Apple Aims for Greater Transparency With Comprehensive New Privacy Site

[X-X]

What about explaining what a "disappearing warrant canary" is?

Apple included language in its first Transparency Report to say that it had not been subject to a Section 215 Patriot Act request. That language is now gone.

The disappearance of Apple’s warrant canary thus suggests that the company too is now part of FISA or PRISM proceedings. Apple did not immediately respond to an email request for comment.

https://gigaom.com/2014/09/18/apples-warrant-canary-disappears-suggesting-new-patriot-act-demands/

http://9to5mac.com/2014/09/18/apple-removes-language-from-transparency-reports-signaling-new-government-requests-for-data/

 

[samcraig]

They didn't launch it to make money off it. They launched it so the developers could make some money off it, and seems like they are. So it's a success.

LOL. Thanks for that.

 

[Cloudane]

That's what terrorists would do if they were clever. Fortunately, they are mostly brain damaged.

----------



What about explaining what a "disappearing warrant canary" is? And what about telling us what _you_ think about it since you are bringing it up?

You could just click on the link and use your eyes?

I don't know what to think, that's why I'm asking. Maybe it's nothing, maybe it's major, it doesn't seem to be getting much exposure..

 

[mrxak]

Well ****. Apple got FISA'd.

 

[keifer.street]

Hope that's sarcasm.

Apple made a cute little webpage saying they're the good guys? How adorable. I'll believe every word they wrote, kittens and rainbows...

There needs to be federal oversight of tech companies, LEOs and the NSA before privacy is taken seriously. But instead for the past decade we've voluntarily lived in a surveillance state and the government has done everything in its power to exploit that. No one can be trusted to do their jobs anymore. Everyone's failed.

This website's as big of waste of data as their employee & environmental responsibility pages.

I don't think anyone should believe any company blindly, but everything I've researched, read, and seen indicates that Apple is fighting harder than any IT company in the industry to protect your data and increase transparency. I think the appropriate response to this article is to be 'cautiously optimistic'.

This kind of flaming and uniformed rhetoric in the above quote from Mr Fusion isn't helpful to anyone.

 

[iWe]

Despite Apple's Privacy Pledge, Cops Can Still Pull Data Off a Locked iPhone
18 September 2014

A reminder to iPhone owners cheering Appleis latest privacy win: Just because Apple will no longer help police to turn your smartphone inside out doesn’t mean it can prevent the cops from vivisecting the device on their own.

iOS forensics expert Jonathan Zdziarski offered a word of caution for the millions of users clamoring to pre-order the iPhone 6 and upgrade to iOS 8. In many cases, he points out, the cops can still grab and offload sensitive data from your locked iPhone without Apple’s help, even in iOS 8. All they need, he says, is your powered-on phone and access to a computer you’ve previously used to move data onto and off of it.

"It seems clear that Apple is trying to compete on privacy and security…Android is looking worse and worse by comparison", Zdziarski says.

But Zdziarski warns that despite that strengthening line, Apple users shouldn't become complacent. "The biggest mistake consumers can ever make in this situation is to assume that the information on their device is completely safe from the police", he says. "Even with iOS 8's big improvements, assume the data on your mobile device could potentially be accessed, and act accordingly".

Full Story: Wired

 

[cmaier]

Text doesn't seem to match the headline.

Despite Apple's Privacy Pledge, Cops Can Still Pull Data Off a Locked iPhone
18 September 2014


A reminder to iPhone owners cheering Appleis latest privacy win: Just because Apple will no longer help police to turn your smartphone inside out doesn’t mean it can prevent the cops from vivisecting the device on their own.

iOS forensics expert Jonathan Zdziarski offered a word of caution for the millions of users clamoring to pre-order the iPhone 6 and upgrade to iOS 8. In many cases, he points out, the cops can still grab and offload sensitive data from your locked iPhone without Apple’s help, even in iOS 8. All they need, he says, is your powered-on phone and access to a computer you’ve previously used to move data onto and off of it.

"It seems clear that Apple is trying to compete on privacy and security…Android is looking worse and worse by comparison", Zdziarski says.

But Zdziarski warns that despite that strengthening line, Apple users shouldn't become complacent. "The biggest mistake consumers can ever make in this situation is to assume that the information on their device is completely safe from the police", he says. "Even with iOS 8's big improvements, assume the data on your mobile device could potentially be accessed, and act accordingly".

Full Story: Wired

 

[Tech198]

huh uh...

you mean "greater" than what what suppose to have been done right anyway ??


Makes sense... New phone, New site.....

No Thanks..

Tim can keep underscoring and keep going on about "how we protect the customer with "strong encryption", but at the end of the day The keys live on their servers.. Period..

Encrypted, or otherwise..

Something that lives on their servers means they can do anything with it... hence, not in your hands, and u have no say.

