Tim Cook: A Message to Our Customers

Discussion in 'privacy general' started by mirimir, Feb 17, 2016.

  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,024
    https://www.apple.com/customer-letter/
     
  2. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    Yes, following this with great interest.

    From a technical perspective, I think it illustrates the ultimate problem with using short pins (4 long is what I read) plus biometrics. Strong 2FA is not based on biometrics, either for security or privacy.
     
  3. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Something doesn't feel right about this phrase. If you encrypt some data, there is no possibility for an attacker that holds the encrypted message to somehow circumvent the encryption by using another piece of software (they can try breaking the encryption itself, of course). If such a method/software exists, that means the data in question was not properly encrypted in the first place.
     
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    It's unclear what is meant. Perhaps upgrading the iOS to the altered new version could bypass the screen lock? I don't think they're going to tell us more :ninja:
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,024
    Right, one would expect that devices can't be "upgraded" while they're locked and encrypted. But I don't think that Tim Cook is admitting that this can be done. He's arguing that Apple shouldn't be forced to try.
     
  6. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    From what I read from the court request, the "upgraded" version of iOS was supposed to get rid of delay and lockout features to allow brute-forcing of the 4-character pin, though that's hardly brute forcing.

    Reputationally, and from a future sales perspective, the damage is large if they are forced to do this (and are technically able to do so), and I don't imagine they'll be reimbursed for that pain.

    Of course, they could respond by issuing upgrades to iOS that make it impossible to upgrade unless the pin is entered correctly (if it is the case that you can do so now). The drawbridge would well and truly be up if that were done.

    There's a lot about what is being asked for which makes little sense from the perspective of follow-up, because presumably the NSA and FB etc. will have trawled through online accounts already. That only leaves data confined to the phone being hidden. It makes much more sense as a Comey ploy to advance his agenda.
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
  8. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
  9. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,125
    I'm afraid that this noble stance by Tim Cook is only theatrics, the Iphone already is a tracking device merrily carried by millions of happy and naive citizens.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,024
    Well, there is that. True for all smartphones. And Android is even worse.

    There's also the fact that ~60% of iPhones are backed up to iCloud, and Apple has keys to decrypt.
     
  11. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    I would also consider the questions raised when Apple bricked devices that did not have the screen replaced at an Apple store. Apple claims this is to mitigate a vulnerability and that only Apple can repair the screen with the phone. It raises the question whether it is possible to replace the screen with a modified screen designed to aid in access to the phone.
     
  12. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,513
    Location:
    USA - Back in a real State in time for a real Pres
    Really only 60%? I'd guess it's much closer to 99%+ of all US based iphones being backed up to the cloud. Seriously I'd be shocked if less than 90% are backed up to the cloud.
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,024
    I thought that I saw that estimate on Hacker News, but now I can't find it. Maybe it was in one of the articles that I've read about Cook's letter.
     
  14. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,235
    No it's not. If the home button is changed then the fingerprint scanner is disabled.

    Have a look at the post from Jessa Jones which oges into detail about this, in reply to an article at PCMag:
    http://au.pcmag.com/apple-pay/42065/opinion/how-apple-missed-the-boat-on-error-53
     
  15. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    It may be that 99% of users have iCloud backup turned on, but: (a) the terrorists and those with a criminal inclination are likely within the 1% that know turn it off; and (b) not all iPhone content may necessarily be backed up even if enabled. For example, we don't really know what it is that the FBI is looking for.

    Is it really the contact list, the calendar, photos, and music playlists? Sure those can be backed up to iCloud, but only the contact list seems especially insightful. Could it be that maybe what the FBI wants is some internal metrics like recent calls received or placed (although this likely can be gathered from cellular provider), internal GPS information (i.e. where the phone has been), etc? Its possible that the most of forensically valuable info (other than contact list) is not likely backed up to iCloud, unless they are wanting to see if the San Bernardino Pakistani wife had a selfie with Osama Bin Laden from 8 years ago on there. ;)

    Also, I agree that modern smartphones can be powerful government tracking and privacy invasion devices, but that doesn't necessarily make Apple's stance hypocritical. Apple is trying to protect the content on the phone, not stuff like calls made or current GPS location... which the government already has access to through Verizon and AT&T. Honestly, the more I think about it, I just don't see much practical value in what the FBI expects to find on the phone that they don't already have.

    The FBI wants this custom FBiOS that does away with manual passcode entry, induced 'wrong guess' delays, and the potential lockout associated with brute-forcing the phone... as well as some other detailed voodoo having to do with Secure Enclave. They claim its just for this one phone. But that's sort of like telling a girl to go ahead and post a naked selfie ("no one will know")... but once its out there... its out there. You know someone malicious would get ahold of this tool somehow and use it for their own purposes.

