Saturday, September 19, 2015

How Apple is not truly offering privacy

The NY Times reports that Apple and others have thwarted government spying by offering end-user encryption:
In an investigation involving guns and drugs, the Justice Department obtained a court order this summer demanding that Apple turn over, in real time, text messages between suspects using iPhones.

Apple’s response: Its iMessage system was encrypted and the company could not comply.

Government officials had warned for months that this type of standoff was inevitable as technology companies like Apple and Google embraced tougher encryption.
This has caused civil libertarians and others to praise Apple for offering privacy to make eavesdropping impossible.

But as Matthew Green explains, this is not really true. Apple has engineered the system so that it can spy on messages any time it wants to. Apple can comply with the DoJ requests by just turning on its own spy capabilities.
Apple declined to comment on the case for this article. But company officials have argued publicly that the access the government wants could be exploited by hackers and endanger privacy.

“There’s another attack on our civil liberties that we see heating up every day — it’s the battle over encryption,” Timothy D. Cook, the company’s chief executive, told a conference on electronic privacy this year. “We think this is incredibly dangerous.”

Echoing the arguments of industry experts, he added, “If you put a key under the mat for the cops, a burglar can find it, too.” If criminals or countries “know there’s a key hidden somewhere, they won’t stop until they find it,” he concluded.

I believe that users have a right to end-to-end encryption, the govt should not be able to force weakened encryption. But that is not the situation here. People are willingly using an Apple system that allows Apple spying. The DoJ is just asking, with a court order against criminal suspects, for the access that Apple has already engineered in.

I think that Apple should either offer true privacy or comply with the DoJ.

Update: Here is another proposal:
The news comes from a draft memo from the president's encryption working group, which was tasked with finding solutions that would be acceptable to tech companies and law enforcement alike. ...

The most controversial proposal was one that targeted the automatic software update system. "Virtually all consumer devices include the capability to remotely download and install updates," the paper observes. It then proposes to "use lawful process to compel providers to use their remote update capability to insert law enforcement software into a targeted device."
Apple and others do use these updates to suit their own purposes.

Update: Apple may have to explain itself to the court.

No comments: