Apple endorses federal privacy legislation at U.S. Senate hearing

Posted:
in General Discussion edited September 2018
In a U.S. Senate committee hearing Wednesday, Apple's vice president of software technology, Guy "Bud" Tribble, stated Apple's support for legislation, while agreeing that the Federal Trade Commission should hold regulatory authority.

Apple's Bud Tribble (C-SPAN screenshot)


At a hearing of the Senate Committee on Commerce, Science, and Transportation in Washington Wednesday, Tribble testified alongside representatives of Alphabet/Google, Amazon, Twitter, AT&T, and Charter Communications. Throughout, Tribble expressed support for the idea of privacy legislation itself, and gave either qualified or unqualified yesses to most proposals put forward by most Senators.

"I am honored to be with you for this important hearing and to convey Apple's support for comprehensive federal privacy legislation that reflects Apple's longheld view that privacy is a fundamental human right," Tribble said in his opening statement.

"To Apple, privacy means much more than having the right to not share your personal information. Privacy is about putting the user in control when it comes to that information," Tribble continued. "That means that users can decide whether to share personal information and with whom. It means that they understand how that information will be used. Ultimately, privacy is about living in a world where you can trust that your decisions about how your personal information is shared and used are being respected. We believe that privacy is a fundamental human right, which should be supported by both social norms and the law."

Those testifying before the committee


"These concepts have guided our design process for years because privacy is a core value at Apple, not an obligation or an aftermarket add-on," Tribble said.

Tribble also made a point of pushing for any new privacy legislation to not place undue burdens on app developers.

"We have an app store with 6 million developers in the U.S., some are small and medium-sized businesses, and [we hope that] the burden will not be on them as to record-keeping, to make sure it's not overburdensome for that class of companies," Tribble said in his testimony. He added that Apple had earlier worked with the Office of the National Coordinator for Health IT (ONC) to help create a "model privacy notice" for app developers in the health space who may not have access to a full legal team, and would interested in coming up with those sorts of solutions in the future.

Tribble agreed with most of the other executives present that the FTC should handle most enforcement for the new privacy regime.

"Apple agrees that the FTC should get the resources they need a part of comprehensive legislation," he said.

Mentioned throughout the hearing was that both the European Union that invoked the General Data Protection Regulation, and the state of California have both passed privacy laws, both of which some tech companies believe are too stringent. The executives discussed whether the federal law will preempt the local one, as well as what disclosures will be required for data sharing.

Facebook was not part of the hearing, although CEO Mark Zuckerberg had testified before the same committee in April.

Broadcast on C-SPAN 3 and streaming online, the hearing was not what would be considered a high-profile proceeding. It was notably non-contentious, although some Republican senators, including Ted Cruz of Texas and Cory Gardner of Colorado, asked pointed questions about Google's China policy near the end of the hearing. Cruz also asked Google chief privacy officer Keith Enright whether Google is working to censor conservatives from search results.

Committee Chairman John Thune (R-S.D.) said at the end of the two-and-a-half-hour proceeding that it was likely the first of multiple "conversations going forward" as the committee works on legislation.

Comments

  • Reply 1 of 17
    LOL.

    Facebook and Google must HATE this.
    tmaycornchipfastasleepMuntz
  • Reply 2 of 17
    lkrupplkrupp Posts: 7,170member
    This is another example of Apple moving to where the puck will be, not where it is. I think Apple saw this privacy issue coming a long way off and decided to jump on board with both feet. Meanwhile, Google and Facebook’s business models are incompatible with privacy and data security. In both companies their users are the products they sell (to advertisers). When this all goes down, and it will eventually, Apple will be in a position to capitalize on it and come out smelling like a rose.
    lostkiwiMuntz
  • Reply 3 of 17
    If so why do all defaults seem to lead to iCloud, including keychain passwords... ?

    https://www.elcomsoft.com/eppb.html

    edited September 2018
  • Reply 4 of 17
    If so why do all defaults seem to lead to iCloud, including keychain passwords... ?

    https://www.elcomsoft.com/eppb.html


    Isn't that cute. The troll wants to come out and play. What, exactly, does Elcomsoft have to do with privacy? And what does Facebook and Google vacuuming up mountains of data to monetize and make money have to do with Apple?

    Or were just sitting around waiting for some article you could spam your link to?
    lostkiwiStrangeDayscornchipfastasleepRayz2016Muntz
  • Reply 5 of 17
    auxioauxio Posts: 2,003member
    If so why do all defaults seem to lead to iCloud, including keychain passwords... ?

    https://www.elcomsoft.com/eppb.html

    If you think this is only about storing data locally or not, you really need to learn more about what's at stake here.

