Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Shared User Data With Governments, Says WikiLeaks Email (dailydot.com)

Posted by EditorDavid on from the responding-to-warrants dept.

"Please know that Apple will continue its work with law enforcement," reads an email from Apple's vice president of Environment, Policy and Social Initiatives, who reports directly to CEO Tim Cook, according to new documents this week on WikiLeaks. An anonymous reader writes: In the email the Apple executive writes "we work closely with authorities to comply with legal requests for data that have helped solve complex crimes. Thousands of times every month, we give governments information about Apple customers and devices, in response to warrants and other forms of legal process. We have a team that responds to those requests 24 hours a day." The email was addressed to Clinton campaign chairman John Podesta.

But the context is missing, and could show a larger attempt to soften Hillary Clinton's position on encryption. While Jackson writes that at Apple, "We share law enforcement's concerns about the threat to citizens," she later writes "Strong encryption does not eliminate Apple's ability to give law enforcement meta-data or any of a number of other very useful categories of data."
The email also compliments Clinton for her "principled and nuanced stance" on encryption in a December debate against Bernie Sanders. Clinton had said "maybe the backdoor is the wrong door, and I understand what Apple and others are saying about that. But I also understand, when a law enforcement official charged with the responsibility of preventing attack...well, if we can't know what someone is planning, we are going to have to rely on the neighbor... I just think there's got to be a way, and I would hope that our tech companies would work with government to figure that out."

18 of 106 comments (clear)

  1. Faith-based security by Anonymous Coward · · Score: 4, Insightful

    Closed source encryption = faith-based security.

    1. Re:Faith-based security by Alain+Williams · · Score: 2

      I am not a mathematical genius, but I know of some who are and that they have looked at the open source code and said that they are happy. This does not guarantee that they have not overlooked something, but is much better than the closed source scenario where only a few have seen the code - and I do not know who those few are or who they work for.

    2. Re:Faith-based security by wvmarle · · Score: 2

      More importantly:

      Closed source crypto: those that have seen the code are restricted by NDAs and usually on the payroll of whoever developed and deploys the encryption. These people have various reasons not to speak out on any potential issues, including back doors. You'll have to wait for a Snowden or Mannings to step up and reveal any issues.

      Open source crypto: everyone, including "the enemy" and others with vested interests to break it and reveal exploits can see and analyse the code. They are not bound by NDAs, often live and work under various jurisdictions which means they can not all be gagged by laws.

      The main reason we can trust closed-source crypto is that it is in the interest of the developing/deploying company that it actually works. Apple has lots to lose if it turns out their crypto is weak and contains easily exploitable back doors or bugs. It will probably not bankrupt them, but it'd be a really serious blow to the credibility of the company - and it'd take years if not decades for the general public to put their trust in Apple again.

      This is why I do trust Apple (and other companies) to have really strong encryption that actually works and has no back doors, even though I'd strongly prefer them to open source it so third parties can confirm this is the case.

  2. They respond to warrants?! by BLKMGK · · Score: 4, Informative

    Total surprise! It's why they've made sure they can't get through their own crypto...

    --
    Build it, Drive it, Improve it! Hybridz.org
    1. Re:They respond to warrants?! by Lisandro · · Score: 5, Insightful

      That was my exact first thought. I'm far from an Apple fanboy, but why the hell is the story framed to sound like they're surreptitiously sharing customer data with the NSA or something

    2. Re:They respond to warrants?! by ArtemaOne · · Score: 2

      I came here to see if anyone had posted this. None of this is even story-worthy. If they have the information they must respond to a warrant.

    3. Re:They respond to warrants?! by BLKMGK · · Score: 5, Insightful

      Exactly! Metadata is things like IP addresses of logins or names of accounts. These are things they have to have in order to operate and it's not something they can deny a valid warrant. AOL, Google, Yahoo!, and many many other companies respond to these requests. But if they cannot get at the data they cannot turn it over. Some companies, like Yahoo! apparently, give way more than others but if they couldn't get to the data they couldn't and Apple claims they no longer can. Put a good password on your account, your backups, and good grief don't use the cloud. How hard is that? Non-story unless they can show that Apple is breaking the most recent crypto...

      --
      Build it, Drive it, Improve it! Hybridz.org
    4. Re:They respond to warrants?! by BigBuckHunter · · Score: 2

      This is the third clickbait Anti-Apple article today. They had the google vulnerability disclosure article and yet another MacBook Pro pooh-pooh article. Apple has always cooperated with LEA warrants and will continue to do so.

    5. Re:They respond to warrants?! by ljw1004 · · Score: 2

      Put a good password on your account, your backups, and good grief don't use the cloud. How hard is that?

      How hard is that? ... pretty much impossible. Don't get me wrong. I used to use my own personal linux server for documents and photos and music. Went through three machines over fifteen years, always with RAID, always with offsite backups. I wrote a frontend to let me browse photo thumbnails quicker than google drive or onedrive.

