Craig Federighi argues against renewed push for law enforcement backdoor to iPhone

2

Comments

  • Reply 21 of 42
    gatorguygatorguy Posts: 20,278member
    steven n. said:
    gatorguy said:
    steven n. said:
    gatorguy said:
    Perhaps that's the best solution to a bad situation. No backdoors per-se but a dedicated part of the secure enclave that can still be used to access a customer's device in the event of a security emergency or otherwise lawful order. 

    It's becoming pretty darn clear that denying access to those tasked with protecting the citizens of a country isn't going to last. China already demands the encryption keys as does Russia. Apple still finds a way to do business in both despite having to "share". I believe there are calls in the EU too besides in the US which is the topic here. Somehow and fairly soon there's going to be a mandated solution that not everyone will be happy with. The consumer-facing companies using encryption can either partner with lawmakers to arrive at the least damaging solution or risk having one chosen for them. IMO it's going to happen anyway. 
    So in other words, no on device protection.

    But basically, the China law does NOT require companies hand over encryption keys though it does require technical assistance. More disinformation?
    You didn't read very carefully. The second sentence clearly says it's on-device, as does the AI article. 

    Anyway, no encryption service is allowed within China that cannot be decrypted at the behest of Chinese authorities in order to protect their citizenry. Fact. Apple themselves makes it clear in their legal disclosure to affected Chinese customers that both they AND GCBD (yes specifically called out) have the same access to Chinese users iCloud data. Fact. I'm sure you read the statement. Wordplay doesn't make it less true.

    Same holds true in Russia as Telegram now understands after losing their last-ditch legal effort to avoid it, and they were one of the last, if not the last holdouts. AFAIK Apple still operates secure "encrypted" services there. How can that be?
    https://www.dailydot.com/layer8/encryption-backdoor-russia-fsb-bill-passes/
    You really should do some basic searches before spreading your FUD (maybe you are using a poor search engine like Google showing you only what it thinks you want to see VS an objective search). The proposed China law you are referring to was not the one rubber stamped.

    https://www.wsj.com/articles/china-antiterror-law-doesnt-require-encryption-code-handovers-1451270383
    https://www.theverge.com/2015/12/27/10670346/china-passes-law-to-access-encrypted-communications

    Reading and critical thinking are not your strong suit, are they? Offering technical assistance does not mandate success.
    Why lodge the very silly and very juvenile personal attack? It didn't add anything and you end up looking even sillier when it's pointed out that you're looking at VERY old stories for your information.

    The China security laws you should be looking at are from this past year and details of how it is to be put in place are left to the discretion of the Chinese Government. The specific rules are being made on the fly so to speak rather than being clearly defined in that old 2015 draft you're relying on. What was passed in 2017 is quite vague, and very open-ended with a lot of leeway on how China's leadership uses it. 
    http://www.cac.gov.cn/2017-05/02/c_1120904567.htm
    edited March 2018
  • Reply 22 of 42
    linkman said:
    China's and Russia's citizens have already lost the battles for human rights, freedom of the press, privacy, etc. Should the USA be next?
    Haven't they already lost them? Given the huge amount of technology that the various TLA's can employ on a 'suspect' what rights are left? Once you are in their view there really is no escape. Also, there are several international treaties on human rights that the USA (Along with N. Korea and Yemen afaik) have not signed up to.
  • Reply 23 of 42
    FranculesFrancules Posts: 110member
    Don’t stop fighting the evil. Keep going. 🖖
  • Reply 24 of 42
    anton zuykovanton zuykov Posts: 1,031member
    gatorguy said:
    Perhaps that's the best solution to a bad situation. No backdoors per-se but a dedicated part of the secure enclave that can still be used to access a customer's device in the event of a security emergency or otherwise lawful order. 

