Tim Cook Tells White House to Embrace 'No Backdoors' Encryption Policy in Meeting

[oneMadRssn]

Although the solution can't be a balance, the question is one of balance:
Which is more important to us?
(1) Being able to intercept and read any communications or documents, but exposing all of our own national and private communications and documents to foreign entities; or
(2) Being able to protect all of our own national and private communications and documents from foreign entities, but allowing potential terrorists or criminals to do the same.

Frankly, I think the Fourth Amendment clearly directs us to make option 2 the more important priority. Further, I don't think sacrificing our most valuable assets to foreign countries, the ideas and business moves out our most important companies, is worth the price of maybe preventing some terrorism.

 

[Ghost31]

Ya know, I like Apple and always want to give them the benefit of the doubt in many situations, but what's to stop them from acting like they care about security when they don't?

Like...what says the heads of intelligence agencies didn't meet with Tim and agree to give them a back door, but for pr value and to lull American citizens into a false sense of security, go on tv and interviews and talk about how "Apple won't give back doors" when they really do?

 

[macs4nw]

It is really sad that a private corporation has to lecture the government about constitutional protections.

And thank heaven there are at least companies with ethics and moral backbone to stand up for their beliefs.
There are too many 'bandwagoners' who'll agree just to look good, but only if it doesn't affect their bottom line.

And then there are the sleaze balls who'll sell their soul (and your data) to the devil for a quick buck.

 

[blacktape242]

Anyone who is in favor of the gov. getting a back door to this stuff can take it up the "back door" with no lube.....

 

[PrimeMatrix]

What the government wants to do is not going to solve the problem:

High-end encryption technology already exists.
Even if current encryption gets downgraded and crippled with a backdoor, the bad guys could just re-implement better encryption on their personal devices, even get new devices made in China for their purpose.

Also, there are many ways to conceal hidden encrypted messages inside media files; files that would be ignored by security filters. No government has the power and hardware to filter, search and decode these hidden messages on the fly.

And finally, poor security could be used by the bad guys to conceal their activities, involving innocent people by secretly accessing their devices to commit their crimes.

Improve security by implementing better security, not by crippling it. Better intelligence, suspect tracking, etc.

Exactly! What do they think?! Do they really expect us to think that the FBI, CIA, etc have not already been using such levels of encryption for a much longer time?!
[doublepost=1452720913][/doublepost]

This idea of a government/law enforcement accessible back door is completely absurd and only exists in the minds of those who have no understanding of the underlying technology. It's ridiculous that it's even a discussion. Leave the technology to the technologists, not the politicians.

Nailed!

 

[SteveW928]

Ever since then Apple has worked hard to encrypt everything so they'll never be stuck in that situation again. The next time the government comes a knocking, they won't be able to give up the data OR go to jail.

In theory. I sure hope you're right, but I wouldn't actually bet on it. Companies who comply have complete immunity, are being pressured by the gov't, and will be paid well for doing so. Trust them if you wish...

As a few have already commented, if Apple were to create a back door it would take 5 seconds to install software to encrypt data before sending so the back door will lead only to a brick and encrypted wall. The government really needs to think about how it goes about gathering intelligence. If they think the back door approach is their best bet, we are in trouble big time.

It's not so easy. Sure, the very technically competent could do so... but encrypting all your data would be a pain, and you have to exclude any of these companies' services, as they won't work if you pre-encrypt it.

Sure, I can can create a private VPN, or PGP an e-mail... how many people do you know who actually do it though? (Yea, maybe the bad-guys... which is why all this fuss is a moot point!) But, the goal isn't really about the bad-guys, or these folks would catch more of the bad-guys who didn't even bother with encryption. It's about controlling the populace.

Ya know, I like Apple and always want to give them the benefit of the doubt in many situations, but what's to stop them from acting like they care about security when they don't?

Like...what says the heads of intelligence agencies didn't meet with Tim and agree to give them a back door, but for pr value and to lull American citizens into a false sense of security, go on tv and interviews and talk about how "Apple won't give back doors" when they really do?

Exactly. It's possible Tim is on our side, but we'll probably never know if he isn't.... unless something leaks and they get caught.... and anyone is actually paying attention. Currently most people aren't anyway, as this stuff is going on around us every day.

 

[Jess13]

Thank you, sir. The Obama administration and intel agencies are the real terrorists.

Snowden's Open Letter to Brazil

▹ http://www.theguardian.com/world/2013/dec/17/edward-snowden-letter-brazilian-people
▹ https://www.washingtonpost.com/worl...f1342a-6727-11e3-8b5b-a77187b716a3_story.html
▹ http://www.cnn.com/2013/12/17/world/americas/snowden-nsa-brazil-letter/

We could win the so-called war on terror if: a) the USG wasn't aiding, protecting and arming terrorists; b) the USG wasn't creating “terrorists” to continue selling the fake war on terror; and c) we had a new, INDEPENDENT 9/11 investigation lead by leading 9/11 families and survivors who have demanded a new investigation since the 9/11 Commission concluded in 2004, a new investigation fully funded and with full subpoena power of persons and documents. Then a mass hanging party for treason, at Ground Zero.

