Slashdot Mirror
Tim Cook Defends Apple's Approach To Security: 'Encryption is Inherently Great' (businessinsider.com)
Apple CEO Tim Cook has once again defended his company's hardline approach to security. At Utah Tech Tour event while taking questions from the audience, Cook said, (via BusinessInsider):"This is one of the biggest issues that we face. Encryption is what makes the public safe. As you know, there are people kept alive because the grid is up. If our grid goes down, if there was a grid attack, the public's safety is at risk" -- hence the need for encryption to protect it. "You can imagine defence systems need encryption, because there are a few bad actors in the world who might like to attack those. [...] Some people have tried to make it out to be bad," the chief executive told the audience at the Utah question-and-answer session. "Encryption is inherently great, and we would not be a safe society without it. So this is an area that is very, very important for us... as you can tell from our actions earlier this year, we throw all of ourselves into this." he added. "We're very much standing on principle here."
Seriously, if there are people who are relying exclusively on the grid to stay alive, they are fucked. The grid could go down at any time for any number of reasons, most of them not malicious. They should have battery or generator backup, or some other way to stay alive. If they don't, they have much larger things to worry about than terrorist attacks on the grid.
Encryption is insanely great.
FTFY, Tim.
If it weren't for deadlines, nothing would be late.
Says the guy using encryption to visit Slalshdot so s/he can badmouth encryption.
blows up someone he knows and the bomber has this great phone. Then we shall see just how great he thinks it all is.
It'll still be great you fucking clown
Encryptions is for criminals. Ordinary people don't need military grade encryption to protect themselves. It's primarily used to hide illicit activities from the police and serves no legitimate purpose.
so true! illicit behavior like logging in to my toddler's Disney Junior account, or transferring money between my bank account and the electric company.
Painfully obvious troll is painfully obvious.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
I'm no fan of Apple in general but on this point, no matter what their true motivations, the point is correct. Encryption *is* great, and required for today's society to operate securely. As Bruce Schneier said, we can either have security for everyone, or for none. The math just doesn't allow back doors that only work for "the good guys" (and there's no one definition of who those are, so it's a doubly-flawed premise.)
Yeah I'm sure in your head that's really satisfying to think about. Just don't expect it to pan out like that in the real world.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
You are confused.
The exploding phones are Samsung's, not Apple's.
We've had Yahoo creditials stolen, NSA hacks stolen, Blackberry is near bankrupt over its backdoors. The argument FOR backdoors have crumbled, so is it really necessary at this point to defend encryption?
If everyone had backdoored as the NSA/CIA chiefs wanted, then Russian+Chinese hackers would own everything at this point, and not just NSA hacks. They'd demonstrated by their incompetence the need for strong encryption, everywhere for everything.
Is anyone suggesting for example, that voting machines should be backdoored? That to me is the big risk now, an election with electronic voting machines susceptible to domestic and foreign bad actors.
be careful you you're handing out keys to.
as in.. DON'T. EVER.
I like the fact that encryption protects my logins to my bank, or going online to pay my taxes.
There's no in-between; you either support security you you support insecurity. If you're not for encryption, you're for public revelations of all personal data. As such, please post your credit card numbers, address, SSN, phone number, PIN, etc., because without encryption any time you type that into anything, you should expect *someone* is doing the digital equivalent of looking over your shoulder.
Furthermore, in order to have free speech, you need to *protect it*. Encryption allows this to a significant degree, so whistleblowers and political dissidents can actually communicate violations without ending up shot in the head on a shitty cellar floor next to their loved ones.
It was not as if they needed the bomber's phone to achieve anything.
Encryption will be used, whether you like it or not. Whether your government like it or not, too. A debate for/against encryption is useless. you might as well move on to discussions like "can we use torture to get decryption keys from an unwilling participant . . ."
Encryption is merely a component of Security, which is best labeled as a double-edged sword. Always has been. Always will be.
Privacy is great too, but we are making a lot of money from yours so we will just ignore that one.
Tim Cook thinks the same thing iPhone buyers think.
Slashdot, fix the reply notifications... You won't get away with it...
Dude, are you aware that it's no longer 1965?
The "grid" he is referring to is the network of computers, devices, services, AND electricity. The world is not going backwards from this. Global communications is only going to accelerate. We need to make sure that all devices are secure from bad actors. It is in the US constitution to NOT trust the government. They have a terrible track record of abusing power. It is therefor irresponsible to trust anyone with a back door access. Furthermore, encryption is math and it's in the public domain. Even if the gov somehow forces all tech companies to install a back door then two things will happen: tech companies will move operations over seas, and open source encryption systems will STILL be used anyhow without back doors.
