Tim Cook Defends Apple's Approach To Security: 'Encryption is Inherently Great' (businessinsider.com) 198
Apple CEO Tim Cook has once again defended his company's hardline approach to security. At Utah Tech Tour event while taking questions from the audience, Cook said, (via BusinessInsider):"This is one of the biggest issues that we face. Encryption is what makes the public safe. As you know, there are people kept alive because the grid is up. If our grid goes down, if there was a grid attack, the public's safety is at risk" -- hence the need for encryption to protect it. "You can imagine defence systems need encryption, because there are a few bad actors in the world who might like to attack those. [...] Some people have tried to make it out to be bad," the chief executive told the audience at the Utah question-and-answer session. "Encryption is inherently great, and we would not be a safe society without it. So this is an area that is very, very important for us... as you can tell from our actions earlier this year, we throw all of ourselves into this." he added. "We're very much standing on principle here."
Correction (Score:5, Insightful)
Encryption is insanely great.
FTFY, Tim.
Re: (Score:2)
What is this, a Crazy Eddie commercial?
That is a very insensitive comment. You can no longer call Eddie crazy, you must refer to him by the less negative adjective "Presidential".
"At Presidential Eddie, our prices are so low, they're conGRESSIONal."
Re: (Score:2)
What is this, a Crazy Eddie commercial?
*Our encryption is inasne!*
I'm kind of surprised that nobody got the reference. [urbandictionary.com]
Whatever Apple's real motivation.. have to agree (Score:5, Insightful)
I'm no fan of Apple in general but on this point, no matter what their true motivations, the point is correct. Encryption *is* great, and required for today's society to operate securely. As Bruce Schneier said, we can either have security for everyone, or for none. The math just doesn't allow back doors that only work for "the good guys" (and there's no one definition of who those are, so it's a doubly-flawed premise.)
Re: (Score:2)
On the occasions when I have a discussion about things I just point out that if I were a thief I'd always prefer the back door.
Re: (Score:2)
I suspect that liability is one of Apple's motivations. They don't want to be responsible for being the custodian of all of their customers' data.
Re: (Score:2)
Yes, and that's why Apple's also one to not offer "cloud everything". A lot of services rely on iCloud yes, but there's plenty that doesn't and Apple has even been moving stuff off from iCloud and into personal computation.
It's not just encryption, but just not having the data period. So an iCloud backup is easy and convenient, but is not a full iPhone backup - it
Re: (Score:2)
Yes, and that's why Apple's also one to not offer "cloud everything". A lot of services rely on iCloud yes, but there's plenty that doesn't and Apple has even been moving stuff off from iCloud and into personal computation.
Part of it is that iCloud simply cannot logistically hold all of the customer's data. Like my music collection easily exceeds iCloud storage space and I'm not the most ardent music collector.
Re: (Score:2)
Re: (Score:2)
Er what? Apple doesn't want to be the one that law enforcement has to go to every time they need another phone to be cracked. How many times in how many jurisdictions a day would that be? Also that would apply to any country not just the US. I wouldn't want to be that custodian.
That's certainly a factor; but I know from being an Apple aficionado since 1976 that they just don't like the gummint much. Perhaps it comes from having their R&D labs raided by the FBI way back when, when it was rumored that Woz and John Draper (a/k/a Captain Crunch) were working on a digital "Blue Box" peripheral for the Apple 1...
Rumor has it that some stuff was confiscated. But I've never gotten Woz to confirm (or deny) the story. But after a few minutes of Google-fu, it looks like this may actual [theatlantic.com]
Re: (Score:2)
They sure rolled over quick when the FBI asked them for all the iCloud information they had about the San Bernardino terrorist.
Which they were required to do by law. Since they held that data (by permission of their customer) they are legally obligated to turn it over. However if the customer does not to use iCloud (which some do), they are not obligated to turn over data they don't have.
