Tim Cook's Letter on the need for Encryption

anvilfour

*** DISCLAIMER - I WORK FOR APPLE BUT AM EXPRESSING MY OWN OPINIONS! ***

Full link here:

http://www.apple.com/customer-letter/

This comes on the back of the FBI trying to order Apple to provide a government mandated backdoor for iPhones, story available here:

http://www.cnbc.com/2016/02/17/apple-order-to-hack-iphone-for-fbi-in-san-bernardino-case-chilling-tim-cook.html

See also:

pah

I don't see why in very serious cases, with a court order, apple would not decrypt a device for the authorities.

Open the box and provide the contents but retain the keys.

timmywex

pah wrote: »

I don't see why in very serious cases, with a court order, apple would not decrypt a device for the authorities.

Open the box and provide the contents but retain the keys.

Precedent.

It's a shooter this time, next up it's someone who's pirating music.

Apple's point is also that it cannot do it at the moment without large technical influence, potentially a new OS, which if in the wrong hands could have massive consequences.

liamo

pah wrote: »

....Open the Pandora's box .....

There. Fixed that for you.

liamo

pah wrote: »

I don't see why in very serious cases, with a court order, apple would not decrypt a device for the authorities.

Open the box and provide the contents but retain the keys.

Actually, Apple has not been instructed to decrypt a device as such.

From this article in The Washington Post.

"The order, signed Tuesday by a magistrate judge in Riverside, Calif., does not ask Apple to break the phone’s encryption but rather to disable the feature that wipes the data on the phone after 10 incorrect tries at entering a password. That way, the government can try to crack the password using “brute force” — attempting tens of millions of combinations without risking the deletion of the data."

It's also not the FBI simply demanding access to someone's phone against their wishes. Complicating this matter is the fact that the user of the phone - one of the San Bernadino shooters - is dead and the actual owner of the phone - the County Health Dept - has consented to the phone being searched.

I can see why the court ruled the way it did in this specific instance.

Having said that, however, I do agree with timmywex. It's a slippery slope and not a very long one.

Manach

I would side with pah here. The has to be a balance struck and no rights are absolute including privacy. While any blanket gathering of data by the state for surveillance is wrong, individual served under proper legal process should hand over their keys to the phone data and under rare circumstances the data should be capable of being accessed if this does not occur.

But I do acknowledge the other point made that this has a potential to be a sliding slope: legally it is common both here and elsewhere for 'emergency
' measures to morph into standard law due to precedent.

anvilfour

Manach wrote: »

I would side with pah here. The has to be a balance struck and no rights are absolute including privacy. While any blanket gathering of data by the state for surveillance is wrong, individual served under proper legal process should hand over their keys to the phone data and under rare circumstances the data should be capable of being accessed if this does not occur.

But I do acknowledge the other point made that this has a potential to be a sliding slope: legally it is common both here and elsewhere for 'emergency
' measures to morph into standard law due to precedent.

Hi Manach,

Thank you for sharing your thoughts.

The concern I have here is that if Apple were to supply the FBI with custom firmware, that they have digitally signed to unlock this specific phone, there's no real reason that they couldn't use this to unlock any iPhone 5C.

This not only has chilling effects for human rights - if one of the bad guys gets their hands on one copy of the custom firmware, then our secrets are also laid open to the shadowy government organisations of foreign countries too.

We have already seen in the UK that there has been abuse of key disclosure laws such as those used to try to intimidate David Miranda into handing over content protected by reporter's privilege and also a harmless schizophrenic man being jailed for refusing to hand over his password.

anvilfour

pah wrote: »

I don't see why in very serious cases, with a court order, apple would not decrypt a device for the authorities.

Open the box and provide the contents but retain the keys.

As timmy says, unfortunately this isn't possible.

If I could put on my Apple Tech Support hat here for a second, in simplest terms a non-jailbroken iOS device will check its own firmware each time it's powered on to see if it's been digitally signed by Apple - if Apple were to create a new version of iOS which is easier to break into, it could be flashed onto potentially any iOS device, making us all vulnerable.

