Key Apple security expert Jon Callas leaves to take job with ACLU

Posted:
in General Discussion
One of Apple's senior security specialists, Jon Callas, has reportedly jumped ship to work at the American Civil Liberties Union -- and for a much smaller salary.

Jon Callas


Callas started a two-year stint as an ACLU technology fellow on Monday, Reuters said. While at Apple, he was in charge of a team that hacked into pre-release products to expose any vulnerabilities.

He may be better known, however, for co-founding PGP Corp. and Silent Circle, and being the chief scientist at Phil Zimmermann's original PGP Inc. PGP -- Pretty Good Privacy -- is one of the most famous encryption standards in use.

At the ACLU Callas is expected to provide input on fairness and transparency in AI, and help fight governments that demand access to tech platforms for surveillance.

The move should, then, indirectly help Apple, which has adopted a tough stance on privacy in the U.S. The company uses strong encryption for both hardware and online communications, much to the chagrin of law enforcement and spy agencies, which have complained about devices and services "going dark" even when there's legal backing for a search.

Some people, like U.S. Deputy Attorney General Rod Rosenstein, have called on Apple to offer some form of backdoor access, but Apple has resisted, noting that any backdoor would likely be discovered and exploited by criminals and foreign governments.

Most infamously, Apple fought with the U.S. Department of Justice over accessing the iPhone 5c of San Bernardino shooter Syed Rizwan Farook, only for the DOJ to abandon the case when the FBI succeeded with a third-party forensics solution.

Callas could play a role in influencing federal privacy legislation born out of scandals like Equifax and Cambridge Analytica.

Comments

  • Reply 1 of 20
    Can you send him down to Oz, because the Politician's here want to weaken the entire internet security model, apparently they think they can legislate the laws of Mathematics
    entropyssteven n.LordeHawkmuthuk_vanalingamdavgreglostkiwijony0
  • Reply 2 of 20
    Can you send him down to Oz, because the Politician's here want to weaken the entire internet security model, apparently they think they can legislate the laws of Mathematics
    All kidding aside though, that may be what the ACLU will be having him work on and with. Not just securing their systems, but advising as an expert witness on these matters. 

    Good for him. It takes a man of integrity to walk away from a top job with a leading company and big salary to match and go do something that pays less, but is the right thing to do.
    tmaypacificfilmmac_dogMisterKitpropodGeorgeBMacStrangeDaysdavgreglostkiwi
  • Reply 3 of 20
    entropysentropys Posts: 1,374member
    Can you send him down to Oz, because the Politician's here want to weaken the entire internet security model, apparently they think they can legislate the laws of Mathematics
    The problem with modern parliaments is they are full of lawyers.  Overpaid lawyers who have never had a real job outside the political bubble. Serving the people should be a vocation, not a career. In Oz they have even managed to pay themselves extra for being on a committee! And of course, the purpose of this Bill is to spy on the little people, that is, you and me, as the real crims would just add an extra layer of encryption to stimy the legislation.

    Shakespeare had it right about lawyers.


    I should also point out that this guy sounds pretty admirable, even if, ironically, he plans to hang out with a bunch of lawyers.
    edited December 4 lostkiwi
  • Reply 4 of 20
    Rayz2016Rayz2016 Posts: 4,456member
    DAalseth said:
    Can you send him down to Oz, because the Politician's here want to weaken the entire internet security model, apparently they think they can legislate the laws of Mathematics
    All kidding aside though, that may be what the ACLU will be having him work on and with. Not just securing their systems, but advising as an expert witness on these matters. 

    Good for him. It takes a man of integrity to walk away from a top job with a leading company and big salary to match and go do something that pays less, but is the right thing to do.
    Absolutely.

    Best of luck to him. 
    tmaydavgreglostkiwi
  • Reply 5 of 20
    chasmchasm Posts: 997member
    He has probably made plenty of money in his previous positions, and now he will be doing much the same sort of work (enhancing privacy and security) on a larger scale, and giving back to the country. Very happy for him.
    pacificfilmpropodlostkiwi
  • Reply 6 of 20
    Nothing "infamous" about the San Bernardino shooter case.