It's pointless to argue about the mandated designs of back door encryption because there is no way to enforce it.
As to your post by about coding as a language and being required in school -- if you like money and you want your kids to have money in the 21st century then it's a really great skill to have.
is there an app for that?
People have murdered each other with anything from a pencil to an airplane to bullying through social media.
Your argument is akin to saying that we should not have locks on our houses, because if someone commits an act of terror, the police may be inconvenienced when raiding the criminal's house.
pretty sure iphones run on electricity, numbnuts
I believe the line is something to the effect of: "since when does right and wrong come down to a book of rules".
I think we're all for encryption, secrecy, and obstruction of all kinds most of the time. I think we're also expecting that when it makes sense, those walls need to be dropped.
We have this everywhere. My home is protected from police entry, until there's reason to make an exception.
And so, we've devised this whole way of making official exceptions -- where a judge decides that it's acceptable.
So encryption really ought to be the very same thing. It's secure, until a judge says to open the door.
As for places and governments that would abuse such power, the problem isn't the abuse, the problem is the government. Fix that.
After all, encrypting a virus to hide it from a scanner does NOT improve our security. And encrypting employer documents so you can hide your espionage doesn't improve that company's security.
So he's right, but for the system he's talking about, it's not applicable.
You know what's even greater than encryption?
Not collecting personal data in the first place.
If Apple didn't gather massive amounts of information about their suckers - I mean, "customers" - they wouldn't need to worry about encryption and they wouldn't need to worry about safe-guarding the information.
So, all of your postal correspondence is on post cards?
[Envelopes are] for criminals. Ordinary people don't need [opaque envelopes] to protect themselves. [Envelopes are] primarily used to hide illicit activities from the police and serves no legitimate purpose.
If our founding father's had been hacked by Britain, we would all be speaking with a British accent.
https://www.youtube.com/c/BrendaEM
On the occasions when I have a discussion about things I just point out that if I were a thief I'd always prefer the back door.
I suspect that liability is one of Apple's motivations. They don't want to be responsible for being the custodian of all of their customers' data.
Well, there's spam egg sausage and spam, that's not got much spam in it.
blows up someone he knows and the bomber has this great phone.
Wrong phone
Of course news about a fake are Fake News.
On the other hand, no encryption means I have to go back to writing checks to pay bills, the way we did when I was a kid.
Because there's no way I'm putting my banking information online for everyone to look at using the backdoor(s) various people would love to see in place. Bad enough having to trust the people I WANT to give my money to, without having to absolutely trust everyone in the whole world who might want some of my money....
"I do not agree with what you say, but I will defend to the death your right to say it"
true! illicit behavior like logging in to my toddler's Disney Junior account, or transferring money between my bank account and the electric company.
but of course that's what you are doing, no, you are not downloading child pornography and you are not stealing money
I REALLY hope you are teasing; otherwise, you need some help.
There's no in-between; you either support security you you support insecurity. If you're not for encryption, you're for public revelations of all personal data.
Truer words hath never been spake.
blows up someone he knows and the bomber has this great phone. Then we shall see just how great he thinks it all is.
You do realize (who am I kidding? Of course you don't!) that that type of "hypothetical scenario" is an illegal debate tactic. "What if it was YOUR child?"
You know what's even greater than encryption?
Not collecting personal data in the first place.
If Apple didn't gather massive amounts of information about their suckers - I mean, "customers" - they wouldn't need to worry about encryption and they wouldn't need to worry about safe-guarding the information.
Oh, please! I assume by your Apple-Bashing that you are a Fandroid?
NO one using Google's OS has ANY right to trash talk ANYONE about Data-Mining and "gathering", PERIOD.
I suspect that liability is one of Apple's motivations. They don't want to be responsible for being the custodian of all of their customers' data.
Apple has a long history or being rather anti-establishment/anti-government. Do some reading.
Both are sharp and bleeding. You cannot (really) fight for privacy and for control at the same time.
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
Encryption is essential for personal protection but there is definitely a dark side to all this and Apple will be a terrorist device of choice. People not wanting to leave tracks use proxie servers, government people not wanting other to see what they are doing use an illegal server and terrorists use encryption to keep their plans secret.
Don't shoot the messenger.
