Apple Encryption Decision

Cowboysrock55

Super Moderator
Staff member
Joined
Apr 7, 2013
Messages
52,463
February 16, 2016 A Message to Our Customers
The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.

The Need for Encryption
Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.

All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.

Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.

For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.

The San Bernardino Case
We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.

When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.

We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

The Threat to Data Security
Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

A Dangerous Precedent
Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

Tim Cook
 

Cowboysrock55

Super Moderator
Staff member
Joined
Apr 7, 2013
Messages
52,463
NSA chief: ‘Paris would not have happened’ without encrypted apps
5 hours ago Comments Sign in to like Reblog on Tumblr Share Tweet Email

National Security Agency Director Adm. Michael Rogers warns that encryption is making it “much more difficult” for the agency to intercept the communications of terrorist groups like the Islamic State, citing November’s Paris attacks as a case where his agency was left in the dark because the perpetrators used new technologies to disguise their communications.

In an exclusive interview with Yahoo News, Rogers confirmed speculation that began right after the attack: that “some of the communications” of the Paris terrorists “were encrypted,” and, as a result, “we did not generate the insights ahead of time. Clearly, had we known, Paris would not have happened.”

Rogers’ comments were made on Friday, just days before the FBI obtained a court order requiring Apple to provide a “backdoor” into the data on the iPhone of one of the shooters in the San Bernardino, Calif., terror attack in December — an order the company is resisting. But his remarks are likely to fuel the debate over encryption that has sorely divided the U.S. intelligence and law enforcement community, on one side, and privacy advocates and U.S. technology companies. (A spokesman for the NSA had no comment today on the court order or on Apple’s response.)

Rogers has at times sought to steer a middle ground in this debate, acknowledging that encryption is “foundational to our future” and even saying recently that arguing about it “is a waste of time.” In the Yahoo News interview, he frankly acknowledged, “I don’t know the answer” to unencrypting devices and applications without addressing the concerns over privacy and competitiveness, calling for a national collaboration among industry and government officials to solve the problem.

But he left little doubt about the impact encryption is having on his agency’s mission.

“Is it harder for us to generate the kind of knowledge that I would like against some of these targets? Yes,” Rogers said. “Is that directly tied in part to changes they are making in their communications? Yes. Does encryption make it much more difficult for us to execute our mission. Yes.”

Rogers also provided new details about his agency’s efforts to implement the USA Freedom Act, a law passed in the wake of the Edward Snowden disclosures, which he said has made it “more expensive” for his agency to access the phone records of terror suspects inside the United States and has resulted in a “slightly slower” retrieval of data from U.S. phone companies.

But Rogers said the delay in retrieving phone records is measured “in hours, not days or weeks,” and he has not yet seen any “significant” problems that have “led to concerns … this is not going to work.”

“When I say more difficult to do the job, it’s certainly a little slower,” he said. “There is no doubt about that. It is not as fast.”

image
The new law — which has become a contentious issue in the presidential campaign — requires the NSA to get a secret court order to retrieve individual domestic phone records rather than collecting them in bulk and storing them in agency computers, as it had been doing before the Snowden disclosures. Critics, such as Sen. Marco Rubio, charge that the act has weakened the country’s defenses in the face of the mounting threats from the Islamic State and other terror groups.

But Rogers confirmed for the first time that the law was used successfully by the NSA after the San Bernardino terror attack to retrieve the phone records of the two perpetrators, and the agency “didn’t find any direct overseas connections.” Those records provided “metadata” — the time and duration of phone calls — but not the content of emails and text messages that the FBI is seeking by requiring Apple to unlock one of the iPhones. The FBI is continuing its efforts to track down who the two shooters “may have communicated with to plan and carry out” the attack, according to a court filing Tuesday.

Rogers’ comments came during a rare and wide-ranging interview inside the “Battle Bridge,” a special NSA situation room at its headquarters in Fort Meade, Md., equipped with teleconference screens to the White House and secure facilities around the world. It was built after the Osama bin Laden raid for use during international crises.

The former Navy cryptographer described a far-reaching reorganization of the electronic spying agency — dubbed NSA21 — that he is implementing this month to cope with evolving new national security threats. Chief among them: persistent cyberattacks from “nation state actors,” who he said are repeatedly hacking into — and Rogers believes laying the groundwork for manipulation of — the nation’s critical infrastructure systems, such as the electrical grid, the banking system and the energy sector.

Those foreign powers — widely acknowledged to be Russia, China, Iran and North Korea, although he wouldn’t name them — are “penetrating systems, what we think is for the purpose of reconnaissance. To get a sense of how they are structured. Where are their vulnerabilities? What are the control points that someone would want to access?”

While Rogers said he was “not going to get into specifics,” U.S. officials have confirmed that those attacks included an Iranian hack into the computer system of a New York dam that alarmed White House officials in 2013 and a highly sophisticated Russian infiltration of an unclassified Pentagon Joint Staff computer network that prompted the NSA director to shut down the entire network for two weeks last summer.

“This is not episodic or short-term focused,” said Rogers, who also serves as commander of the U.S. Cyber Command. “My sense is you are watching these actors make a long-term commitment. How do we ensure we have the capability to potentially impair [their] ability to actually operate?”

Yahoo News asked Rogers what motivated the attacks.

“I believe they want to have the capability, should they come to a political decision, that they in some way want to interfere with the United States or send a message to us,” he said.

One question Rogers pointedly declined to address is whether any overseas intelligence services had penetrated Hillary Clinton’s unsecured private email server — a scenario that former Defense Secretary Robert Gates recently said was “highly likely.”

“It’s something I’m not going to get into right now,” he said when pressed by Yahoo News as to whether such a penetration had taken place.


