Senator Tom Cotton Slams Apple CEO Tim Cook For Protecting User Privacy; Demonstrates Pure Ignorance Of The Law

from the this-is-who-we-elect? dept

As you may have heard, last night Apple CEO Tim Cook was on 60 Minutes. The overall story really wasn't all that insightful for anyone who's been following Apple for any length of time, but what got a lot of attention was Tim Cook reiterating his position on protecting the privacy of Apple users through encryption. Here's basically the entire exchange:
Charlie Rose: In the government, they say it's like saying, you know, you have a search warrant, but you can't unlock the trunk.

Tim Cook: Here's the situation is on your smartphone today, on your iPhone, there's likely health information, there's financial information. There are intimate conversations with your family, or your co-workers. There's probably business secrets and you should have the ability to protect it. And the only way we know how to do that, is to encrypt it. Why is that? It's because if there's a way to get in, then somebody will find the way in. There have been people that suggest that we should have a back door. But the reality is if you put a back door in, that back door's for everybody, for good guys and bad guys.

Charlie Rose: But does the government have a point in which they say, "If we have good reason to believe in that information is evidence of criminal conduct or national security behavior?"

Tim Cook: Well if, if the government lays a proper warrant on us today then we will give the specific information that is requested. Because we have to by law. In the case of encrypted communication, we don't have it to give. And so if like your iMessages are encrypted, we don't have access to those.

Charlie Rose: OK, but help me understand how you get to the government's dilemma.

Tim Cook: I don't believe that the tradeoff here is privacy versus national security.

Charlie Rose: Versus security.

Tim Cook: I think that's an overly simplistic view. We're America. We should have both.
Same basic stuff he's said before. Nothing new. Nothing controversial. But grandstanding Senator Tom Cotton apparently flipped out about it and pushed out a statement that shows a rather stunning ignorance of the law.
"Apple is a distinctive company that has improved the lives of millions of Americans. But Tim Cook omitted critical facts about data encryption on 60 Minutes last night. He claimed that Apple does not comply with lawful subpoenas because it cannot. While it may be true that Apple doesn't have access to encrypted data, that's only because it designed its messaging service that way. As a society, we don't allow phone companies to design their systems to avoid lawful, court-ordered searches. If we apply a different legal standard to companies like Apple, Google, and Facebook, we can expect them to become the preferred messaging services of child pornographers, drug traffickers, and terrorists alike--which neither these companies nor law enforcement want. Our society needs to address this urgent challenge now before more lives are lost or shattered."
Of course, Senator Tom Cotton apparently didn't bother to read the actual law dealing with the issue of "assistance capability requirements" because, among other things, it says:
A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.
So, yes, as a society we do allow companies to design their systems with encryption. It's in the law.

And there's a good reason why we do that. Because it makes everyone safer. Again, the idea that this suddenly creates a "going dark" problem where "child pornographers, drug traffickers, and terrorists alike" are able to hide out from the law is a massive exaggeration -- which is why the government has still failed to show any real examples of it being a serious problem. Even with encryption, people engaged in illegal behavior leave plenty of other evidence. Even with encryption, basic detective work can usually track down those responsible. Even without encryption, people have always been able to communicate in ways that defy warrants and surveillance orders (e.g., talking in person or writing in code).

The whole idea that this is a big problem is wrong on multiple levels. First, the "problem" is barely a problem at all. Second, those who are attacking encryption, like Senator Tom Cotton, don't seem to have the first clue about how much encryption protects everyone and makes us safer from the actual threats that people face.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Chuck, 21 Dec 2015 @ 12:06pm

    Lead by Example

    So Senator Cotton doesn't believe in encryption? Fine, he should lead by example.

    Senator Cotton, access your email via public wifi without encryption, chat with your family without encryption, and do your online banking on sites without encryption. I give it 2 weeks before we have pictures of a mistress, we find out your wife is cheating on you, and you're 9 trillion dollars in debt.

    Or we could just agree that catching terrorists should be done the same as catching any other criminal - under the law, with a warrant, not in secret, and as a CRIME, not some strange class of extra-judicial quasi-war thing we don't even have a word for.

