Senator Tom Cotton Slams Apple CEO Tim Cook For Protecting User Privacy; Demonstrates Pure Ignorance Of The Law

from the this-is-who-we-elect? dept

As you may have heard, last night Apple CEO Tim Cook was on 60 Minutes. The overall story really wasn’t all that insightful for anyone who’s been following Apple for any length of time, but what got a lot of attention was Tim Cook reiterating his position on protecting the privacy of Apple users through encryption. Here’s basically the entire exchange:

Charlie Rose: In the government, they say it’s like saying, you know, you have a search warrant, but you can’t unlock the trunk.

Tim Cook: Here’s the situation is on your smartphone today, on your iPhone, there’s likely health information, there’s financial information. There are intimate conversations with your family, or your co-workers. There’s probably business secrets and you should have the ability to protect it. And the only way we know how to do that, is to encrypt it. Why is that? It’s because if there’s a way to get in, then somebody will find the way in. There have been people that suggest that we should have a back door. But the reality is if you put a back door in, that back door’s for everybody, for good guys and bad guys.

Charlie Rose: But does the government have a point in which they say, “If we have good reason to believe in that information is evidence of criminal conduct or national security behavior?”

Tim Cook: Well if, if the government lays a proper warrant on us today then we will give the specific information that is requested. Because we have to by law. In the case of encrypted communication, we don’t have it to give. And so if like your iMessages are encrypted, we don’t have access to those.

Charlie Rose: OK, but help me understand how you get to the government’s dilemma.

Tim Cook: I don’t believe that the tradeoff here is privacy versus national security.

Charlie Rose: Versus security.

Tim Cook: I think that’s an overly simplistic view. We’re America. We should have both.

Same basic stuff he’s said before. Nothing new. Nothing controversial. But grandstanding Senator Tom Cotton apparently flipped out about it and pushed out a statement that shows a rather stunning ignorance of the law.

“Apple is a distinctive company that has improved the lives of millions of Americans. But Tim Cook omitted critical facts about data encryption on 60 Minutes last night. He claimed that Apple does not comply with lawful subpoenas because it cannot. While it may be true that Apple doesn’t have access to encrypted data, that’s only because it designed its messaging service that way. As a society, we don’t allow phone companies to design their systems to avoid lawful, court-ordered searches. If we apply a different legal standard to companies like Apple, Google, and Facebook, we can expect them to become the preferred messaging services of child pornographers, drug traffickers, and terrorists alike–which neither these companies nor law enforcement want. Our society needs to address this urgent challenge now before more lives are lost or shattered.”

Of course, Senator Tom Cotton apparently didn’t bother to read the actual law dealing with the issue of “assistance capability requirements” because, among other things, it says:

A telecommunications carrier shall not be responsible for decrypting, or ensuring the government?s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.

So, yes, as a society we do allow companies to design their systems with encryption. It’s in the law.

And there’s a good reason why we do that. Because it makes everyone safer. Again, the idea that this suddenly creates a “going dark” problem where “child pornographers, drug traffickers, and terrorists alike” are able to hide out from the law is a massive exaggeration — which is why the government has still failed to show any real examples of it being a serious problem. Even with encryption, people engaged in illegal behavior leave plenty of other evidence. Even with encryption, basic detective work can usually track down those responsible. Even without encryption, people have always been able to communicate in ways that defy warrants and surveillance orders (e.g., talking in person or writing in code).

The whole idea that this is a big problem is wrong on multiple levels. First, the “problem” is barely a problem at all. Second, those who are attacking encryption, like Senator Tom Cotton, don’t seem to have the first clue about how much encryption protects everyone and makes us safer from the actual threats that people face.

Filed Under: , , , ,
Companies: apple

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Senator Tom Cotton Slams Apple CEO Tim Cook For Protecting User Privacy; Demonstrates Pure Ignorance Of The Law”

Subscribe: RSS Leave a comment
47 Comments
Chuck says:

Lead by Example

So Senator Cotton doesn’t believe in encryption? Fine, he should lead by example.

Senator Cotton, access your email via public wifi without encryption, chat with your family without encryption, and do your online banking on sites without encryption. I give it 2 weeks before we have pictures of a mistress, we find out your wife is cheating on you, and you’re 9 trillion dollars in debt.

Or we could just agree that catching terrorists should be done the same as catching any other criminal – under the law, with a warrant, not in secret, and as a CRIME, not some strange class of extra-judicial quasi-war thing we don’t even have a word for.

Lead by example, Senator. If you aren’t willing to do that, keep your poorly thought out ideas to yourself.

John85851 (profile) says:

Re: Lead by Example

I give it 2 weeks before we have pictures of a mistress, we find out your wife is cheating on you, and you’re 9 trillion dollars in debt.
This is a mild example. I was going to say that without encryption, we’d find his iMessage texts to underage boys about gay porn.
And why is it that so many legislators who think they’re “crusaders” are always hiding some kind of sick secret like this?