    It's becoming pretty darn clear that denying access to those tasked with protecting the citizens of a country isn't going to last.
    There is nothing stopping criminals from writing or buying cryptographic kit that will do the same job, just like there is nothing that stops a criminal from breaking the law and obtaining a gun, when he should be having none.
    Practically the majority of terrorists and criminals are dumb, but what will happen, when a smart one decides to write his own crypto-app/kit/whatever or buy the existing one? Are we going to ban crypto-tools as well? Aren't banning crypto tools and stuff like that is a sign of that tyrannical gov-t crypto is supposed to be protecting from? Isn't it proving the point, advocates of crypto-tools are bringing anyway?
  • Reply 25 of 42
    gatorguygatorguy Posts: 20,278member
    Francules said:
    Don’t stop fighting the evil. Keep going. 🖖
    I agree, but make contingency plans too.
  • Reply 26 of 42
    anton zuykovanton zuykov Posts: 1,031member
    gatorguy said:
      very open-ended with a lot of leeway on how China's leadership uses it.
    China's leadership has always being a bastion of free speech and freedoms, so there is nothing to worry about.
    edited March 2018 SpamSandwichGG1baconstangwatto_cobra
  • Reply 27 of 42
    GHammerGHammer Posts: 52member
    Much different stance than their position in China, which is "Let us make money here and we'll give you anything". Hypocrites.
    muthuk_vanalingam
  • Reply 28 of 42
    So if you use iCloud to store keychain passwords, Apple has the ability to decrypt and send to 3rd parties?!  WTF?!  Or is this article written with too broad a brush stroke?
    edited March 2018
  • Reply 29 of 42
    StrangeDaysStrangeDays Posts: 7,071member
    gatorguy said:
    Perhaps that's the best solution to a bad situation. No backdoors per-se but a dedicated part of the secure enclave that can still be used to access a customer's device in the event of a security emergency or otherwise lawful order. 

    It's becoming pretty darn clear that denying access to those tasked with protecting the citizens of a country isn't going to last. China already demands the encryption keys as does Russia. 
    Yes, let’s trade our world-class civil rights for what they do in China and Russia, two tyrannical non-democracies. Er...

    What an absurd defeatist attitude. Typical of a googler, tho, as valuing privacy is not part of your business model. 
    anton zuykovgeorgie01baconstangRayz2016watto_cobra
  • Reply 30 of 42
    Once upon a time, everyone carried a smartphone, it was the dawn of a new age.  Along came the 3 letter Intelligence Agencies who found that these devices became a magic wand to their surveillance activities.  You see everyone was carrying a microphone, camera and GPS in their pockets and using these devices primarily for communications.  Well tapping into that is absolutely ideal.  A great number of zero days were discovered on every device and these 3 letter agencies were obtaining a tremendous amount of power.  Social media as well was amazing in the amount of data that could be gleaned if only from metadata.  Then a gentleman by the name of Snowden shouted to the world just what these agencies were capable of doing.  Then all the smartphone creators locked them down and increased security tremendously.  Now that really pissed off the 3 letter agencies as it practically took away all their toys and informed their targets that they were being monitored.  That results in operational security of the targets changing to the new reality which is something the 3 letter agencies did not wish to occur.  The cat was out of the bag. 

    Now along comes the baby brother of the 3 letter agencies desiring the ability to crack open a smartphone that's been locked and encrypted.  They are going to try to force Apple and others to give them some sort of master key solution, a back door if you will.  

    Did you know you could right now buy NYC infrastructure master keys online? You know keys that let you enter secure areas of public transit, tourist sites, etc.  Things you definitely don't want the bad guys to access?  You can also buy keys to many things like parking gate systems, security system control boxes, etc.  You can also obtain digital keys to various systems on the dark web that grant access.  DeCSS is the DRM technology on DVD players that is required to be unlocked.  The master key was intercepted in a software DVD player and used to create the DeCSS library which can unlock any DVD. Then along came Blu-Ray and AACS which is a simply hexadecimal master key that was leaked and shared by millions online despite DCMA takedown attempts to stop it.  

    So what makes you think a backdoor would even work?  It would be leaked eventually and that would defeat all the security on these mobile devices as the bad guys would be able to hack any mobile device.  
    watto_cobra
  • Reply 31 of 42
    SpamSandwichSpamSandwich Posts: 30,836member
    GHammer said:
    Much different stance than their position in China, which is "Let us make money here and we'll give you anything". Hypocrites.
    If you think Apple has the power to dictate terms to the Chinese government, you are deluding yourself.
    watto_cobra
  • Reply 32 of 42
    gatorguygatorguy Posts: 20,278member
    gatorguy said:
    Perhaps that's the best solution to a bad situation. No backdoors per-se but a dedicated part of the secure enclave that can still be used to access a customer's device in the event of a security emergency or otherwise lawful order. 

    It's becoming pretty darn clear that denying access to those tasked with protecting the citizens of a country isn't going to last. China already demands the encryption keys as does Russia. 
    Yes, let’s trade our world-class civil rights for what they do in China and Russia, two tyrannical non-democracies. Er...

