Apple Angers FBI By Offering More Privacy And Security To Users
from the oh-no-the-government-is-feeling-ways-about-stuff dept
Apple has always been a market leader in user security. Things haven’t changed, no matter how much the FBI wishes/litigates. What’s most important to Apple is that users can trust it to keep their personal info and communications private and secure. What’s most important to federal law enforcement agencies — pretty much just the FBI at this point — is on-demand access to data stored in Apple devices.
Apple has been a target of hackers for years. Many of these hacking attempts are performed by government agencies. Israeli malware manufacturer NSO Group was sued by Apple for targeting its users with extremely powerful malware capable of completely compromising devices. The FBI hasn’t hacked phones, but it has spent a considerable amount of time in court trying to secure precedent that would force the company to decrypt devices. And it has spent just as much time allowing its directors to say stupid things about encryption while angling for backdoor-friendly legislation, despite others in the agency offering much more rational statements on the subject.
The NSO Group hackings prompted changes from Apple to protect users from the long list of malicious governments the tech firm sold to. Some more improvements have arrived, says Apple in its post to its Newsroom.
Apple today introduced three advanced security features focused on protecting against threats to user data in the cloud, representing the next step in its ongoing effort to provide users with even stronger ways to protect their data. With iMessage Contact Key Verification, users can verify they are communicating only with whom they intend. With Security Keys for Apple ID, users have the choice to require a physical security key to sign in to their Apple ID account. And with Advanced Data Protection for iCloud, which uses end-to-end encryption to provide Apple’s highest level of cloud data security, users have the choice to further protect important iCloud data, including iCloud Backup, Photos, Notes, and more.
All good things for Apple customers. But it’s the last one — the end-to-end encryption of iCloud data — that is raising the almost always erect hackles of the FBI. Earlier this year, Apple introduced “Lockdown Mode” in response to NSO malware deployments — a feature that allowed users to block messages with attachments (a common attack vector), preventing phones from previewing web links, and (to the chagrin of phone search device manufacturers) disabling wired connections to other devices.
This goes even further. One way to get around device encryption was access to iCloud data, which was often not encrypted, much less at both ends. That option will be disappearing as Apple continues to roll this out to all users. There’s still time for exploitation by government agencies, but the window is closing rapidly. Here’s Joseph Mann of the Washington Post with the details:
The encryption option will be available for public software testers immediately, for all U.S. customers by year’s end, and for other countries starting next year, Apple said. It added that it might not reach every country by the end of 2023.
All this should mean is that Apple is taking the lead in user security and privacy. This effort protects users against malicious hackers, whether they work the government or for themselves. This is the sort of thing law enforcement should embrace, because it means a lot of criminal acts will be thwarted.
But the only thing it means to the head of the FBI org chart is that Apple wants law enforcement to fail. And the FBI is definitely going to take this personally since it’s the agency’s anti-encryption bullshit that has partially prompted this change.
Apple had intended to introduce fully encrypted iCloud storage many years ago, according to FBI agents and Apple employees at the time. The FBI objected, and Apple shelved the idea rather than face a public fight.
Instead, it picked specific categories of data that would be walled off from outside prying, including passwords and payment and health data. Now, everything can be stored securely except for email, calendar and contacts functions that need to interoperate with multiple providers.
Apple met the FBI halfway. The FBI wasn’t satisfied with the compromise. Instead, its directors spent years claiming Apple allowed criminals to escape justice and made the nation less safe and secure. But the FBI’s leverage is still nonexistent, despite all the time it’s wasted fighting the inevitable.
Here’s what I said when Apple introduced its “Lockdown Mode:”
Expect the FBI to take the lead on the complaining.
The FBI didn’t say much about that mode, but it is first in line for criticizing the encryption of iCloud content.
Late Wednesday, the FBI said it was “deeply concerned with the threat end-to-end and user-only-access encryption pose.”
“This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime and terrorism,” the bureau said in an emailed statement. “In this age of cybersecurity and demands for ‘security by design,’ the FBI and law enforcement partners need ‘lawful access by design.’”
This statement was followed by zero statements from any other law enforcement agency located in the United States or elsewhere in the world. The FBI is the old man in the bathrobe, yelling angrily about kids cutting across its lawn before ducking back inside to peer suspiciously through the blinds at the foreigners living down the street. The FBI has zero credibility on the encryption issue. It has spent four years refusing to correct its overstatements on encrypted devices in its possession. Successive directors have beclowned themselves by proclaiming a solution that keeps encryption secure while allowing at-will law enforcement access is only a nerd or two away from reality.
