They can still simply push a software update that sends the victim's keys to the mothership and/or simply decrypts everything. Can even be pushed silently. The victim cannot do anything, not even detect when this has happened.
Why would governments push back, when this hole which has already been used will _always_ be available?
The tricky thing with Apple is that they sell phones in China, given that that govt demands visibility into what it's citizens do, it is reasonable to assume that anything Apple launches to secure your data from prying eyes will have an asterisk to accommodate a big part of their market.
That's because Chinese and US law are fundamentally different. The US has laws that enable Apple to contest those requests. It is not just possible to run a large business in violation of any (competent) government. It doesn't matter who it is.
FWIW, Apple does not treat US and Chinese users the same. If you have a Chinese mainland iPhone, you use a completely different iCloud that isn't even run by Apple.
It’s not that tricky as iCloud in a China isn’t run by Apple at all. [0]
The laws are different there and the only way that Apple could meet the requirements of the Chinese government without also weakening their product for the rest of the world was to cede control of iCloud there.
It looks to me like Apple and China have a complicated and somewhat adversarial relationship.
Apple likely conceded early on that China-based iPhones use China-based iCloud, and the Chinese government likely conceded that Apple phones will use the same OS everywhere, with region-based feature blocking being as far as they'll go in customizing the OS. Both have a lot to lose from the other party terminating the relationship.
>Why would governments push back, when this hole which has already been used will _always_ be available?
I'm not aware of a time when Apple pushed a software update (silently or otherwise) to defeat security for a user (or users). Can you provide a reference?
The parent comment said “hole which has already been used”, that’s a claim that Apple has actually done it, not only a speculation that they could. They are being asked to back up that claim.
With Apple's current lack of encryption on iCloud backups, we are very aware of government access because those files end up as evidence in court cases after being obtained by police and prosecutors.
If government were to compromise end to end encryption in the manner described above, it would either be visible when used to prosecute people, or invisible because it would never be used to prosecute people (but presumably for intelligence purposes). Even if it were used for intelligence purposes through the method above, which I don't think is at all established, it would still be a significant improvement over having data in a form that is actively used to prosecute people.
> Even if it were used for intelligence purposes through the method above, which I don't think is at all established,
The snowden revelations were precisely about information gathering for intelligence purposes. The vast majority of intel gathering is not for prosecutionary purposes.
I didn’t say it’s good that intelligence agencies hypothetically could spy on this data by having Apple push malicious software.
What is absolutely good is that they have e2ee now, and the only way they could even hypothetically open a back door would be one that was completely secret, for the government, which definitionally closes off a whole class of government use of the data, for example in domestic prosecutions of citizens.
This may not be perfect (it’s not open source etc) but it’s a vast improvement over non encrypted data that was openly routinely given to the government.
I think we are talking cross purposes. I agree with your evaluation that this is an improvement over current state. I did not cite whether you think it is good or bad that intelligence agents could spy on this data. I was referring to the fact that most secret surveillance is expressly for the purposes of intelligence rather than prosecution. Surveillance methods that are secretive are, by their very nature of being secretive, typically not used for prosecutionary evidence gathering due to the fact that such use would reduce the method's secrecy. Until Apple can provide some verifiable proof that my keys cannot be handed off to governmental parties wishing to decrypt my data, I will not feel comfortable using their cloud service for my personal data (not that my family vacation photos and pictures of our dog will be that interpreting to anyone).
"You can't prove that they don't already do X, because X is by definition a secret action" is a pretty useless epistemology though. Every electronic device you've ever used could secretly have a cellular modem that can secretly download over-the-air firmware updates that alter its behavior to be maximally evil. You by definition can't prove that your coffee machine doesn't secretly have the ability to change its behavior to start connecting to the internet and DDOSing charities or something.
The thing that people always miss is that the damn SIM card is running its own little processor already. If the government really wants to read your shit they can probably just do some behind the scenes work with your mobile ISP and find a way to access your phones screen output or microphone data or something.
If I really wanted a physical SIM and imported a European SKU which does have it (only North American variant is eSIM-only), would I expect seamless support in the US? E.g. would AppleCare just work?
So there's no level of security that will ever be enough for anyone. The number of people who know the source for the current version of every piece of software, firmware, and hardware they use almost certainly approaches 0.
I don't know what people expect. These moves are good things and everyone is whatabouting situations that there is 0 evidence has ever happened or would ever happen. It's unfalsifiable, impractical, and honestly just annoying.