    What an absurd defeatist attitude. Typical of a googler, tho, as valuing privacy is not part of your business model. 
    Just as in China and Russia there's going to be other countries, perhaps entire regions, where similar laws and regulations are put into effect. I thought I made myself clear that it's a bad spot to be put in, and I have no doubt whatsoever that Apple and Google and Microsoft and hundreds of other companies are making contingency plans for such an undesirable outcome. Defeatist? Hardly. More a realist. 

    So don't stop putting up the good fight. No not at all, but personally I believe Apple already understands they can't keep all the dogs at bay (and China proved they can't) and thus their support of the Cloud Act which could help absolve them of any direct responsibility for making the decision on whether any particular legal or policing authority gets access to your personal data and why.
  • Reply 33 of 42
    Makes me think of this:

    You and I are told we must choose between a left or right, but I suggest there is no such thing as a left or right. There is only an up or down. Up to man’s age-old dream — the maximum of individual freedom consistent with order — or down to the ant heap of totalitarianism. Regardless of their sincerity, their humanitarian motives, those who would sacrifice freedom for security have embarked on this downward path. Plutarch warned, ‘The real destroyer of the liberties of the people is he who spreads among them bounties, donations, and benefits.’

    The authoritarian, big government crowd is constantly trying to take people's freedoms away in order to enrich and empower themselves at the expense of everyone else.

    Would you as a Trump or Hillary supporter want the other person's FBI, NSA, CIA having access to everything on your phone?  Or any other authoritarian around the world?  
    watto_cobra
  • Reply 34 of 42
    I think our government’s proposition can be justified or dismissed extremely easily:

    Have them develop a device with their proposed security and then release it into the hands of hackers/technology companies and see how long it takes for them to crack it and how sophisticated the hack needs to be.

    Our government can say this or that but it means nothing unless they can demonstrate the ‘security’ they’re claiming will still exist.
    edited March 2018 watto_cobra
  • Reply 35 of 42
    NemWanNemWan Posts: 114member
    So if you use iCloud to store keychain passwords, Apple has the ability to decrypt and send to 3rd parties?!  WTF?!  Or is this article written with too broad a brush stroke?
    Apple says iCloud keychain is one of the categories of data that is encrypted end-to-end (if the customer enables two-factor authentication), and that Apple cannot access.
    watto_cobra
  • Reply 36 of 42
    Rayz2016Rayz2016 Posts: 4,556member
    gatorguy said:
    Rayz2016 said:

    gatorguy said:
    Perhaps that's the best solution to a bad situation. No backdoors per-se but a dedicated part of the secure enclave that can still be used to access a customer's device in the event of a security emergency or otherwise lawful order
    Er … that’s a backdoor. 

    ߤ氟ᆭzwj;♂️

    Not if it's an integral part of the hardware requiring both direct access and Apple's assistance. I would call that a side door.
    What you would call it doesn’t matter. 

    It is a point of entry that has the potential to be cracked by criminals. It’s a backdoor. 

    Fortunately, Apple isn’t so naive to assume that such a plan wouldn’t result in access falling into the wrong hands. 
    edited March 2018 watto_cobra
  • Reply 37 of 42
    Rayz2016Rayz2016 Posts: 4,556member
    steven n. said:
    gatorguy said:
    steven n. said:
    gatorguy said:
    Perhaps that's the best solution to a bad situation. No backdoors per-se but a dedicated part of the secure enclave that can still be used to access a customer's device in the event of a security emergency or otherwise lawful order. 

    It's becoming pretty darn clear that denying access to those tasked with protecting the citizens of a country isn't going to last. China already demands the encryption keys as does Russia. Apple still finds a way to do business in both despite having to "share". I believe there are calls in the EU too besides in the US which is the topic here. Somehow and fairly soon there's going to be a mandated solution that not everyone will be happy with. The consumer-facing companies using encryption can either partner with lawmakers to arrive at the least damaging solution or risk having one chosen for them. IMO it's going to happen anyway. 
    So in other words, no on device protection.

    But basically, the China law does NOT require companies hand over encryption keys though it does require technical assistance. More disinformation?
    You didn't read very carefully. The second sentence clearly says it's on-device, as does the AI article. 

    Anyway, no encryption service is allowed within China that cannot be decrypted at the behest of Chinese authorities in order to protect their citizenry. Fact. Apple themselves makes it clear in their legal disclosure to affected Chinese customers that both they AND GCBD (yes specifically called out) have the same access to Chinese users iCloud data. Fact. I'm sure you read the statement. Wordplay doesn't make it less true.