    As far as Mr. Callas goes, I'm sure there are lots of non-financial, quality-of-life benefits for working for a non-profit rather than an intense corporate environment.  And I expect he has earned enough money that he could retire comfortably right now.
    StrangeDayslostkiwi
  • Reply 7 of 20
    knowitallknowitall Posts: 1,089member
    A recent BBC article stated that an iPhone can be hacked by having the phone number only.
    It stated that Saudis traveld to Israel to buy hacking software from a company: they were asked to buy 2 new iPhones from an Apple store, boot (start) the phones and give the numbers to the hacking company.
    A few moments later without any input from the Saudis the phones were hacked ...
    https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html


  • Reply 8 of 20
    Jon Callas has shown himself to be a man of principle.  His move to the ACLU will allow him to leverage his expertise in encryption and technology to help shape policy on Internet security and privacy.  Right or wrong it will be government policy that will define the Internet of the future.  Corporations have shown little interest in working in this area.  Apple seems to be one of the few who have tried to stand up to federal abuses of privacy.  One can only hope that Mr. Callas has left a strong team behind at Apple to continue their corporate position of highest security for hardware/software products and online services.
    pacificfilmGeorgeBMaclostkiwi
  • Reply 9 of 20
    knowitall said:
    A recent BBC article stated that an iPhone can be hacked by having the phone number only.
    It stated that Saudis traveld to Israel to buy hacking software from a company: they were asked to buy 2 new iPhones from an Apple store, boot (start) the phones and give the numbers to the hacking company.
    A few moments later without any input from the Saudis the phones were hacked ...
    https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html


    I read the linked article twice and didn't see anything about hacking an iPhone with just a phone number. A Google search also turns up nothing. I saw an article from 2016 regarding hacking into the server-side SS7 system to get SMS text messages, call logs, and even listen to calls by spoofing the device identification, but that has nothing to do with the phone itself.

    I'm genuinely curious if the iPhone can be hacked without physical access to the device itself.  Could you post a link to the BBC article?
    edited December 4 randominternetpersonStrangeDayslostkiwi
  • Reply 10 of 20
    It’s nice to see someone put principle ahead of money.
    GeorgeBMaclostkiwi
  • Reply 11 of 20
    patsupatsu Posts: 422member
    knowitall said:
    A recent BBC article stated that an iPhone can be hacked by having the phone number only.
    It stated that Saudis traveld to Israel to buy hacking software from a company: they were asked to buy 2 new iPhones from an Apple store, boot (start) the phones and give the numbers to the hacking company.
    A few moments later without any input from the Saudis the phones were hacked ...
    https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html


    As I recall, that was an old BBC article, quite a while before iOS 12 I think.
  • Reply 12 of 20
    zoetmbzoetmb Posts: 2,355member
    knowitall said:
    A recent BBC article stated that an iPhone can be hacked by having the phone number only.
    It stated that Saudis traveld to Israel to buy hacking software from a company: they were asked to buy 2 new iPhones from an Apple store, boot (start) the phones and give the numbers to the hacking company.
    A few moments later without any input from the Saudis the phones were hacked ...
    https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html


    There was no mention in that NYTimes article about an iPhone.   But it did mention that the phone in question probably followed a link that was sent to him disguised as a shipment status email.   
  • Reply 13 of 20
    GeorgeBMacGeorgeBMac Posts: 3,249member
    Privacy in America is under assault from both corporate entities as well as the justice & intelligence branches of government.

    Apple has been the sole source of push back against that assault.  But, it looks like the ACLU may joining them in that fight for the rights of the common man. 
  • Reply 14 of 20
    knowitall said:
    A recent BBC article stated that an iPhone can be hacked by having the phone number only.
    It stated that Saudis traveld to Israel to buy hacking software from a company: they were asked to buy 2 new iPhones from an Apple store, boot (start) the phones and give the numbers to the hacking company.
    A few moments later without any input from the Saudis the phones were hacked ...
    https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html
    Link, or it didn't happen "knowitall". 
  • Reply 15 of 20
    knowitall said:
    A recent BBC article stated that an iPhone can be hacked by having the phone number only.
    It stated that Saudis traveld to Israel to buy hacking software from a company: they were asked to buy 2 new iPhones from an Apple store, boot (start) the phones and give the numbers to the hacking company.
    A few moments later without any input from the Saudis the phones were hacked ...
    https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html


    BBC & NYTimes. Fake news sites. Ya better off reading The Onion
    edited December 5
  • Reply 16 of 20
    davgregdavgreg Posts: 132member
    BBC & NYTimes. Fake news sites. Ya better off reading The Onion
    So exactly what have they gotten wrong that makes them "fake news"?

