Apple brings back crypto whiz Jon Callas as encryption battles heat up

Posted:
in General Discussion
Apple has re-hired Jon Callas, a cryptography expert responsible for much of Apple's security technology over the years, the company confirmed on Tuesday.




Callas was brought back on in May, a spokesman told Reuters. Both he and Apple declined, however, to say what position he might take on in his latest employment.

Callas first worked with Apple in the 1990s, later returning between 2009 and 2011. Perhaps his core contribution to the company was full-disk encryption for OS X, although his full credits include work on both Mac and iOS security technologies.

Outside of Apple Callas is famous for his ties with PGP and Entrust, and co-founding encrypted communications firm Silent Circle. While mainly offering enterprise software, Silent Circle is best known to the public for its ultra-secure Blackphone devices.

Apple is presumably looking to strengthen the encryption used in OS X, iOS, and/or iCloud. Although those products are already thoroughly encrypted, the company has become increasingly concerned about hacking attempts by criminals, spy agencies, and other parties, whether foreign or domestic.

Various groups in U.S. law enforcement, intelligence, and politics have pursued Apple and other tech companies over encryption, claiming that communications are "going dark" because agencies can't intercept conversations mid-stream or decrypt them in local storage. One piece of proposed legislation would require backdoors, although another might restrict remote hacking by the FBI.

Apple periodically helps U.S. agencies retrieve data, but has actively fought any laws and court orders that might force it to weaken its encryption. Callas is known to support this view, but has proposed a compromise in which agencies can exploit zero-day vulnerabilities so long as they're later disclosed for fixing.
longpath

Comments

  • Reply 1 of 12
    ericthehalfbeeericthehalfbee Posts: 4,019member
    Good. Don't stay still with security and keep pushing forward to increase the already excellent security on iOS devices.
    longpathmagman1979jony0
  • Reply 2 of 12
    sflocalsflocal Posts: 4,491member
    I'll bet Google approached him for securing Android, resulting in him laughing hysterically and walking out the door.
    magman1979r00fus1propodjony0
  • Reply 3 of 12
    r00fus1r00fus1 Posts: 65member
    This is good news. State-sponsored hacking is the new normal, and you're not only a target by what you've done, but what and WHO you know. F that noise - that way lies 1984 dystopia.
  • Reply 4 of 12
    gatorguygatorguy Posts: 20,264member
    sflocal said:
    I'll bet Google approached him for securing Android, resulting in him laughing hysterically and walking out the door.
    Guess the OS driving his company's (Silent Circle) ultra-private Blackphone, oft described as "the world's most secure smartphone". Yup, Android. It can be ridiculously secure. 
    edited May 2016 cnocbui
  • Reply 5 of 12
    mdriftmeyermdriftmeyer Posts: 7,228member
    No, John is not responsible for most of Apple's security. That would be Richard Crandall and his large team of cryptography experts who John was a member within.
  • Reply 6 of 12
    foggyhillfoggyhill Posts: 4,767member
    Apple is really doubling (or tripling down) on security. Right now, if you put a decently long alpha passcode and touch ID, you're already pretty darn safe.
    This is more to prevent firmware attacks, securing comm channels, preventing jailbreaks, etc. Tidying everything that's not bolted down.
  • Reply 7 of 12
    theothergeofftheothergeoff Posts: 2,081member
    No, John is not responsible for most of Apple's security. That would be Richard Crandall and his large team of cryptography experts who John was a member within.
    It may be a bit pedantic, but I think the verb would be 'was.' Mr. Crandall died in 2012. A Brilliant man.
  • Reply 8 of 12
    bestkeptsecretbestkeptsecret Posts: 3,214member
    gatorguy said:
    sflocal said:
    I'll bet Google approached him for securing Android, resulting in him laughing hysterically and walking out the door.
    Guess the OS driving his company's (Silent Circle) ultra-private Blackphone, oft described as "the world's most secure smartphone". Yup, Android. It can be ridiculously secure. 


    What choice did he have? Licence iOS?

    You're talking as if Google should be given credit for the Blackphone. The only reason why it is so secure is because of John, not because of Android.


    baconstanglostkiwipropod
  • Reply 9 of 12
    slprescottslprescott Posts: 752member
    Another possible outlet for John's security skills = Healthcare (and Apple's rumored expansion into that area).  Protection of personal health data will become very important if you begin using Apple devices to store and manage life-affecting info.
    icoco3cnocbui
  • Reply 10 of 12
    gatorguygatorguy Posts: 20,264member
    gatorguy said:
    sflocal said:
    I'll bet Google approached him for securing Android, resulting in him laughing hysterically and walking out the door.
    Guess the OS driving his company's (Silent Circle) ultra-private Blackphone, oft described as "the world's most secure smartphone". Yup, Android. It can be ridiculously secure. 


    What choice did he have? Licence iOS?

    You're talking as if Google should be given credit for the Blackphone. The only reason why it is so secure is because of John, not because of Android.


    He could have developed his own OS, as others here often suggest others do. But no, I'm making the point Android is not inherently insecure. If it was "John" wouldn't have used it. 
    cnocbui
  • Reply 11 of 12
    knowitallknowitall Posts: 1,231member
    The latest OS X security fix list is enormous: Apples software is one big security hole.
    Whats needed is a preemptive fix for the next batch of holes, because whole disk encryption or even stronger encryption is of no use when the NSA already penetrated your system.
    Apple should make that top priority (this means I think a swiftify of the whole OS).
  • Reply 12 of 12
    icoco3icoco3 Posts: 1,458member
    Another possible outlet for John's security skills = Healthcare (and Apple's rumored expansion into that area).  Protection of personal health data will become very important if you begin using Apple devices to store and manage life-affecting info.
    This seems the most plausible reason.

    End to End encrypted phones calls between iOS devices, not that would be something.  Could easily be built right into the phone app.
Sign In or Register to comment.