The only way to keep everyone's data safe is to say no.

Boskowski

There has to be a no. These things always work the same way. Set a precedent and of course its under court control and only for crimes of the highest order. The two 'highest order' things currently being trotted out on an ongoing basis are terror and kiddy porn, brilliant, nobody could possibly object to that. So then a few years on the court control thing has mutated to a form being filled out and signed by default - if we're lucky and they even continue to bother - and terror and kiddy porn has become file sharing and revenue troubles.

Just as an example in the naughties the right to secret banking has been softened up in Germany, of course to control the flow of financing terror groups. Only in exceptions of course and it took a judge for the authorities to gain access to a statement history. Last year it was revealed by virtue of parliamentary enquiry they acquired access to 300,000 bank accounts in that year alone. Just ten years on that is and no changes to the laws were made. Apparently welfare fraud is now the same as planning 9/11.

anvilfour

What would be wonderful is if manufacturers like Apple could say that they simply have no way from a technical perspective to make it easier for anyone to bypass device encryption.

Unfortunately for as long as a court thinks it can force them to create custom firmware then we're all in trouble. Perhaps if the wipe of the device took place at a hardware level after X incorrect attempts?

pah

Agreed in general. As it is law enforcement have a number of avenues to try and get a phone pin unlocked.

But what about the psycopath that has kidnapped your child? He's been caught somehow but no sign of the child in 24hrs. His iphone is sitting like a paper weight on the desk. He will not unlock it no matter what. Would you still feel the same?

liamo

You could use that example to justify absolutely anything. If it was my child I'd happily tie the psycho down to a table and chop pieces off him, apply electric shocks, flay him alive and pour salt on his wounds until he gave me what I needed. However, that's not the case here.

Today it's the bypassing of a security feature (the bricking of the phone after max failed attempts) but only for that specific phone - the court order does identify the phone's serial number and IMEI and tie the order to that specific device.

Once the court's order has been carried out I've no doubt that there will be another specific case and then another. Then there'll be a group of potential terrorists who need to have data on their phone remotely captured. Where does it end?

Once this precedent has been established it's only a question of scale and scope.

pah wrote: »

But what about the psycopath that has kidnapped your child? He's been caught somehow but no sign of the child in 24hrs. His iphone is sitting like a paper weight on the desk. He will not unlock it no matter what. Would you still feel the same?

Khannie

Google CEO just jumped into the fray on Twitter (on Apple's side).

anvilfour

liamo wrote: »

You could use that example to justify absolutely anything. If it was my child I'd happily tie the psycho down to a table and chop pieces off him, apply electric shocks, flay him alive and pour salt on his wounds until he gave me what I needed. However, that's not the case here.

Today it's the bypassing of a security feature (the bricking of the phone after max failed attempts) but only for that specific phone - the court order does identify the phone's serial number and IMEI and tie the order to that specific device.

Once the court's order has been carried out I've no doubt that there will be another specific case and then another. Then there'll be a group of potential terrorists who need to have data on their phone remotely captured. Where does it end?

Once this precedent has been established it's only a question of scale and scope.

Hi liamo,

The problem you have here as I explained above is that you cannot provide firmware to unlock one specific phone in this way. If a copy of this backdoored firmware found its way into the wrong hands then it could potentially be used to unlock any iOS device without a Touch ID.

hooplah

So they're not demanding one device is decrypted, they're demanding that Apple allow a backdoor. If the FBI can brute force a device then so can others.

Looking to the future for service providers I think it might become the case that if they are able to pass on your info then they will be forced eventually to do so. The best way forward is to have it so that they cannot hand over keys / info. I think theis is the way Signal operates - they cannot access or decrypt your info.

If providers are forced to create ****ty software that allows them to see everything then ideally consumers will move to providers outside the US.