The USG/FBI creates fake terrorism:

HBO: The Newburgh Sting​

​

 

[tongxinshe]

Is it theoretically possible for client 1 to server and then server to client 2 encryption and only companies use a filter provided by government to flag anything in their server?
I'm not suggesting companies should adopt this.

"by government"? How are you sure the people in the loop there include no bad guys? So simple-minded!

 

[SteveW928]

"by government"? How are you sure the people in the loop there include no bad guys? So simple-minded!

We can prove there are bad-guys, depending on how we define bad. And, I think it's a definition most would agree with too.

 

[Nunyabinez]

While I agree with Tim on this, people really don't understand the issues well. The government is not necessarily asking for Apple to give them a back door to data. They want Apple to have a back door to our data. That would still require the NSA or FBI to obtain warrants and serve them to Apple to get data. That part isn't actually all that unreasonable.

But what makes it flawed, is that if a back door exists, someone will figure out how to access it. That is why Tim has maintained that with current encryption (forget what did or didn't happen before) Apple can't access the data, even if they are compelled by the court to do so.

So, for me, I think the government should have access to get data if they can obtain a court order for it, but the reality is that for them to be able to do that, they have to make it inherently vulnerable to third party access and that can't be allowed. But make no mistake, congress could (and may) pass a law requiring Apple to be able to comply with court ordered data requests. Whether that would survive a Supreme Court challenge is another issue.

Benjamin Franklin once said: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

 

[SteveW928]

While I agree with Tim on this, people really don't understand the issues well. The government is not necessarily asking for Apple to give them a back door to data. They want Apple to have a back door to our data. That would still require the NSA or FBI to obtain warrants and serve them to Apple to get data. That part isn't actually all that unreasonable.

But what makes it flawed, is that if a back door exists, someone will figure out how to access it. That is why Tim has maintained that with current encryption (forget what did or didn't happen before) Apple can't access the data, even if they are compelled by the court to do so.

So, for me, I think the government should have access to get data if they can obtain a court order for it, but the reality is that for them to be able to do that, they have to make it inherently vulnerable to third party access and that can't be allowed. But make no mistake, congress could (and may) pass a law requiring Apple to be able to comply with court ordered data requests. Whether that would survive a Supreme Court challenge is another issue.

Benjamin Franklin once said: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

CD113: CISA is Law
http://www.congressionaldish.com/cd113-cisa-is-law/

 

[macduke]

What the government wants to do is not going to solve the problem:

High-end encryption technology already exists.
Even if current encryption gets downgraded and crippled with a backdoor, the bad guys could just re-implement better encryption on their personal devices, even get new devices made in China for their purpose.

Also, there are many ways to conceal hidden encrypted messages inside media files; files that would be ignored by security filters. No government has the power and hardware to filter, search and decode these hidden messages on the fly.

And finally, poor security could be used by the bad guys to conceal their activities, involving innocent people by secretly accessing their devices to commit their crimes.

Improve security by implementing better security, not by crippling it. Better intelligence, suspect tracking, etc.

Thank you for writing this out so clearly. I haven't thought of some of these before, despite already being firmly in your camp. I'm definitely going to steal your talking points when trying to persuade others that this is a bad idea. Again, thank you for adding to my knowledge arsenal! The truth will always break free. The powerful will always try to bury it. It's up to us to grab the shovel and start digging.

 

[Amazing Iceman]

Thank you for writing this out so clearly. I haven't thought of some of these before, despite already being firmly in your camp. I'm definitely going to steal your talking points when trying to persuade others that this is a bad idea. Again, thank you for adding to my knowledge arsenal! The truth will always break free. The powerful will always try to bury it. It's up to us to grab the shovel and start digging.

Source of Inspiration?
Someone said a while back: "Think different"
I wonder who...

 

[MacGizmo]

Wrong. You can carry an unlimited amount of breast milk, you just need to inform them of what it is so they can check it.

https://www.tsa.gov/node/1947

How many links would you like me to provide that cover cases where the TSA didn't allow a mother on the plane with breast milk?

 

[macduke]

Source of Inspiration?
Someone said a while back: "Think different"
I wonder who...

Oh man. If Steve Jobs were still here, he'd cut through their BS likes hot knife through butter and tell them precisely where to go screw themselves. He'd pen a clear and concise open letter that would get tons of media coverage and spell out exactly why their plan is flawed and how dumb they must be for proposing such nonsensical BS.