    And, btw, that tool you link to explicitly states that it needs your Apple ID and password in order to get at iCloud data.  The only thing it can do without that is attempt to extract data from local backups.
    ericthehalfbee
  • Reply 6 of 17
    wizard69wizard69 Posts: 12,860member
    lkrupp said:
    This is another example of Apple moving to where the puck will be, not where it is. I think Apple saw this privacy issue coming a long way off and decided to jump on board with both feet. Meanwhile, Google and Facebook’s business models are incompatible with privacy and data security. In both companies their users are the products they sell (to advertisers). When this all goes down, and it will eventually, Apple will be in a position to capitalize on it and come out smelling like a rose.

    I rather see this as an example of not understanding the federal government.    What is very likely to happen is people within the FTC, the FBI, CIA and yes even congress, will see this as a way to promote their agendas and saddle these privacy protections with more holes than Swiss cheese.   If anything Apple is being manipulated into a set of regulations that will do more to damage privacy than ensure it.
    SpamSandwichcornchip
  • Reply 7 of 17
    gatorguygatorguy Posts: 20,931member
    LOL.

    Facebook and Google must HATE this.
    On the contrary, Google is asking for the same thing and in today's testimony highlighting some of the same privacy discussion points as Apple made. This is one those times when both are in agreement on the need for Federal legislation and FTC enforcement of user privacy regulations. In case you're wondering so is Amazon. 

    Facebook? Correct, they were not there and won't be testifying in this hearing.

    For those interested in what all the companies had to say:
    https://www.c-span.org/video/?451963-1/google-apple-amazon-tech-companies-testify-data-privacy

    edited September 2018 cornchip
  • Reply 8 of 17
    auxio said:
    If so why do all defaults seem to lead to iCloud, including keychain passwords... ?

    https://www.elcomsoft.com/eppb.html

    If you think this is only about storing data locally or not, you really need to learn more about what's at stake here.

    And, btw, that tool you link to explicitly states that it needs your Apple ID and password in order to get at iCloud data.  The only thing it can do without that is attempt to extract data from local backups.
    ...indeed clarification would be helpful - does Apple or powers that be under the Patriot Act or if war is declared have access to iCloud data...?

    I understand local storage has many concerns as well, yet the simple default to offload all data to a central target or 'resource' seems just bizarre logic to me...

  • Reply 9 of 17
    If so why do all defaults seem to lead to iCloud, including keychain passwords... ?

    https://www.elcomsoft.com/eppb.html


    Isn't that cute. The troll wants to come out and play. What, exactly, does Elcomsoft have to do with privacy? And what does Facebook and Google vacuuming up mountains of data to monetize and make money have to do with Apple?

    Or were just sitting around waiting for some article you could spam your link to?
    Well no actually - I was hoping for meaningful responses, vs fanboys flaming the post - such hostility by those willing to promote letting 'Elvis leave the building'...?

    I don't care what the policy, EULA or business interests are of Apple at the moment of the day (subject to change), yet more the general logic of so much existing in some foreign land server with the nature and stability of governance in place at the moment...

    And the link - no I have no connection, although it surely was easy to find, and raised the question of security settings by default sending so much off site... They do in fact qualify the intent as not to hack, but for recovery, for those that want to rely on such...

    ...and I am a mac user, and only own mac hardware, just to set the flaming fanboys straight...

    edited September 2018 gatorguy
  • Reply 10 of 17
    Tribble? Hrm...
  • Reply 11 of 17
    auxioauxio Posts: 2,003member
    auxio said:
    If so why do all defaults seem to lead to iCloud, including keychain passwords... ?

    https://www.elcomsoft.com/eppb.html

    If you think this is only about storing data locally or not, you really need to learn more about what's at stake here.

    And, btw, that tool you link to explicitly states that it needs your Apple ID and password in order to get at iCloud data.  The only thing it can do without that is attempt to extract data from local backups.
    ...indeed clarification would be helpful - does Apple or powers that be under the Patriot Act or if war is declared have access to iCloud data...?

    Nope: https://support.apple.com/en-us/HT202303

    I understand local storage has many concerns as well, yet the simple default to offload all data to a central target or 'resource' seems just bizarre logic to me...

    It's for simplicity and convenience.  I have three Macs, an iPhone, an iPad, and an Apple Watch.  It would be a nightmare trying to manually sync messages, mail, photos, contact information, music, passwords, etc between all those devices.  iCloud solves that problem.

