Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Encryption Government IOS Iphone Network Open Source Privacy Security Software Apple Politics Your Rights Online

Tim Cook Talks About Encryption, Right to Privacy, Public Safety, and DOJ (time.com) 135

TIME reporters sat down with Apple CEO, Tim Cook, to talk about encryption, public safety, and right to privacy among other subjects. The wide-ranging interview captures Cook's discomfort with how his company has been treated by the Department of Justice. Following are some interesting excerpts from the interview: The thing that is different to me about Messages versus your banking institution is, the part of you doing business with the bank, they need to record what you deposited, what your withdrawals are, what your checks that have cleared. So they need all of this information. That content they need to possess, because they report it back to you. That's the business they're in. Take the message. My business is not reading your messages. I don't have a business doing that. And it's against my values to do that. I don't want to read your private stuff. So I'm just the guy toting your mail over. That's what I'm doing. So if I'm expected to keep your messages, and everybody else's, then there should be a law that says, you need to keep all of these. [...] Law enforcement should not be whining about iPhones; it should be rolling around in all the other free information that criminals and terrorists are spewing through social networks and Nest thermostats, surveillance cameras and Hello Barbies. [...] Going dark -- this is a crock. No one's going dark.
This discussion has been archived. No new comments can be posted.

Tim Cook Talks About Encryption, Right to Privacy, Public Safety, and DOJ

Comments Filter:
  • by LichtSpektren ( 4201985 ) on Thursday March 17, 2016 @12:06PM (#51716087)
    The DOJ obsessing over the locked phone of a dead shooter in the guise of protecting America, while being totally silent about the insane privacy violations of Windows 10, seems rather hypocritical.
    • by Anonymous Coward

      The DOJ obsessing over the locked phone of a dead shooter in the guise of protecting America, while being totally silent about the insane privacy violations of Windows 10, seems rather hypocritical.

      What you see as hypocritical, they see as strategic.

      • by kheldan ( 1460303 ) on Thursday March 17, 2016 @12:37PM (#51716403) Journal

        What you see as hypocritical, they see as strategic.

        I'd like to point out, for the benefit of those who somehow haven't already got the memo, that there are 'law enforcement' types all over the place, who would like nothing better than to return to the 'good old days' of being able to drag a 'suspect' into a room, and beat them senseless, repeatedly if necessary, until they sign a pre-written 'confession' of their 'crimes' -- then railroad them through the court system, and into prison. That's the sort of mentality we're dealing with here, even if (on the surface) they seem more sophisticated about it. Law enforcement at all levels tends to attract control-freak types who in their heart of hearts believe they're above the law they're supposedly enforcing, and should be allowed to do whatever they want in pursuit of that so-called 'enforcement', and that peoples' 'rights' should be more like a 'privilege' that they can revoke whenever they feel like it.

        • "there are 'law enforcement' types all over the place, who would like nothing better than to return to the 'good old days' of being able to drag a 'suspect' into a room, and beat them senseless, repeatedly if necessary, until they sign a pre-written 'confession' of their 'crimes' ..."

          I've been wondering what the FBI did back to solve crimes back before they could hack cell phones. Thanks for reminding me.

          • I've been wondering what the FBI did back to solve crimes back before they could hack cell phones. Thanks for reminding me.

            The FBI has a long and storied history of taking the low road. Just one example of many [nytimes.com]:

            When the Rev. Dr. Martin Luther King Jr. received this letter, nearly 50 years ago, he quietly informed friends that someone wanted him to kill himself -- and he thought he knew who that someone was. Despite its half-baked prose, self-conscious amateurism and other attempts at misdirection, King was

          • I've been wondering what the FBI did back to solve crimes back before they could hack cell phones. Thanks for reminding me.

            Back then, they had to keep some of the suspects alive for questioning.

          • The new technique is to manufacture a crime. Get some hotheads together with an FBI agent provocateur. Get them to make some terrorist plan that has no chance of success. Discuss it at length. Come up with some completely legal thing they can do to start getting the plan rolling, then arrest all the idiots on conspiracy charges.

      • We act like fools for awhile and then when we lull them into a false sense of security we strike!

    • by McLae ( 606725 )
      SO, here is a conspiracy theory:

      DOJ is behind the Win 10 free upgrades, because MS has all the back doors the DOJ has requested. The more Win 10 deploys, the more data the DOJ has access to.

      Removing the tin foil hat......

    • by NatasRevol ( 731260 ) on Thursday March 17, 2016 @12:33PM (#51716361) Journal

      You should see what they did to Lavabit under the guise of security.

      Holy fucking shit.

      https://twitter.com/JZdziarski [twitter.com]

      They were literally denied their 4th Amendment rights by a FUCKING FEDERAL JUDGE.

      • They also ticked off the judge, which should not have affected the ruling but probably did. When given a court order, you should either comply without funny stuff or you politely file a motion why you shouldn't be required to do it. Trying to find some useless way to comply with the letter of the order will get you in trouble.

        • Given that the judge said, before this, that they didn't have 4th amendment rights, I'd tell him to fuck off too. And rightfully so.

          • Fourth amendment rights for what? The court asked for stuff about some of their subscribers, probably legally, and LavaBit responded by being as uncooperative as possible, until the judge ordered them to turn over keys, since it was apparently impossible to get them to cooperate.

            That was dumb. Given a court order you don't want to follow, the intelligent choices are to comply, file a legal motion arguing against compliance, or possibly to dissolve the company so there's nothing left to have an order se

    • Yep collecting user data as spelled out in the EULA is worthy of the FBI / DOJ getting involved.

      Or not.

    • by gweihir ( 88907 )

      The DoJ caring about "privacy" of citizens? In what world do you live?

  • by UnknowingFool ( 672806 ) on Thursday March 17, 2016 @12:23PM (#51716267)
    John Oliver with his commentary [youtube.com] on the matter. Funny and fairly balanced.
  • If Tim Cook's premise is that big corporations like his are going to protect us from privacy invading evil governments, how far is his commitment going to go? He may be able to win this case against the FBI. Is he going to win it against a secret order from the NSA to spy on foreign terrorists? Is he going to win it against the German government, or the Russian government, or the Chinese government? Has he successfully resisted what even Microsoft couldn't resist, handing over their source code to the Russi
    • Your questions are good.

      It's well known that foreign governments are watching this case very closely. It's understood that if the US wins this case, governments like China are going to start requiring backdoors as well.

      While Apple winning this case doesn't prevent China, etc from doing so ... Apple loosing this case will assuredly open the floodgates to foreign governments all getting their hook in the code.

      • That's why Apple should never have started this case. They should quietly have rolled out bullet proof security on the next phone instead. With a few million actually secure iPhones in circulation, the FBI couldn't do anything, and Congress would be unlikely to pass a law prohibiting this.
        • by nytes ( 231372 )

          Apple didn't start this case. The FBI did.

          The FBI didn't even serve papers to Apple telling them. Apple found out about it from the FBI's news release.

    • by Aighearach ( 97333 ) on Thursday March 17, 2016 @12:40PM (#51716429) Homepage

      He's not going to protect us, he's going to protect himself, his company, his values. That protects others who share his values.

      No need to run off the rails because he isn't Harry Potter.

      • He's not going to protect us, he's going to protect himself, his company, his values.

        I find this funny, he will argue his point publicly and loudly because at the moment it protects his company image and is what the customers want. If he looses apparently the iPhone is so secure that not even the FBI can hack it without the help of the geniuses that made it, which still works out for the company image, just not as well as if he wins.

        It would however be funny if the all of the sudden they dropped the issue by saying "Never mind, it was easier to hack than we thought.".

        • The NSA could have easily hacked the phone this past summer.

          It's not about the hack...

          • You and I know there are already tech forensics companies out there that work with law enforcement and provide tools and that this is about making manufactures give access not about them actually being able to gain access, but that's not what the rest of the world sees or wants to see.