Rogers’ answer to the threat of foreign cyberattacks, incorporated into NSA21, is to create a new Directorate of Operations by merging the agency’s Signals Intelligence directorate — its electronic spying arm, which intercepts hundreds of millions of telephone calls, emails and text messages around the globe — with its smaller Information Assurance arm, which works with private industry to defend U.S. computer networks.

The proposal has prompted criticism that it will heighten suspicions of the NSA, making private companies even less willing to cooperate with the agency for fear of being seen as part of its massive global surveillance mission.

“I have to admit, it was something I spent a lot of time, as did the team, thinking about,” Rogers said when asked about the criticism. He added later, “I certainly acknowledge that there are some who would argue, ‘Hey, but you have this perception battle.’ My statement to that would be, ‘We have that perception battle every single day of the year, given the fact that the NSA, we acknowledge, works in both the offensive [signals interception] and defensive [cybersecurity] structures.’”

Dealing with the “perception” of the NSA as an unchecked surveillance colossus has been Rogers’ principal challenge since he took over the agency nearly two years ago during the biggest crisis in its history — the aftermath of the Snowden leaks, described by his predecessor, Gen. Keith Alexander, at the time as “the greatest damage to our combined nation’s intelligence systems that we have ever suffered.”

A congenial career Navy cryptologist who previously was commander of the Navy’s Fleet Cyber Command, Rogers has sought to repair the agency’s image and mend fences with Capitol Hill, striking a noticeably more measured and less combative tone in his public statements than Alexander did.

But when pressed about the lingering impact of the Snowden disclosures and persistent questions among privacy advocates and members of Congress about the NSA’s continued “incidental” collection of U.S. citizens’ communications, Rogers was unyielding and unapologetic.

He twice refused, for example, to shed any light on how many Americans’ emails and phone calls are “incidentally” collected by the NSA in the course of intercepting the communications of foreign targets. “We don’t talk about the specifics of the classified mission we do,” he said. He declined to explain why such information would be classified but insisted that access to those communications by the FBI is governed by legal processes.

Rogers warned that terrorist groups such as the Islamic State are moving to encrypted apps and networks, the so-called dark Web — a trend he asserted was “accelerated” by the Snowden disclosures.

“The trend has happened much faster than we thought,” he said. “And the part that is particularly discouraging to me is when we get groups, actors, specifically discussing the [Snowden] disclosures saying, ‘Hey, you need to make sure you don’t do X, Y or Z, or you don’t use this, because remember we know the Americans are into this.


“You’ve seen al-Qaida expressly, for example, reference the [Snowden] disclosures. You’ve seen groups — ISIL does the same — talk about how they need to change their discipline, need to change their security as a result of their increased knowledge of what we do and how we do it.”

But while many experts have argued that the movement toward encryption is the inevitable result of evolving new technologies, Rogers pointed to Snowden.

“No one should doubt for one minute there has been an impact here,” Rogers said. “I will leave it to others to decide right, wrong, good or bad. But there shouldn’t be any doubt in anybody’s mind that there has been an impact as a result of these disclosures.”

Rogers has strong feelings about what should happen to Snowden, who remains in Moscow, hailed around the world by many civil liberties groups, receiving accolades and awards (and financial compensation for speeches he delivers via Skype) — all while remaining a fugitive from U.S. justice. Rogers has not seen “Citizenfour,” the Oscar-winning documentary by Laura Poitras that presents the former NSA contractor as a courageous whistleblower, and he says he will “probably” not see the upcoming film “Snowden,” due in theaters this May, by Oliver Stone.

Asked about proposals that Snowden should receive some sort of leniency as part of a deal that would bring him home, Rogers talked about the concept of “accountability.” He recalled a conversation he had with his father about the My Lai Massacre when he joined the Naval ROTC in the post-Vietnam era in 1981.

“Dad, what do you do when you get an order that you think is immoral, unethical or illegal?” he said. “And my father, something I’ll always remember, said to me, ‘Michael, you must be willing to stand up and say, “This I will not do.” But Michael, you must also be willing to be held accountable for the decision you have made. And don’t ever forget, son, responsibility and accountability are intertwined. And it ain’t one or the other. It’s about both.’ And that seems to have been forgotten in all of this.”
 

Cowboysrock55

Super Moderator
Staff member
Joined
Apr 7, 2013
Messages
52,463
I posted this because it's kind of an interesting battle brewing. It's a little scary the spying abilities of our government.
 

dallen

Senior Tech
Joined
Jan 1, 2000
Messages
8,466
I saw Google came out in support of Apple on this. Hopefully all the tech companies do. If encryption can be broken then it is useless. We might as well make it illegal
 

L.T. Fan

I'm Easy If You Are
Joined
Apr 7, 2013
Messages
21,689
If government really wanted to save lives, force smart phones from the ability of texting while driving. Compare the number of lives lost in car accidents to mass shootings. Not even close.

Instead, we get cars that promote the "safe" usage of texting. Like reading it aloud makes it much safer.
My vehicles system will not allow outgoing texting on the keyboard while the car is moving. It will allow voice commands though.
 
Last edited:

Cowboysrock55

Super Moderator
Staff member
Joined
Apr 7, 2013
Messages
52,463
I saw Google came out in support of Apple on this. Hopefully all the tech companies do. If encryption can be broken then it is useless. We might as well make it illegal
Trusting the government to handle that technology properly is scary in itself as well. I think we all want to stop terrorists but it can't be at all costs of liberty and freedom in the process.
 

shane

DCC 4Life
Joined
Apr 26, 2013
Messages
1,184
The NSA can go fuck itself. Apple deserves kudos if this is indeed the case. I don't think the electronic communications giants are really all that concerned about protecting their customers' privacy.
 
Top Bottom