    Lead by example, Senator. If you aren't willing to do that, keep your poorly thought out ideas to yourself.

    reply to this | link to this | view in chronology ]

    • icon
      John85851 (profile), 21 Dec 2015 @ 1:03pm

      Re: Lead by Example

      I give it 2 weeks before we have pictures of a mistress, we find out your wife is cheating on you, and you're 9 trillion dollars in debt.
      This is a mild example. I was going to say that without encryption, we'd find his iMessage texts to underage boys about gay porn.
      And why is it that so many legislators who think they're "crusaders" are always hiding some kind of sick secret like this?

      reply to this | link to this | view in chronology ]

  • icon
    Angel (profile), 21 Dec 2015 @ 12:08pm

    Me: "Hey Tom Cotton Why don't you leave your front door unlocked in case law enforcement needs to get in, if they have a warrent"

    Tom Cotton: "Because that would be unsafe, than anyone could just walk in"

    Me: "Ohhhh really....."

    reply to this | link to this | view in chronology ]

  • icon
    Uenu (profile), 21 Dec 2015 @ 12:08pm

    I still think these politicians should be the first ones to take their own medicine. If they want encryption to be banned, or severely crippled, they should be the first ones to access their financial data, or anything else, strictly over HTTP or Telnet, no HTTPS or SSH allowed. Unrealistic, but their data at those institutions should also be stored unencrypted and easily obtainable, since encryption is so bad and evil.

    Completely unrealistic I know, and would likely lead to more of a "class" system. Where politicians and the elite are allowed to have encryption, security and privacy, while the rest of the serfs only get to use weak, or no, encryption.

    reply to this | link to this | view in chronology ]

  • identicon
    OnTheWaterfront, 21 Dec 2015 @ 12:10pm

    2020

    I can't wait for Tom Cotton to run for President.

    reply to this | link to this | view in chronology ]

  • icon
    crade (profile), 21 Dec 2015 @ 12:10pm

    I love how everyone acts like encryption is a new thing made up and controlled by Apple and Google, like we haven't been dealing with it as long as people have been communicating at all.

    Does anyone really think backdooring our encryption would make any difference toward their stated goal? Lets assume a law is passed and every U.S. company instantly gives (lets arbitrarily pick) the U.S. government and only the U.S. govt a backdoor into their encryption.. Even if this is magically perfect and the backdoor isn't discovered 2 days later by hackers, what scenario doesn't have some app made in China/Russia/wherever without this law take over as the preferred communication standard for anyone willing to make the effort?

    Is this law supposed to cover the scenario where the terrorists are restricted to U.S. communication devices, are also are too lazy to install something secure on them, and lastly still choose to use these devices rather than a secure method to send critical messages to each other knowing there is a law to ensure they can be read by the U.S. govt?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 12:11pm

    If the reason that encryption must be broken is due to safety, and the government is leading the charge here, then you would think that they must have a fantastic track record, where they can intelligently discuss HOW to safely break encryption without compromising security.

    But they don't. Ask anyone of the 21.5 million folks affected by the OPM data breach. The government can't even safely secure the data it has, yet it has no problem telling Apple how to do so?

    To mirror Chuck's comment - lead by example, and prove YOU can safely work with a compromised encryption system FIRST.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 12:12pm

    Sen. Cotton is a traitor to democratic values, and needs to be removed from office.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Dec 2015 @ 1:19pm

      Response to: Anonymous Coward on Dec 21st, 2015 @ 12:12pm

      Hey, even Tom Cotton needs to keep busy in between shilling for the neoconservatives

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 12:13pm

    "...we can expect them to become the preferred messaging services of child pornographers, drug traffickers, and terrorists alike"


    Mr. Cotton forgot to include the Fourth Horsemen of the Infocalypse, Serial Killers. Now his prophesy about internet technology bringing about the end of world as we know it, is complete.

    https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalypse

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 12:14pm

    The government loves simplistic analogies so much, try this: would you buy a safe which a third party can open?

    oh wait, TSA locks...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 12:25pm

    And the facts are...

    that unicorns really do exist! Because I say so!

    reply to this | link to this | view in chronology ]

  • icon
    crade (profile), 21 Dec 2015 @ 12:26pm

    I don't see why they don't just make it illegal to sell phones to people who might be terrorists. If the terrorists can't get phones, problem solved right?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Dec 2015 @ 1:37pm

      Re:

      ...If the terrorists can't get phones, problem solved right?...

