User security, privacy issues draw sharp contrast between Apple iOS, Google Android in FBI encrypti

Posted:
in iPhone edited February 2016
The resolute position of Apple's chief executive Tim Cook to defend the security of iOS encryption has drawn a sharp contrast with the deafening silence from Google, Microsoft and their hardware partners in Korea and China, where individuals' security and privacy are commonly overlooked as being a critical feature.

Apple CEO Tim Cook
Apple CEO Tim Cook


Apple standing alone for encryption and user privacy



Cook published a public letter stating that "we have done everything that is both within our power and within the law to help" the U.S. Federal Bureau of Investigations to recover data from an iPhone left behind by a terrorist involved in the San Bernardino shootings.

However, he opposed an order from a Federal court that "demanded that Apple take an unprecedented step which threatens the security of our customers."

That order requests that Apple develop a new version of iOS capable of allowing law enforcement to bypass key security settings in order to rapidly "brute force" a series of password guesses to unlock its encryption. Among other things, this would erase the time delays between false password attempts and allow for automated, electronic submission of a string of potential passwords rather than requiring that each be keyed in manually by a real person.




"Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge," Cook stated, adding, "The government suggests this tool could only be used once, on one phone. But that's simply not true."

Cook stated that "in the wrong hands, this software -- which does not exist today -- would have the potential to unlock any iPhone in someone's physical possession."

"Apple employees should feel incredibly proud today"



Earlier today, WhiteHat Security founder Jeremiah Grossman tweeted, "if Apple 'technically' could comply, yet they still resist, it says even more good things about the Tim Cook and company character," adding, "Apple employees should feel incredibly proud today."

"Apple is nearly unique of tech firms in it's high profile, has revenue that don't rely on compromising privacy... " https://t.co/F7IIlb4shL

-- Jeremiah Grossman (@jeremiahg)


"How do Apple shareholders feel today? Does their fierce protection of customer security & privacy drive extra iPhone sales? I hope so," he added, followed by, "And don't GOV officials also use iPhones themselves? Did they think through that they'd also undermine the security of their own devices?"

He also drew a contrast between Apple's high profile pushback to maintain the security of its encryption with other companies. "Today would be the perfect day for Sundar Pichai (Google, CEO) to back up Tim Cook (Apple, CEO)," he noted.

Google says nothing



Google declined to comment on the issue in a USA Today article written by Jessica Guynn, which cited Former National Security Agency contractor Edward Snowden as stating, "The FBI is creating a world where citizens rely on Apple to defend their rights, rather than the other way around.""Silence means Google picked a side, but it's not the public's" - Edward Snowden

Snowden called the issue "the most important tech case in a decade," and specifically pointed out that, "Silence means Google picked a side, but it's not the public's."

Guynn also cited WhatsApp founder and Facebook board member Jan Koum, who posted on Facebook: "I have always admired Tim Cook for his stance on privacy and Apple's efforts to protect user data and couldn't agree more with everything said in their Customer Letter today. We must not allow this dangerous precedent to be set. Today our freedom and our liberty is at stake."

Update: Google's chief executive Sundar Pichai just issued four tweets later in the day recognizing the "important post" from Cook and stating, "forcing companies to enable hacking could compromise users' privacy."

Pichai added, "We know that law enforcement and intelligence agencies face significant challenges in protecting the public against crime and terrorism. We build secure products to keep your information safe and we give law enforcement access to data based on valid legal orders. But that's wholly different than requiring companies to enable hacking of customer devices & data. Could be a troubling precedent."

Several users on Twitter took issue with Pichai's phasing "could be," one emphasizing, "Could be a troubling precedent? No, it IS a troubling precedent. Your position is troubling bc your statement is lukewarm."


Security is a key issue for Apple



While Google's chairman Eric Schmidt boasted to the media in 2014 that "our systems are far more secure and encrypted than anyone else, including Apple," groups that take privacy and security seriously, like the Electronic Frontier Foundation, have recommended Apple's messaging products for their end-to-end encryption while cautioning that Google did not provide similar security for its users.

Last November, Chris Soghioan, the principal technologist for the American Civil Liberties Union, went even further to state that Apple's efforts to protect the privacy of its users, including end-to-end encryption of their communications, effectively separated its more affluent iOS users from the poor and disadvantaged forced to use Android.

"The security people I know at Google are embarrassed by Android," Soghioan noted.


FinSpy Mobile couldn't attack iOS without a jailbreak


Both Android devices and Windows PCs have a wide variety of over the counter spyware tools and privacy exploits that are easy for even amateurs to find, while even tools sold to law enforcement (including FinSpy, above, from global surveillance firm Gamma Group) note that they won't work on iPhones and other iOS devices unless their security has been jailbroken by the user.