Encryption is just part of the solution to secure networks. Authentication is needed to validatite authorized users as well as protecting users from connecting to spoofed networks/devices.
Er what? Apple doesn't want to be the one that law enforcement has to go to every time they need another phone to be cracked. How many times in how many jurisdictions a day would that be? Also that would apply to any country not just the US. I wouldn't want to be that custodian.
Well, there's spam egg sausage and spam, that's not got much spam in it.
"Apple has a long history or being rather anti-establishment/anti-government. Do some reading."
Except where that government allows them to avoid paying taxes in their home country...then government is super duper.
Apple has a long history or being rather anti-establishment/anti-government. Do some reading.
That's the best spin on "tax cheats" I've heard anyone use. Yeah, they're anti-government. Anti-paying for government services they use, you mean.
They sure rolled over quick when the FBI asked them for all the iCloud information they had about the San Bernardino terrorist.
They're only "anti-government" in the sense that they hate spending money. They sure aren't on the side of any of their customers.
Yes, and that's why Apple's also one to not offer "cloud everything". A lot of services rely on iCloud yes, but there's plenty that doesn't and Apple has even been moving stuff off from iCloud and into personal computation.
It's not just encryption, but just not having the data period. So an iCloud backup is easy and convenient, but is not a full iPhone backup - it lacks authentication information and other things that Apple doesn't want to have. Apple doesn't want your email, wifi and other passwords stored on their service where they'll be vulnerable to giving it up. So iOS basically doesn't even back it up. Heck, an unencrypted iTunes backup won't have that information either (in case the computer gets compromised). The only way you can back up everything is an encrypted iTunes backup, where it's not stored on Apple's servers (and vulnerable to a warrant), and is held local to your hardware.
Similarly Apple has reduced the amount of stuff that is done by their servers - like the latest iPhoto dfoes all the processing on-device rather than in-cloud to prevent uploading sensitive photos. And why it works differently across devices because each one independently executes.
I'm no fan of Apple in general but on this point, no matter what their true motivations, the point is correct.
The motivation is to cash in on popular "wisdom", so congratulations, you are typical enough to fall within a major corporations marketing campaign.
Encryption *is* great, and required for today's society to operate securely. As Bruce Schneier said, we can either have security for everyone, or for none.
Encryption, like all security, will always be flawed. Understanding this is required for today's society to operate rationally instead of having to run to the fainting couch every other day as a new security breach is revealed. Breaches are to be expected, and there is nothing that can be done to change this. The only solution is risk management (stop the gratuitous storing and transmission of sensitive data) and recovery strategy.
A solution to this problem would be to implement secret sharing between Apple, the Executive branch, and Judicial Branch of the government.
Users would generate their encryption key and shares would be given to multiple parties. Multiple parties would need to collaborate to recover the encryption key.
This solution would allow Apple to continue to protect users privacy while at the same time proving a vehicle for the government to decrypt communications. See Shamir secret sharing for the algorithm
They sure rolled over quick when the FBI asked them for all the iCloud information they had about the San Bernardino terrorist.
Which they were required to do by law. Since they held that data (by permission of their customer) they are legally obligated to turn it over. However if the customer does not to use iCloud (which some do), they are not obligated to turn over data they don't have.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Yes, and that's why Apple's also one to not offer "cloud everything". A lot of services rely on iCloud yes, but there's plenty that doesn't and Apple has even been moving stuff off from iCloud and into personal computation.
Part of it is that iCloud simply cannot logistically hold all of the customer's data. Like my music collection easily exceeds iCloud storage space and I'm not the most ardent music collector.
Well, there's spam egg sausage and spam, that's not got much spam in it.
so true! illicit behavior like logging in to my toddler's Disney Junior account, or transferring money between my bank account and the electric company.
In fairness, while you may use encryption to log in for that, big brother can find out you did it without trying very hard or anyone even challenging their warrant. Very likely others can too.
It's the communications that they can't pull without your knowledge that aren't housed in a framework they can easily extract it from that is being objected to.
Er what? Apple doesn't want to be the one that law enforcement has to go to every time they need another phone to be cracked. How many times in how many jurisdictions a day would that be? Also that would apply to any country not just the US. I wouldn't want to be that custodian.
That's certainly a factor; but I know from being an Apple aficionado since 1976 that they just don't like the gummint much. Perhaps it comes from having their R&D labs raided by the FBI way back when, when it was rumored that Woz and John Draper (a/k/a Captain Crunch) were working on a digital "Blue Box" peripheral for the Apple 1...
