Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Police departments call Apple and say "hey this is me, my email address is xxx", Apple builds an app with a registration system and the police are given an access code via email, the app then registers them for 2 factor. Someone at Apple tries to confirm the details of the police department, ie did they call from a VOIP number or a traditional phone line, does the email make sense, etc. If they can't confirm it they can send people over and talk in person.
I suspect they’ll quickly revert to email for the paper trail, even for authentication
 
...
I think you misunderstand, you don't technically wait for a subpoena, according to the law if you're aware of CSAM content you have to make it available to investigators and section it off from other data to protect it while the investigation happens. It doesn't take a subpoena for CSAM content. This is how the law works.
...
I do understand that, but nothing in the law compels any company to go searching for CSAM if they have no evidence for it, which is to say without probable cause. This is what Apple's CSAM technology proposes to do on mobile devices. Like I said, if Apple gets a subpoena based on probable cause as found by the courts, then I would hope they would search their servers for the given suspect's information with great gusto.

No matter what happens about Apple's CSAM-Big-Brotherness, both law enforcement and companies like Apple need to devise a way to make sure that forged law enforcement requests are not successful. Apple needs to appreciate how sensitive private information is, and right now it sounds like they are only aware of that at a marketing level. What happens if one of the people whose information was given to a fraudulent law enforcement request ends up being murdered by their ex-partner they were trying to flee? I work at a UK university and we cannot even confirm to parents, family, friends or partners that a given student attends the university precisely for that reason. If we got a request from law enforcement for personal information, you'd better believe the university's lawyers would be double-checking to see if the request was genuine.
 
Lol. They provided a third party hacker with user data. You don't think that's a privacy issue? You don't think the most valuable TECH company in the world should be better at sniffing out fraud? I love these people apologizing for Apple. Take the L---this is a big screw up on their part, and I promise you jobs were lost at Apple over this. Don't soft pedal it.
I expect you were there then and know exactly what the situation was right? Not only that you know the people involved? Right? I mean you're making a ****-ton of assumptions here so I have to assume you know more than everyone else.

How does one sniff out fraud in a process they don't control with a forged document with forged signatures for actual law enforcement? I'm totally sure you do everything in your life without mistakes right? ? And no, I wouldn't assume jobs were lost. Not at all.

A "third party hacker"? as opposed to a first party hacker? ?

The point of these requests is expediency. From the way the story is written it appeared to be a valid request. I expect Apple gets these quite often and this one looked no different than the other ones. And again, all bets are off for "privacy" with law enforcement requests. WTF does the "biggest tech company" have to do with anything? Meta is a big tech company too. As are others dealing with this issue. So no, I don't think this is a privacy issue in the way you want to frame it.
 
For those of you defending this sharing of Customer data by simply characterizing it as human error don't get it. If a proper process is implemented with checks and balances then you can prevent human error. What you can't prevent is malicious behavior but even that can be mitigated. There is no good excuse period for Apple to allow this to happen.

This system you describe is already in place (poorly). It was totally about malicious behavior (forged documents/signatures).
 
Lol. They provided a third party hacker with user data. You don't think that's a privacy issue? You don't think the most valuable TECH company in the world should be better at sniffing out fraud? I love these people apologizing for Apple. Take the L---this is a big screw up on their part, and I promise you jobs were lost at Apple over this. Don't soft pedal it.
Have you ever worked in a corporation? This was simple phishing, plain and simple. The biggest security risk at ALL companies are the employees themselves being fooled. Nothing about the size or the technical prowess of a company changes the human factor.

Some of the biggest "hacks" in recent history haven't been technical security being compromised, but simple phishing being successful.
 
  • Like
Reactions: msackey
I expect you were there then and know exactly what the situation was right? Not only that you know the people involved? Right? I mean you're making a ****-ton of assumptions here so I have to assume you know more than everyone else.

How does one sniff out fraud in a process they don't control with a forged document with forged signatures for actual law enforcement? I'm totally sure you do everything in your life without mistakes right? ? And no, I wouldn't assume jobs were lost. Not at all.

A "third party hacker"? as opposed to a first party hacker? ?

The point of these requests is expediency. From the way the story is written it appeared to be a valid request. I expect Apple gets these quite often and this one looked no different than the other ones. And again, all bets are off for "privacy" with law enforcement requests. WTF does the "biggest tech company" have to do with anything? Meta is a big tech company too. As are others dealing with this issue. So no, I don't think this is a privacy issue in the way you want to frame it.
If you want to validate the request, double check by calling the authorities and verifying it.

Is it somehow unreasonable to ask the worlds wealthiest (or one of the wealthiest) to make that call?

It's not like Apple doesn't have resources.

Mentioning it was the biggest was to emphasize their resources. It's not a hard ask to pick up the phone and call the people you already have relationships with (they work with LE all the time--see the San Bernardino case from 2015).

You can mock me all you want--if you get off acting this way to complete strangers on the internet, then that's what does it for you ¯\_(ツ)_/¯

You're clearly not interested in a good faith discussion on this issue.
 
If you want to validate the request, double check by calling the authorities and verifying it.

Is it somehow unreasonable to ask the worlds wealthiest (or one of the wealthiest) to make that call?

It's not like Apple doesn't have resources.

Mentioning it was the biggest was to emphasize their resources. It's not a hard ask to pick up the phone and call the people you already have relationships with (they work with LE all the time--see the San Bernardino case from 2015).

You can mock me all you want--if you get off acting this way to complete strangers on the internet, then that's what does it for you ¯\_(ツ)_/¯

You're clearly not interested in a good faith discussion on this issue.
...Who do you call?
 
Are we surprised?

Apple has outright scams that sail right through App Review and into the iOS App Store
..and often they stay there dominating sales charts for long periods of time.

Anyone hoping for "protection" from AppleMegaCorp is going to be disappointed.

They lock things down simply to control as much of the money flow as possible.
That's it. There is nothing else to it.
No but thanks for trying.
 
They can be right about something and wrong about other things. Even major mistakes. Last time I checked, Dan Rather never apologized for the forged National Guard documents in a 2004 story, but people still watch CBS news and I imagine they are right about a good deal more than they are wrong about.

Also--where was Apple's lawsuit against Bloomberg? You'd have to think Apple was boiling mad about a story that literally defamed them and they did.....nothing. This is a company that zealously protects itself.

You sure there was nothing to that story? Hmmmmm....
Not a chance as 1) any company does not have to sue every little thing that annoys them and 2) there has been no proof at all that the story was true in any way shape or form and you would think that if it were true that Bloomberg would have waved that around for the entire world to see yet they ran away refusing to do so....hmmmm!
 
Please read fully before calling other respondents ignorant. It will avoid your comprehension skills looking lacklustre.
Pot, please reread the article and then check the linked article. Being ignorant is not always an insult, they don't know what they don't know. Your lackluster comprehension skills can also be improved friend!
 
Pot, please reread the article and then check the linked article. Being ignorant is not always an insult, they don't know what they don't know. Your lackluster comprehension skills can also be improved friend!

Context lost. At that stage the cloud encryption discussion was an incidental point being raised as a caveat in response to another poster. It was tangential to the article. But anyway…
 
  • Haha
Reactions: Sciomar
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.