Why is data residency law cool and progressive when the EU does it and Big Tech complies, but Bad and Dystopian when China does the same? Tim Cook has said on the record that iCloud is the same regardless of data center.
Because the reasons for data sovereignty as legislated by the EU and countries within it, and China, are drastically different. Which one is the authoritarian regime which jails dissidents and which one has regulations giving consumers rights over their data? I'm fairly certain the motives for data sovereignty are wildly different.
I’m not sure if you’re aware, but there are anti-encryption legislative proposals in the EU which are as ill-informed and scary as anything I’ve heard of in Mainland China. It’s very unclear to me if motives matter in this case.
China has a reputation for hunting down religious minorities and political dissidents, Europe is known for a more moderate take on those matters. I think there's cause for concern when China demands domestic ownership of iCloud info.
Would it surprise you to learn that France also bans female genital mutilation, another religious practice enforced on people who typically have no say in the matter? These bans apply to people of any religion and of no religion.
Let's not pretend this is the same thing as kidnapping you and taking you to a reeducation camp because of your religion, leaving your kids alone and confused.
Let's be clear about what we're discussing. France prevented a law that would have allowed burkinis to circumvent existing public pool rules that require a swim cap and forbid baggy clothes and certain sun protection suits. People forced to wear certain clothes by others in their religion do not get special exceptions. https://www.nbcnews.com/news/amp/rcna34833
You realize that your citation actually reinforces the idea that the only reason this law was passed was because the government was against them to enforce “secularism”?
No one claimed that they were being “forced” to be part of a religion. What next? Forcing people to eat pork even if it is against their religion to enforce “secularism”?
This was nothing more than discrimination.
In the US, we had to have laws that allowed Black girls to wear their hair the way they wanted and schools were forcing black girls to straighten their hair to fit in.
The pool rules considered no religion and only what is necessary for pool safety and cleanliness. The law that the city passed made concessions for a religion (just one). If your religion requires you to defecate in the pool each time you enter, should they make laws allowing that?
People who are forced to wear certain clothes by others in their religion are also often forced to have that religion.
Confusing race with religion is even crazier. We should accommodate people who are physically different, but there is no reason to go out of our way to accommodate people with arbitrarily wacky beliefs and even less reason to go out of our way to accommodate oppression by people with arbitrarily wacky beliefs.
The pool rules are about sanitation and safety. The law allowing burkinis was removed because "it violates the principle of government neutrality toward religion" by being written to accommodate a single religion.
The secularism rule basically says that the government should not make laws to accommodate one religion because then it would have to make laws to accommodate any and all religions, and there is no limit to how wacky a religion can be.
You can’t believe that. That’s just like saying that laws against “sodomy” weren’t discriminatory and only passed for the welfare of the state when they were clearly passed to criminalize non heterosexual consenting sex between adults.
Once again, there isn't a law against burkinis. There are pool rules that predate the invention of the burkini and disallow many things, wearing burkinis (though not mentioned specifically in the rules) in the pool among them. Writing a law specifically about allowing burkinis is discriminatory against other religions and beliefs.
> The ruling was the first under a controversial law, championed by President Emmanuel Macron, aimed at protecting “republican values” from what his government calls the threat of religious extremism.
Now you're confusing a law passed in a city with a national law. The law passed in the city was specifically making accommodation for one religion, which is not allowed: “the Grenoble vote was made ‘to satisfy a religious demand’ and ‘harms the neutrality of public services.’”
The law passed in the country was set up to disallow laws that favored one religion, but ever since the revolution cast aside Christianity for enlightenment ideals, no such laws had been attempted. It is true that this law was made to prevent laws that favor Islam, but it puts it on equal footing with all other religions. Members of The Native American Church cannot get laws passed to give themselves exemptions to use mescaline.
You seem to have missed my point entirely then. I'm in full support of Apple holding themselves accountable for the data they hold, but they don't. As a result, we rely on "broader political vibes" to read between the lines.
I’m not sure what you mean by “holding themselves accountable for the data they hold”, but you began by implying data residency was compromising security at the behest of a government, but it does not itself do anything of that sort. Your technical claim is outright false.