Rumor has it that some stuff was confiscated. But I've never gotten Woz to confirm (or deny) the story. But after a few minutes of Google-fu, it looks like this may actually be the real story after all....
whoa someone took that 1984 commercial way too serious. apple is the establishment, and they are way worse then most governments with their censorship and control
Nice strawman.
However if the customer does not to use iCloud (which some do), they are not obligated to turn over data they don't have.
One of the reasons that, despite my implicit trust in Apple, I do not use any iCloud services, iTunes Match, etc. None of it.
Oh please. First off, there's the childishness of the "but someone else is worse!" excuse. Didn't fly in preschool, doesn't fly today.
Secondly, Android is open source. You can, with a bit of effort, get an Android phone that doesn't send ANYTHING to Google. At all.
That's impossible with Apple. With an iPhone, you're constantly sending your daily movements back to Apple so that Siri can "make suggestions" in the Today view. Every move you make is tracked, beamed to Apple, without your "consent" merely by turning the phone on.
Having witnessed the Obama Administration spying on AP reporters and exploiting government agencies as political intimidation tools, encryption suddenly became a prime must-have for my computers. Government should NOT be intimidating political opposition and I don't want to be targeted for my lawful communications. When government cites criminal monitoring as a justification to hack into devices, I am skeptical knowing their history of intimidating lawful citizens. When Apple flipped the bird at the FBI over encryption back doors, I happened to be ready to upgrade so like so many others I bought an iPhone and a MacBook Pro.
Same thing happens when government is pushing gun control - lawful gun owners rushed out to purchase guns.
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
Nice strawman.
No. Nice observation.
The only reason he's sided with it is solely for the well-heeled - he doesn't wan't another embarrassment.
That, and it doesn't hurt him too much to prevent people from having too much freedom on their devices.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
whats wrong is cook making it sound like an apple exclusive.
They've been also quite favorable to the well-heeled, which is why they dragged their feet on encryption until relatively recent.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
says the person using encryption right this very second to post about how encryption is only for criminals...
Big brother can find out what banking transactions I issued. Big brother cannot authenticate as me and issue transactions and then claim I issued them.
They've been also quite favorable to the well-heeled, which is why they dragged their feet on encryption until relatively recent.
You're full of shit.
Apples encryption is 100% about protecting the walled garden. Don't lie to yourself. Apple's encryption is 100% about preventing you from owning an iphone. It has nothing, at all, to do with protecting you. That is, at best, propaganda, and most likely a blatant lie.
It's not a coincidence that China has allowed a foreign company to win the phone market. The encryption is compromised, either on the machine level or the corporate level. And, none of those incidents you mentioned were in the least way mitigated by encryption.
Nice strawman.
No. Nice observation.
It is your observation that someone who is critical of Apple can only be a "Fandroid"? And that is a "nice" observation?
Encryption is just a cleaver technique to keep some people you don't like from knowing what you don't want them to know, about you.
If people were inherently honest, then there would be no need for encryption and no need for Secrets.
--Too Many Secrets
Knowing they lack the power to collect my information is greater than hoping they are trustworthy enough not to collect my information. Voluntarily putting on handcuffs is a greater act than saying "trust me, I'll keep my hands behind my back". You got it backwards.
The authorities who want to be able to have a backdoor key to get into everyones computers would be the same people on colonial times asking for authorities to have a masterkey on everyones backdoors. If that key gets out, then criminals can get into anyones' house.
Encryptions is for criminals. Ordinary people don't need military grade encryption to protect themselves. It's primarily used to hide illicit activities from the police and serves no legitimate purpose.
Like it's no big deal if someone steals your trivially encrypted authentication for your bank account and takes all of your money? But let's go big time like they did in Bangladesh and simply steal directly from the banks.
Even FBI director Comey has stated that encryption is essential. He just believes in magic encryption faeries that will decrypt data that hides terrorists and pedophiles from the good guys. (I.e., Those he defines as good guys.)
Kevin Oberman, Network Engineer, Retired
Nice strawman.
No. Nice observation.
It is your observation that someone who is critical of Apple can only be a "Fandroid"? And that is a "nice" observation?
No. I can count to two. And that's the number of viable Smartphone platforms.
So if you don't like Apple, it is a almost-sure foregone conclusion that you do like Android. That makes you a "Fandroid".