So I'm right. (Score:2)
Then explain why Apple all but waited for a certain incident until they'd embrace encryption. An incident involving rich people.
In addition, explain why Apple refused to help in an incident that would have given benefit to tons of ordinary people. That one.
Re: (Score:2)
I fully agree. Just one (minor) correction: The Math does allow backdoors that only work for the "good"/bad guys, but reality does not because it means keeping an encryption key absolutely secret long-term while it is also frequently used. Not even the NSA can apparently manage that. And if it fails, the effects are catastrophic.
Re: (Score:2)
You know what's even greater than encryption?
Not collecting personal data in the first place.
If Apple didn't gather massive amounts of information about their suckers - I mean, "customers" - they wouldn't need to worry about encryption and they wouldn't need to worry about safe-guarding the information.
Oh, please! I assume by your Apple-Bashing that you are a Fandroid?
NO one using Google's OS has ANY right to trash talk ANYONE about Data-Mining and "gathering", PERIOD.
Re: (Score:2)
Except for if you turn that off.
Settings > Privacy > Location Services > System Services
But you knew that when you said it was "impossible" right?
Re: (Score:3)
Cluecheck:
With any phone, you're constantly sending your daily movements back to the phone company so that they know what cell to route your incoming calls and text messages to, and to provide mandatory E911 data to the government. Every move you make is tracked, beamed to AT&T, Verizon, Sprint or T-Mobile (and onward to the government), without your "consent" merely by turning the phone on.
And no, even if you inspect the entire source, compile it yourself on a compiler which you've similarly audited,
Re: (Score:3)
That's some seriously misplaced logic.
Re: (Score:2)
... if you don't like Apple, it is a almost-sure foregone conclusion that you do like Android. That makes you a "Fandroid".
Say what? I know LOTS of people, (myself among them), who like neither platform. And if you took a Slashdot poll, I'm pretty sure you'd find lots more. The AC above who commented "nice strawman" probably should have said "nice troll" instead.
Re: (Score:2)
Have fun experiencing cognitive dissonance for the first time.
Does this even need defending now? (Score:5, Insightful)
We've had Yahoo creditials stolen, NSA hacks stolen, Blackberry is near bankrupt over its backdoors. The argument FOR backdoors have crumbled, so is it really necessary at this point to defend encryption?
If everyone had backdoored as the NSA/CIA chiefs wanted, then Russian+Chinese hackers would own everything at this point, and not just NSA hacks. They'd demonstrated by their incompetence the need for strong encryption, everywhere for everything.
Is anyone suggesting for example, that voting machines should be backdoored? That to me is the big risk now, an election with electronic voting machines susceptible to domestic and foreign bad actors.
Re: (Score:2)
The argument FOR backdoors have crumbled, so is it really necessary at this point to defend encryption?
Every day there is another call from this or that government to backdoor or ban encryption. Often it is made with the claim that it will prevent terrorism. There are few voices supporting encryption. If Apple can make it fashionable, by all means, let us not dissuade them.
Re: (Score:2)
We've had Yahoo creditials stolen, NSA hacks stolen, Blackberry is near bankrupt over its backdoors. The argument FOR backdoors have crumbled, so is it really necessary at this point to defend encryption?
To experts and reasonably well-informed citizens, it is not. To the rest (which is the majority), it still is and Tim Cook is performing a valuable public service with his stance, no matter that it also benefits Apple.
Re: (Score:2)
I think most assumed that rather than being backdoored, voting machines were simply half-assed. Hanlon's Razor and all that.
Now, if we could only convince everyone that the voting machines were really slot machines or ATMs, we might not only get more people to vote, but the software would be more secure, too.
Re: (Score:2)
Well... Walden O'Dell, the CEO of Diebold, maker of many voting machines has stated his commitment to deliver votes to the republicans. That's not infowars or indymedia rumor or speculation, that's his own words, in writing as part of a fundraising effort on the GOP's behalf.