I would have felt better if encryption and/or keys were kept on the phone and never sent to Apple..

That would have been the Only way to have done all this, then privacy would never have been an issue with Apple.

 

[iWe]

Text doesn't seem to match the headline.

Might have something to do with the parts I chose for my post. But if you read more carefully or read the full length Wired article they do match.

 

[cmaier]

Which keys? They've explicitly said that they can't provide data from your phone to the government anymore because they do not have the keys. They published a white paper that says where all the keys for all their services live. For many services they do not have the keys.

huh uh...

you mean "greater" than what what suppose to have been done right anyway ??


Makes sense... New phone, New site.....

No Thanks..

Tim can keep underscoring and keep going on about "how we protect the customer with "strong encryption", but at the end of the day The keys live on their servers.. Period..

Encrypted, or otherwise..

Something that lives on their servers means they can do anything with it... hence, not in your hands, and u have no say.

I would have felt better if encryption and/or keys were kept on the phone and never sent to Apple..

That would have been the Only way to have done all this, then privacy would never have been an issue with Apple.

 

[John.B]

And here we go...

Apple included language in its first Transparency Report to say that it had not been subject to a Section 215 Patriot Act request. That language is now gone.

The disappearance of Apple’s warrant canary thus suggests that the company too is now part of FISA or PRISM proceedings. Apple did not immediately respond to an email request for comment.

https://gigaom.com/2014/09/18/apples-warrant-canary-disappears-suggesting-new-patriot-act-demands/

I saw the same thing yesterday, but Cyrus Farivar at Ars says it may have more to do with DoJ reporting rules. Worth a read, if this sort of thing interests you:

No, Apple probably didn’t get new secret gov’t orders to hand over data | Ars Technica

That said, I would've liked to have Charlie Rose ask Tim Cook about that, point blank, in his interview this week.

 

[John.B]

Only if you are daft enough to enter your mother's maiden name when there is a security question asking for your mother's maiden name. You can enter something like 8dw820axn instead.

But then you have the Liar's Conundrum: Which lie did you tell to whom? Now you need some sort of a personal database to track which question was answered with what lie (or gibberish) on which website. And that can be compromised.

Which is why I'm more of a fan of things like Touch ID and phone alerts/two factor authentication than I am of "security questions". In the Security Trifecta, "what you are" and "what you have" trump "what you know", every time. Unfortunately, security continues to be built around passwords and security questions and the like...

And, yes, most people are ignorant (not "daft") about how insecure answering those questions honestly can be.

 

[Tech198]

Which keys? They've explicitly said that they can't provide data from your phone to the government anymore because they do not have the keys. They published a white paper that says where all the keys for all their services live. For many services they do not have the keys.

For example, if you have encrypted your drive, and chose to store the key with Apple encrypted.

You telling me that if a court went to Apple, they wouldn't comply ? of curse they would, anyone would need to. except VPN companies outside of U.S

 

[cmaier]

no way.... If Apple does not have the keys then how can Apple decrypt them ?


You telling me that if a court went to Apple, they wouldn't comply ?

Apple has explicitly said it CANNOT decrypt it because they don't have the keys, and thus it's not an issue of "wouldn't" comply - it's "couldn't" comply.

I've been reading their newly published iOS Security Guide Sept. 2014 for the last two days for an article, and they explain in great detail the algorithms used to create the keys, when they are created and by whom, how long they live, under what conditions they are transmitted, etc. Unless they are lying, they don't have the keys.

 

[Tech198]

Apple has explicitly said it CANNOT decrypt it because they don't have the keys, and thus it's not an issue of "wouldn't" comply - it's "couldn't" comply.

I've been reading their newly published iOS Security Guide Sept. 2014 for the last two days for an article, and they explain in great detail the algorithms used to create the keys, when they are created and by whom, how long they live, under what conditions they are transmitted, etc. Unless they are lying, they don't have the keys.

Then what do you think the court would do ? just let it slide ? What your saying is Apple could not comply with a law.

Take a look at http://lavabit.com/

 

[cmaier]

Then what do you think the court would do ? just let it slide ?

A court can't make you do the impossible, so yes. In a court proceeding you can only subpoena documents and things that actually exist.

(Google "possession, custody or control")

----------

Then what do you think the court would do ? just let it slide ? What your saying is Apple could not comply with a law.

Take a look at http://lavabit.com/

How is lavabit relevant? They were ordered to do something that was actually possible for them to do.

 

[CyBeRino]

Then what do you think the court would do ? just let it slide ? What your saying is Apple could not comply with a law.

It's not so much "letting it slide", it's recognising that it's not something Apple can technically do. It's like asking them to turn the sky green. Can't be done.

Take a look at http://lavabit.com/

Lavabit had the problem where they had keys to decrypt the messages, because they didn't architect their service to not require them to have them. So they had keys, which means they could be subpoenaed. Apple does not.