That said I can't see the UK being far behind the US on this. Would the rest of the EU go the same way?

anvilfour

pah wrote: »

Agreed in general. As it is law enforcement have a number of avenues to try and get a phone pin unlocked.

But what about the psycopath that has kidnapped your child? He's been caught somehow but no sign of the child in 24hrs. His iphone is sitting like a paper weight on the desk. He will not unlock it no matter what. Would you still feel the same?

Pah,

You're referring to the "ticking bomb scenario" - it's a fairly old argument and has been debunked fairly thoroughly here for instance.

Aside from the fact that this scenario makes a lot of assumptions which wouldn't hold true in reality, you also have to ask what would happen if you or someone you cared about were innocent of the crime for which you were suspected but wanted to keep your data private all the same.

If you think you have nothing to hide, suggest you have a read of the following:

http://www.wired.com/2013/06/why-i-have-nothing-to-hide-is-the-wrong-way-to-think-about-surveillance/

Also wonderful quote from Edward Snowden:

"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."

anvilfour

What is heartening for me as an Apple employee is that this dispute suggests that there isn't an actual backdoor built into devices. Apple doesn't have a warrant canary any more AFAIK, so I was concerned.

If the Police contact us from UK or elsewhere in Europe at least, there's a specific e-mail address for law enforcement enquiries, that's all I know.

As far as I'm aware there's no actual back door but of course there are regular exploits to bypass the lock screen and in particular if you have access both to an iPhone and a computer that was sycned with it via iTunes, there's a good chance you can reset the code or access data via backups.

My understanding as well is that iCloud backups are encrypted with a master key which Apple can unlock although I am too far down the ladder to know either way.

Needless to say if you have sensitive personal information it's best to keep it encrypted and offline, no matter what device you use!

liamo

Hi AnvilFour

I understand and completely agree with your point.

I was referring to the court order and the justification of it. That is - "it's only for this one device". The order (a copy of which is here, if anyone's interested) does address, in a reasonably abstract way, the linking of the software to the specific device :

The SIF (Software Image File) will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the Subject Device.

I'm not at all familiar with Apple hardware or software and have no opinion on whether this order is possible or not so your input into this is helpful.

Regards

Liam

anvilfour wrote: »

Hi liamo,

The problem you have here as I explained above is that you cannot provide firmware to unlock one specific phone in this way. If a copy of this backdoored firmware found its way into the wrong hands then it could potentially be used to unlock any iOS device without a Touch ID.

anvilfour

Hi liamo,

Thanks again for sharing your thoughts - you're absolutely right in saying the court order was intended for one particular device in a certain set of circumstances.

No doubt the Judge signed the order in good faith too, believing this was feasible.

Ignoring the ethical and legal implications for a second though, it's not possible to create a version of iOS with weakened security for an individual device - for Apple to digitally sign a custom version of the firmware and hand it over is tantamount to giving the FBI a way to bypass the passcode on pretty much every iPhone. (It might not work on devices with a Touch ID like the 5s, 6 and 6s but let's not stray too far off topic!)

Even if the device were handed to Apple and a custom version of the firmware was created in controlled conditions, if anything of consequence was found, Apple would most likely be called on to substantiate how they did it to make sure the suspect has a fair trial.

Other people have also pointed out that even if Apple could comply with these orders on a case by case basis without comprising other people's data, the process itself is open to abuse.

I had thought by putting encryption keys in the hands of customers that erosion of civil liberties like this by the government wouldn't be possible but it seems you can trust the FBI to find a way.

liamo wrote: »

Hi AnvilFour

I understand and completely agree with your point.

I was referring to the court order and the justification of it. That is - "it's only for this one device". The order (a copy of which is here, if anyone's interested) does address, in a reasonably abstract way, the linking of the software to the specific device :


I'm not at all familiar with Apple hardware or software and have no opinion on whether this order is possible or not so your input into this is helpful.

Regards

Liam

cowboyBuilder

So are apple taking a moral stand here ?

I don't understand, they have sweatshops running in China :S :S

anvilfour

cowboyBuilder wrote: »

So are apple taking a moral stand here ?