 

[happyfrappy]

NSA was in the wrong side of the law when they did that. Apple was denying NSA's interception from 2007 to 2011 (or, in other words, for as long as Steve was taking the decisions), when every other IT company had accepted by then. Apple allowed NSA's interceptions at 2012, when Tim Cook was the CEO. Also, Microsoft was the first IT company to accept this.

Tim is really a hypocrite if he pretends he is mad about this, or making efforts to stop it.

Since Steve is six feet under you'll never know if the government originally pulled that sealed NDA letter much earlier, as stated earlier plenty of companies/upper-management were forced into gov't spying or face jail/treason charges. You can throw around calling Tim(& other CEOs) a hypocrite but what would you rather have happen either Apple cease to exist in 2007-2012 or a government agency seizing the company/nationalizing by firing the board of directors until finding a puppet CEO/board?

 

[zioxide]

Although the solution can't be a balance, the question is one of balance:
Which is more important to us?
(1) Being able to intercept and read any communications or documents, but exposing all of our own national and private communications and documents to foreign entities; or
(2) Being able to protect all of our own national and private communications and documents from foreign entities, but allowing potential terrorists or criminals to do the same.

Frankly, I think the Fourth Amendment clearly directs us to make option 2 the more important priority. Further, I don't think sacrificing our most valuable assets to foreign countries, the ideas and business moves out our most important companies, is worth the price of maybe preventing some terrorism.

The problem is that the first half of number one would never happen. Terrorists aren't using American made products like an iPhone. They're using their own custom solutions based off freely available open source crypto libraries. There are tons of them on the Internet.

All this would accomplish is putting ordinary citizens data at risk. Identity theft related crimes would skyrocket. Meanwhile the terrorists would just be laughing over their own custom e2e encrypted systems.

Ya know, I like Apple and always want to give them the benefit of the doubt in many situations, but what's to stop them from acting like they care about security when they don't?

Like...what says the heads of intelligence agencies didn't meet with Tim and agree to give them a back door, but for pr value and to lull American citizens into a false sense of security, go on tv and interviews and talk about how "Apple won't give back doors" when they really do?

The rest of the tech community. Software developers aren't stupid people. They would notice very quickly if Apple tried to do this. And it would become a PR disaster for Apple and destroy their brand.

 

[oneMadRssn]

The problem is that the first half of number one would never happen. Terrorists aren't using American made products like an iPhone. They're using their own custom solutions based off freely available open source crypto libraries. There are tons of them on the Internet.

All this would accomplish is putting ordinary citizens data at risk. Identity theft related crimes would skyrocket. Meanwhile the terrorists would just be laughing over their own custom e2e encrypted systems.

While I agree with your conclusion, just to play devil's advocate, I think it is technically possible to do this.

Currently, while encryption is very very good, we can still detect when something is encrypted. The holly grail of encryption is where the message is both encrypted, and the encrypted transmission is indistinguishable from noise. Meaning, someone watching wouldn't even know they are seeing an encrypted message - today this is not the case. Thus, today, hypothetically, (all constitutional law aside) the government could prohibit and actively block encrypted traffic that doesn't comply with some government decryption requirement. Nearly all traffic at some point passes through the US, so this could capture a lot.

 

[zioxide]

While I agree with your conclusion, just to play devil's advocate, I think it is technically possible to do this.

Currently, while encryption is very very good, we can still detect when something is encrypted. The holly grail of encryption is where the message is both encrypted, and the encrypted transmission is indistinguishable from noise. Meaning, someone watching wouldn't even know they are seeing an encrypted message - today this is not the case. Thus, today, hypothetically, (all constitutional law aside) the government could prohibit and actively block encrypted traffic that doesn't comply with some government decryption requirement. Nearly all traffic at some point passes through the US, so this could capture a lot.

This couldn't happen the way the Internet is currently built. Cryptographic algorithms for authentication are built into almost every protocol now. This just isn't technically feasible.

The Internet would literally come to a grinding halt if the government even tried to do this.

 

[oneMadRssn]

This couldn't happen the way the Internet is currently built. Cryptographic algorithms for authentication are built into almost every protocol now. This just isn't technically feasible.

The Internet would literally come to a grinding halt if the government even tried to do this.

Yes, it would certainly be disruptive and a lot of things would need to be updated or created.

I think many of those against government mandating encryption backdoors make hyperbolic arguments of how it is impossible and wouldn't work to capture terrorist communication. I think that's wrong.

It is technically possible to do this, but it would take an herculean effort at an incredible cost. The government would pretty much have to invent and impose a certain encryption standard that must be implemented by all internet companies, and would require essentially rebuilding much of the existing infrastructure. People say converting all gas stations in the US to dispense hydrogen is prohibitively expensive - well implementing a proper encryption backdoor system that would truly work at capturing terrorist communications is that times a hundred.