That's about as blatant as you can get without going full-out Boss Tweed.
The double-edged sword. (Score:2, Insightful)
Encryption is merely a component of Security, which is best labeled as a double-edged sword. Always has been. Always will be.
Re: (Score:2)
Re: (Score:2)
No, encryption is not a sword. Encryption is chain mail. Encryption is a passive defensive bulwark. Encryption protects you against people with swords.
Encryption is merely a tool in the toolbox of Security. That is all. Don't try and glamorize it any more than Cook tried to.
Yes, encryption is "inherently great"; for both the law-abiding citizen who is merely looking for privacy, as well as the cold-blooded murderer hell-bent on keeping their evil plan secret.
Hence, my double-edged analogy stands, as it does with the Security toolbox in general. Always has been. Always will be.
Re: (Score:2)
Re: (Score:2)
That's a shitty analogy, that's like saying fences are a double edged sword. Don't try to defend it.
Security is a double-edged sword because it can cut both ways. Too much of it, or too little of it, can ultimately hurt you or your organization.
Government thinks Security is too much when encryption is used to hide "evil" communications.
Citizens think Security is too little when encryption backdoors are created to uncover all communications.
Hope that breaks it down well enough for you to not try and counter with a shitty analogy next time.
Re: (Score:2)
Re: (Score:2)
A sword is offensive, security is defensive. It does not cut, it prevents you from being cut.
Swords can be used to attack and defend against an attack. The sword analogy focuses on the ability of specifically a double-edged sword that can cut both ways, not solely on the application. My previous explanation broke this down quite simply with the catch-22 scenario anyone can be put in when applying too much or too little security. I'm done breaking this down any further.
Re: (Score:2)
Still terrible, try again?
Yes, I agree, your capacity to understand this simple concept is still terrible. No point in trying again.
From the 'Choosing our principles department' (Score:2, Insightful)
Privacy is great too, but we are making a lot of money from yours so we will just ignore that one.
Simple... (Score:2)
Re: (Score:2)
I think you got it backwards...
Re: (Score:2)
Showing Your Hand Inhibits Legal Politics (Score:2)
If our founding father's had been hacked by Britain, we would all be speaking with a British accent.
Re: (Score:2)
Freedom has two edges (Score:2)
Re: (Score:2)
You can _claim_ to be defending freedom and establish strict control at the same time though. Just look at North Korea. Or the US.
Government abuse = Increased sales (Score:2)
Only because Hollywood demanded it. (Score:2)
The only reason he's sided with it is solely for the well-heeled - he doesn't wan't another embarrassment.
That, and it doesn't hurt him too much to prevent people from having too much freedom on their devices.
Re:Encryption is for criminals (Score:5, Funny)
Re:Encryption is for criminals (Score:5, Insightful)
Encryptions is for criminals. Ordinary people don't need military grade encryption to protect themselves. It's primarily used to hide illicit activities from the police and serves no legitimate purpose.
so true! illicit behavior like logging in to my toddler's Disney Junior account, or transferring money between my bank account and the electric company.
Re: (Score:2)
so true! illicit behavior like logging in to my toddler's Disney Junior account, or transferring money between my bank account and the electric company.
In fairness, while you may use encryption to log in for that, big brother can find out you did it without trying very hard or anyone even challenging their warrant. Very likely others can too.
It's the communications that they can't pull without your knowledge that aren't housed in a framework they can easily extract it from that is being objected to.
Re: (Score:2)
Big brother can find out what banking transactions I issued. Big brother cannot authenticate as me and issue transactions and then claim I issued them.
Why not if they have the motivation to do so?
What's to stop them from making fraudulent financial transactions or even placing CP on a target's computer/phone other than the same legal, ethical, and Constitutional limits and standards that they've shown a solid track record of totally ignoring when it suits them?