Seeing as context is conspicuously missing, all cloud services offered by foreign business in China a required to be hosted and controlled by state owned providers. For instance, China has a separate Microsoft 365/Azure region hosted and controlled by 21Vianet. Apple still controls the encryption keys and there is no evidence that they have handed them over to the CCP, but it is largely assumed. Federighi has said that Apple will offer EE2E in China.
You make this sound easy but look at how that worked for NSLs. They got a ton of pushback for that and there’s no way to keep that a secret for very long – especially since things either end up in court or involve foreign governments who won’t share the desire to keep things secret.
On some level the US could also pass a law that says every iPhone user will be summarily executed. That’s how sovereignty works. Is it a realistic concern? Probably not.
That's not the point. The point is that Apple hasn't closed the government out of Apple user's phones. The point of E2EE is to remove the power of the middleman to read the data but that middleman also has complete control over the device and the software running on it with remote root access.
Apple's ecosystem is, by default, design and necessity, insecure to Apple. Keys stored on an Apple device are insecure.
One can easily make a similar argument for Android/Google, however, a security conscious user could still take control over their device and install a more secure OS.
They pushed back on that after falsely telling their customers that they were technically incapable of helping the FBI with such requests. After this incident, they no longer make that claim. https://appleinsider.com/articles/14/09/18/apple-says-incapa...
They never told customers it was technically infeasible. From the contemporaneous Q&A from the 2016 letter opposing coerced access:
“ Is it technically possible to do what the government has ordered?
Yes, it is certainly possible to create an entirely new operating system to undermine our security features as the government wants. But it’s something we believe is too dangerous to do. The only way to guarantee that such a powerful tool isn’t abused and doesn’t fall into the wrong hands is to never create it.”
Apple: "So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."
Also, "create an entirely new operating system" is an intentionally misleading exaggeration on Apple's part, meant to fool customers but not governments. It makes it sound like the amount of work they would have to do is larger than changing one constant about how many retries are allowed and another constant controlling rate liming, build and sign and flash it to the phone, and delete it after.
Seems like a semantic quibble about the meaning of “technically feasible.” If you understand it as making claims about the system as it exists, it is true. If you understand it as making a claim about what Apple could theoretically do in all circumstances, then you have an absurd definition because everything is technically feasible.
I think the FAQ and letter both make clear that Apple could comply with the FBI request and their objection was over whether they should be forced to.
> If you understand it as making a claim about what Apple could theoretically do in all circumstances, then you have an absurd definition because everything is technically feasible.
If iOS 8 required a user key for updating the system, this would be technically infeasible. It's not technically infeasible as iOS 8 was implemented, so Apple stopped claiming it is, but only after the FBI embarrassed them about that claim.
> their objection was over whether they should be forced to.
Apple's objection had nothing about being forced to do it. They were forced to provide data from devices before iOS 8 and even provided a document about how to ask them to do it. Apple instead made specious claims about how hard it was and how it would affect other customers' privacy.
Can somebody explain the room for debate and expression of sentiment here? If Apple was legally required to do x in regards to privacy, I have to assume they would and everyone could know they would (because it does not seem very big US company to outright defy national law). If they were not, on what ground, could the gov pressure Apple?
The theory would be that it would be extralegal pressure. Out of the Snowden era, for this generation, came the belief that the government would use extralegal coercion to get what they want when it comes to domestic espionage. This showed up in eg how the government battled Yahoo over PRISM [0], and the story of Joseph Nacchio of QWest [1] supposedly being targeted by the Feds for refusing to go along with the program/s.
For prior generations, Hoover, Nixon, MLK (how they targeted him), the Church hearings, and many other things provided evidence as to the extralegal behavior of the government at times.
Like when they started recording what programs you launch on your Mac, sent to them in cleartext? Or when they force you to have an account with them to install apps from the official sources (and of course the unofficial ones are absolutely atrocious).
Apple are better on the privacy front than their competitors, but not by that much.
Given what we learned from the Snowden leaks, I would be willing to believe that any PR in apples favor is awarded by the govt for exchange of their cooperation relating to providing the govt data / access they request.
I don't trust any corporation to actually side against the govt.
You're asking for proof of a negative that cannot be fulfilled without having access to all copies of all versions of the source code deployed for every Apple device in the world for their entire history. This seems an unreasonable burden.