          • by AHuxley ( 892839 )
            Re It's not about the hack...
            Its about making the PRISM material legal in any US state or federal open court. The brand and phone becomes the named informant. GPS, logs, images, movement, voice, files.
            A cell phone brand can even be the origin of an entire case in open court, hiding deeper human or mil signals parallel construction.
            Recall the " and the zombies would be paying customers?" quote from
            iSpy: How the NSA Accesses Smartphone Data (September 09, 2013)
            http://www.spiegel.de/internat... [spiegel.de]
            • It's not about establishing legal evidence. That's what parallel construction is for. This is to establish that there is no right to privacy, and that everybody must cooperate with the TLAs to break it whenever asked.

        • Huh? The question is not whether Apple can't do what the court order says. The question is whether they can be legally compelled to do it.

          • I thought the question is even if they are able to legally compel them how much will Apple protest in order to protect their company image.

      • You are absolutely correct. It just so happens that protecting himself, his company, and his values aligns very closely with protecting me, and my values. Therefore, I support his efforts.

    • by Arkham ( 10779 )
      I admit that I sort of hope those signing keys are on an offline computer in a big white room at Cupertino HQ with lead lined walls, where someone must walk in with a GM binary on a flash drive, sign it, and walk out with only the signed copy.
    • Cook should build phones that just cannot be broken into, not even by someone with full access to the source code, firmware signing keys, and hardware.

      That does appear to be the way he is pushing his engineers. However, in the mean time there are billions of iPhones out there for whom this level of protection is not yet possible, and cannot be retroactively applied. I don't even believe that Cook has attempted to portray his actions as altruistic, just that what is in the best interest of Apple Inc., and what is in the best interest of owners of Apple devises are in sync with each other on this issue.

      Apple Inc sees no value and only cost associated with

      • > while you may think the FBI is trustworthy

        Honestly, I don't see how anybody who is in any way familiar with the FBI, it's history, it's most well-known director, the culture and organization he built, the shenanigans (to put it mildly) during his tenure, and the fact the the FBI still reveres and honors said director, even residing in a HQ building bearing his name... could *POSSIBLY* consider the FBI trustworthy. We're not talking about the television FBI of Mulder and Sculley. The real thing is the

      • If the US creates this precedent, the Chinese will take it even further, and while you may think the FBI is trustworthy I doubt most people would extend similar trust to the governments of every country in which Apple operates.

        In fact, unlike you, I trust neither Apple, nor the FBI, nor the Chinese government. You live in a fantasy if you think that Apple hasn't already cooperated with the Chinese government in order to get access to the Chinese market, [qz.com] just like Microsoft has already done with the Russia [zdnet.com]

        • Lets be clear, Apple - Like every other company in the world - has a statutory obligation to obey any law of any country within which they operate. If China were to say tomorrow "no encryption on any device" Apple would have to choose to either stop selling, try to fight the law in court, or comply. In the US the company is choosing option 2, but if they lose they will have to revert to either option 1 (fiscal suicide) or option 3. The issue here is that the west has been able to, through political machinat
          • In the US the company is choosing option 2,

            That's PR bullshit. Apple isn't fighting for the right to provide encryption on their devices; if they did, I'd be cheering them on. What Apple is fighting for is the right to protect flawed encryption from a valid court order. And the problem with that is that no matter whether they win or whether they lose, the public will be worse off as a result.

            The encryption on iPhones has gotten more comprehensive at every revision of the hardware/software. That it wasn't

            • How does the public lose if Apple wins?

              If Apple loses, then they and other cell phone manufacturers will be required to include backdoors and maintain work arounds for the government indefinitely. Sucks to be you if the FBI wants access to your phone, and sucks to be you if someone other than Apple or the Government is able to get access to the tools or reverse engineer the work around.

              If Apple wins, then it will still be possible in the future to develop completely encrypted bullet proof phones in t
              • If Apple loses, then they and other cell phone manufacturers will be required to include backdoors and maintain work arounds for the government indefinitely.