      Good terrorists (sic) don't obtain cel phones; they let their assistants who won't be part of any operation carry the phone(s). All the 'juicy' communications are face-to-face; any cel phone or email use usually is just to set up meetings.

      reply to this | link to this | view in chronology ]

      • icon
        Seegras (profile), 23 Dec 2015 @ 12:34am

        Re: Re:

        they let their assistants who won't be part of any operation carry the phone

        Kind of like politicians who thing the internet is totally useless because they let their secretary do all the email, banking, reservations, shopping and so on?

        reply to this | link to this | view in chronology ]

  • identicon
    Ed, 21 Dec 2015 @ 12:36pm

    Need a new bill

    Can someone here please ask their congressman to put forward a bill that mandates a backdoor to all the NSA servers?
    Then we can sit back and watch as all the backdoor enthusiasts shift their positions.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 12:58pm

    I'm afraid I don't understand why that law was quoted, Apple Isn't a telecommunications carrier.

    reply to this | link to this | view in chronology ]

    • identicon
      Ed Allen, 21 Dec 2015 @ 1:23pm

      Re: why the law was quoted

      Because he said we do not allow telecommunications companies to sell encryption that they cannot decrypt in
      response to a warrant ?

      Turns out that the law in question specifically says they are allowed to instead of forbidding them.

      Oh, that warrant includes some "reasonable suspicion" language does it not ?

      Why can't LE pursue that instead of wanting a written confession via a decrypted phone ?

      In other words, "Go back to doing your job instead of looking for an easy out."

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Dec 2015 @ 1:57pm

      Re:

      Because Senator Cotton was saying that telecommunications carriers are responsible for decrypting communications on their networks.

      ... and the quote clearly states that they aren't. Particularly the part that says "and the carrier possesses the information necessary to decrypt the communication."

      Despite Senator Cotton's claim otherwise, Apple is squarely within the standard that telecommunications companies are held to.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Dec 2015 @ 2:41pm

        Re: Re:

        No. Apple is not a telecommunications carrier. They are a hardware manufacturer and software corporation.

        "Because Senator Cotton was saying that telecommunications carriers are responsible for decrypting communications on their networks."

        No, he didn't. That's not what he said at all.

        He said this:

        "we don't allow phone companies to design their systems to avoid lawful, court-ordered searches."

        Which is true. As stated in the law:

        "A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt... unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication."

        Mike Masnick's article is completely incorrect, as is your response to it. Nice work, everybody.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 21 Dec 2015 @ 3:39pm

          Re: Re: Re:

          "we don't allow phone companies to design their systems to avoid lawful, court-ordered searches."

          This is being said as if the law disallows the creation and sale of ultimately secure devices. It does not. Go cry some more.

          reply to this | link to this | view in chronology ]

        • icon
          Mike Masnick (profile), 21 Dec 2015 @ 5:17pm

          Re: Re: Re:

          You appear to have trouble with basic reading comprehension. The law is clear that if you supply encryption where the company does not have the key, then you do not have to help decrypt it. That's EXACTLY what Apple is doing here. It does not have the information to decrypt it.

          The law makes it clear that telcos don't have to build backdoors into their encryption systems. Cotton is wrong.

          And so are you.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 22 Dec 2015 @ 1:03am

            Re: Re: Re: Re:

            You have trouble writing.

            As previously pointed out, Apple is not a telecommunications carrier.

            So your boneheaded application of a law that has nothing to do with Apple makes you look like the truly silly person you are.

            reply to this | link to this | view in chronology ]

            • icon
              That One Guy (profile), 22 Dec 2015 @ 1:49am

              Re: Re: Re: Re: Re:

              So which is it? Are they a telecommunications carrier, in which case the law doesn't apply to them since they lack the information required for decryption, or are they not a telecommunications carrier, in which case the law doesn't apply to them at all?

              reply to this | link to this | view in chronology ]

            • icon
              That One Guy (profile), 22 Dec 2015 @ 2:09am

              Re: Re: Re: Re: Re:

              Hit enter too soon...

              And if you're arguing that the law shouldn't be applicable at all, because 'Apple isn't a telecommunications carrier', then have fun coming up with the justification for why telecommunications carriers are not forbidden to implement encryption on their services, but other companies are.