Uenu (profile) says:

I still think these politicians should be the first ones to take their own medicine. If they want encryption to be banned, or severely crippled, they should be the first ones to access their financial data, or anything else, strictly over HTTP or Telnet, no HTTPS or SSH allowed. Unrealistic, but their data at those institutions should also be stored unencrypted and easily obtainable, since encryption is so bad and evil.

Completely unrealistic I know, and would likely lead to more of a “class” system. Where politicians and the elite are allowed to have encryption, security and privacy, while the rest of the serfs only get to use weak, or no, encryption.

crade (profile) says:

I love how everyone acts like encryption is a new thing made up and controlled by Apple and Google, like we haven’t been dealing with it as long as people have been communicating at all.

Does anyone really think backdooring our encryption would make any difference toward their stated goal? Lets assume a law is passed and every U.S. company instantly gives (lets arbitrarily pick) the U.S. government and only the U.S. govt a backdoor into their encryption.. Even if this is magically perfect and the backdoor isn’t discovered 2 days later by hackers, what scenario doesn’t have some app made in China/Russia/wherever without this law take over as the preferred communication standard for anyone willing to make the effort?

Is this law supposed to cover the scenario where the terrorists are restricted to U.S. communication devices, are also are too lazy to install something secure on them, and lastly still choose to use these devices rather than a secure method to send critical messages to each other knowing there is a law to ensure they can be read by the U.S. govt?

Anonymous Coward says:

If the reason that encryption must be broken is due to safety, and the government is leading the charge here, then you would think that they must have a fantastic track record, where they can intelligently discuss HOW to safely break encryption without compromising security.

But they don’t. Ask anyone of the 21.5 million folks affected by the OPM data breach. The government can’t even safely secure the data it has, yet it has no problem telling Apple how to do so?

To mirror Chuck’s comment – lead by example, and prove YOU can safely work with a compromised encryption system FIRST.

Anonymous Coward says:

“…we can expect them to become the preferred messaging services of child pornographers, drug traffickers, and terrorists alike”

Mr. Cotton forgot to include the Fourth Horsemen of the Infocalypse, Serial Killers. Now his prophesy about internet technology bringing about the end of world as we know it, is complete.

https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalypse

Anonymous Coward says:

Re: Re:

…If the terrorists can’t get phones, problem solved right?…

Good terrorists (sic) don’t obtain cel phones; they let their assistants who won’t be part of any operation carry the phone(s). All the ‘juicy’ communications are face-to-face; any cel phone or email use usually is just to set up meetings.

Ed Allen says:

Re: why the law was quoted

Because he said we do not allow telecommunications companies to sell encryption that they cannot decrypt in
response to a warrant ?

Turns out that the law in question specifically says they are allowed to instead of forbidding them.

Oh, that warrant includes some “reasonable suspicion” language does it not ?

Why can’t LE pursue that instead of wanting a written confession via a decrypted phone ?

In other words, “Go back to doing your job instead of looking for an easy out.”

Anonymous Coward says:

Re: Re:

Because Senator Cotton was saying that telecommunications carriers are responsible for decrypting communications on their networks.

… and the quote clearly states that they aren’t. Particularly the part that says “and the carrier possesses the information necessary to decrypt the communication.

Despite Senator Cotton’s claim otherwise, Apple is squarely within the standard that telecommunications companies are held to.

Anonymous Coward says:

Re: Re: Re:

No. Apple is not a telecommunications carrier. They are a hardware manufacturer and software corporation.

“Because Senator Cotton was saying that telecommunications carriers are responsible for decrypting communications on their networks.”

No, he didn’t. That’s not what he said at all.

He said this:

“we don’t allow phone companies to design their systems to avoid lawful, court-ordered searches.”

Which is true. As stated in the law:

“A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt… unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.

Mike Masnick’s article is completely incorrect, as is your response to it. Nice work, everybody.

Mike Masnick (profile) says:

Re: Re: Re: Re:

You appear to have trouble with basic reading comprehension. The law is clear that if you supply encryption where the company does not have the key, then you do not have to help decrypt it. That’s EXACTLY what Apple is doing here. It does not have the information to decrypt it.

The law makes it clear that telcos don’t have to build backdoors into their encryption systems. Cotton is wrong.

And so are you.

That One Guy (profile) says:

Re: Re: Re:3 Re:

Hit enter too soon…

And if you’re arguing that the law shouldn’t be applicable at all, because ‘Apple isn’t a telecommunications carrier’, then have fun coming up with the justification for why telecommunications carriers are not forbidden to implement encryption on their services, but other companies are.

The law not only allows telecommunications carriers to implement encryption that they cannot themselves break, it forbids law enforcement from requiring them not to, and if it applies to those that supply the services that carry the communications, then I see no reason why it shouldn’t also apply to those that sell the devices used for communications.

