Apple Speaks Out Against Cybersecurity Information Sharing Act

[MacRumors]

Apple today voiced its opposition to the Cybersecurity Information Sharing Act, or CISA, just days before the Senate will vote on the bill. In a statement given to The Washington Post, Apple reiterated its commitment to user privacy and said it does not support CISA.

"We don't support the current CISA proposal," Apple said in a statement. "The trust of our customers means everything to us and we don't believe security should come at the expense of their privacy."

Apple's public statement on CISA comes on the heels of statements from several other tech companies who oppose CISA, including Twitter, Yelp, Wikipedia, and reddit. The Computer and Communications Industry Association, which represents companies like Google, Facebook, Microsoft, and Amazon, has also urged the Senate to make improvements to the act, saying it does not support CISA as it is currently written.

The controversial Cybersecurity Information Sharing Act is designed to allow companies to share information on cybersecurity threats with one another and with the government, but opponents say it puts personal privacy at risk by failing to include protections for user privacy and by granting the government wide-ranging rights gather private data from Americans under the guise of shielding them from hackers.

Apple has taken a strong stance on user privacy in recent years and has reiterated many times that the government has no access to Apple's servers. With iOS 8, Apple further strengthened its position on preventing government access to user data by ending its storage of encryption keys for iOS devices, making it impossible for the company to unlock iPhones and iPads under police request.

Over the course of the last two years, Apple CEO Tim Cook has spoken passionately on Apple's unwavering commitment to privacy. He shared his most recent thoughts on the subject last night, at the WSJ.D Live conference in California. "Do we want our nation to be secure? Of course," Cook said. "No one should have to decide between privacy or security. We should be smart enough to do both. Both of these things are essentially part of the Constitution."

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Apple Speaks Out Against Cybersecurity Information Sharing Act

 

[sputnikv]

I hope this is heard

 

[realeric]

I stop reading on "Privacy by Yelp".

Edit) I trust Apple because Apple don't need customer's private information to do their business.

 

[dk001]

Write your congressperson, your senator, call them, sign petitions floating around.
Make yourself heard.
CISA is a piece of garbage.

 

[sw1tcher]

The controversial Cybersecurity Information Sharing Act is designed to allow companies to share information on cybersecurity threats with one another and with the government, but opponents say it puts personal privacy at risk by failing to include protections for user privacy and by granting the government wide-ranging rights gather private data from Americans under the guise of shielding them from hackers.

Personal privacy. Does that even exist any more?

Edward Snowden: Leaks that exposed US spy programme

Global surveillance disclosures (2013–present)

 

[jimthing]

The problem is very complex. Look at it from the law enforcement side too.

Do you want the state to protect you from terrorism: yes. But do you want the state to have access to potential terrorist communications? Erm, yes.

So how does the state get access to those comms, without having a way to access them (by breaking encryption)? Yet also not breaking the encrypted comms of innocents as well?

All questions that remain unanswerable currently. And is a dichotomy for us as a society to wrangle with.

 

[scaramoosh]

It's common sense isn't it?

Your data should be private unless you're in a court case on a murder charge, there is lots of circumstantial evidence against you and that data could be used to convict you.

I don't see why this is even an argument.


Edit: I'm just using that as one extreme example.

 

[macs4nw]

You tell 'm, Tim. Hope the EFF gets involved in this as well, and so should we all, so we don't get another 'DMCA' type bill rammed down our throats.

 

[Benjamin Frost]

Thanks, Tim.

Privacy matters.

 

[jimthing]

It's common sense isn't it?

Your data should be private unless you're in a court case on a murder charge, there is lots of circumstantial evidence against you and that data could be used to convict you.

I don't see why this is even an argument.


Edit: I'm just using that as one extreme example.

More of an extreme example is the one of terrorism I mentioned previously above.

 

[iapplelove]

Apple must be under immense pressure, hope they stick to their philosophies and principals.

 

[ctyrider]

So how does the state get access to those comms, without having a way to access them (by breaking encryption)?

They get access the old fashioned way - infiltrating terrorist networks, relying on intelligence and targeting of specific individuals. They don't get to access data via dragnet surveillance and having encryption keys handed to them on a silver platter.

 

[brand]

But do you want the state to have access to potential terrorist communications? Erm, yes.

No, not at the cost of our constitutional rights.

 

[dk001]

The problem is very complex. Look at it from the law enforcement side too.

Do you want the state to protect you from terrorism: yes. But do you want the state to have access to potential terrorist communications? Erm, yes.

So how does the state get access to those comms, without having a way to access them (by breaking encryption)? Yet also not breaking the encrypted comms of innocents as well?

All questions that remain unanswerable currently. And is a dichotomy for us as a society to wrangle with.

But this isn't new. Encryption has existed for a while now. Just because it is a smartphone the government wants the rules changed? No. They want new rules because they were caught breaking the existing ones.

 

[jimthing]

No, not at the cost of our constitutional rights.

Sure, we all get that, and likely agree. As it's so obvious to be boring.

But terrorists use very sophisticated encrypted comms, just as we norms do. And infiltration and targeting even those individuals they suspect from other intelligence means they need to gain access to those suspects modes of communication.

It's a chicken and egg situation. How to allow them access to suspects info, without them knowing whether that suspects info is incriminating in the first place.

 

[Aldaris]

Privacy does matter! Go Tim and go apple!

The argument that the government needs blanket data collection to protect us from terrorism is Theater. The Boston bombings weren't stopped/thwarted, and the enforcement agencies ended up resorting to the public with 'have you seen someone that looks like this?'

 

[jermy4]

Bravo Apple!

 

[LordBeelzebub]

It's common sense isn't it?