              The law not only allows telecommunications carriers to implement encryption that they cannot themselves break, it forbids law enforcement from requiring them not to, and if it applies to those that supply the services that carry the communications, then I see no reason why it shouldn't also apply to those that sell the devices used for communications.

              reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 22 Dec 2015 @ 5:49am

              Re: Re: Re: Re: Re:

              You have trouble writing.

              Idiots tend to have difficulty understanding things no matter how they are written.

              reply to this | link to this | view in chronology ]

            • icon
              Mike Masnick (profile), 22 Dec 2015 @ 6:05am

              Re: Re: Re: Re: Re:

              You have trouble writing.


              Reading comprehension is really not your strong suit. What I wrote is perfectly clear. But since you're apparently a bit slow, let's spell it out for you.

              1. Apple says it cannot decrypt its encryption because that's impossible.
              2. Senator Cotton says we don't allow "phone companies" to build encryption that can't be decrypted by third parties, so we shouldn't allow Apple to do so.
              3. I point out the law that shows we DO allow phone companies to build encryption that can't be decrypted by 3rd parties, showing that Senator Cotton is wrong.

              As previously pointed out, Apple is not a telecommunications carrier.


              Senator Cotton used "phone companies" as his example. I pointed out that phone companies are allowed to make encryption products. How hard is that for you to understand?

              So your boneheaded application of a law that has nothing to do with Apple makes you look like the truly silly person you are.

              Try looking in a mirror. Senator Cotton was talking about what the law says for *phone companies* and suggesting we should apply the same law to Apple. So the relevant standard is what it says for phone companies.

              Wanna apologize now? You're wrong.

              reply to this | link to this | view in chronology ]

        • icon
          Wyrm (profile), 22 Dec 2015 @ 9:16am

          Nope

          The quite you highlighted actually doesn't forbid the carrier to encrypt communications. It only states that if he doesn't, or if he can decrypt them, only them is he forced to provide them decrypted in answer to a warrant.

          reply to this | link to this | view in chronology ]

          • icon
            Mike Masnick (profile), 22 Dec 2015 @ 10:09am

            Re: Nope

            The quite you highlighted actually doesn't forbid the carrier to encrypt communications. It only states that if he doesn't, or if he can decrypt them, only them is he forced to provide them decrypted in answer to a warrant.

            Right. That's the point. Cotton claimed that the law forbids telcos from using encryption that they can't decrypt. But the law actually says the exact opposite.

            We got it right.

            reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 1:27pm

    Doing it for the children...

    Hey, his first argument is a brand new argument we have never heard before: Do it for the children!!! (Referencing child pornographers)

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 1:33pm

    Stupidass Cot-err I mean Senator Cotton seems to forget that law enforcement should be relying on warrants, and not loopholes - to gather information.

    reply to this | link to this | view in chronology ]

  • identicon
    Phils, 21 Dec 2015 @ 1:42pm

    If idiots like Tom Cotton were around 240 years ago then Paul Revere could have gone to jail for his "One if by land, two if by sea" code.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Dec 2015 @ 1:53pm

      Re:

      If idiots like Tom Cotton were around 240 years ago then Paul Revere could have gone to jail for his "One if by land, two if by sea" code.

      Yeah, a lot of people seem to think that encryption only began with "duh internets!"

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 1:53pm

    It's wrong to think that large corps will always represent the user's best interest, but I can't help what this current encryption debate would be like without the support of industry heavyweights like Apple and Google.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 1:57pm

    Cotton's argument does make logical sense. It doesn't mean CALEA-II would be a good idea.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 1:59pm

    >as a society we do allow companies to design their systems with encryption

    Unless they are subject to CALEA. Skype was allegedly forced to add intercept capability to their software because they interface with PSTN. IP only services are not forced to under CALEA.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Dec 2015 @ 2:01pm

    "If we apply a different legal standard to companies like Apple, Google, and Facebook, we can expect them to become the preferred messaging services of child pornographers, drug traffickers, and terrorists alike..."