Mike Masnick (profile) says:

Re: Re: Re:3 Re:

You have trouble writing.

Reading comprehension is really not your strong suit. What I wrote is perfectly clear. But since you’re apparently a bit slow, let’s spell it out for you.

1. Apple says it cannot decrypt its encryption because that’s impossible.
2. Senator Cotton says we don’t allow “phone companies” to build encryption that can’t be decrypted by third parties, so we shouldn’t allow Apple to do so.
3. I point out the law that shows we DO allow phone companies to build encryption that can’t be decrypted by 3rd parties, showing that Senator Cotton is wrong.

As previously pointed out, Apple is not a telecommunications carrier.

Senator Cotton used “phone companies” as his example. I pointed out that phone companies are allowed to make encryption products. How hard is that for you to understand?

So your boneheaded application of a law that has nothing to do with Apple makes you look like the truly silly person you are.

Try looking in a mirror. Senator Cotton was talking about what the law says for phone companies and suggesting we should apply the same law to Apple. So the relevant standard is what it says for phone companies.

Wanna apologize now? You’re wrong.

Mike Masnick (profile) says:

Re: Re: Re:2 Nope

The quite you highlighted actually doesn’t forbid the carrier to encrypt communications. It only states that if he doesn’t, or if he can decrypt them, only them is he forced to provide them decrypted in answer to a warrant.

Right. That’s the point. Cotton claimed that the law forbids telcos from using encryption that they can’t decrypt. But the law actually says the exact opposite.

We got it right.

Anonymous Coward says:

“If we apply a different legal standard to companies like Apple, Google, and Facebook, we can expect them to become the preferred messaging services of child pornographers, drug traffickers, and terrorists alike…”

Hardly. Any competent-minded individual who doesn’t allow his/her thought process to be guided by headlines has come to the accurate determination that these companies share data, wholesale and under the table, with the federal government, all the while pushing the illusion they’re at odds with each other in the press. They WANT you to trust Apple (et all) with your data, while they peruse it at their absolute leisure – a scenario they enjoyed more so prior to Snowden, but not so much now, thanks to him. What you see in the press currently is a feverish attempt to reestablish that former status between these unholy alliances (face it, when you’re joined at the hip with the federal government, and lying through your damn teeth to cover it up, that’s a fairly accurate label).

Steve (profile) says:

Governments world wide now seem paranoid that their citizens believe they can communicate without being monitored. Its not so much that they want to know, but rather that they want YOU to know they are watching & thereby control what you say & think so citizens will be reluctant to rise up.
We are as much a victim of the false War on Terror, as those being bombed & killed by drones around the world to extend the empire.

Anonmylous says:

So when we break encryption...

Will the government be liable for my emptied bank accounts? Encryption is necessary for online shopping, bill paying, and banking and protecting my financial details en route between me and the websites I am dealing with. Making a way for encryption to be easily broken means my money is far less secure. Someone has to be held responsible for this.

Will the government finally simply end copyright entirely? HDMI, QAM, AACS and many other encryption algorithms are used by multiple tiers of content providers such as cable providers, movie makers and more. Since bypassing encryption will be mandated by our government, making it much more trivial to bypass for everyone, are we simply going to end copyright in our country since now anyone will be able to copy and share anything, anywhere in the world?

Will the Government end its war on Child Pornography? Encryption protects the wifi available not only in many public places, but also in our homes too. Since an IP address used by someone to view or download or share such things will be completely useless once encryption has been compromised fully and anyone can use any wifi access point available, are we simply going to stop going after them?

Will you personally be held responsible for the rise in car thefts once encryption has been compromised and the transmission between your keyfob and your car is much more easily hacked?

Encryption is literally everywhere in our society now. This is the part many of the proponents of surveillance both understand and yet fail to understand. Its not just in your cell phone and on your computer. Its in your car, your cable box, your TV, your alarm panel, your workplace doors, your xbox and playstation, your satellite stereo, your medical devices, your vehicle control systems, and so many more things I really have trouble singling them out. Calling for a weakening of encryption is like advocating a return to the stone age. It SHOULD be damned hard to crack it, but it should be so difficult only a Government could afford to reasonably do so.

We spent hundreds of years encrypting by hand, and breaking those ciphers. Its always been a catch-up game for the governments of the world. It always will be. And it should be. Breaking encryption is not something the government should be advocating, its something the government should be silently doing in the background.

That’s how Dad did it.
That’s how America does it.
And its worked out pretty well so far. The only real problem is that the NSA et al got caught with their hands in the cookie jar. Which, if they’d not been violating our own citizen’s rights by hoovering up such massive amounts of data, would have been much less of a problem. There is nothing to fix about Encryption. There is plenty to fix about government entities running out of control and violating the Constitution. Fix that first.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...