Apple Tells Lawmakers iPhones Are Not Listening In On Consumers (reuters.com)

← Back to Stories (view on slashdot.org)

Apple Tells Lawmakers iPhones Are Not Listening In On Consumers (reuters.com)

Posted by BeauHD on Wednesday August 8, 2018 @01:00AM from the privacy-concerns dept.

An anonymous reader quotes a report from Reuters: Apple told U.S. lawmakers on Tuesday that its iPhones do not listen to users without their consent and do not allow third-party apps to do so either, after lawmakers asked the company if its devices were invading users' privacy. Representatives Greg Walden, Marsha Blackburn, Gregg Harper and Robert Latta wrote to Apple's chief executive Tim Cook and Alphabet chief executive Larry Page in July, citing concerns about reports that smartphones could "collect 'non-triggered' audio data from users' conversations near a smartphone in order to hear a 'trigger' phrase, such as 'Okay Google' or 'Hey Siri.'"

In a letter to Walden, an Oregon Republican who chairs the House Energy and Commerce Committee, Apple said iPhones do not record audio while listening for Siri wakeup commands and Siri does not share spoken words. Apple said it requires users to explicitly approve microphone access and that apps must display a clear signal that they are listening.

24 of 214 comments (clear)

Min score:

Reason:

Sort:

Post the source code by spire3661 · 2018-08-08 01:05 · Score: 4, Insightful

and we will believe you. Until such a time as the code can be verified by third-parties, your word is utterly meaningless. Trust, but verify.

--
Good-bye
1. Re:Post the source code by jellomizer · 2018-08-08 01:21 · Score: 4, Insightful
  
  Why would that prove anything?
  If Apple is going to deceive you in front of lawmakers. Why not release source without the offending code, and compile and send a different branch with it.
  Most of us even hard core open source Linux fans, will not install their applications by compiling the source.
  make clean & make & make install
  We would rather just run the apt-get, download the .deb or .rpm file which has the executable precompiled. Saving you the time and effort of the build.
  Sure some of us will compile our code before we run it. But heck if you are in the business of spying, that could be considered a trade-off.
  If you want to verify what is happening, then you should monitor all the wireless traffic your phone sends. Compare it in a quiet environment and one with talking. See if the data sent from the device is enough for conversations.
  For the most part it is in Apples best interest in not getting caught betraying our trust in its security feature. The easiest way to not get caught is to not do the action.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
2. Re:Post the source code by spire3661 · 2018-08-08 01:44 · Score: 4, Insightful
  
  The point is the option should be there so that a person can look at it and say 'Holy shit, what the hell is this?'. It doesnt matter how many actually do it, what matters is that it represents a logical break. Without any way to look or alter the code, its a black box, forever. You dont trust a black box.
  
  --
  Good-bye
3. Re:Post the source code by Wrath0fb0b · 2018-08-08 02:02 · Score: 4, Insightful
  
  If Apple is going to deceive you in front of lawmakers. Why not release source without the offending code, and compile and send a different branch with it.
  Indeed.
  
  Most of us even hard core open source Linux fans, will not install their applications by compiling the source.
  make clean & make & make install
  First, even those that do will not audit the entire source. I bet you could insert a function send_personal_data_to_kgb_and_nsa(void) and only a small number of people running ./configure && make -j12 install would notice. If you obfuscated the functionality a bit better, no one would notice :-P
  Anyway, even if you did audit the source, that is not sufficient to guarantee that the compiled binary faithfully represents the source files input. To do that, you have to audit the entire compiler/toolchain. And then you have to audit the compiler used to build the compiler.
  
  If you want to verify what is happening, then you should monitor all the wireless traffic your phone sends. Compare it in a quiet environment and one with talking. See if the data sent from the device is enough for conversations.
  But the phone has storage. And it has speech-to-text, part of which happens locally. Both of those features mean that, in theory, the phone could record and process the audit and then dribble it out over the network later when you are doing some other legitimate network activity.
  So if you REALLY want to be certain, you have to fill up the storage (wait, there could be a secret reserve of a few GB that are not user-accessible) and also monitor the supply lines from the battery to ensure there is no heavy speech processing that might be transcribing it to text :-D
  I agree with the sentiment of your post, just like showing that there is no way around having some level of trust in the hardware/software that you use.
4. Re:Post the source code by jellomizer · 2018-08-08 02:03 · Score: 2
  