I don't understand, they have sweatshops running in China :S :S

Aside from the fact that simply isn't true (at least not in the way I understand sweat shops!) it's off topic. If you want to start a thread about Apple's corporate work practices in Asia, please feel free though - if you want to comment here, please let's talk about the matter at hand!

liamo

Apple is a business. There's not much room for morality and I doubt it played much of a part in this.

Frankly, it was the only position that they could take. Who's going to buy a phone from a company who might hand over all of their users' data to the FBI?

If Apple don't win this one, Google and Microsoft might be next. Who says it has to be just phones? Why not PCs?

cowboyBuilder wrote: »

So are apple taking a moral stand here ?

I don't understand, they have sweatshops running in China :S :S

cowboyBuilder

liamo wrote: »

Apple is a business. There's not much room for morality and I doubt it played much of a part in this.

Frankly, it was the only position that they could take. Who's going to buy a phone from a company who might hand over all of their users' data to the FBI?

If Apple don't win this one, Google and Microsoft might be next. Who says it has to be just phones? Why not PCs?

In fairness it's an extreme case !.

anvilfour

cowboyBuilder wrote: »

In fairness it's an extreme case !.

The situation is extreme! However complying would mean risking the FBI and anyone who gets their hands on the firmware could read the data of any device they can physically access under any circumstances.

gctest50

anvilfour wrote: »

The situation is extreme! .....

It's not extreme!!!1!!! - that's just drama queen carry on from Apple looking for free publicity - in a few days they'll comply

1 Infinite Loop Cupertino needs a 747 cargo plane stuck in it and see how they'd react then

AlanG

Apple want to show they are more powerful than a democratically elected legislator. They want the protection of being based in a country with clear laws but they don't want to cooperate with the upholding of those laws. If this was in the country where Apple run their sweatshops Tim Cooke would be in jail by now.

The people elected the government that made the laws being upheld - Apple are trying to circumvent those laws and in the process are helping terrorists. This is no different than the Swiss banks who helped hide the assets of despots throughout the world - after all if they gave information of the money stolen from those genocide victims it would have been a slippery slope.

The only difference here is that Apple have a great marketing department and are considered cool by people who buy into that image.

Apples great marketing department is trying to make it out that their massive corporation is being picked on by the nasty government (aka. the elected representatives of the American people).

AlanG

liamo wrote: »

Who's going to buy a phone from a company who might hand over all of their users' data to the FBI?

In fairness most apps you install look for permission to access almost all data on your phone and additionally most IT literate people accept that anything on the net will eventually be easily accessed by those determined enough to get at it.
Perhaps the FBI should buy Angry Birds and then most phone users would just sign over their phone data at the next update and change of terms.

If you have anything from Apple, Google or Facebook on your phone you are not too concerned about privacy. These companies will hand over you data if they can make money from it.

This all seems like a publicity stunt from Apple which is putting peoples lives at risk by hampering an investigation into terrorism.

anvilfour

AlanG wrote: »

In fairness most apps you install look for permission to access almost all data on your phone and additionally most IT literate people accept that anything on the net will eventually be easily accessed by those determined enough to get at it.
Perhaps the FBI should buy Angry Birds and then most phone users would just sign over their phone data at the next update and change of terms.

If you have anything from Apple, Google or Facebook on your phone you are not too concerned about privacy. These companies will hand over you data if they can make money from it.

This all seems like a publicity stunt from Apple which is putting peoples lives at risk by hampering an investigation into terrorism.

I hear a lot of this from certain security researchers who seem convinced that the only way to keep your data safe is go and live in a cave somewhere - it's nonsense.

I keep a backup of my personal files in an encrypted container online - the header is removed prior to upload. Without the salt included in the header there is no way that even a Quantum computer could access the data, no matter how much time they had.

This doesn't mean of course that perfect security exists at all times but it's nonsensical to say that data you share over the internet will inevitably be compromised - in any case these days we're all about making cracking someone's password impractical, not impossible.

