Apple is in a good position in the market to do this, but it is just really hard to trust any US company.
They say they will never give anyone access to their servers but how can they make that promise when they don't make the laws?
As an aside I am finding it really difficult to delete my iCloud account, in fact it seems that is impossible.
Locating data outside the US is in no way a defense against US intelligence agencies. There are theoretically controls on domestic spying, and some possibility that Congress could make it illegal. They have a mandate to spy on foreign networks.
If they haven't cracked your European email provider, then they're not doing what we pay and order them to do.
> If they haven't cracked your European email provider...
The difference is that European email providers are not cooperating, because they aren't obliged by your laws, whereas US companies are not only obliged to comply with requests, but they are also coerced to keep it a secret.
> ... then they're not doing what we pay and order them to do
That's a good thing to know, plus this is reason enough to pressure our governments and companies to not buy into US products or services. And in case you haven't noticed, this has tangible effects already, as fear of industrial espionage is spreading in big companies like fire and I've noticed this first hand in the German companies I'm in contact with. On the negative side, the US is positioned as the steward of the Internet and because your government fucked things up so badly, this is the perfect opportunity for the other countries to balkanize the Internet, to build firewalls, etc.
So I hope you're happy about how your taxes are being spent.
The NSA doesn't need cooperation. It can pwn sysadmins, plant covert operatives, and backdoor equipment in transit (including foreign-made equipment, so long as US intelligence can influence the shipping carrier, for example by recruiting employees or hacking ancient legacy software). If it can't, then it can pwn the other side of the conversation, or watch the SMTP in cleartext through a submarine-tapped undersea cable.
Disband the NSA and some other agency, some other country, will do the same thing.
You're bikeshedding. End-to-end encryption with HSMs and trusted execution environments everywhere, always. Verifiable, deterministic builds. A genuinely trustworthy, decentralized PKI. Better software engineering security practices, a professional barrier to entry, and an ethical system (ala the Bar or medical boards) with teeth that will reliably eviscerate people and companies who write and run irresponsibly sloppy code.
The cat's not going back in the bag because you avoid the US. Fighting over which service providers you send cleartext through, whose hard drives your unencrypted data sits on, who has the power to MITM you, is a waste of time and a distraction from the real challenge of developing and adopting security systems and practices that make doing what the NSA is doing actually difficult.
But of course it does. Security is not a black and white issue, but rather a matter of cost. And the fact is US companies are much easier and more cost effective to crack because they can be (legally) coerced and nobody has unlimited resources, not even the NSA.
> Disband the NSA and some other agency, some other country, will do the same thing
This is one of those logical fallacies that keeps popping up. So we should bend over and take it like a man, because if it's not the NSA, then it will be somebody else. Even if you're right, bad actors in society should get punished, otherwise they'll never learn. And indeed, it doesn't seem fair to punish US companies, many of whom really want to be good and faithful for their customers, but I've seen many signals that the american public approves and finances this behavior, which includes the above comment and the US government never apologized (to us, foreigners), therefore avoiding US services and products can become a matter of necessity.
> The cat's not going back in the bag because you avoid the US.
Yeah, but you see, I'm not an US citizen so I don't even get to vote on your laws and your government has made it clear that when it comes to foreigners then everything is allowed. And we do have intelligence agencies and they are cooperating even with the NSA and so on and so forth, but here there is no behemoth like the NSA is. And as an EU citizen at least I would have ways to fight it.
> developing and adopting security systems and practices that make doing what the NSA is doing actually difficult
Only a software developer would end up thinking that all political and social issues can be solved with technology. The world doesn't work that way. You want cryptography? It will eventually get outlawed and there is already precedent in the US.
> I'd suggest you go 'deep inside you' and think again what should be the priorities to pay for. Thanks!
As you're perhaps aware, the US is a large country (in area and population), with a political system that depends on a sharply divided electorate. The things you seem to think are obvious issues to tackle are actually rather controversial, and prone to demagoguing by opportunistic politicians.
Congratulations on the ideal political process in your home country. Perhaps one day we'll attain the same level of enlightenment; or perhaps you'll gain a bit of maturity and understanding of the landscape here, and develop more realistic ideas about the US.
I'm of course aware of the political system. Thanks. My comment is about the personal statement 'cracked your European email provider, then they're not doing what we pay' which I understand that he is very much in approval of 'we pay'.
Maybe I should have restrained from the additional remarks. But I got frustrated about a fellow hacker newser kind of defending intruding friend nation companies and not willing to improve at home. (Yes I would accept that it may not be possible or easy).
[But - what a pity - the next shooting didn't wait long to happen. Maybe The Economist has a good and realistic understanding of the landscape, writing: "Those who live in America, or visit it, might do best to regard them [the Normalization of Gun Massacres] the way one regards air pollution in China: an endemic local health hazard which, for deep-rooted cultural, social, economic and political reasons, the country is incapable of addressing.". And then they continue: "This may, however, be a bit unfair. China seems to be making progress on pollution."]