Strong encryption is the *only* effective defense realistically possible against this kind of criminal behavior by authorities and that is exactly why criminal scumbags like Comey want it neutered f
Re: (Score:2)
Re: (Score:2)
Encryptions is for criminals. Ordinary people don't need military grade encryption to protect themselves. It's primarily used to hide illicit activities from the police and serves no legitimate purpose.
Like it's no big deal if someone steals your trivially encrypted authentication for your bank account and takes all of your money? But let's go big time like they did in Bangladesh and simply steal directly from the banks.
Even FBI director Comey has stated that encryption is essential. He just believes in magic encryption faeries that will decrypt data that hides terrorists and pedophiles from the good guys. (I.e., Those he defines as good guys.)
Re: (Score:2)
Re: (Score:2)
blows up someone he knows and the bomber has this great phone.
Wrong phone [heise.de]
Re: (Score:2)
On the other hand, no encryption means I have to go back to writing checks to pay bills, the way we did when I was a kid.
Because there's no way I'm putting my banking information online for everyone to look at using the backdoor(s) various people would love to see in place. Bad enough having to trust the people I WANT to give my money to, without having to absolutely trust everyone in the whole world who might want some of my money....
Re: (Score:2)
Just wait until someone uses this hammer to smash in someone's skull! Then we'll be able to go around outlawing hammers!
You are fucking retarded, and it's probably a good thing you posted AC.
Re:People kept alive because our grid is up (Score:5, Insightful)
"In conclusion, machines are bad, and people who rely on them are completely fucking stupid!" said the guy, typing on his computer, from the air-conditioned serenity of his parents' basement.
When asked if he could grow or produce his own food, purify his own water, and provide basic security and comfort for himself if his power and other modern comforts were turned off, he scoffed, "of course I could. I've seen The Martian, I think I could figure out how to grow a damn Cheeto plant."
Oh irony, you are so ironic.
Re: (Score:2)
We rely on infrastructure for survival for thousands of years. Otherwise we would be dead as we all can't have an Acre or two of quality land where we have our food, water, heat and shelter to make us self sufficient.
Roads - Allow us to move goods to places where they are needed, from areas where there is excess.
Water/Sewer and Aqueducts move clean water to where we need it and moves dirty water away.
now today
We need power - as a way to prevent us from all burning wood for heat and fuel,
We also need the in
Re: (Score:2)
Without such technology we would die
Most of us would die, because we could not sustain our current population without this infrastructure. As far as I know we've relied on technology to one degree or another since the first proto-human killed prey with a spear or club.
In terms of "the grid", I don't know how that is defined, but even Greek sized city-states would not have survived without significant civil infrastructure and specialization. Even a small town would collapse in this day without it even if
Re: (Score:2)
It's not about the infrastructure vanishing, never to return. It's about the infrastructure vanishing, and not coming back for days, even a couple of weeks.
If you live where hurricanes are common, you already deal wit this - but there are warnings ahead of time. If you live where heavy snow can take everything down, you already deal with this. If you're Mormon (and observant), you're already ahead of the game with 1 month's supplies.
Given the vulnerability of the grid, it's time for everyone to come up t
Re: (Score:2)
We're talking here about malicious actors taking out specific utilities, or perhaps several, using software exploits, not the collapse of civilization. In the latter case, what you really want is a neighbor who has saved up everything you need, but is strongly anti-gun.
Re: (Score:2)
weaponize and use an extremely virulent disease
Movie plot threat.
hacks their way into a nuclear power plant's control system and causes a meltdown
The reactor wouldn't be contributing to the grid again, but power would certainly be back fast enough - worst case with rotating blackouts during high demand times.
Relying on other people to keep you alive in an emergency is silly.
Unless civilization collapses, "other people" will be working to restore normality - aside from the selfish ones hiding in their bunkers. If civilization collapses, "other people" are all that matters, as threats, victims, food, whatever.
Re: (Score:3)
And where does your water come from? Did you dig your own well and install a hand pump in order to get the water out of it? Do you have your own purification system that you can power yourself, or a massive supply of purification tablets?
