Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Hit With Lawsuit Over FaceTime Eavesdropping Bug

martyjmclean said:
Why do americans sue everybody instead of claiming liability for their own mistakes? If this bug did affect the lawyer, it is his fault. His phone isn't allowed in a court room, and if he can't disclose who the person listening in was, there's no proof that they were listening.
Click to expand...

First of all lawsuits happen all over the world not just in America.... Secondly Depositions don't happen in courtrooms, they usually happen in the lawyers office....Third, how is it his fault if this bug happens with no intervention from the receiver of the call? And fourth, its very easy to prove that there was a connection made at the time specified even if he does not disclose who was listening.
 
clystron said:
They certainly try to nudge you into it, Windows 10 has been telling me to "protect my data" by using oneDrive quite often on my home-computer.

PS: I do not feel "tricked" by MS or Apple because they ask me to use their cloud-storage
Click to expand...

Actually Apple had the option selected by default. That is what I called "tricked"; because some people will not deselect it.
 
  • Like
Reactions: clystron
tridley68 said:
Sounds like some low life hack of a lawyer trying to make a fast buck.
Click to expand...

This is very true...... But don't let that distract you from the severity of this mistake by Apple, and the fact that they were alerted about it a while ago but sat on it until it became widespread news.
 
  • Like
Reactions: jamezr
Oridus said:
Are you saying Android is more polished than iOS or do you consider Android to be in the same boat? Because those are really your two choices for top $ phones.
Click to expand...
He never mentioned Android....you brought that up.
Wasn't Apple going to focus on software enhancements/features with IOS 12? Now one of the great features of IOS 12 group Facetime is disabled because of a bug....
 
  • Like
Reactions: Marekul
martyjmclean said:
Why do americans sue everybody instead of claiming liability for their own mistakes? If this bug did affect the lawyer, it is his fault. His phone isn't allowed in a court room, and if he can't disclose who the person listening in was, there's no proof that they were listening.
Click to expand...
Dispositions are not conducted in courtrooms.
 
dialogos said:
Do you believe that Apple could handle privacy a bit better maybe?
Click to expand...

Now that I understand your situation, it personally makes sense. Having worked with a client in the medical field for the past few years, I was obligated to comply with HIPAA laws / PHI. Fortunately everything I did was through a remote connection so no files ever existed on my laptop in the first place. But I'm sure others with company provided devices would've taken issue with that, if that were possible.

Indeed, Apple could've handled privacy a bit better, but it's also true that they already handle privacy the best. It's just in your fringe case they somewhat violated. To reflect what I mean @ fringe:

It seems your work computer is a non-managed, personal computer, or hasn't gone through the kind of audit that larger medical facilities' computers would've. The security policies you have in place aren't sufficient for the environment. For a secure computer, logging into iCloud shouldn't be even allowed at the system level (should prompt a security violation even if a person attempted to log into it) and therefore the desktop syncing would be a moot feature that's impossible to use. Then there's other factors, like, in our company which is actually a Windows 7 enterprise environment, it's a rule to not store non-personal files on the desktop or in the profile folders (security permissions prevent the latter). The reason for avoiding profile folders is that, profile folders are the ones that tend to be backed up and most often attacked. The logic is simple, if it's not your personal file, then it shouldn't go into your personal folders. The "Desktop" folder is inside of your personal folders (even in Windows), so that would exclude it from being an option.

Smaller practices don't usually have the luxury or take the steps necessary to ensure their environments fully comply with client privacy laws. Still, I do agree that Apple should have been more transparent about the change. However, it became a problem because of bad habits in the first place, and Apple made it worse. If you had an adequate security policy in place, it would've never been an issue. Apple probably weighed that in regard to their enterprise environments and considered it a non-factor. -- I understand the convenience of having things on your desktop or personal folders, but instead you should create a folder outside of your home directory, and create a shortcut to that folder on your desktop or personal folder (so you don't have to hunt for it all the time). Even if you've already disabled iCloud, anything that's not your personal files, should not be in your personal folders.