Maybe I'm dense or naive, but I don't think there's any precedent for that. A gag order is one thing (and there are certainly places for it), but forcing someone to lie would hopefully violate the First Amendment.
It's strange that chainsaw10 is being downvoted for their comment. From the second link above, "Have courts upheld compelled false speech? No, and the cases on compelled speech have tended to rely on truth as a minimum requirement." That sounds more like there is not precedent to force people to tell explicit lies.
Also true. But we know from the Snowden revelations and other sources that Apple has been backing up its promises. So we have at least some level of assurance that Apple is a good actor.
https://en.wikipedia.org/wiki/40-bit_encryption was the most secure thing it was legal to export. The Netscape browser, in particular, had a lot of hoops you had to go through in order to get the 56 bit version meant for US audiences. Therefore, even most Americans with internet access at the time had the crippled international version.
Whether or not they hold the keys at present, Apple is in a position of power with regard to the iOS environment. In a technical sense it would be fairly straightforward for them to acquire the keys.
Trusting the company has nothing to do with it - they could be legally compelled to do so in a secret court, and gagged with a NSL to keep them from revealing such an order. Sadly that's the reality we now live in.
No, they can't... not without designing changes into their hardware to allow retrieving the keys from the secure enclave.
In theory Apple could modify iMessage to MITM the key distribution server and enable eavesdropping. The only way to protect against that is to provide in-person validation mechanisms so users can directly compare keys. I hope they add such a thing, not that 99.99999% of their users would ever use it.
As far as the US legal system goes you'd need positive law to enforce wiretapping requirements. Courts (as a general rule) can't issue orders to force Apple to write new code or modify their silicon design to support something the government wishes it could have. Given the way SCOTUS has been approaching cell phone privacy I'm not sure such a law would pass muster.
Laws could, however, force the company to secretly push out an update that sends your keys to be held in escrow on government servers should the need arise to decrypt your stuff.
Switzerland, Netherlands and Norway are a good starting point. I believe that now that privacy became a major concern, we will see countries with some legislative background and experience in other sectors that require secrecy above everything else (e.g. private banking), evolve in secure havens for servers.
The Netherlands is on its way to be removed from that short list. The new WIV20xx (charter for information and security services) gives it very broad powers against very little oversight. I have been unable to find a decent source in English, but among its provisions:
- allows for "reconnaissance" on external networks, including breaking encryption or forcing targets to divulge keys. This "reconnaissance" apparently includes installing sniffers or data probes.
- allows for untargeted data collection on wired networks (including cell phone towers)
- has provisions for forcing data transit stations (including ISP's, but also AMS-IX) to comply with requests.
It depends on what you are trusting them to do. The NSA's not going to spy on you less just because you're not in the US. If anything, they'd spy on you more.
They would no longer need to ask for cooperation. Personally, I'd call that less safe.
At least in theory, the NSA could allow a compliant US business to be secure. If the NSA could not get data from a foreign business the easy way, I'm sure they would get it the hard way.
That's not what it's about for me. If companies like google and Apple want my trust they need to operate as their own government entity and make all users citizens and give them rights. Until then I'll stick to using as much FOSS as possible, never using social media for secure communication, and storing all my own data.
Basically, unless they let me see what's happening with my data by allowing me access to the code, I can't and won't trust them.
One doesn't need to give access to their servers in order to give access to their data. You just set up a hot spare and sync it over a leaky protocol, like FTP.
Ta-da! Both the marketing and the NSA are happy as clams.
> but how can they make that promise when they don't make the laws?
I agree, like Lavabit... Lavabit had all the best intentions but in the end the law screwed them over anyway.
Of course Apple has a lot more power than Lavabit, so it's nice they are taking this standpoint and being resistant. Hopefully they can contribute to a positive change..
Anyways at least they are trying, something i haven't seen from other big companies, like Google https://en.wikipedia.org/wiki/Criticism_of_Google#Privacy
Setting aside the fact that US intelligence agencies can and will subvert foreign servers with impunity, foreign intelligence agencies operate with less oversight within their own borders than the US agencies do within its borders AND they tend to cooperate with US agencies (or, worse, Russia's or China's).
Very well written text. I like the simple and comprehensible language.
Other companies should take this as an example. (Only problem: many other companies likely wouldn't want to tell in plain words how broad they are gathering and aggregating your (my) data)
I don't think I'm being overly cynical, but I'm seeing qualifiers[1] all over the place. The phrases seem carefully constructed to suggest more privacy than what is actually offered. For example:
"We don’t build a profile based on your email content or web browsing habits to sell to advertisers" but we do build profiles (bonus points for insinuating competition sells your information)
"we don’t read your email or your messages to get information to market to you." - but we do read and index your emails and messages, only to make our services and devices 'better' - by our definition
The sentences are built to sound like the italicized parts are not there, yet they totally change (negate) the meaning.
If I were a murderer, I could say "I do not kill men to eat their livers" and it would be 100% true, but it sounds like I'm not into killing at all.
As an aside I am finding it really difficult to delete my iCloud account, in fact it seems that is impossible.