Your data should be private unless you're in a court case on a murder charge, there is lots of circumstantial evidence against you and that data could be used to convict you.

I don't see why this is even an argument.


Edit: I'm just using that as one extreme example.

Yes, in a court case on a murder charge after the murder has already happened, after a person or persons are dead. With terrorism these days and potential of mass murder of innocent people, I believe the NSA's, CIA's, FBI's, etc argument is trying to move monitor communication to prevent murder before it happens.

Does anyone really think the government cares about the conversations between you and your grandma, or that you texted a nude pic of a girl from yourself to your buddy?

I fully believe in the constitution and the right to our privacy, but on the same token, we don't live in that world any more. I'm not saying we should freely give up our right to privacy but as Tim Cook himself said, there has to be a way to prevent terrorism to keep us all safe and still respect citizens right to privacy from the government.

I don't have the answers to what that solution looks like, but I can certainly see and understand both sides of the situation.

 

[ctyrider]

But terrorists use very sophisticated encrypted comms, just as we norms do. And infiltration and targeting even those individuals they suspect from other intelligence means they need to gain access to those suspects modes of communication

No one said it was easy. But this is why we have intelligence agencies funded by billions of dollars of taxpayers money - it's their job to solve hard problems.

It is not Apple's responsibility to install backdoors into their systems (and compromise the security of everyone else in the process) in order to make jobs of or security agencies easier.

Imagine you have 5 terrorists sitting around a kitchen table and discussing a plot. Is this also a landlord's responsibility to bug every apartment in his building in order to be able to provide eavesdropping data to the government? Of course not. Electronic methods of communications are no different.

 

[brand]

Sure, we all get that, and likely agree. As it's so obvious to be boring.

But terrorists use very sophisticated encrypted comms, just as we norms do. And infiltration and targeting even those individuals they suspect from other intelligence means they need to gain access to those suspects modes of communication.

If it was so obvious to you then there wouldn't be a but and you wouldn't be trying to defend the violation of our rights afforded to us by the Constitution of the United States and subsequently the Bill of Rights.

 

[pat500000]

The only thing they need to worry is bringing out a new MAC PRO.

 

[Sill]

The problem is very complex. Look at it from the law enforcement side too.

Do you want the state to protect you from terrorism: yes. But do you want the state to have access to potential terrorist communications? Erm, yes.

I think the bigger question is what causes the terrorism? The US government is involved in the politics of nearly every nation on earth. The state manipulates elections, supports radicals, refuses to acknowledge lawful governments, and deposes rulers, sometimes outright assassinating them. They toppled at least 30 governments outright or with behind the scenes support in the last 100 years. Once this ceases, we can talk about efforts to prevent whatever terrorism might be left.

Another lesson to be learned... the terrorist long ago adopted a cell structure that keeps the organization from being destroyed even if the top leaders are knocked out. The internet was designed around the same concept. Why then, is everything in the western world moving towards complete centralization? They make obvious targets out of things by doing this.

So how does the state get access to those comms, without having a way to access them (by breaking encryption)? Yet also not breaking the encrypted comms of innocents as well?

There was a USCENTCOM exercise held in and around the Red Sea back around 2000. It was a red vs blue thing, the typical framework exercise where the "good guys" were supposed to win and everyone in the Pentagon could review the white paper and pat each other on the back. One side was to portray "the terrorists", a type of ISIS, and it was led by a USMC officer. Realizing that all his communication were going to be monitored, this officer told his people to stay off the radio and cell phones. He used messengers. Some traveled on foot, some on bicycles or scooters, some simply took taxis around the area or hitchhiked. He went native.

What use would any kind of electronic surveillance be against that? No COMINT or SIGINT worked, and his team reached every goal, ultimately winning the exercise within the first two days of what should have been a 14 day exercise. End result - they reset the clock and restarted the exercise the next day, and he was told to follow the script. Search for information for Lt Gen Paul van Riper, and the Millennium Challenge 2002 for the complete story.

All questions that remain unanswerable currently. And is a dichotomy for us as a society to wrangle with.

No dichotomy here. Don't invade my privacy.

 

[IlluminatedSage]

It is great to have Apple stick up against u reasonable government intrusion. CISA is bad and needs to go down.

Wish they did this also for remote access to cell phones, camera and mic, Which some say can be accessed remotely.

 

[TheBuffather]

I applaud Apple for this stance. More companies need to step into the fold and voice their opposition.

 

[oneMadRssn]

Sure, we all get that, and likely agree. As it's so obvious to be boring.

But terrorists use very sophisticated encrypted comms, just as we norms do. And infiltration and targeting even those individuals they suspect from other intelligence means they need to gain access to those suspects modes of communication.

It's a chicken and egg situation. How to allow them access to suspects info, without them knowing whether that suspects info is incriminating in the first place.

The fourth amendment doesn't make the distinction you're trying to make, and it shouldn't. Terrorists get the same privacy protections we all do. That's how it was meant to be, and how it should continue to be.

If a court grants a warrant to search your private information, then the police can search it. If you still refuse to give them access because of some complex encryption as you say, you go to jail for contempt and probably a few other crimes for interfering with an investigation. It's no different that storing an incriminating paper document in a safe buried somewhere in the desert. If you refuse to give it up despite a legitimate court order, there are consequences.

There is no need for a distinction between good guy and bad guy when it comes to privacy, privacy rights should apply to all equally.

EDIT: http://www.wired.com/2015/10/cops-dont-need-encryption-backdoor-to-hack-iphones/
Cops Don't Need Encryption Backdoor to Hack iPhones - The article is a bit simplistic, but points out that Apple's privacy protections are really designed to thwart common thieves. More sophisticated hackers, whether employed by governments or otherwise, have several ways to still get information from an iPhone.