                The iPhone 5C already has a backdoor; that's the problem. Furthermore, you can be certain that the NSA and other agencies can get in through that back door. Apple winning or losing makes no difference to that. But if Apple wins, it gives the appearance that your data is protected when in fact it is not. Furthermore, if Apple wins, it will give more am

                • The iPhone 5C already has a backdoor; that's the problem. Furthermore, you can be certain that the NSA and other agencies can get in through that back door. Apple winning or losing makes no difference to that. But if Apple wins, it gives the appearance that your data is protected when in fact it is not. Furthermore, if Apple wins, it will give more ammunition to people demanding laws that require explicit backdoors.

                  So in your opinion we are damned if we do and damned if we don't? The lack of completely secure phones today (or at least back when the iPhone 5C was sold) completely invalidates any potential advances to make them more secure in the future, and if Apple wins in court then the legislature will (despite having failed to do so during the first encryption debate) of course pass laws to grant such a back door in the future. That's an awfully pessimistic view. If legislators from my state start supporting such a

                  • So in your opinion we are damned if we do and damned if we don't?

                    False dichotomy. Apple's mistake was pretending that their backdoored phone was secure. They should have simply admitted that the iPhone 5C wasn't secure and moved on, instead of pretending that they are out defending everybody's rights.

                    We know such a phone would be affordable, easy to use, and popular

                    You may believe that, but I see no reason to believe you are correct. There is a cost, even if not in money, to a completely secure phone. Th

                    • I don't believe they've ever said that their phones were completely secure, not even today. Security is not binary complete or absent, there are levels of security, often resulting from trade offs between security and other features like ease of use. You seem to be upset at Apple for breaking a promise they never in-fact made.

                      Unless you've got a specific Chinese or Russian law to which you can point, your assertion is baseless. I don't disagree that these governments would very much like to have this infor
                    • Unless you've got a specific Chinese or Russian law to which you can point, your assertion is baseless.

                      Microsoft has already released their source code to Russia and China under pressure from their governments; isn't that evidence enough?

                      One difference here is that the FBI was hoping to get the courts to compel Apple to do the work for them.

                      Yes, that is how discovery usually works. Apple might have argued an "undue burden", but not that the FBI isn't entitled to this in principle.

                      However, that doesn't mean

  • Switzerland should make Cook an offer: move your entire company here and we will give an inviolable covenant to protect your IP and products from any and all backdoor requests, foreign and domestic.
    • not the whole company, but the parts that deal with crypto.

      if apple was smart(er) they would be actively working on a fullproof decoupling of the base system from the crypto. make it so that its actually impossible for US forces to storm any apple site and try to force the company to do the feds' bidding.

      the crypto code would not be on any network, not even any apple network. the build would be done locally via specially vetted employees, etc etc. you can imagine how it could work.

      what they have now (I'm

    • by Anonymous Coward

      Switzerland has surrendered to the US and EU its invaluable banking secrecy and you think they could defend your data? How naive can you be?

      • by Anonymous Coward

        Correct analysis. Now that they are surrounded by a certain four letter Imperium, they are arguably in a much worse state than ever.

        They resist as much as they can, but they are not killing themselves. They collaborate like they had to collaborate earlier. They hope that a tiny amount of Allemanic freedom can be preserved.

        Let's hope they keep their rifles all well oiled.

    • by swb ( 14022 )

      How did that work out for Swiss banks and their tradition of banking secrecy? They eventually caved in to IRS demands to track down tax evaders.

      There are maybe 4-5 countries on Earth with the combined economic, military and diplomatic power to be home to a product completely beyond the influence of any government.

      And even then it doesn't guarantee that the product will be available anywhere outside of its home country (where presumably you're also able to manufacture it, so you don't have any dependency on

  • by JoeyRox ( 2711699 ) on Thursday March 17, 2016 @12:39PM (#51716419)
    It's not just because their customers want access to their banking history but because there are federal laws such as the Bank Secrecy Act (https://www.fdic.gov/regulations/safety/manual/section8-1.pdf) that require banks to keep banking information to aid in the governments monitoring of criminal activity and money laundering. If the federal government can compel banks to keep this information I'm not sure what prevents them from compelling Apple as well. This is not to say that I support the government's position on this - I'm wholly in Apple's corner. But Cook's analogy to the banking industry is actually a case against Apple rather than one that supports it.
    • by seth_hartbecke ( 27500 ) on Thursday March 17, 2016 @12:57PM (#51716569) Homepage

      Banks, in order to operate with integrity, DO need to keep a transaction ledger. Honest ones had been doing so for centuries before the Bank Secrecy Act.