      But it was too hard to meet reasonable family needs. Too hard to share photos with (non-technical) family members. To hard to automatically upload photos+videos from my phone. Too slow to share 100mb+ videos. Too hard to share a collaborative grocery list and the like. And when a problem happened (e.g. a RAID drive failure) it happened when I was up to my neck in work duties or diaper changing or whatever. Infants and unslept spouses don't appreciate that you're spending time administering your server rather than doing your share of childcare, and don't appreciate "I need to fix up the server" as a reason for why we can't update our family grocery list or calendar or to-do list. So the server limps along on only one drive for a month, or two months, and suddenly it's too precarious or out of commission for a while.

      If your use-case doesn't involve this much family sharing, or if you have the expertise and time to manage your server, then good for you. But I don't think "good grief don't use the cloud" is useful advice in general.

    6. Re:They respond to warrants?! by tlhIngan · · Score: 2

      This is the third clickbait Anti-Apple article today.

      It's because Apple made the news earlier this week with a product announcement. This brings out all the haters because you know what? Apple stuff leads to ad clicks. So click-bait articles about Apple, especially since Apple is in the news, means lots of ad money.

      It's what journalism has evolved into on the Internet - whatever you can do to trick users into clicking your articles for ads. Gawker might have been the first to formalize it from the get-go - writers were paid by the click, literally.

      Apple announces something, so you generate 100 articles about that something. Which generates 200 articles about why that something is completely studio, idiotic and completely pointless. Which generates another 300 articles about why Tim Cook did or didn't do something on stage. Followed by 400 articles about something not related to Apple at all but they throw in Apple's name to get an ad click. Followed by 1000 articles about news about Apple form years ago.

      Face it - Apple news is like black friday sales. When Apple makes an announcement, websites lap it up make about the only real money they'll made from ad impressions all year. A few Apple articles is enough to pay for the entire website for the year. The rest of the year the other boring crap is just bonus money.

  3. Re: Missing context by MightyMartian · · Score: 2

    No it isn't good enough. Injecting cynicism isn't a replacement for context.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  4. Re:Where is your God now? by ArtemaOne · · Score: 2

    You sound ridiculous. Do you know what the US Government would do to a corporation that denied assistance to legal warrants from the judicial branch?

  5. Re:why am i not surpised by BLKMGK · · Score: 3, Informative

    Since when does metadata equal them giving up access to the device? Metadata is things like what IP it last checked an iTunes account with or how many IOS devices you have. Yes, you ARE an idiot.

    --
    Build it, Drive it, Improve it! Hybridz.org
  6. Re:Where is your God now? by AHuxley · · Score: 4, Informative

    Re "Do you know what the US Government would do to a corporation .. "
    "The One Telco Exec Who Resisted The NSA Has Been Released From 4+ Years In Jail" (Sep 27th 2013)
    https://www.techdirt.com/artic...
    This news just adds to the PRISM decryption and other issues that US brands seem to offer assistance with.
    https://en.wikipedia.org/wiki/...
    If its important encrypt well away from any and all Apple products, send the communications.
    Anonymity is hard to ensure but at least people can get their privacy back from Apple and the mil/gov.

    --
    Domestic spying is now "Benign Information Gathering"
  7. Re:why am i not surpised by dprimary · · Score: 2

    Because Apple announced this last year. This is only news to the people that don't pay attention in the first place.

  8. Re:why am i not surpised by Anonymous Coward · · Score: 2, Insightful

    "any of a number of other very useful categories of data"
    Phone number ?
    Customer who bought the phone , their name, and address ?
    Credit card used to buy the phone ?
    Balance on their iTunes account ?
    Last time it was accessed ?

    There is a heap of data Apple has which does NOT include any data that is on the phone, and when given a valid warrant, Apple and every other company in the world will comply and hand over that data.

    This is entirely consistent with Apples stance on protecting user privacy, by encrypting the end users data with keys they do not have they can not hand anything over, likewise with end to end encryption, Apple is not privy to any chat data and can therefore not hand anything over.

    So, you have any PROOF to say otherwise, please give it, paranoid delusion is not proof.

  9. Re:why am i not surpised by BlueStrat · · Score: 2

    Constitution restriction doesn't apply here as actions are done under authorized warrant for law enforcement. That is explicitly allowed.

    *Individual*, very specific, and narrow warrants yes, but not general warrants, they are expressly forbidden.

    However, our current crop of politicians, bureaucrats, federal judges, and TLAs seem to be of the opinion that they can violate the US Constitution with impunity by waving a 'national security' flag around. Sorry, but national security, illegal drug traffickers, child porn, copyright infringement, etc etc...none of these trump the Constitution and civil rights.

    Government no longer honors the limitations to its' power and scope set out in its' founding document which are the only things which give it legitimacy.

    Strat

    --
    Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  10. Re:why am i not surpised by Anonymous Coward · · Score: 3, Insightful

    Metadata doesn't exist, all data is data.
    The government doesn't really care if you just asked for direction, if you are in contact with someone they don't like you are a criminal.

    They even kill people just based on "meta"-data.
    Ex-CIA director – We kill people based on metadata
    And here is a YouTube clip if you think that veteranstoday just made it up.
    Former NSA boss: "We kill people based on metadata"