  However the black box for the most part is sending and receiving open specification type of data.
  If Apple is going to hide that they are sending your conversations to some mega server somewhere they are going to do it. Source Code will not stop that one person to question the code. If that code isn't there.
  However the open specification will allow people to see the output from that black box.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
5. Re:Post the source code by KiloByte · 2018-08-08 02:12 · Score: 3, Informative
  
  That's why there's the Reproducible Builds project. Packages have .buildinfo files that save versions of dependencies, recompiling against the same deps should produce bit-to-bit identical results.
  It's not yet complete, but 92.8% of packages build reproducibly.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
6. Re:Post the source code by MachineShedFred · 2018-08-08 03:31 · Score: 2
  
  Yeah, because lying to Congress is a fantastic plan, and they would totally do that to... what end?
  Posting the source code isn't going to happen. They would let government auditors in under NDA long before that happened. Get real.
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
7. Re:Post the source code by guruevi · 2018-08-08 03:44 · Score: 3, Interesting
  
  Apple has released design/block diagrams on the silicon and how "Hey Siri" is implemented in hardware and doesn't require intervention from either the CPU or the OS. It can be verified by putting some scopes and circuit analyzers on the thing and seeing when and where the 'activity' actually happens.
  It's fairly easy to test whether or not they're lying, if your CPU and SSD keeps waking up whenever there is audio, even if the trigger hasn't been used, you know they're lying.
  Also, you can dump the contents of your iPhone as a developer. So it would also be pretty easy to verify there is no recording lurking somewhere on the drive waiting to be sent to Apple. You could also analyze the traffic that is sent to Apple and see whether it is feasible that audio recordings which would have to be a pretty continuous stream, even encrypted, are being sent without the trigger phrase.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
8. Re:Post the source code by TheFakeTimCook · 2018-08-08 03:53 · Score: 3, Insightful
  
  If you want to verify what is happening, then you should monitor all the wireless traffic your phone sends. Compare it in a quiet environment and one with talking. See if the data sent from the device is enough for conversations.
  For the most part it is in Apples best interest in not getting caught betraying our trust in its security feature. The easiest way to not get caught is to not do the action.
  Exactly.
  And I just can't believe that Slashtards are THAT stupid to not think of that, instead of imagining all sorts of wheels-within-wheels and riddles wrapped in myteries inside of enigmas when it comes to ANYTHING Apple says, does or produces.
  Stupid shits. The whole lot. (Not you, Jellomizer... YOU are among the few that "get it".).
9. Re:Post the source code by TheFakeTimCook · 2018-08-08 03:56 · Score: 2
  
  The point is the option should be there so that a person can look at it and say 'Holy shit, what the hell is this?'. It doesnt matter how many actually do it, what matters is that it represents a logical break. Without any way to look or alter the code, its a black box, forever. You dont trust a black box.
  It is a black box with an internet-sized HOLE in it, you stupid FUCK.
  Which is more betterer: Poring over Source code to try and find some obsfucated "snitching/spying" functions; or simply watch network traffic out of the fucking PHONE?
  Idiots.
10. Re: Post the source code by TheFakeTimCook · 2018-08-08 04:06 · Score: 2
  
  Wtf? Apple lies all the time. Steve jobs claimed ogg vorbis was an illegal codec at one point of time and half of their advertising in the past Implied osx couldn't get viruses.
  During antenna gate it took them almost to the point of getting sued to admit the issue.
  Yes. Apple should prove themselves
  Citation on the Ogg quote, cuz I'm not finding it?
  Show me a true, self-replicating virus on macOS or iOS.
  It's been over TWENTY years for OS X/macOS, and ELEVEN for iOS. Where are all the viruses? Trojans don't count.
11. Re:Post the source code by TheFakeTimCook · 2018-08-08 04:16 · Score: 3, Interesting
  
  Apple has released design/block diagrams on the silicon and how "Hey Siri" is implemented in hardware and doesn't require intervention from either the CPU or the OS. It can be verified by putting some scopes and circuit analyzers on the thing and seeing when and where the 'activity' actually happens.
  It's fairly easy to test whether or not they're lying, if your CPU and SSD keeps waking up whenever there is audio, even if the trigger hasn't been used, you know they're lying.
  Also, you can dump the contents of your iPhone as a developer. So it would also be pretty easy to verify there is no recording lurking somewhere on the drive waiting to be sent to Apple. You could also analyze the traffic that is sent to Apple and see whether it is feasible that audio recordings which would have to be a pretty continuous stream, even encrypted, are being sent without the trigger phrase.
  Exactly.
  Just make a looped recording that DOESN'T include the phrase "Hey, Siri" (or simply a radio station or TV would work fine), and put the iPhone in front of a speaker playing the sound. Now watch for WiFi traffic from the phone while sleeping.
  So easy to verify without examining a single line of code, and yet all the FOSSies can think to do is pore over a bunch of code that may or may not be what is actually running in the device.
  Idiots.
12. Re:Post the source code by HiThere · 2018-08-08 06:03 · Score: 2
  