Because if you didn't, you are relying exclusively on the grid to stay alive as well. See: Post-Katrina New Orleans.
Re: (Score:2)
Those machines aren't using Apple software nor hardware. They aren't generally connected to the Internet (I guess that's what was meant by grid?) and if they do they have extensive firewalls ensuring that the core functionality is always available.
Re:Since when... (Score:5, Interesting)
Re: (Score:2)
That's what judges are for. If you don't trust your judges, then that's what needs the fixing.
Re: (Score:3)
Judges decide who is allowed to legally look at things.
Which is irrelevant to my question, since my question is more about who is going to be able to ILLEGALLY use the backdoor.
Or are you one of those people who think that the government can invent a flawed encryption scheme that is literally impossible for someone else to abuse?
Note, by the by, that your solution can be implemented by skipping the backdoor and making all encryption illegal. After all, the Judges can keep the government from abusing the
Re: (Score:2)
I said nothing of a back door. I said a judicial order to grant access.
Re: (Score:2)
That exists now, so problem solved, right?
Re: (Score:2)
People do not understand that Mathematics is pretty absolute. Well, lets hope some small country somewhere mandates backdoors and a while later they cause a complete collapse of their economy by that. Without a catastrophe to point to, most people are too limited to understand even basic things.
Re: (Score:2)
People do not understand that Mathematics is pretty absolute.
Including yourself.
Re: (Score:2)
Pathetic.
At least I will have the satisfaction that you will never amount to anything. Those unable to learn will repeat their mistakes endlessly.
Re: (Score:2)
We have this everywhere. My home is protected from police entry, until there's reason to make an exception.
Not quite. The police have the ability to obtain a warrant from a judge to bug my home. But if I happened to tell someone, in my own home, something to the effect of "let's go blow up the bombs next weekend," neither the police nor the courts can force me to admit I ever said that. That speech is protected, forever, via the Fifth Amendment to the US Constitution. So there's one exception that disproves your rule.
Re: (Score:2)
That "you" are never forced to "admit" anything, has no bearing on someone collecting evidence, be it a note on your desk, or a note in your phone. If you record it, it's subject to a judicial order.
Re: (Score:2)
Re: (Score:2)
"should". bullshit. that's exactly what a judicial order is for.
Re: (Score:2)
Re: (Score:2)
What you write down onto a piece of paper ain't covered. You created the record. That record is evidence. I don't care if it's in english, ascii, or cipher. judicial order is for evidence, behind any kind of key.
Re: (Score:2)
Re: (Score:2)
You're missing the part of the judicial order. a judge decided that you should be forced to give it up. that's all that matters. no law or right should ever be absolute without exception always and forever. if you don't trust your judge, appoint someone else to make exceptions. either way, exceptions must always be possible in any reasonable system.
Re:Since when... (Score:4, Insightful)
The entire point of the 5th Amendment is that the government cannot compel action from you needed to incriminate yourself. That right should, indeed, be absolute without exception always and forever.
A warrant means the 4th Amendment is satisfied. The government can do what they like with that piece of paper
xceptions must always be possible in any reasonable system
BS. A reasonable system protects me from the government absolutely, requiring the government to work around that as best they can. There's no "except" in the Bill of Rights, aside from the warrant exception in the 4th. We keep punching unconstitutional holes in it because we're scared, or, rather, because tyrants leverage the fear of the people to incrementally strip their rights. You're helping them do that. Right now. You should be ashamed.
Re: (Score:2)
Your country is not mine, Sir. I'll remind you that your constitution says no such thing -- you had to ammend it thusly.
Re: (Score:2)
But if you say I was dabbling in the occult and wrote that while in a trance and I don't know what it says, they can't do anything about it. Just like with cryptography.
In other words, there's nothing new here.