    Hardly. Any competent-minded individual who doesn't allow his/her thought process to be guided by headlines has come to the accurate determination that these companies share data, wholesale and under the table, with the federal government, all the while pushing the illusion they're at odds with each other in the press. They WANT you to trust Apple (et all) with your data, while they peruse it at their absolute leisure - a scenario they enjoyed more so prior to Snowden, but not so much now, thanks to him. What you see in the press currently is a feverish attempt to reestablish that former status between these unholy alliances (face it, when you're joined at the hip with the federal government, and lying through your damn teeth to cover it up, that's a fairly accurate label).

    reply to this | link to this | view in chronology ]

  • identicon
    Personanongrata, 21 Dec 2015 @ 2:45pm

    Senator Tom Cotton "Picken Crazy" Says He Believes in Unicorns

    This just in anything that escapes the lips of senator Tom Cotton "Picken Crazy" should be disregarded with posthaste.

    reply to this | link to this | view in chronology ]

  • icon
    Steve (profile), 21 Dec 2015 @ 5:51pm

    Governments world wide now seem paranoid that their citizens believe they can communicate without being monitored. Its not so much that they want to know, but rather that they want YOU to know they are watching & thereby control what you say & think so citizens will be reluctant to rise up.
    We are as much a victim of the false War on Terror, as those being bombed & killed by drones around the world to extend the empire.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonmylous, 21 Dec 2015 @ 7:55pm

    So when we break encryption...

    Will the government be liable for my emptied bank accounts? Encryption is necessary for online shopping, bill paying, and banking and protecting my financial details en route between me and the websites I am dealing with. Making a way for encryption to be easily broken means my money is far less secure. Someone has to be held responsible for this.

    Will the government finally simply end copyright entirely? HDMI, QAM, AACS and many other encryption algorithms are used by multiple tiers of content providers such as cable providers, movie makers and more. Since bypassing encryption will be mandated by our government, making it much more trivial to bypass for everyone, are we simply going to end copyright in our country since now anyone will be able to copy and share anything, anywhere in the world?

    Will the Government end its war on Child Pornography? Encryption protects the wifi available not only in many public places, but also in our homes too. Since an IP address used by someone to view or download or share such things will be completely useless once encryption has been compromised fully and anyone can use any wifi access point available, are we simply going to stop going after them?

    Will you personally be held responsible for the rise in car thefts once encryption has been compromised and the transmission between your keyfob and your car is much more easily hacked?

    Encryption is literally everywhere in our society now. This is the part many of the proponents of surveillance both understand and yet fail to understand. Its not just in your cell phone and on your computer. Its in your car, your cable box, your TV, your alarm panel, your workplace doors, your xbox and playstation, your satellite stereo, your medical devices, your vehicle control systems, and so many more things I really have trouble singling them out. Calling for a weakening of encryption is like advocating a return to the stone age. It SHOULD be damned hard to crack it, but it should be so difficult only a Government could afford to reasonably do so.

    We spent hundreds of years encrypting by hand, and breaking those ciphers. Its always been a catch-up game for the governments of the world. It always will be. And it should be. Breaking encryption is not something the government should be advocating, its something the government should be silently doing in the background.

    That's how Dad did it.
    That's how America does it.
    And its worked out pretty well so far. The only real problem is that the NSA et al got caught with their hands in the cookie jar. Which, if they'd not been violating our own citizen's rights by hoovering up such massive amounts of data, would have been much less of a problem. There is nothing to fix about Encryption. There is plenty to fix about government entities running out of control and violating the Constitution. Fix that first.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Dec 2015 @ 5:52am

      Re: So when we break encryption...

      Will the government be liable for my emptied bank accounts?

      Of course not. It doesn't work that way. You'll just be SOL.

      reply to this | link to this | view in chronology ]

    • icon
      Seegras (profile), 23 Dec 2015 @ 1:03am

      Re: So when we break encryption...

      That's how America does it.

      Yesyes, and you don't surmise there's something wrong about it?

      Because the maxim, obviously not in America, was "gentlemen don't read other gentlemen's mail".

      Quite clearly, some people are not gentlemen here..

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Dec 2015 @ 7:25am

    FISC should get involved.

    Please FISC, deliver a secret subpoena demanding decryption to Apple. Of course they won't because Apple has enough money to fight. Which is how you know that FISC is just an opportunistic conspiracy that bullies the meek, and not an institution of law.

    reply to this | link to this | view in chronology ]

  • identicon
    Phils, 22 Dec 2015 @ 1:05pm

    It seems like the main obstacle to adding a backdoor that only "good guys" can use is finding a way that a computer can distinguish the "good guys" from the "bad guys".

    But maybe there is a way: Have the phone/computer log into Santa Claus' workshop and check the user against the nice list and the naughty list.

    Ho Ho Ho!

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.