I suspect they’ll quickly revert to email for the paper trail, even for authentication
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Allegedly Provided User Data to Hackers That Forged Legal Requests
- Thread starter MacRumors
- Start date
- Sort by reaction score
I do understand that, but nothing in the law compels any company to go searching for CSAM if they have no evidence for it, which is to say without probable cause. This is what Apple's CSAM technology proposes to do on mobile devices. Like I said, if Apple gets a subpoena based on probable cause as found by the courts, then I would hope they would search their servers for the given suspect's information with great gusto.
No matter what happens about Apple's CSAM-Big-Brotherness, both law enforcement and companies like Apple need to devise a way to make sure that forged law enforcement requests are not successful. Apple needs to appreciate how sensitive private information is, and right now it sounds like they are only aware of that at a marketing level. What happens if one of the people whose information was given to a fraudulent law enforcement request ends up being murdered by their ex-partner they were trying to flee? I work at a UK university and we cannot even confirm to parents, family, friends or partners that a given student attends the university precisely for that reason. If we got a request from law enforcement for personal information, you'd better believe the university's lawyers would be double-checking to see if the request was genuine.
I expect you were there then and know exactly what the situation was right? Not only that you know the people involved? Right? I mean you're making a ****-ton of assumptions here so I have to assume you know more than everyone else.
How does one sniff out fraud in a process they don't control with a forged document with forged signatures for actual law enforcement? I'm totally sure you do everything in your life without mistakes right? ? And no, I wouldn't assume jobs were lost. Not at all.
A "third party hacker"? as opposed to a first party hacker? ?
The point of these requests is expediency. From the way the story is written it appeared to be a valid request. I expect Apple gets these quite often and this one looked no different than the other ones. And again, all bets are off for "privacy" with law enforcement requests. WTF does the "biggest tech company" have to do with anything? Meta is a big tech company too. As are others dealing with this issue. So no, I don't think this is a privacy issue in the way you want to frame it.
This system you describe is already in place (poorly). It was totally about malicious behavior (forged documents/signatures).
Have you ever worked in a corporation? This was simple phishing, plain and simple. The biggest security risk at ALL companies are the employees themselves being fooled. Nothing about the size or the technical prowess of a company changes the human factor.
Some of the biggest "hacks" in recent history haven't been technical security being compromised, but simple phishing being successful.
The 5 Biggest Phishing Scams of All Time - IT Governance Blog
Phishing is one of the biggest cyber security threats organisations face. Find out the five most expensive scams of all time.
www.itgovernance.eu
If you want to validate the request, double check by calling the authorities and verifying it.
Is it somehow unreasonable to ask the worlds wealthiest (or one of the wealthiest) to make that call?
It's not like Apple doesn't have resources.
Mentioning it was the biggest was to emphasize their resources. It's not a hard ask to pick up the phone and call the people you already have relationships with (they work with LE all the time--see the San Bernardino case from 2015).
You can mock me all you want--if you get off acting this way to complete strangers on the internet, then that's what does it for you ¯\_(ツ)_/¯
You're clearly not interested in a good faith discussion on this issue.
Actually it's a tech problem an don't an Apple only problem as hackers can pretty much do that already.
No, Google just hurt themselves by allowing the PLaystore to still be totally and utterly overrun by malware for over a decade!
Not a chance as 1) any company does not have to sue every little thing that annoys them and 2) there has been no proof at all that the story was true in any way shape or form and you would think that if it were true that Bloomberg would have waved that around for the entire world to see yet they ran away refusing to do so....hmmmm!
Yes because you do not need to sue anything that breathes or moves you know, maybe it is an American thing to think you have to sue anything and everything.
Pot, please reread the article and then check the linked article. Being ignorant is not always an insult, they don't know what they don't know. Your lackluster comprehension skills can also be improved friend!
Context lost. At that stage the cloud encryption discussion was an incidental point being raised as a caveat in response to another poster. It was tangential to the article. But anyway…