  You may be a bit too skeptical. Unlike Google, Apple does not derive funding directly from advertisers. (Indirectly, yes, but that *is* different.)
  So there is much less motivation for Apple to wantonly infringe your privacy than there is for Google.
  OTOH, Apple is much more likely to want to block you from exporting your data. They've often imposed roadblocks in the past (though admittedly the times I'm thinking of date back to the original Macintosh).
  OTOH, I haven't studied their phones eco-system, so I don't know whether they have the same motivations.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
So by AHuxley · 2018-08-08 01:23 · Score: 2, Insightful

PRISM was with the users consent?
PRISM was another approved third-party app?
Do governments get that explicitly approved microphone access?
Hey NSA?

--
Domestic spying is now "Benign Information Gathering"
1. Re:So by TheFakeTimCook · 2018-08-08 04:21 · Score: 2
  
  PRISM was with the users consent?
  PRISM was another approved third-party app?
  Do governments get that explicitly approved microphone access?
  Hey NSA?
  Other than one highly-suspect PPT slide, there is ZERO proof that Apple ever participated in PRISM.
Re:Why believe them? by jellomizer · 2018-08-08 01:27 · Score: 2

Posted from your Android Phone, Made by a company who makes most of their money selling targeted ads based on your data views.
Vs.
Apple who makes its money from selling higher margin devices.

--
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Megacorporation denies political impact of product by Drethon · 2018-08-08 01:56 · Score: 2, Insightful

We will also be discussing cigarette companies denial that cigarettes cause cancer and big oil companies denial that fossil fuels contribute to global warming, news at 11.
Seriously though, whether or not they actually are, do we expect Apple to say anything different if it can't be proven (or possibly even if it can)?
"without their consent" by houghi · 2018-08-08 03:30 · Score: 3, Informative

With all the opt-in going on, this means that they do.

--
Don't fight for your country, if your country does not fight for you.
"without their consent" by Anonymous Coward · 2018-08-08 03:30 · Score: 2, Informative

Consent being written into the legalese of the EULA.
As "nobody" reads 100% of the "user agreement"... by squash_me_quickly · 2018-08-08 03:44 · Score: 3, Informative

...before installing an app/program "nobody" has any idea what they are consenting to.

The average person could be giving up their rights to their first born children every time they install a program/app.

Many installations want consent for collecting data to "improve the product" or "improve customer experience"... theoretically, giving all ones data to the NSA to help prevent terrorism is an improvement for the customer.
Not without consent... by Anonymous Coward · 2018-08-08 03:53 · Score: 2, Informative

... because everyone reads the ToS for every app they blindly install and never bother to remove or check if it's running in the background...
Just the other day ... by PPH · 2018-08-08 04:30 · Score: 3, Funny

... I was discussing this very subject with my wife. The toaster interjected to state that our fears were unfounded and we had no reason to avoid Apple products.

--
Have gnu, will travel.
Re:They pulled a Billy by Strider- · 2018-08-08 04:39 · Score: 2

This has actually been done. There is a separate IC/DSP/Controller (whatever you want to call it) that listens for the "Hey Siri." When it hears it, it wakes up the main CPU and the rest of the process starts running. It would be far too power intensive for the main CPU cores to stay awake to analyze a constant stream of noise. This is also why the iMac Pro, and similar computers contain some of the chipset from the iPhones.

--
...si hoc legere nimium eruditionis habes...
Physical privacy switches by myid · 2018-08-08 09:19 · Score: 2

Apple should add privacy switches to iPhones - physical sliders that physically disable the camera and microphone. If I slide the camera or mic slider to "OFF", then the camera or mic can't work. Regardless of the user preferences, software, or what I say, the camera or mic is physically unable to work again, until I move the slider back to "ON".
With privacy switches, Apple can remove fears that their phones are listening or taking pictures when they shouldn't. Apple can take the cover off of an iPhone, letting you see the iPhone's camera and mic. Then they can make a movie of someone sliding the privacy switches back and forth, and show the movie to Congress - "Look, when you move the mic (or camera) privacy switch to "OFF", see how the mic (or camera) is physically disabled."
Privacy switches might be a good idea on all phones and computers, not just Apple's.