Anyway, I do share your concern about how readily people hand over their personal data to big companies like Facebook but that's their choice. It's also the choice of privacy conscious people to keep their data just so - today it's an investigation into Terrorism ; if Apple caves in then tomorrow it'll be ordinary users who are at risk for the reasons already outlined.

As for the publicity stunt, Apple didn't ask the FBI to try and break into someone's device, they simply said no, in an open letter.

liamo

Yes - it was, perhaps, a little melodramatic and a bit lazy.

However, if Apple are forced to crack this device it's not unreasonable to wonder if the FBI, having established precedent, could get court orders requiring Apple to design a remote-user-data retrieval "feature".

Then we're at the point where people may wonder if they are vulnerable to the FBI slurping their data at will. That's not going to help Apple's sales.

That's the point I was trying to make.

cowboyBuilder wrote: »

In fairness it's an extreme case !.

liamo wrote: »

Who's going to buy a phone from a company who might hand over all of their users' data to the FBI?

liamo

AlanG wrote: »

Apple want to show they are more powerful than a democratically elected legislator.

Er, what?

They want the protection of being based in a country with clear laws but they don't want to cooperate with the upholding of those laws.

Apple must comply with the law.
Apple are also entitled to object and oppose unfair, illegal, unjust, unconstitutional (take your pick) rulings or orders or instructions. That's what they're doing.

If this was in the country where Apple run their sweatshops Tim Cooke would be in jail by now.

Ignoring entirely the "sweatshops" jibe - are you seriously suggesting that China is a better place because the government can't be challenged?

The people elected the government that made the laws being upheld - Apple are trying to circumvent those laws and in the process are helping terrorists.

Exercising a democratic right is not circumventing laws nor is it helping terrorists.

This is no different than the Swiss banks who helped hide the assets of despots throughout the world - after all if they gave information of the money stolen from those genocide victims it would have been a slippery slope.

Poor and incomplete reasoning. One does not follow the other.

The only difference here is that Apple have a great marketing department and are considered cool by people who buy into that image

Not that I agree with you anyway... but I don't see your point.

Apples great marketing department is trying to make it out that their massive corporation is being picked on by the nasty government (aka. the elected representatives of the American people).

No. They're defending themselves as they are entitled to do.

anvilfour

AlanG wrote: »

Apple want to show they are more powerful than a democratically elected legislator. They want the protection of being based in a country with clear laws but they don't want to cooperate with the upholding of those laws. If this was in the country where Apple run their sweatshops Tim Cooke would be in jail by now.

The people elected the government that made the laws being upheld - Apple are trying to circumvent those laws and in the process are helping terrorists. This is no different than the Swiss banks who helped hide the assets of despots throughout the world - after all if they gave information of the money stolen from those genocide victims it would have been a slippery slope.

The only difference here is that Apple have a great marketing department and are considered cool by people who buy into that image.

Apples great marketing department is trying to make it out that their massive corporation is being picked on by the nasty government (aka. the elected representatives of the American people).

I agree it's a sad state of affairs that a private company are having to force a government to abide by the Constitution it is sworn to upheld but here we are!

There are unjust laws, just as there are unjust people. Swiss Banks are a bit of a red herring- if there was evidence of specific wrongdoing then an individual's bank records can be released - here you'd need to create a backdoored version of iOS that could potentially be placed on any phone.

As for being in a country with alleged sweatshops, perhaps you might want to take your own advice. We live in a country where the government by and large doesn't punish us for criticising it - governments in dictatorships are able to infringe human rights precisely through using technology like "the Great Firewall" and backdoored versions of computer programs and operating systems. Do you want to be next?

This has absolutely nothing to do with being cool and hip, it's a matter of your rights and mine as an individual.

Update : Further to my last post, it's worth pointing out that the US government has repeatedly criticised China for trying to force software companies to place a backdoor in their products. The hypocrisy is staggering!