Apple, Microsoft, Unix, Linux, BSD, all handle home directories / personal folders the same; so that is a universal rule that's beneficial to abide by in secure environments since all of those home directories in the various systems would be the first point of attack. Also, your webcam should be covered (with black tape or something), and any remote assistance features of the system should be disabled. There's so many other things that should be done, but it would make your system less usable. A personal computer really shouldn't be used for confidential medical work. Perhaps, you could consider getting a dedicated machine that you can remotely connect to using your personal computer. So that you can continue to work through your personal computer, without having to lock down your personal computer to a barely usable state.

Just some pointers / ideas.

I understand your frustration though, because that could've resulted in you being fined or even jailed. *sighs*
 
Last edited:
Ash Pole said:
Dispositions are not conducted in courtrooms.
Click to expand...

But what is your disposition on where depositions are given?
[doublepost=1548864197][/doublepost]
doelcm82 said:
He will have the date and time. Apple will have logs of who called in. The unknown caller will not be unknown to the court.
Click to expand...


My point wasn't whether a currently unknown party could be identified at a later date but rather how he knew that he was being eavesdropped upon. Are we going to give standing to anyone who ended any incoming FaceTime call without knowing whether this exploit was used or not?
 
  • Like
Reactions: diandi
I'm surprised the filing did not list the considerable pain and emotional distress the lawyer has suffered in the past 24 hours lmao
 
The reason for a sworn deposition is to put testimony on the record so both sides know the answer to certain questions. A court reporter will be recording everything.

William's client should just let him proceed at his own expense against Apple, and if he wins, sue Williams II for not providing a secure environment for the deposition. Damages will already be determined. Everyone should have turned off their phones.

So with this bug there’s no record of who is calling on the phone? Or, on Apple's servers?
 
  • Like
Reactions: jaxemer11
Big waste of time and money. It was a bug and no one was hurt by this. Bugs are in all software and are unavoidable. The EULA probably covers them anyway.
 
prasand said:
Now that I understand your situation, it personally makes sense. Having worked with a client in the medical field for the past few years, I was obligated to comply with HIPAA laws / PHI. Fortunately everything I did was through a remote connection so no files ever existed on my laptop in the first place. But I'm sure others with company provided devices would've taken issue with that, if that were possible.

Indeed, Apple could've handled privacy a bit better, but it's also true that they already handle privacy the best. It's just in your fringe case they somewhat violated. To reflect what I mean @ fringe:

It seems your work computer is a non-managed, personal computer, or hasn't gone through the kind of audit that larger medical facilities' computers would've. The security policies you have in place aren't sufficient for the environment. For a secure computer, logging into iCloud shouldn't be even allowed at the system level (should prompt a security violation even if a person attempted to log into it) and therefore the desktop syncing would be a moot feature that's impossible to use. Then there's other factors, like, in our company which is actually a Windows 7 enterprise environment, it's a rule to not store non-personal files on the desktop or in the profile folders (security permissions prevent the latter). The reason for avoiding profile folders is that, profile folders are the ones that tend to be backed up and most often attacked. The logic is simple, if it's not your personal file, then it shouldn't go into your personal folders. The "Desktop" folder is inside of your personal folders (even in Windows), so that would exclude it from being an option.

Smaller practices don't usually have the luxury or take the steps necessary to ensure their environments fully comply with client privacy laws. Still, I do agree that Apple should have been more transparent about the change. However, it became a problem because of bad habits in the first place, and Apple made it worse. If you had an adequate security policy in place, it would've never been an issue. Apple probably weighed that in regard to their enterprise environments and considered it a non-factor. -- I understand the convenience of having things on your desktop or personal folders, but instead you should create a folder outside of your home directory, and create a shortcut to that folder on your desktop or personal folder (so you don't have to hunt for it all the time). Even if you've already disabled iCloud, anything that's not your personal files, should not be in your personal folders.

Apple, Microsoft, Unix, Linux, BSD, all handle home directories / personal folders the same; so that is a universal rule that's beneficial to abide by in secure environments since all of those home directories in the various systems would be the first point of attack. Also, your webcam should be covered (with black tape or something), and any remote assistance features of the system should be disabled. There's so many other things that should be done, but it would make your system less usable. A personal computer really shouldn't be used for confidential medical work. Perhaps, you could consider getting a dedicated machine that you can remotely connect to using your personal computer. So that you can continue to work through your personal computer, without having to lock down your personal computer to a barely usable state.