This is, I think, the best reason it's silly to talk about. It is possible to do, we won't do it right, so let's not do it. Rather, let's look at other terrorism-prevention avenues.

 

[zioxide]

Yes, it would certainly be disruptive and a lot of things would need to be updated or created.

I think many of those against government mandating encryption backdoors make hyperbolic arguments of how it is impossible and wouldn't work to capture terrorist communication. I think that's wrong.

It is technically possible to do this, but it would take an herculean effort at an incredible cost. The government would pretty much have to invent and impose a certain encryption standard that must be implemented by all internet companies, and would require essentially rebuilding much of the existing infrastructure. People say converting all gas stations in the US to dispense hydrogen is prohibitively expensive - well implementing a proper encryption backdoor system that would truly work at capturing terrorist communications is that times a hundred.

This is, I think, the best reason it's silly to talk about. It is possible to do, we won't do it right, so let's not do it. Rather, let's look at other terrorism-prevention avenues.

It will simply never work. You would have to essentially rebuild the Internet from scratch. Every RFC standard and every internet connected piece of software would have to be redone.

On top of that, you still have these problems:

- This would have to be done on a global scale. How would you force other country is to comply?

- How would you force terrorists to use these new vulnerable solutions instead of the secure ones that are already free and open source?

- How would you be able to implement a security flaw that was only exploitable by the government and not other bad guys? You can't at this point. It's a mathematical impossibility.


This proposal is nothing but a fantasy cooked up by clowns who don't even know what a ****ing electron is. People need to start standing up to this nonsense and tell their politicians to shove it. Leave the decisions to people who actually understand the subject at hand.

 

[oneMadRssn]

It will simply never work. You would have to essentially rebuild the Internet from scratch. Every RFC standard and every internet connected piece of software would have to be redone.

Agreed. It would require an enormous amount of work. But it's not technically impossible to do, but I bet the odds of winning the powerball jackpot are higher than seeing this done correctly.

On top of that, you still have these problems:

- This would have to be done on a global scale. How would you force other country is to comply?

Treaties. Almost all the major internet hubs are in the US or in an ally of the US. Provided our friends have the same concerns and we get them to sign on to this zany plan, its not impossible. Even within the same country, an email sent in Pakistan from one person standing next to another person probably travels half-way around the globe, today. It would be nearly unavoidable.

- How would you force terrorists to use these new vulnerable solutions instead of the secure ones that are already free and open source?

Like I said earlier, the system would have to actively block non-compliant encryption.

- How would you be able to implement a security flaw that was only exploitable by the government and not other bad guys? You can't at this point. It's a mathematical impossibility.

I agree with this point wholeheartedly. You can't. Anyone that argues for such a system must understand that it would expose our own communications, trade secrets, etc. to the entire world.

 

[Parasprite]

How many links would you like me to provide that cover cases where the TSA didn't allow a mother on the plane with breast milk?

Hey, I didn't say they weren't incompetent.

 

[zioxide]

Treaties. Almost all the major internet hubs are in the US or in an ally of the US. Provided our friends have the same concerns and we get them to sign on to this zany plan, its not impossible. Even within the same country, an email sent in Pakistan from one person standing next to another person probably travels half-way around the globe, today. It would be nearly unavoidable.

There's a better chance of me winning every power ball drawing for the next 100 years than other countries agreeing to re-do their entire internet infrastructure to allow the US to have a backdoor in it.

Like I said earlier, the system would have to actively block non-compliant encryption.

I don't see this as being feasible. Most of these encryption systems are done on the presentation or application layers of the OSI model. The data transmission occurs on a lower level. When you break it down, data packets are data packets. The routers don't know what's in them. They just know where they are going and the pattern of bits that make up the packet.

On top of that, how am I supposed to secure my servers and my companies data without cryptographic authentication? I wouldn't even be able to securely connect to my company's servers to work on them if it weren't for SSH.

I agree with this point wholeheartedly. You can't. Anyone that argues for such a system must understand that it would expose our own communications, trade secrets, etc. to the entire world.

Most of the people arguing for this don't understand that. They're like the Trump's of the world who just think they can "Call up Bill Gates and ask him to turn off the internet".

 

[photographypro]

THANK YOU Tim!!!

Government has repeatedly shown their FAILURE to protect our data.

When the Snowden deal exploded, it was revealed that almost all Congress members knew for years that the government had access to everyone's emails, phone calls, etc. I applaud Apple for standing up for our rights and doing everything it can to keep our data safe.

I trust Apple, for example, with My Wallet, knowing if Apple ever got hacked, it would be the biggest blow for them. They wouldn't offer such a service if they couldn't be 100% sure that everyone's data is safe.