Re: (Score:2)
You're asking for the impossible. Either the encryption can hold the police out or it will also let the crooks in. If every door had to have a single master key held by the police, how long do you suppose it would be before criminals obtained a copy of that one very powerful key?
Re: (Score:2)
The NSA can still work out who is chatting, who looked at site, video, what location, track the hops to friends of friends of friends.
The content of the message might be encrypted along the path but each end it of the Apple network is plain text again.
If a person is reading the message on a screen, so are the security services thanks to a consumer grade device been trusted and telco netwo
Re: (Score:2)
No, it requires a judicial order to be respected. The lock on my front door needn't have a bypass. You can just kick in the entire door.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I didn't say backdoor. You said backdoor. Try again. I said judicial order -- hand over the key.
Re: (Score:2)
Re: (Score:2)
I don't have it anymore.
You seem to not understand the whole damned debate. Judges already have the ability to order you to open a safe, hand over papers or decrypt a message if you are able. They cannot order you to hand over proof of alien life for example if you don't already posses it.
That has been the case for centuries now. The debate is over very hard to break encryption. Some law enforcement is pressing to mandate that all encryption can be decrypted without the owner's cooperation. In other words,
Re: (Score:2)
I don't have my tax receipts anymore. I'm obligated by law to keep them for 7 years.
So the law that you want is very simply for the court to prove that you do indeed have it, and that you were obligated to keep it. So, here's the simple law: you are responsible for keeping your phone's crypt key safe and accessible, and be able to produce it within 24 hours of an order -- you know, just like my drivers' licence.
So, then a judge demands it -- presumably for reasonable reasons -- and you must produce it. Y
Re: (Score:2)
So you wish to turn one of the most common reasons for calling IT support, forgot my password, into a felony? I guess we'll bump littering will get you the chair.
Meanwhile, I encrypt random thing and email it to you attached to a spam. BAM! You're a felon. Get a concussion, BAM you're a felon. Cop fat fingers your phone and corrupts the data so it won't decrypt even with the password, BAM you're a fellon. Cops lose/destroy the index card with the password on it when they toss your home, BAM you're a felon.
A
Re: (Score:2)
If I invent a language that only I know, surely you wouldn't expect that I should have to register a translation guide with the local police?
Re: (Score:2)
I didn't say backdoor. You said backdoor. I said judicial order means you open the door for them.
Re: (Score:2)
Think safe-deposit box. They are given authority to force the bank to open it. Or to force you to open it. Or to imprison both you and the bank manager.
Re: (Score:2)
Re: (Score:2)
but you do have the key to yoru phone. and a judge must be able to compel you to give it up. because no law can be absolute without exception. if you don't trust your judge, then appoint someone else to decide such exceptions. but no matter what, exceptions must be possible.
Re: (Score:2)
but you do have the key to yoru phone. and a judge must be able to compel you to give it up. because no law can be absolute without exception. if you don't trust your judge, then appoint someone else to decide such exceptions. but no matter what, exceptions must be possible.
That is not factually true. See Judge Orenstein's order [epic.org] that Apple should not be able to force to unlock a defendant's phone when the defendant would not do so. It's somewhat obvious you haven't read any case files or you'd know how badly you misconstrued the law.
Re: (Score:2)
I didn't say backdoor. I would never say backdoor. I said judicial order.
Re: (Score:2)
Please stop spouting nonsense. Your "judicial order" isn't worth the electrons it's printed on without some kind of backdoor to bypass the encryption. Issue all the "judicial orders" you want—without a backdoor built in to the system beforehand the information will stubbornly remain encrypted.
Re: (Score:2)
...and you get imprisonned for the felony of not handing over the key. that's just fine.
Re: (Score:2)
Re: (Score:3)
Pretty sure iPhones aren't considered part of 'the grid' except maybe in the minds of Apple fanatics. Pretty sure iPhones depend on the grid-not quite the same thing as being part of the grid.. If you rely on public transit, that doesn't make you a bus driver.