but it's clear they have.
Additionally, they lost the moral high ground when they advertised the iphone as a tool to defeat law enforcement.
See this article:
http://www.mprnews.org/story/2...
Note:
The so-called "Caliphate Cyber Army" posted the details of 36 officers on the encrypted messaging app Telegram
Get that? It was posted on an "encrypted messaging app" - although oddly the police and FBI were able to read it.
You'll see more and more of this in the news - linking encryption and ISIS.
Do you have ESP?
I wonder... does Apple actually overwrite the existing credential record when a password is changed, or do they create a new record and mark the old one as invalid? If they do the latter, they can roll back to the old password and allow the backup to take place. The FBI should, perhaps, ask about this.
You hear that, FBI? I know you're following these stories and reading these comments. Follow up.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
I suspect the FBI has been waiting for any excuse to force Apple to unlock the phone for them. Any other practical solutions is not likely to be entertained as they have already said that even if they had all the iCloud backups, they need to check everything on the phone.
Well, there's spam egg sausage and spam, that's not got much spam in it.
you may look up that Crypto AG affair.
Cough Cough Cough.
What kind of dust did you kick into the air ?
I'm pretty sure you're right. I mean, I and the AC I was replying to can't possibly have thought of that before the bright minds at the FBI, right? The issue, then, is that they think we're all dumb enough to not see through the bullshit. Here's the thing, though: they're smart, and they've all been kids, which means they were smart kids; kids call other smart kids dumb all the time and, having been smart kids, they'll have experienced that. And, being smart people, they know how infuriating (and motivating) it is for a smart person to be called dumb. Unless they want to be on the wrong side of a revolution, they may want to check themselves; there are a lot of smart people following this, most of whom have to be just about done being played for fools. This thread contains only a handful of us.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
I suspect the FBI has been waiting for any excuse to force Apple to unlock the phone for them. Any other practical solutions is not likely to be entertained as they have already said that even if they had all the iCloud backups, they need to check everything on the phone.
They've been waiting for the right excuse so they can set a precedent on a case the public won't care about it.
Tim needs to resign.
What a distraction, all from the fact they haven't had anything new since Steve Jobs passed.
I went into the Apple store a few weeks ago, wished they had something I want to buy, but they don't.
Without exception every iPhone we got had MDM software put on it despite the whining from some about being tracked.
This always amuses the hell out of me.
Small company, 20 employees, and we had MDM on our laptops for both security reasons (numerous stolen laptops over the years) and technical reasons (the number of times I've had hours wasted solving non-problems - and this in a company of techies).
Frankly, MDM was shit (one laptop showed up as three different devices, all with differing amounts of RAM, in spite of never being touched/upgradted/downgraded), but I digress: never underestimate the paranoia of pot-smoking stoner devs. I ended up simply not even mentioning MDM after a while, just to avoid the bullshit.
Kids, if you're using work-issued hardware, your work has access to that hardware. Unless they're an incompetent county, it seems.
If the FBI could direct Apple to restore the original iCloud password hash for the shooter's iCloud account (un-reset the password), then put the iPhone on the shooter's WiFi, it would perform a new iCloud backup, which the FBI could then obtain from Apple via subpoena again. It might update all the installed apps as well...
Wouldn't work. The phone and iCloud negotiate a secure token for the session. If the password is changed or un-set the phone erases the token. Resetting the password hash in iCloud won't let you generate a new token unless you can log in to the phone ... and if they could do that, they wouldn't need to mess with trying to get the phone to back itself up.
I wonder... does Apple actually overwrite the existing credential record when a password is changed, or do they create a new record and mark the old one as invalid? If they do the latter, they can roll back to the old password and allow the backup to take place. The FBI should, perhaps, ask about this.
There is no "credential record".
All the data on an iPhone is encrypted. There is a master key that can unlock all the encryption keys that are used. That master key is not stored anywhere. Instead, it is calculated from three components: A device key, stored on the flash drive, and easily readable. Another key stored in the CPU, not known to anyone, and not accessible to anyone. And your passcode. If you have the device key, the right CPU, and the correct passcode, then the masterkey can be calculated.
If you want to change the passcode, then you need the old and the new passcode. With the old passcode, you calculate the old master key. With the new passcode, you calculate a new master key. Then you take all the keys on the device which are encrypted with the old master key, decrypt them with the old master key, and write them back encrypted with the new master key. You then forget the master key and the new passcode.
If you are talking about the iCloud password, there is no record of that either. Not of the old password, not of the new password.
We certainly are talking about the iCloud password, if you were paying attention to the thread, so 90% of what tou wrote was pointless. The other 10% is flat-out wrong.
As for there being no record of the password, there is certainty a hash to compare against for login purposes, otherwise how would Apple's systems know if you entered the correct password? Freakin' magic? No. There is a record to compare against and, if Apple retains the old hashes, rather than overwriting them, they can roll back to the previous one, which the iPhone is attempting to use for its iCloud backups.
Take it from someone who does this for a living, there is certainly a record of some value that can be determimistically generated from the password entered by the user. These things aren't magic.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Seriously, T.D. Cook as much about encryption, privacy and Public Safety as he's holds a Ph.D. in Nuclear Physics and holds 300 patents on reactor design.
His words are like those of a pedophile urging protection for children he intends to violate.
Ha
Sounds like your company was incompetent. Especially you.
We don't care about you.
And that is why you should always turn off your work phone when walking out the door.
There's a string of statements that Cook makes where he immediately repeats the thing he just said. He just repeats exactly what he said. There are so many spokespeople, politicians etc. who seem to do this. A lot of them just do this. Why? Why do they do it? Is it their own mental quirks, or do they know they have to repeat things or people won't process it? Is it them or us?
Why stop at twice though? Why not repeat more than twice? Why not three or more times? Obviously the repetition works, and everyone should do it. It just works. It works at what it does. It does what it does, and that works. It just works to repeat things. Everyone should do it. They should just do it. Because it works. It's like building a huge wall, and I'm going to do that, because it works and that's what I'm going to do, I'm going to build a wall, and I'll do it.
There's reasons why I use my stuff for my purposes and company stuff for work purposes (and Slashdot).
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes