Apple Actively Working to 'Double Down' on iCloud Encryption

[zioxide]

I don't think you get it.. Pretty clear

The Fourth Amendment of the U.S. Constitutionprovides, "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

No, I get it perfectly. You don't.

Warrants are all well and good. But this is a different situation.

The government getting a warrant to search someone's house doesn't put every other home owner at risk or decrease the security of those other homeowners' properties.

This would, and that's the difference many people can't grasp.

It is mathematically impossible to build a cryptographic system that would let the government in with a warrant but not expose everyone else in the process.


So going back to the 4th amendment, if I have done nothing wrong, and there are no warrants against me, I have the right to security. So do the 750+ million other iOS users who are law abiding. The government simply does not get to put my data and everyone else's at risk to catch a few bad guys.

 

[thisisnotmyname]

Please do this Apple. I used to really like iCloud backup but I specifically switched to local backups after the publicity of this case. I'm fine with being responsible or my own very strong encryption key and losing my backup if I lose my key. Give me the option to encrypt the heck out of my iCloud data and I'll go back to the cloud again.
[doublepost=1458145095][/doublepost]

Currently in the UK (I say currently because our stupid government is trying to force backdoors into everything), you are compelled to unlock a smartphone and / or provide decryption keys if the police have a search warrant, or else go to jail for 2 years. While I don't particularly like that, it's far preferable to the alternative of the government being able to get into your stuff at any time without you being aware (and the risk of hackers doing the same through the same backdoors).

by the time the legal challenge to this order was over I'd have forgotten the passcode anyway and wouldn't be able to help. Seriously, I use very long passwords and if they quarantined my device so I wasn't entering it every couple days I'd completely forget. Not sure what that means in terms of compliance and jail time, maybe I'd have to go to prison due to my lack of perfect recall.

 

[xero9]

i disabled it on my iDevices as it takes way too long to restore from iCloud anyway. Ill just keep making a local backup before doing anything to my device

I do iCloud backup as a "in case **** happens" situations. If I upgrade my phone I'll always do a local backup/restore. Nice to have that assurance though that I don't need to think about on a regular basis.

 

[techwhiz]

It's simple. Apple only needs to use stronger encryption and make key escrow optional. You opt in to have the preserve your key.

 

[naeS1Sean]

Not......DOUBLE down!

 

[kdarling]

However, Apple appears to be concerned that keeping a copy of the key means it could be compromised by hackers or that the company could be legally compelled to turn it over to governments.

Nicely dramatic, but meaningless because if that Apple held key is unsafe, then...

What about the keys that Apple uses to sign iOS? Should Apple be afraid to keep them as well?

After all, with those crucial keys, someone can create a custom version of iOS that bypasses security, and load it on any iPhone.

A court hearing to address the iPhone backdoor issue is scheduled for next Tuesday, March 22,

It's not a backdoor issue. It's a can-we-be-forced-to-help issue.

The FBI is willing to let the phone stay at Apple.

If Apple really thinks their own employees are not trustworthy enough, then Apple has much bigger problems than being asked to do it for more devices.

 

[redscull]

I want to make it as hard as possible for anyone to invade my privacy. No one should be able to enter my house and look through my old photo albums and take them. However, robbers do this. The government also does this with a proper search warrant. No one should be able to enter my digital house and look at my pictures and take them. Hackers can do this. The government should be able to do this with proper search warrants. The question is how to enable the government without enabling hackers. I am for lots of security and support apple in its drive to improve security and encryption. But we should have a conversation on how best to allow legal search and seizure request by law enforcement. Right now it's either/or, but there must be a way to get to both/and. The current back door suggestion by the FBI is not the right answer, but one does exist if we work collaboratively.

That method already exists. It's implemented in every iPhone. Just like when law enforcement shows up at your door and shows you their legal warrant and you open the door to let them inside, when they show you their data access warrant you unlock your phone and let them onto it. Simple.

If you live in a country where it's actually legal to deny telling law enforcement your secrets, like your passcodes, it should be similarly legal to deny them access to data protected by those passcodes. That data is an unbreachable extension of your personal knowledge and should be treated the same.

 

[webbuzz]

I wish they would allow more granular control over Siri from the lock screen.

 

[redscull]

It's simple. Apple only needs to use stronger encryption and make key escrow optional. You opt in to have the preserve your key.

I'd like to opt out of having security questions on my account. Or a recovery email. I know my username and password. That's my problem. Every extra means of alternately identifying me only serves to weaken my account security.

 

[vertsix]

Why do people even like iCloud backups?

Backups are so much faster on iTunes (unless you have really fast Wi-Fi) plus they're kept in your hands with your encryption key you set on your computer, being more secure.

 

[kds1]

There are options I think. I would agree that a backdoor or a master key is a problem. But for living criminals, allowing the the warrant to basically allow the police to force the criminal to open the phone would be a potential compromise. For dead criminals, the problem is clearly more difficult, but not insurmountable. The point is to have the right laws and processes to allow the legal search and seizure without giving away the key to the bank vault.



My point is not to weaken encryption. I would advocate for stronger. My point is how can we continue to support the legal system without weakening encryption. Tim even said that we need to debate this. I don't like the FBI's proposal, but that does not mean a solution can't be found.



Per the 5th amendment you cannot be forced to testify against yourself. Please consider your questions before asking

Look I used my example of pictures on purpose. Pictures are physical and the digital version is the same thing. If I have arrested a pedophile, getting to those pictures on the phone or in a digital locker is important to identify other victims so that the authorities can get them needed support. I do not want them having the master key, but yes I want there to be a way for the law to access information when they have the legal right to do so.



That is not progress IMHO. Progress is being able to better protect my assets and privacy. Progress is not putting them above the law.



If you have a storage unit (say at U-haul) I can get a warrant to enter that unit.

===================================

Folks I will take all the hits you want to give me. But let's not be simplistic here.
Encryption is good - we all agree.

More encryption is even better - we still agree.

But being above the law is not good - maybe we all don't agree, but I will not back away from that position. There has to be a way to access the information. It could be a semi-simple approach of giving the authority to force a user to unlock the data (with the proper warrants of course). Refusal would then be considered a crime or contempt of court which would give you additional jail time. The really bad folks would refuse and take the jail time. These are also the one that would have burned the physical evidence and covered there tracks. So it works out. And the FBI can hire better hackers to find ways around security -- just like the Chinese.

No, sorry. Never. Totally disagree with you. And stop using the tired cliché "But think of the children!" argument. The backdoor key you want the government to have will be misused. I guarantee it.
[doublepost=1458150008][/doublepost]

You really DON'T get. Here is the problem.... encryption that is unbreakable for all practicable purposes ALREADY EXISTS. It has existed for 3 decades. It is available via free open source download on the internet. Even if Apple and Google provided backdoors or other "magical" methods to enable search warrants against the phones of bad guys, it would not matter. Android is open source. Somebody in Afghanistan can go download open source Android, they can EASILY build a version that encrypts the entire phone with a secure alphanumeric password with no backdoors (in fact I think CynagenMod already has this option).

In fact, after the death of Osama Bin Laden, the USA recovered Al Queda documents that detailed plans for building encrypted communication systems based on existing open source. Perhaps Apple and Google (and Crashplan or any other secure service that uses encryption) have saved them the trouble, but in reality, what these companies have done is made it possible for the good guys to have security rather than just letting the bad guys have it. This is a fact that anybody who has worked in the field of digital security already understands. However, John Oliver lays it out in layman's terms quite nicely:

Next up.... let's allow secure phones but require a background check and 3-day waiting period to buy one.... oh wait that is the gun control argument, where the bad guys also have access to whatever guns they want, but the good guys have to jump through hoops.

That's because you can't kill someone with a phone.

 

[rdlink]

I guess you didn't read my other comments, so we will just have to leave it here. You have your opinion and you will not entertain others. Nothing more can be said.

This is not an opinion subject. This is as black and white as it gets. Period.

 

[2457282]

No, sorry. Never. Totally disagree with you. And stop using the tired cliché "But think of the children!" argument. The backdoor key you want the government to have will be misused. I guarantee it.

Wow, i guess you responded without reading what I actually wrote.

 

[macintoshmac]

Nice. Although I am curious about how they're going to give me the key to my stuff in the event of a restore if even Apple doesn't have it.