    But this goes beyond just cloud storage.  Personal information also extends to information about what I'm doing on my devices, the places I go with them, etc.  Who is allowed what access to that information after its collected?  And could such information be directly identified with myself or my devices?  Apple's policy on such data collection is here: https://www.apple.com/privacy/approach-to-privacy/

    edited September 2018 fastasleep
  • Reply 12 of 17
    This is a very, very bad idea. There is nothing that is bad today that cannot be made worse with the involvement of the Federal government.
    cornchip
  • Reply 13 of 17
    auxio said:
    auxio said:
    If so why do all defaults seem to lead to iCloud, including keychain passwords... ?

    https://www.elcomsoft.com/eppb.html

    If you think this is only about storing data locally or not, you really need to learn more about what's at stake here.

    And, btw, that tool you link to explicitly states that it needs your Apple ID and password in order to get at iCloud data.  The only thing it can do without that is attempt to extract data from local backups.
    ...indeed clarification would be helpful - does Apple or powers that be under the Patriot Act or if war is declared have access to iCloud data...?

    Nope: https://support.apple.com/en-us/HT202303

    I understand local storage has many concerns as well, yet the simple default to offload all data to a central target or 'resource' seems just bizarre logic to me...

    It's for simplicity and convenience.  I have three Macs, an iPhone, an iPad, and an Apple Watch.  It would be a nightmare trying to manually sync messages, mail, photos, contact information, music, passwords, etc between all those devices.  iCloud solves that problem.

    But this goes beyond just cloud storage.  Personal information also extends to information about what I'm doing on my devices, the places I go with them, etc.  Who is allowed what access to that information after its collected?  And could such information be directly identified with myself or my devices?  Apple's policy on such data collection is here: https://www.apple.com/privacy/approach-to-privacy/

    ...indeed for now, and at face value...
    Yet as intimated it isn't current Apple representations that raise questions...
    https://foreignpolicy.com/2015/06/01/section-215-patriot-act-expires-surveillance-continues-fisa-court-metadata/
    How many will want to trust any US based cloud service given the more recent regulatory and political landscape...?

    edited September 2018
  • Reply 14 of 17
    chasmchasm Posts: 1,650member
    <...indeed clarification would be helpful - does Apple or powers that be under the Patriot Act or if war is declared have access to iCloud data...?</div>
    No. It's encrypted, and Apple doesn't have a decryption key. Under the Patriot Act or the War Powers Act, authorities would get exactly what they get from Apple if they ask (legally) today: general metadata (such as "the person emailed/called/texted this person on this date at this time" but not the contents thereof).

    It sounds like your concerns would be alleviated if you did a bit more reading on Apple's privacy policy and more about cloud technology generally. May I suggest you start with apple.com/privacy?
    edited September 2018 fastasleepSpamSandwich
  • Reply 15 of 17
    Rayz2016Rayz2016 Posts: 4,731member
    This is a very, very bad idea. There is nothing that is bad today that cannot be made worse with the involvement of the Federal government.
    Yes, because when our government decided to deregulate banking then … no hang on, bad example.
  • Reply 16 of 17
    gatorguygatorguy Posts: 20,931member
    chasm said:
    No. It's encrypted, and Apple doesn't have a decryption key. 
    What? You surely know better than that. Of course Apple can decrypt the data in your iCloud account. If a law enforcement agency presents Apple with a valid warrant they'll give them your data too. 

    What do you think all the discussion about China and and iCloud was about?
  • Reply 17 of 17
    auxioauxio Posts: 2,003member
    gatorguy said:
    chasm said:
    No. It's encrypted, and Apple doesn't have a decryption key. 
    What? You surely know better than that. Of course Apple can decrypt the data in your iCloud account. If a law enforcement agency presents Apple with a valid warrant they'll give them your data too. 

    What do you think all the discussion about China and and iCloud was about?
    FFS, this is some serious misinformation.  From this page:

    "No one else, not even Apple, can access end-to-end encrypted information"

    If your device encrypts the information and then sends it to an iCloud server where it's stored in that exact same encrypted format, Apple cannot decrypt it.  Apple does not have the private encryption key your device used to encrypt the data.  Apple would only be able to decrypt the data if you sent it without encryption to the iCloud server where they used their own private encryption key to 
    encrypt it before storing it.

    There is one exception, however, noted on that page:

    "Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple."

    So iCloud Backups do include the encryption key used to encrypt your messages.  Which, in turn, means that Apple would be able to decrypt those if requested to do so by law enforcement.  So turn iCloud Backup off if you truly want to be sure Apple can't decrypt any of your data.

    Now, as for what Apple does with iCloud in China, that's a different story.  If/when a government mandates that a cloud service be able to decrypt all of the data stored on it, then special provisions need to be put in place to ensure that.  But that's not the case in the US (yet). 
    edited September 2018 SpamSandwich
Sign In or Register to comment.