    It is very easy to throw out a broad accusation, but where is the beef?

    I have my share of problems with NYT opinion, but the reporting is vetted or they could be sued. I do not see the NYT getting successfully sued on a regular basis.
    edited December 5 lostkiwi
  • Reply 17 of 20
    knowitallknowitall Posts: 1,089member
    78Bandit said:
    knowitall said:
    A recent BBC article stated that an iPhone can be hacked by having the phone number only.
    It stated that Saudis traveld to Israel to buy hacking software from a company: they were asked to buy 2 new iPhones from an Apple store, boot (start) the phones and give the numbers to the hacking company.
    A few moments later without any input from the Saudis the phones were hacked ...
    https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html


    I read the linked article twice and didn't see anything about hacking an iPhone with just a phone number. A Google search also turns up nothing. I saw an article from 2016 regarding hacking into the server-side SS7 system to get SMS text messages, call logs, and even listen to calls by spoofing the device identification, but that has nothing to do with the phone itself.

    I'm genuinely curious if the iPhone can be hacked without physical access to the device itself.  Could you post a link to the BBC article?
    Ok, I couldn’t find it myself, but I am sure I read it (couldn’t make that up), I’ll look again and post it here.
  • Reply 18 of 20
    knowitallknowitall Posts: 1,089member

    78Bandit said:
    knowitall said:
    A recent BBC article stated that an iPhone can be hacked by having the phone number only.
    It stated that Saudis traveld to Israel to buy hacking software from a company: they were asked to buy 2 new iPhones from an Apple store, boot (start) the phones and give the numbers to the hacking company.
    A few moments later without any input from the Saudis the phones were hacked ...
    https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html


    I read the linked article twice and didn't see anything about hacking an iPhone with just a phone number. A Google search also turns up nothing. I saw an article from 2016 regarding hacking into the server-side SS7 system to get SMS text messages, call logs, and even listen to calls by spoofing the device identification, but that has nothing to do with the phone itself.

    I'm genuinely curious if the iPhone can be hacked without physical access to the device itself.  Could you post a link to the BBC article?
    Found a better link, skip to “According to the report”: https://www.timesofisrael.com/israeli-hacking-firm-nso-group-offered-saudis-cellphone-spy-tools-report/
    I read it somewhere else, but this is essentially the same (and it was certainly very recent, as this linked article is).
    The point is that a jailbreak for iOS 12 might exist, so clicking a special link could hack your phone.
    Hacking an iPhone without the user actually doing anything (except giving the phone number) might be possible if a (root) exploit of the sms (or phone) handling exists. This means sending an sms string (usually a buffer overrun) that executes some code that actually clicks on the jailbreak link (but this is speculation of course).

  • Reply 19 of 20
    knowitallknowitall Posts: 1,089member

    patsu said:
    knowitall said:
    A recent BBC article stated that an iPhone can be hacked by having the phone number only.
    It stated that Saudis traveld to Israel to buy hacking software from a company: they were asked to buy 2 new iPhones from an Apple store, boot (start) the phones and give the numbers to the hacking company.
    A few moments later without any input from the Saudis the phones were hacked ...
    https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html


    As I recall, that was an old BBC article, quite a while before iOS 12 I think.
    Not old, unless you think a few months is old.
  • Reply 20 of 20
    knowitallknowitall Posts: 1,089member
    knowitall said:
    A recent BBC article stated that an iPhone can be hacked by having the phone number only.
    It stated that Saudis traveld to Israel to buy hacking software from a company: they were asked to buy 2 new iPhones from an Apple store, boot (start) the phones and give the numbers to the hacking company.
    A few moments later without any input from the Saudis the phones were hacked ...
    https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html
    Link, or it didn't happen "knowitall". 
    Of course it did, the universe exists without us knowing.
Sign In or Register to comment.