When it bitches about this latest Apple rollout, the FBI is showing nothing but its disdain for the privacy and security of millions of phone users. The FBI is unable to see that what it wants is impossible to deliver. But that won’t keep it from complaining about reality every chance it gets.
Filed Under: cloud encryption, encryption, fbi, icloud, imessage
Companies: apple
Comments on “Apple Angers FBI By Offering More Privacy And Security To Users”
Government Agent: If you have nothing to fear, you have nothing to hide.
Regular Jackoff: Then what’s your Social Security number?
Agent:
Jackoff: That’s what I fucking thought.
Re:
Agent: You thought they were actually unique and secure?
Remember the movie Big where Tom Hanks guessed a random SSN? That’s how much they were secured back in the day…
Re:
Actually it’s “If you have nothing to hide, you have nothing to fear”
But we knew what you meant 😀
Re: Re:
…and actually my favorite reply to those who trot out the old “if you aren’t doing anything wrong…” trope is “Why are there curtains on your bedroom windows?”
Which is more important, allowing the FBI to access what they want, or stopping foreign nations and hackers accessing the same user data. Pick one, as whatever the FBI can access, foreign governments and hackers can also access.
Duh
Laughing so hard I cannot see the keyboard.
Re:
OK? So when you stop clearly being able to do so, what’s the issue?
Good old fashioned police work
What happened to all the techniques on law enforcement they employed prior to computer crime?
Re:
Beating people during interrogations is generally frowned upon these days, even by conservative judges willing to hand out QI like candy at Halloween.
Re:
Same as what happened to the RIAA and MPAA when they realised they could track media sharing instead of accepting that their fans did those things as a part of doing business.
Once it’s clear that the info they want is available with minimum effort, and they can claim profit/prosecutions without the work, they want all the info.
Re:
All the old techniques (that don’t involve beating a confession out of someone) require hard work, time and effort. It also requires intellect, which law enforcement had bred out of itself in a weird reverse-darwinian self-selection. Kind of like how dogs were bred for looks that ended up extremely harmful for survival (see things like the Pekingese), law enforcement has selected for dumb ignorance and corruption.
Now, they want to just go about digital data like they do with a canine ‘search’, they want an excuse to look at anything, and hope they come up with something to justify it.
FBI
Edit: “The FBI hasn’t hacked phones” that we know of…
Re:
They’ve definitely paid people who have, and some people definitely think that “accessing data” is the same as “hacking”, so…
How will foreign governments like india ,china, saudia arabia react to this change, ? eg countrys who have scant repect for user privacy .even the uk is bringing in laws that could ban messaging with end to end encryption if the phone is being used by someone under the age of 18
But what if someone’s iCloud account commits a cyber-attack against the American people?
Re:
They already tried that angle, it didn’t work
https://www.techdirt.com/2016/03/04/san-bernardino-da-tells-judge-to-side-with-fbi-over-apple-because-iphone-may-have-mythical-cyber-weapon/
'How dare you close the window we were looking through?!'
The FBI complaining about more encryption and security is like a peeping tom, standing in a large group of other peeping toms, complaining that after they’ve spent years looking into someone’s bedroom the homeowner has had the audacity to install curtains.
Even giving the FBI the benefit of the doubt and putting their ‘we want the ability to order companies to break their encryption on-demand’ into a separate category from those finding the holes and exploiting them they’d still be the non-peeping tom watching a bunch of peeping toms and getting indignant because the homeowner was trying to block the view of those other people, which isn’t exactly any better of a look.
Advertise Harder.
I’ve been wearing my “Nerd Harder” shirt for years now; pretty disappointing that it doesn’t seem to have made any difference at all.
Wait...
Techdirt firmly informed me just recently that Apple’s privacy stance was merely performative?
The Cyberlaw Podcast is also beclowning themselves (not an unheard of occurrence) about this:
https://reason.com/volokh/2022/12/13/chatgpt-successfully-imitates-a-talented-sociopath-with-too-many-lawyers/
“In a surprisingly undercovered [?!] story, Apple has stopped pretending to care about child pornography.”