      There is a highly important yet subtle difference here. The Bank Secrecy Act requires banks divulge information they already were keeping.

      A similar act given to apple would require them to divulge information about your account (information they are already keeping). But, the newest FaceTime does peer-to-peer VoIP if it can. Is Apple required to engineer a backdoor in to listen to a conversation that *today* they only facilitate the initial call setup? Should they be required to keep an audio copy of the call? Apple currently does not store the call, and if possible they only arbitrate the two phones finding each other (they may not even transit the call audio). This would be like requiring you bank to keep tabs on how you spend your cash.

      • I don't see a large distinction between divulging information you're already retaining vs being compelled to retain new information that you also must divulge. For example the Bank Secrecy Act compels banks to retain transactional history that they weren't already keeping, such as details of specific credit and cash transactions that exceed $10,000/USD.
        • I don't see a large distinction between divulging information you're already retaining vs being compelled to retain new information that you also must divulge. For example the Bank Secrecy Act compels banks to retain transactional history that they weren't already keeping, such as details of specific credit and cash transactions that exceed $10,000/USD.

          Banks keep track of every transaction. How do you think you get a balance sheet every month itemizing your every transaction? They don't do it because the Federal Government compels them to. They do it because that is the nature of banking. The only thing that law requires them to do is to notify the government when a 'suspicious' transaction occurs. They're already privy to all the details of the account holder - bank relationship. In the case of Apple they are also privy to all the details of the ph

          • You're implying that banks already kept all the information and had all the necessary procedures like account verification that were necessary to comply with the Bank Secrecy Act before the law was passed. If you read the regulation (https://www.fdic.gov/regulations/safety/manual/section8-1.pdf) you'll find that's likely not the case, that many banks had to start tracking additional information and employ new procedures. So there is a precedent for the federal government to compel businesses to collect inf
            • You're implying that banks already kept all the information and had all the necessary procedures like account verification that were necessary to comply with the Bank Secrecy Act before the law was passed. If you read the regulation (https://www.fdic.gov/regulations/safety/manual/section8-1.pdf) you'll find that's likely not the case, that many banks had to start tracking additional information and employ new procedures. So there is a precedent for the federal government to compel businesses to collect information and enact new procedures.

              Other than the training requirements and the forms required to be filed with the IRS, I don't know of any new transactional record the bank would be required to keep under this law. Sure they had to start verifying SSN or TIN for account holders, yes. But you'll also note that this only covers banks that make use of FDIC or NCUSIF insurance programs. You could create a non-insured bank and it would not, at least under the original BSA rules, be required to keep any of these records or to verify the SSN o

              • Here's an example of the additional information banks were required to obtain and retain as part of BSA (https://www.hsdl.org/?view&did=439815):

                Monetary Instrument Sales Records : A bank must retain a record of each cash sale of bank checks, drafts, cashierâ(TM)s checks, money orders, and travelerâ(TM)s checks between $3,000 and $10,000 inclusive. These records must include evidence of verification of the identity of the purchaser and other information. (31 CFR 103.29)

                And for a more di
                • Here's an example of the additional information banks were required to obtain and retain as part of BSA (https://www.hsdl.org/?view&did=439815): Monetary Instrument Sales Records : A bank must retain a record of each cash sale of bank checks, drafts, cashierâ(TM)s checks, money orders, and travelerâ(TM)s checks between $3,000 and $10,000 inclusive. These records must include evidence of verification of the identity of the purchaser and other information. (31 CFR 103.29) And for a more direct example of precedent as it relates to Apple, the BSA actually required the banks to develop and deploy software to detect money laundering. One of the core arguments Apple makes is that companies can't be compelled to develop something to comply with a court order (and in turn a law). https://en.wikipedia.org/wiki/... [wikipedia.org]