    I just don't see that the tactical / forensic value to be gained in this one case... is worth the risk to everyone else's personal privacy.
     
  16. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    @Alec - "I just don't see that the tactical / forensic value to be gained in this one case... is worth the risk to everyone else's personal privacy."

    In a way this is the nub of most of the privacy landscape we face. Different organisations and interests have different motives and rewards in doing what they do regarding surveillance and privacy, and are indifferent or hostile to the cost to other groups. Rather clearly, Apple's commercial interests are badly harmed here because they are a global company. More generally, this has led to the rise of the rent-seekers and lobbyists, to the obvious detriment of the population (who are "just" the product).

    Meanwhile, the uncle of murdered Lee Rigby has criticised Apple's stance as reported by the BBC:

    http://www.bbc.co.uk/news/technology-35595840
     
  17. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,513
    Location:
    USA - Back in a real State in time for a real Pres
    I'm by NO means a crapple fan boy. But I'd bet crapple could publicly cave to the *** & their sales wouldn't be off by 1%. In other words 99%+ people are sheep. And who knows this could just be a show for the public & been already settled in private.
     
  18. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    @zapjb - indeed, the various interests are sometimes congruent, sometimes opposed, and in any case, you certainly cannot believe their public pronouncements anymore, trust is pretty much in the pits. I think I'd bet around 70% on the scenario you outline. In a longer-term way that's good though, because there are different providers in different jurisdictions that will benefit and provide us with more alternatives.
     
  19. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Maybe the FBI doesn't know either? Maybe they simply want to feel confident that there isn't anything else of value RE understanding what happened and possibly stopping future events?
     
    Last edited: Feb 18, 2016
  20. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,513
    Location:
    USA - Back in a real State in time for a real Pres
    Short of a *** screensaver nothing will deter folks from buying their products. Other than the usual market concerns. Heck a public fight will probably jump up their sales a bit.
     
  21. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    Yeah, I agree zapjb... I don't see this as a huge sales driver for Apple one way or the other. Even if they give the FBI what they want, sales aren't likely to tank due to it.

    Also, I want to say that I'm not a diehard "privacy rights trump all" kind of guy. I don't have a problem with the FBI and NSA collecting phone metadata from the phone companies, as to me... the calls you make *are* in the public domain because you are using an essentially public service to conduct the activity (phone companies are private entities but are publicly regulated because society has deemed them essentially a public service).

    However, in this case, the FBI is wanting on to a phone itself. The data you put on there is yours. If you have iCloud backup & Photostream turned off, then those contacts & photos are purely yours. If the FBI can get the data from the iCloud servers then so be it. I'm fine with that also, as that again is like a public service, imho. To me it's sort of like "attorney / client" privilege... your conversations with your attorney are private, BUT if you talk with your attorney in a public fashion or in front of someone that is not part of the privileged relation, then you can't claim "attorney / client" privilege anymore.

    And, really, it doesn't matter too much to me personally. I don't have naked selfies or incriminating photos or contacts with terrorists or pedophiles on my phone. However, I just believe there is a line to be drawn somewhere, and for me the FBI is sort of crossing the line in this case.
     
  22. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,954
    Location:
    DC Metro Area
    "John McAfee Offers To Hack Terrorist's iPhone For FBI"

    Stoty Here: http://www.huffingtonpost.com/entry/john-mcafee-fbi-iphone_us_56c62bbee4b0928f5a6b3f7f

    Classic Mcaffee Quote from Article:

    "And why do the best hackers on the planet not work for the FBI? Because the FBI will not hire anyone with a 24-inch purple mohawk, 10-gauge ear piercings, and a tattooed face who demands to smoke weed while working and won't work for less than a half-million dollars a year," he wrote. "But you bet your ass that the Chinese and Russians are hiring similar people with similar demands and have been for many years. It's why we are decades behind in the cyber race."

    .
     
  23. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    That's funny! :) And maybe somewhat true as well. Does John McAfee have a credible hacking team?
     
  24. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,513
    Location:
    USA - Back in a real State in time for a real Pres
    Awesome awesome quote. ~ Removed off Topic Remarks ~
     
    Last edited by a moderator: Feb 19, 2016
  25. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    879
    Location:
    Triassic
    Isn't Apple compelled to comply with the court order anyway? They can appeal it, but if they lose the appeal they have to unlock the phone. I can not see Cook or any Apple Executive willing to go to jail over this.

    If the terrorists entered a random 11-digit passcode, it would be impossible to unlock the phone in less than 2 centuries. Many believe that Apple already has the ability to unlock this phone, so it is not a matter of writing a backdoor to get it done. If the industry believes that, then the FBI believes that.
     
Loading...