    Same holds true in Russia as Telegram now understands after losing their last-ditch legal effort to avoid it, and they were one of the last, if not the last holdouts. AFAIK Apple still operates secure "encrypted" services there. How can that be?
    https://www.dailydot.com/layer8/encryption-backdoor-russia-fsb-bill-passes/
    You really should do some basic searches before spreading your FUD (maybe you are using a poor search engine like Google showing you only what it thinks you want to see VS an objective search). The proposed China law you are referring to was not the one rubber stamped.

    https://www.wsj.com/articles/china-antiterror-law-doesnt-require-encryption-code-handovers-1451270383
    https://www.theverge.com/2015/12/27/10670346/china-passes-law-to-access-encrypted-communications

    Reading and critical thinking are not your strong suit, are they? Offering technical assistance does not mandate success.
    That would explain why Apple, flying in the face of GoogleGuy’s assertions, says it retains control of the encryption keys in China. 
    watto_cobra
  • Reply 38 of 42
    "As a result, Justice Department officials are claimed to be convinced it's possible to enable a backdoor without fatally weakening device security —the worry of companies like Apple."

    Are these officials Russian??
    watto_cobra
  • Reply 39 of 42
    gatorguygatorguy Posts: 20,278member
    Rayz2016 said:
    steven n. said:
    gatorguy said:
    steven n. said:
    gatorguy said:
    Perhaps that's the best solution to a bad situation. No backdoors per-se but a dedicated part of the secure enclave that can still be used to access a customer's device in the event of a security emergency or otherwise lawful order. 

    It's becoming pretty darn clear that denying access to those tasked with protecting the citizens of a country isn't going to last. China already demands the encryption keys as does Russia. Apple still finds a way to do business in both despite having to "share". I believe there are calls in the EU too besides in the US which is the topic here. Somehow and fairly soon there's going to be a mandated solution that not everyone will be happy with. The consumer-facing companies using encryption can either partner with lawmakers to arrive at the least damaging solution or risk having one chosen for them. IMO it's going to happen anyway. 
    So in other words, no on device protection.

    But basically, the China law does NOT require companies hand over encryption keys though it does require technical assistance. More disinformation?
    You didn't read very carefully. The second sentence clearly says it's on-device, as does the AI article. 

    Anyway, no encryption service is allowed within China that cannot be decrypted at the behest of Chinese authorities in order to protect their citizenry. Fact. Apple themselves makes it clear in their legal disclosure to affected Chinese customers that both they AND GCBD (yes specifically called out) have the same access to Chinese users iCloud data. Fact. I'm sure you read the statement. Wordplay doesn't make it less true.

    Same holds true in Russia as Telegram now understands after losing their last-ditch legal effort to avoid it, and they were one of the last, if not the last holdouts. AFAIK Apple still operates secure "encrypted" services there. How can that be?
    https://www.dailydot.com/layer8/encryption-backdoor-russia-fsb-bill-passes/
    You really should do some basic searches before spreading your FUD (maybe you are using a poor search engine like Google showing you only what it thinks you want to see VS an objective search). The proposed China law you are referring to was not the one rubber stamped.

    https://www.wsj.com/articles/china-antiterror-law-doesnt-require-encryption-code-handovers-1451270383
    https://www.theverge.com/2015/12/27/10670346/china-passes-law-to-access-encrypted-communications

    Reading and critical thinking are not your strong suit, are they? Offering technical assistance does not mandate success.
    That would explain why Apple, flying in the face of GoogleGuy’s assertions, says it retains control of the encryption keys in China. 
    If those were the only laws that are applicable. They aren't. They were superseded last year if you followed the link I offered. More telling is Apple's own legal notice to it's Chinese iCloud users advising them that BOTH Apple and GCBD can access the data in their accounts. 

    I believe a bit of wordplay is at work in some of the statements being attributed to "someone" at Apple via a reporter. No where in the past three months since this changeover was announced have I seen Apple claim that GCBD cannot access iCloud data. In fact they say just the opposite, and access would typically require a key. 

    At the same time I do think the data in GCBD's facility is safely stored with proper safeguards to prevent illegal intrusions just as Apple themselves would, so perfectly accurate to claim user data is secured.
    edited March 2018
  • Reply 40 of 42

    I think that Apple should, in fact, build a phone with this backdoor in place.  And only provide it to government officials in sensitive positions.

Sign In or Register to comment.