Without any commercial interest in collecting user data for marketing purposes, Apple is in a unique position to defend user privacy and security. While both Google and Microsoft have made headlines for their lax efforts to protect user data on their Android and Windows platforms, their licensees have gone even further. Last year, China's Lenovo--the largest producer of both Windows PCs and Android smartphones -- bundled Superfish adware on some of its products using a self-signed root certificate, without considering that this practice opened up its users to having their encrypted communications being intercepted.

Security firm Bluebox Labs found that virtually all of the discount Android tablets sold by from major retailers including Amazon, Best Buy, Kmart, Kohl's, Staples, Target and Walmart similarly shipped with "shocking" security flaws, malware and even active backdoors installed to spy on users.

FBI's request will likely be replicated by Communist, Islamic states



Apple now sells most of its products outside the U.S. That means if it were to allow the FBI to demand a security bypass that effectively destroyed iOS security, it would also face similar pressures in the U.K., Saudi Arabia, and of course the People's Republic of China, now Apple's largest sales territory. The company is also working to establish a sales presence in Iran.

The New York Times: @FBI's war on #Apple will aid China. https://t.co/URWamc702q pic.twitter.com/KnHDsWIENY

-- Edward Snowden (@Snowden)


If the U.S. can demand that Apple tear down its entire security system to facilitate an investigation to see whether a single phone might have some potentially useful data on it, it won't be long before every country on earth demands access to this same software tool in order to hunt down their own enemies, many of whom might be Americans, or even members of the FBI or NSA.

Those are all issues Apple considers, because unlike Google, it earns significant profits in China and has a long term strategy that doesn't get rebooted every year after failing to make any progress.

U.S. Government and data security



While the FBI continues to insist that Apple could write a security-free version of iOS for use in investigating just the one phone involved in this case, somehow without spreading to malicious actors or repressive foreign governments that may use this tool against the U.S. itself, the government's track record in securing or even caring about citizens' privacy, making reasonable use of user data, and safeguarding the private data of individuals it collects--and even of its own FBI employees--is atrociously incompetent.

Just last summer, the U.S. government suffered a "colossal breach of government computer systems" that exposed sensitive information, including the fingerprints, health and financial history of 19.7 million people who had subjected themselves to government background checks. That came just weeks after data on 4.2 million federal employees had earlier been compromised, as noted by a report in the New York Times.

"Both attacks are believed to have originated in China," the report stated, citing senior administration officials.

Members of the U.S. Congress have so little confidence in their own government's ability to hold detainees under arrest that they signed a law preventing the Obama Administration from transferring "Guantanamo Bay detainees to the United States for any reason, including prosecution."

If the government can't be trusted to lock up individuals on U.S. soil in maximum security prisons, how can it expect to guarantee that it can somehow safeguard a far more commercially valuable software mechanism capable of exploiting encrypted data stored on the only secure mobile platform left?
«134567

Comments

  • Reply 1 of 122
    Been waiting all day for you Daniel lol.
    cornchip
  • Reply 2 of 122
    Great article. It's a Pandora's box that certainly needs to stay closed. 
    latifbpjbdragonmagman1979
  • Reply 3 of 122
    Google's silence tells you where they stand on the issue of security. 
    AustinCablejbdragonmagman1979
  • Reply 4 of 122
    flaneurflaneur Posts: 4,494member
    I actually just heard Kai Ryssdal on Marketplace asking Molly Wood, ironically, 'of course we've heard supporting emails from Google, Yahoo, Facebook,' etc. 

    i was pleasantly surprised, Kai and Molly.
    pscooter63jony0
  • Reply 5 of 122
    There are at least a dozen individuals and/or organizations that can "brute force" a device or system better than the FBI or CIA.  So Apple, stick to your guns.  Oh, I hope I don't get arrested for using that word.
    latifbpmagman1979jony0
  • Reply 6 of 122
    Dan, thanks for sharing your thoughts about this matter. If it weren't for you, there would be almost no reasoned thought about Apple on the Interwebs. 
    magman1979jony0
  • Reply 7 of 122
    Well well well.....I have been anti-Apple for years.  This makes one reconsider.  F the FBI and the NSA.  If you want to keep me "safe" how about implementing proper foreign policy instead of screwing up all the time then expecting the American public to deal with the blow back.
    cnocbuijdgazcornchiplatifbpAustinCablejbdragonmagman1979jony0
  • Reply 8 of 122
    Google needs to think hard about the "Do no harm" mantra. While they can justify themselves by saying they are doing good in one case, will they also consider the collective harm that arises from no privacy? And will they also realize that their own personal lives will be opened up if the capability to unlock anyone's devices is made available.
  • Reply 9 of 122
    While all the major tech companies trip over each other to be the first in bells and whistles it appears now that only Apple will stand up for the safe guarding of privacy of it's users. Shame on those copy cats like Google and MicroSoft for their cowardly silence. I'm dumping the Android.
    jdgazAustinCablejbdragonmagman1979jony0
  • Reply 11 of 122
    I have been trying to decide on a replacement for my nexus. Google's quality has declined of late, but I like an unlocked phone and the iPhone is not unlocked on ATT. I will watch this over the next couple weeks, if Apple continues to stand its ground - I will gladly buy an iPhone. This is great, don't walk it back.
    awilliams87latifbpAustinCablejony0
  • Reply 12 of 122
    Maybe Tim will at least tell them how to stop the irritating Gamecenter pop ups on the IPad. Please?
    jony0
  • Reply 13 of 122
    Yes, it is safe for criminals but not for other people. On the other hand why government is openly selling their secrets. Like this in world news from US Government: "Finally we found phone we were looking for and soon will know names of all bad people. It will take time, and those who feel that they are at risk can take care of themselves." Few weeks later: "No rush, we still cannot read it". Actually, why Apple should participate in this game.
  • Reply 14 of 122
    Blackberry still has the best mobile phone security!
  • Reply 15 of 122
    Great article until the last two paragraphs. The Republican opposition to closing Gitmo has nothing to do with security. Nobody escapes from Supermax prisons. Ask Manuel Noriega.