It is possible that Apple comes out and says that it is on customers to remember their passwords, and that if they lose their data, it is on them and Apple will not be able to do anything, and this is the only way to keep their lives private from the government snoopers. This risk of information loss if we forget passwords is the risk we will have to take if we want our data to be truly our data and not a room with a window that we can't close.
[doublepost=1458151169][/doublepost]

I'm sure they're "doubling down" on iCloud encryption.

And I'm sure it'll be a major selling feature of some new product, or just another way to force people to upgrade to the latest greatest (*cough*) version of iOS.

Remember folks, everything Apple does is to make money. If they could give the FBI what they wanted without tanking the whole company, they would.

-SC

Let's say Apple's sole guiding factor is how much money in the bank can we have. Even then, I say, they are the most deserving of that money, they do not earn it by selling you or anything yours to others. There is a line between good advertising and bad advertising, and targeted advertising is great to have, but Apple's stand is that even targeted advertising should be a customer's choice to receive.

Compare this with Google and their Android systems. Every single app before it even begins to download needs permission to your contacts and pretty much everything else. Why? That is invasion of privacy, and that is what Apple does not do. And that is why even if their sole intent is money-making, they are doing it with a just cause and with something they have to offer to customers, not something that they take from customers. They are only taking your money, so to say, not your lives. Not leaving you susceptible to every advertiser in the world.

SO, please inform yourself better and come back to have an opinion that is informed correctly.

 

[kds1]

Wow, i guess you responded without reading what I actually wrote.

A law forcing people to unlock their phones or go to jail is just as much a backdoor key as anything else. Also, people have the right to not incriminate themselves.

Perhaps you'd enjoy living in Casto's Cuba?

 

[You are the One]

What Tim and the execs at Apple do now is simply brilliant.

I've said before that this is not a strategy they came up with a few weeks ago. Was it the last event Tim said they don't have as strategy to make money on peoples private information? It goes further back. They have thought this out really well and their strategic superiority has to be appreciated.

From a privacy and personal freedom and liberty standpoint what they do is spot on, the principles they base their stand point on are well anchored in integrity, moral and ethics.

From a business perspective it is also going to turn out to be an excellent move. Who do you think customers will turn to when there is only one supplier in the device market, with a complete echo-system, that respects its customers privacy?

Sluts like MS, that are prostituting themselves to an insanely fascistic government, are going to loose a lot of business on this.

 

[zioxide]

There are options I think. I would agree that a backdoor or a master key is a problem. But for living criminals, allowing the the warrant to basically allow the police to force the criminal to open the phone would be a potential compromise. For dead criminals, the problem is clearly more difficult, but not insurmountable. The point is to have the right laws and processes to allow the legal search and seizure without giving away the key to the bank vault.

My point is not to weaken encryption. I would advocate for stronger. My point is how can we continue to support the legal system without weakening encryption. Tim even said that we need to debate this. I don't like the FBI's proposal, but that does not mean a solution can't be found.

No, Tim argued that if the FBI wants a back door they need to get Congress to pass a law, not try to get the courts to change an existing law.

Your "point" is impossible. Encryption is essentially basic math with big numbers. There is no middle ground in math. An equation is either equal or its not. There's no "equal but only for the good guys."

2+2 will always equal 4 regardless if it's the FBI or a bad guy.

If you have a storage unit (say at U-haul) I can get a warrant to enter that unit.

That warrant doesn't compromise the security of every other user. This would. That's the difference.

But being above the law is not good - maybe we all don't agree, but I will not back away from that position. There has to be a way to access the information. It could be a semi-simple approach of giving the authority to force a user to unlock the data (with the proper warrants of course). Refusal would then be considered a crime or contempt of court which would give you additional jail time. The really bad folks would refuse and take the jail time. These are also the one that would have burned the physical evidence and covered there tracks. So it works out. And the FBI can hire better hackers to find ways around security -- just like the Chinese.

What you are advocating for is not happening as it's an egregious violation of the 5th amendment. You cannot be forced to divulge information that might incriminate yourself. Your password is protected by that.

 

[2457282]

A law forcing people to unlock their phones or go to jail is just as much a backdoor key as anything else. Also, people have to right to not incriminate themselves.

Perhaps you'd enjoy living in Casto's Cuba?

Let me guess, you are a Trump supporter.

I does not look like we are going to have a reasonable conversation so please enjoy the rest of your day.

