Craig Federighi argues against renewed push for law enforcement backdoor to iPhone



  • Reply 41 of 42
    gatorguygatorguy Posts: 21,297member
    Rayz2016 said:
    gatorguy said:
    Rayz2016 said:

    gatorguy said:
    Perhaps that's the best solution to a bad situation. No backdoors per-se but a dedicated part of the secure enclave that can still be used to access a customer's device in the event of a security emergency or otherwise lawful order
    Er … that’s a backdoor. 


    Not if it's an integral part of the hardware requiring both direct access and Apple's assistance. I would call that a side door.
    What you would call it doesn’t matter. 

    It is a point of entry that has the potential to be cracked by criminals. It’s a backdoor. 

    Fortunately, Apple isn’t so naive to assume that such a plan wouldn’t result in access falling into the wrong hands. 
    I'm not so naive as think there's not a possibility that some player could gain physical access to your device and be able to access the data within it either. There's no way to know if it's possible until it happens. But it would still be better than a OS backdoor where EVERYONE'S personal computing device could be accessed.

    If Apple's secure enclave is considered relatively hacker proof I can't think of a better place to store an "emergency key" if push comes to shove and access to encrypted services is mandated by law if a device is allowed in the marketplace. At least a common thief, even a very good thief, would not have the resources to break it assuming Apple is correct about their secure enclave, and there is no reason to think they are not.

    So to be perfectly clear to those that didn't read carefully enough I don't advocate for backdoors into our devices. What little bit of privacy we still have, even if it's just a mirage that serves to make us feel better, is worth protecting which means it's worth fighting for. I believe Apple should continue the fight through to the end.

    At the same time smart people plan for potential events, and certainly for eventualities. Do I want a hurricane? No I do not but I plan for one. If you think Apple and Google and Microsoft and others are not holding "off the record" talks with authorities on the subject,  giving serious thought to it, and making contingency plans for complying with potential laws mandating that their be a method of accessing the data on private devices (running an operating system you don't own by the way) you would be mistaken IMO.
  • Reply 42 of 42
    gatorguygatorguy Posts: 21,297member
    Rayz2016 said:
    steven n. said:
    gatorguy said:
    steven n. said:
    gatorguy said:
    Perhaps that's the best solution to a bad situation. No backdoors per-se but a dedicated part of the secure enclave that can still be used to access a customer's device in the event of a security emergency or otherwise lawful order. 

    It's becoming pretty darn clear that denying access to those tasked with protecting the citizens of a country isn't going to last. China already demands the encryption keys as does Russia. Apple still finds a way to do business in both despite having to "share". I believe there are calls in the EU too besides in the US which is the topic here. Somehow and fairly soon there's going to be a mandated solution that not everyone will be happy with. The consumer-facing companies using encryption can either partner with lawmakers to arrive at the least damaging solution or risk having one chosen for them. IMO it's going to happen anyway. 
    So in other words, no on device protection.

    But basically, the China law does NOT require companies hand over encryption keys though it does require technical assistance. More disinformation?
    You didn't read very carefully. The second sentence clearly says it's on-device, as does the AI article. 

    Anyway, no encryption service is allowed within China that cannot be decrypted at the behest of Chinese authorities in order to protect their citizenry. Fact. Apple themselves makes it clear in their legal disclosure to affected Chinese customers that both they AND GCBD (yes specifically called out) have the same access to Chinese users iCloud data. Fact. I'm sure you read the statement. Wordplay doesn't make it less true.

    Same holds true in Russia as Telegram now understands after losing their last-ditch legal effort to avoid it, and they were one of the last, if not the last holdouts. AFAIK Apple still operates secure "encrypted" services there. How can that be?
    You really should do some basic searches before spreading your FUD (maybe you are using a poor search engine like Google showing you only what it thinks you want to see VS an objective search). The proposed China law you are referring to was not the one rubber stamped.

    Reading and critical thinking are not your strong suit, are they? Offering technical assistance does not mandate success.
    That would explain why Apple, flying in the face of GoogleGuy’s assertions, says it retains control of the encryption keys in China. 
    Apple has been storing Chinese user data in China since 2014 in accordance with the proposed security law then which was rubber-stamped in 2015. That's old news that Steven N. and you are confusing with this more recent 2017 law, a requisite "sharing" agreement with GCBD, and the formal legal announcement of an ownership changeover made to Chinese iCloud users.

    Applying a bit of common sense will point you in the proper direction. The rules changed last year from the old 2015-passed laws that lead Apple to first begin storing data in China. That's why they had to make a legal disclosure to the affected users of a change in ownership. Under the old 2015 law they could still control access even if the data physically existed there, but no longer. Ability to access user data is now shared with the government-owned GCBD, and that's something new.

    From an Apple email:
    “Last year (2017), we announced that Guizhou on the Cloud Big Data (GCBD) would become the operator of iCloud in China. As we said at the time, we’re committed to continuously improving the user experience, and our partnership with GCBD will allow us improve the speed and reliability of our iCloud services products while also complying with newly passed regulations that cloud services be operated by Chinese companies. Because of our commitment to transparency, there will be a series of customer communications over the course of the next seven weeks to make sure customers are well informed of the coming changes. Apple has strong data privacy and security protections in place and no backdoors will be created into any of our systems.”

    They do not stipulate they have control over access. On the contrary they make it clear the data is no longer under their control. GCBD is not simply a storage container, they're running the iCloud services in China.
    edited March 2018
Sign In or Register to comment.