                  Again, banks already had records of each sale of bank checks, drafts, cashier's checks, money orders, and travelers checks between $3,000 and $10,000. This was in the 60's. That was a hell of a lot of money and no bank would honor a cashier's check it had no record of issuing. Don't be ridiculous. And the federal government did NOT mandate that banks write software. They said "If you want to participate in the FDIC insurance program, you will meet these requirements." The federal government didn't car

                  • Don't think I'm missing any point. You keep claiming banks were already collecting all the information they needed to comply with BSA. My contention is that they weren't. And participation in the FDIC is mandatory for any bank that has any hope in attracting deposits, so it's a bit naive to think that banks weren't required to implement the money-laundering risk software as a requirement of BSA.
    • by radarskiy ( 2874255 ) on Thursday March 17, 2016 @12:59PM (#51716581)

      "If the federal government can compel banks to keep this information I'm not sure what prevents them from compelling Apple as well. "

      What prevents them is the lack of actual law that authorizes the federal government to do so. If we want the federal government to able to compel Apple to turn this data over then we must make a law authorizing the federal government to do so. IF not, then the federal government should not be using unrelated threats to compel a "voluntary" action that it cannot actually compel.

      • by Anonymous Coward

        "If the federal government can compel banks to keep this information I'm not sure what prevents them from compelling Apple as well. "

        What prevents them is the lack of actual law that authorizes the federal government to do so. If we want the federal government to able to compel Apple to turn this data over then we must make a law authorizing the federal government to do so. IF not, then the federal government should not be using unrelated threats to compel a "voluntary" action that it cannot actually compel.

        The difference is that the banks, for sake of their reputations and their business, already keep all that information. All the Feds do is compel them to hand it over by providing the appropriate authorization paperwork ( I know slippery slope ).

        Nothing is built, nothing is constructed, all the needed material to respond to the Feds is already available. Unlike with Apple, where Apple doesn't have the information, and has no way to get it directly from the phone. What Apple has done in the past, is to

      • I agree, Congress will need to pass a law to compel Apple to retain this information, the same as they did for the financial industry. I think we'll see such a bill in the near future.
  • propaganda (Score:5, Insightful)

    by Tom ( 822 ) on Thursday March 17, 2016 @12:40PM (#51716423) Homepage Journal

    Going dark -- this is a crock. No one's going dark.

    This is key. Their main argument is bullshit. They are not going dark. If anything, they have massively more surveillance than they did, let's say, 50 years ago. Or 30 years. Or virtually any time.

    20 years ago, what chances did police have to get a recording or transcript of a conversation between criminals one month after the fact? Unless they already were watching and wiretapping them, almost none. Today, chances are quite good that you will find some e-mails, chat log or other exchange.

    10 years ago, what chances did police have to find out where someone was on a given day one year later? Unless they were already shadowing him, almost none. Today, he checked in on Facebook or Foursquare or his phone location data gives him away.

    Maybe there was a high point a few years ago, when most of what we have today was already there, but encryption was lagging behind. Maybe compared to that short golden period they now see less - but it is still vastly more than ever before in the history of police work.

    And when someone lies to get something, you already know they can't be trusted, so giving them something that can potentially be abused would be really, really, very, very stupid.

  • by Bearhouse ( 1034238 ) on Thursday March 17, 2016 @01:17PM (#51716755)

    "My business is not reading your mails"

    Nope, because you make craptons of cash selling hardware.
    I was going to say the usual "overpriced" hardware but...what price your privacy?
    My wife and I are happy with android, but we upgrade regularly.
    With the effective demise of blackberry, soon might be Apple is only option

  • See this article:

    http://www.mprnews.org/story/2... [mprnews.org]

    Note:

    The so-called "Caliphate Cyber Army" posted the details of 36 officers on the encrypted messaging app Telegram

    Get that? It was posted on an "encrypted messaging app" - although oddly the police and FBI were able to read it.

    You'll see more and more of this in the news - linking encryption and ISIS.

"Be there. Aloha." -- Steve McGarret, _Hawaii Five-Oh_

Working...