    Gitmo is run for the Navy by a contractor who is a big GOP donor. If the administration closes Gitmo, he's out of a job. Hence the opposition. Pure graft.
    hlee1169jony0
  • Reply 16 of 122
    cnocbuicnocbui Posts: 3,613member
    Google's silence tells you where they stand on the issue of security. 
    Google pulled out of China rather than cave into the Chinese government and censor search, and also in protest at the Chinese government's hacking of their services like Gmail.  Apple has tolerated every single thing the Chinese government have done or demanded to compromise the security of users in China, like the poisoned Xcode, faking the iCloud server and harvesting users logins, hosting all user data in China with the nod-nod - wink-wink fully encrypted data that is in plain form en-route to the server so the Chinese just have to harvest it all before it is encrypted, etc etc.
    lord amhranRobert LarranceuncommonasianAnisingularityrhonin
  • Reply 17 of 122
    What bothers me is that Tim Cook seems to be implying that it is actually POSSIBLE for Apple to comply with the FBI Order. That means current, existing iPhones (like the SUBJECT DEVICE) are NOT secure, and already have a back door. The FBI are NOT asking for a NEW version of iOS with a backdoor. They are asking Apple to "crack" an existing iPhone so that brute-force attack can be made. It may not technically be a backdoor for the encryption, but if there is a way to gain access to the data using a "brute force" approach, then it is the same thing. The data is ultimately NOT secure. I want Apple to make a phone that even THEY cannot crack. I thought they had claimed such, and it is disturbing to find out that that was apparently wrong.
  • Reply 18 of 122
    cnocbui said:
    Google's silence tells you where they stand on the issue of security. 
    Google pulled out of China rather than cave into the Chinese government and censor search, and also in protest at the Chinese government's hacking of their services like Gmail.  Apple has tolerated every single thing the Chinese government have done or demanded to compromise the security of users in China, like the poisoned Xcode, faking the iCloud server and harvesting users logins, hosting all user data in China with the nod-nod - wink-wink fully encrypted data that is in plain form en-route to the server so the Chinese just have to harvest it all before it is encrypted, etc etc.

    Whats that sound I hear? Is someone flushing a toilet?
    fallenjtnolamacguyjony0
  • Reply 19 of 122
    tzeshantzeshan Posts: 1,855member
    The US government is phoney.  It does not allow the President to use the iPhone fearing of security.  If Apple developed a version of iOS that is security then no government employee or company will dare to use an iPhone.  The crooks or criminals can simply steal a phone then spend any amount of time to peed all the data on the phone.  It can be done in a completely sealed environment without being detected. 
  • Reply 20 of 122
    tzeshantzeshan Posts: 1,855member
    What bothers me is that Tim Cook seems to be implying that it is actually POSSIBLE for Apple to comply with the FBI Order. That means current, existing iPhones (like the SUBJECT DEVICE) are NOT secure, and already have a back door. The FBI are NOT asking for a NEW version of iOS with a backdoor. They are asking Apple to "crack" an existing iPhone so that brute-force attack can be made. It may not technically be a backdoor for the encryption, but if there is a way to gain access to the data using a "brute force" approach, then it is the same thing. The data is ultimately NOT secure. I want Apple to make a phone that even THEY cannot crack. I thought they had claimed such, and it is disturbing to find out that that was apparently wrong.
    FBI does not have enough technical knowhow.  They don't know what Apple can do.  Cook knows one way to do this to produce a security free version of iOS.  
Sign In or Register to comment.