Just wait until someone uses this hammer to smash in someone's skull! Then we'll be able to go around outlawing hammers!
You are fucking retarded, and it's probably a good thing you posted AC.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
Except for if you turn that off.
Settings > Privacy > Location Services > System Services
But you knew that when you said it was "impossible" right?
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
what a simple world you live in.
Then explain why Apple all but waited for a certain incident until they'd embrace encryption. An incident involving rich people.
In addition, explain why Apple refused to help in an incident that would have given benefit to tons of ordinary people. That one.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
That's some seriously misplaced logic.
Pretty sure iPhones aren't considered part of 'the grid' except maybe in the minds of Apple fanatics. Pretty sure iPhones depend on the grid-not quite the same thing as being part of the grid.. If you rely on public transit, that doesn't make you a bus driver.
what a simple world you live in.
Things are often simple when you reduce them in the crucible of logic.
Yes, turning Location Services off ENTIRELY is one way to prevent Apple from spying on you.
Unless you want to, I dunno, use a third-party app that requires GPS and doesn't have an appalling privacy record. Then you're just SOL.
But who would ever want to use a very useful feature in their cell phone while NOT consenting to incredibly invasive privacy violations, right?
what a simple world you live in.
Things are often simple when you reduce them in the crucible of logic.
Also true when you lack intellectual capacity or motivation.
Cluecheck:
With any phone, you're constantly sending your daily movements back to the phone company so that they know what cell to route your incoming calls and text messages to, and to provide mandatory E911 data to the government. Every move you make is tracked, beamed to AT&T, Verizon, Sprint or T-Mobile (and onward to the government), without your "consent" merely by turning the phone on.
And no, even if you inspect the entire source, compile it yourself on a compiler which you've similarly audited, then side-load it onto a rooted phone on which you also have access to the firmware's source and inspected that as well; it is not at all possible to configure an Android phone that doesn't send ANYTHING to the phone company and government. Not, anyway, unless you never power the thing on. At all.
Apple may or may not be saints in this matter. But anyone and everyone who owns a phone, including myself and almost certainly including you, has already made a deal with the devil. So cry me a bloody river about Siri's location-aware suggestions.
Imagine all the people...
Big brother can find out what banking transactions I issued. Big brother cannot authenticate as me and issue transactions and then claim I issued them.
Why not if they have the motivation to do so?
What's to stop them from making fraudulent financial transactions or even placing CP on a target's computer/phone other than the same legal, ethical, and Constitutional limits and standards that they've shown a solid track record of totally ignoring when it suits them?
Strong encryption is the *only* effective defense realistically possible against this kind of criminal behavior by authorities and that is exactly why criminal scumbags like Comey want it neutered for non-government users. There is no logical argument for weakening/back-dooring common encryption standards/algorithms *other* than desiring the ability to spy on and incriminate/imprison anyone for any reason they wish.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
what a simple world you live in.
Things are often simple when you reduce them in the crucible of logic.
Also true when you lack intellectual capacity or motivation.
So sez the big, bad Anonymous COWARD.
... if you don't like Apple, it is a almost-sure foregone conclusion that you do like Android. That makes you a "Fandroid".
Say what? I know LOTS of people, (myself among them), who like neither platform. And if you took a Slashdot poll, I'm pretty sure you'd find lots more. The AC above who commented "nice strawman" probably should have said "nice troll" instead.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
If Apple is so big on encryption, why is is also pushing users to use wireless, particularly Bluetooth headsets. Wired had security. Wireless doesn't.
Key escrow, but set up so that x number of authorities must supply the key to get access.
No, this is not perfect. However, nothing, not even strong encryption is perfect - since it can be defeated by social engineering, torture (which definitely works when you know what you are doing) etc.
You should retake that logic class, because you just failed.
Encryption is necessary because the underlying network infrastructure and protocols are inherently crap.
Go well
I fully agree. Just one (minor) correction: The Math does allow backdoors that only work for the "good"/bad guys, but reality does not because it means keeping an encryption key absolutely secret long-term while it is also frequently used. Not even the NSA can apparently manage that. And if it fails, the effects are catastrophic.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
And what if you use an iPad and an Android phone?
Have fun experiencing cognitive dissonance for the first time.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
lol , what kinda hipster response is that???
They've been also quite favorable to the well-heeled, which is why they dragged their feet on encryption until relatively recent.
Thankfully most people aren't going to blow their modpoints trying to modbomb *this* =P
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.