 

[kds1]

Let me guess, you are a Trump supporter.

I does not look like we are going to have a reasonable conversation so please enjoy the rest of your day.

Actually, no. I'm very anti-Republican.

 

[Gav2k]

Half the issue could be resolved if apple allowed the secure enclave to be enabled from boot without the need for a password. Then they could just make the bad guy touch the home button and bingo

 

[2457282]

No, Tim argued that if the FBI wants a back door they need to get Congress to pass a law, not try to get the courts to change an existing law.

Your "point" is impossible. Encryption is essentially basic math with big numbers. There is no middle ground in math. An equation is either equal or its not. There's no "equal but only for the good guys."

2+2 will always equal 4 regardless if it's the FBI or a bad guy.





That warrant doesn't compromise the security of every other user. This would. That's the difference.




What you are advocating for is not happening as it's an egregious violation of the 5th amendment. You cannot be forced to divulge information that might incriminate yourself. Your password is protected by that.

Maybe my English really sucks -- I have repeatedly stated that I am not for back doors or weaker encryption and yet everyone is arguing with me over this.

I AM NOT FOR WEAKER ENCRYPTION OR BACKDOORS.

As for the warrant issue, I am not a lawyer, so I may be missing stuff here, but if you are hiding a body in a safe (obviously a big safe), the authorities cannot force you to hand over the key or the combo? Somehow that seems off, because the authorities should have the legal right to access the space if they had the warrant.

 

[AbSoluTc]

So Apple is really protecting pedophiles, murders and Isis? So you telling me Apple would be protecting these criminal's footage of the killing a cop? http://www.cnn.com/2016/03/15/us/maryland-police-officer-killed/index.html

The fourth amendment is not absolute...

Yup - they're having tea and scones on the reg.

Comments like these coming from someone with a Marine badge and all the Apple products you own just doesn't make sense. Are you really that daft or are you trying to incite something?

Millions > than the 100's of bad. Basically you're saying it's better to open it all up just to "get" a few hundred people. Yeah no. Isis will continue to be ISIS. Pedophiles will still be pedophiles. Murders will still happen. Shootings will still take place. Access to a phone won't stop it. It may only help put them behind bars.

Humans will still be humans. With or without technology.

 

[zioxide]

Maybe my English really sucks -- I have repeatedly stated that I am not for back doors or weaker encryption and yet everyone is arguing with me over this.

I AM NOT FOR WEAKER ENCRYPTION OR BACKDOORS.

But that's what it would require to do what you are asking..
That's what you're not getting.

You can't say "I don't want back doors but there should be a way for the government to get in with a warrant" because that simply is not possible without some type of door.

As for the warrant issue, I am not a lawyer, so I may be missing stuff here, but if you are hiding a body in a safe (obviously a big safe), the authorities cannot force you to hand over the key or the combo? Somehow that seems off, because the authorities should have the legal right to access the space if they had the warrant.

They can force you to hand over a physical key but they cannot force you to hand over a combination to that lock if that combination is only stored in your head. Anything stored in your brain is protected by the 5th.

 

[BC2009]

That's because you can't kill someone with a phone.

Don't you remember the Motorola RAZR? Just think if Apple makes the iPhone any thinner, you might just be able to cut yourself with it.

Seriously, my analogy to gun control still holds in the notion that both encryption and guns are used by honest law-abiding citizens to protect themselves and by criminals and terrorists to do harm. Mind you, accidents can happen with guns that cannot happen with phones and I get that, but all the background checks in the world are not going to prevent accidents. What the FBI seems to want is some fantasy land where only people who will never be arrested would have access to secure encryption but the bad guys would have a backdoor. It would be the same fantasy land where law abiding citizens could purchase guns, but the bad guys could not -- that world does not exist.

 

[2457282]

But that's what it would require to do what you are asking..
That's what you're not getting.

You can't say "I don't want back doors but there should be a way for the government to get in with a warrant" because that simply is not possible without some type of door.



They can force you to hand over a physical key but they cannot force you to hand over a combination to that lock if that combination is only stored in your head. Anything stored in your brain is protected by the 5th.

How so doe this require a backdoor. I am specifically stating I want them coming in the front door, which you say is a 5th issue. It may be a 5th issue but it is NOT a backdoor issue.