Just some pointers / ideas.

I understand your frustration though, because that could've resulted in you being fined or even jailed. *sighs* But you wouldn't have a case against Apple, as you weren't using sufficient security practices in the first place.
Click to expand...

Prasand thank you so much for your very detailed response! Your post is very useful, informative and to the point.
 
dialogos said:
Prasand thank you so much for your very detailed response! Your post is very useful, informative and to the point.
Click to expand...

Thank you for sharing, reading and receiving the constructive criticisms well. If there's ever a point you want to refine your security practices feel free to message me. =)
 
  • Like
Reactions: dialogos
frifra said:
Almost instantly? According to the report they have known about this for a week or more. In the US you don't need loss or damage. Punitive damages are a great thing sometimes.
Click to expand...
You're struggling here.

I said stocks react to news instantly. When the news of the bug came out, any reaction would be instant. It's called the efficient market theory. Look it up.
 
martyjmclean said:
Why do americans sue everybody instead of claiming liability for their own mistakes? If this bug did affect the lawyer, it is his fault. His phone isn't allowed in a court room, and if he can't disclose who the person listening in was, there's no proof that they were listening.
Click to expand...

Why do Australians never read posts? It was a deposition.
 
So people hating on the lawyer but not mentioning Apples massive mishap here. I agree with the attorney in this case. If the bug indeed lead to someone being able to listen to his client’s privileges testimony with an attorney then it could indeed have material impact on that individual. Apple violated this persons privacy and client-attorney confidentiality.

This is not a laughing matter nor a minor claim. I would like to see details of the case before I form an opinion on its merit.
 
Baymowe335 said:
You're struggling here.

I said stocks react to news instantly. When the news of the bug came out, any reaction would be instant. It's called the efficient market theory. Look it up.
Click to expand...
Are you mixing up threads? You did not talk about stocks at all nor did I.
 
threesixty360 said:
Everyone is human!
The idea that you can trust any company to be 100% bug free, accident free etc.. is kind of crazy. Not even car companies, airplane builders etc.. are 100% bug free. It's impossible.

The reality is additional features add complexity which increases the vulnerability to bugs. Its impossible to have it any other way apart from to not introduce additional features. That's what finance companies and nuclear power plants do.. not update their stuff!

Apple cant do that otherwise there will be no business.

It's obvious that this bug is there because they added additional callers to face time which meant whatever test frameworks were setup and passed, didn't account for how things work with additional callers properly. But for years this team would never have had to look outside the series of tests they normally use, now they have to and they got caught out. It happens. All you can do is solve it as soon as possible.

And apple tend not to react immediately to issues like this because alerting more people to an issue like this without having a remedy is asking for trouble. Unless you have a solution or way of managing it what is the point of exacerbating the issue by telling everyone?
Click to expand...

Well said !
 
bigjnyc said:
This is very true...... But don't let that distract you from the severity of this mistake by Apple, and the fact that they were alerted about it a while ago but sat on it until it became widespread news.
Click to expand...
A 'while ago' is maybe a week. After that, you have no knowledge of what Apple has been up to, but certainly they weren't sitting on it.
[doublepost=1548879487][/doublepost]
Baymowe335 said:
Yes. My bad.

But I do think Apple needs to fire someone over the FaceTime bug. Unacceptable. I'd fire Craig if I were Cook, to be honest.
Click to expand...
Craig is too valuable to the team. I'd fire you. (Actually, I wouldn't fire anyone. That's not how good corporate cultures operate.)
 
myscrnnm said:
I feel like there must be some sort of legal text in the user agreement for FaceTime that protects Apple from this sort of thing. They are simply providing a free service, and if you're using a consumer service like FaceTime during a deposition, that's on you, not Apple.
Click to expand...
I think the point is you wouldn't know that you were being listened to:"a person could force a FaceTime connection with another person, providing access to a user's audio and sometimes video even when the FaceTime call was not accepted."
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back