Either we accept some amount of vulnerability at the minimum and deal in likelihoods rather than certainties, or we simply do not use modern communication devices whatsoever. Given we're here on HN, we all have clearly chosen the former, so the question becomes: "is it likely that Apple have violated individual users' privacy in this manner?", to which I think the answer is "no" because (a) it's never been necessary before given the availability of alternate methods, (b) we have absolutely no evidence to suggest otherwise, and (c) we do have evidence of a history of Apple being at least somewhat reluctant to cooperate with the federal government of the US when it comes to individuals' privacy, to the extent that they are able (e.g., the San Bernardino case). So although it is true that we cannot be certain of our privacy, it seems very likely that Apple's efforts to improve user privacy are not disingenuous.
Even then the OP will ask us to prove that you do have all the versions of code and that there was no self destruct mechanism that wiped itself clean. You can’t prove a negative. That’s the point of those assertions. It’s not without reason that most conspiracies use this tactic.
That’s along the lines of asking “Do you have evidence that UFOs have NEVER landed on earth?” in response to someone asking if you have evidence that UFOs have landed…
Yes true. What’s your threat model though? If my government wants to own me they can do that without going to Apple.
For myself I’m quite happy with this as it is a huge improvement over what we had. My only irk is that they called themselves a champion of security and privacy before this..
So could your Android phone - even if it runs GrapheneOS. How do you know that GrapheneOS isn't a CIA project like ArcaneOS that won't push a sneaky software update to your device? You don't and you never know, so it's not really fair to target Apple for this. You will always be vulnerable to such an attack no matter what you choose.
The only true secure option is to build the source yourself, sign it with your own keys, and run it. Assuming you can read all the code and make sure its safe, and read all the code on your compiler to make sure that is safe. And you'll still need to trust the Google-signed bootloader code, which totally hasn't had suspicious custom builds released previously (ArcaneOS?)
You missed out the punchline: all of this follows from that the software is
proprietary/closed-source/non-Free.
You can't see how it works, you can't change how it works, and you have to
trust that it does as advertised. You must do all this in the knowledge that
over the years plenty of proprietary software vendors have outright lied to
their customers about exactly this kind of thing, e.g. [0][1].
I'm not aware of Apple ever doing so though, for what that's worth.
The difference is in asking Apple for something they already have access to, vs. asking them to create something entirely new (a signed software update). That’s what the FBI case a few years back was about.
The alternative is to admit that, while all megacorporations are fundamentally bad, Apple does occasionally do good things. This is clearly infeasible.
They couldn’t without bypassing all their controls and assurance measures, which are required by not just governments but corporations who don’t trust apple or the government, as well as regulators across the world who also don’t trust either apple or the us government. If you’ve ever worked in a highly regulated highly sensitive enterprise tech environment you would know this is hogwash.
Hasn't the solution to this problem always been easy? Just encrypt before you type it into imessages; this applies to _all_ untrusted communication channels. Don't tell me base64-encoding/decoding is what's stopping you from having perfect security?
Exactly, if you're dealing with truly sensitive information where any leak is unacceptable, make your own encrypted blob. Don't trust any communication software to do it for you.
The concern typically isn't backdoors, it's bugs. I've had plenty of terrible experiences with Enigmail.
Indeed, you can opt out of more of it on Android than you can on iOS. Try to get your location on iOS without telling Apple. You can't. Try installing an app without telling Apple. Same.
Even MacOS is infected with this privacy invading nonsense that I can't opt out of. It has an Apple News app that I can't uninstall, and whenever anybody sends an Apple News link, even in a private tab, it opens the Apple News app, a handler that I can't disable, sending the article I want to read together with my Apple ID to Apple.
> Apple loves harvesting your store interaction data within store apps for commercial use
FTFY.
Please stop spinning that as if Apple were siphoning every single of one's moves everywhere, irrespective of any telemetry setting one has set.
Both the linked piece and the reporter's Twitter thread seem to have taken great care to bury behind clickbait headlines and scary words the fact that this applies only to App Store, Books, Apple TV, and iTunes Store apps, which are all "store" apps (presumably that's where commercial stuff typically happens) that used to outright be webviews (not entirely sure they are 100% native as of today). I don't think anyone would be appalled if a React-based web app would send vast amounts of requests based on user interaction.
So yeah, they should probably not collect as much data as that and probably should have a toggle to nerf such data collection within the store apps (which is not the same as OS/actual app/service telemetry), but the way things keep getting spinned is beyond ridiculous and does not help in improving anything.
Why would governments push back, when this hole which has already been used will _always_ be available?