Good news: FBI says Apple's end-to-end encryption is "deeply concerning"

Originally published at: Good news: FBI says Apple's end-to-end encryption is "deeply concerning" | Boing Boing

…

Not to mention that making data vulnerable to “lawful access by design” also makes it much more easily accessible by lawless actors (I mean, aside from the ones in the U.S. government).

Rewind a few years ago…

So, what has changed?

“User-only-access.”

Which is the way it SHOULD be.

I really despise how we’ve allowed others to butcher the meanings of words in an effort to confuse people into believing their bullshit is legit.

“A few months ago I told the American people I did not trade arms for hostages. My heart and my best intentions tell me that’s true, but the facts and evidence tell me it is not.”

Rot In Perpetuity

FTA:

In January 2020, Reuters reported that Apple dropped plans to encrypt user data in ‌iCloud‌ at the behest of the FBI, which was concerned such a move would hinder investigations and its intelligence efforts. In an interview yesterday with The Wall Street Journal 's Joanna Stern, Apple’s vice president of software engineering, Craig Federighi, labeled the report as inaccurate. “I’ve heard that rumor, but I don’t know where it came from.”

One thing that’s changed is Apple has recognized that “privacy is a feature people are willing to pay for.”

I think the industry was truly surprised at how many people opted out of ad tracking (96%), and how many people are pleased that companies (especially Facebook) have been shut out by Apple’s prohibition against trackers. That’s apparently had a positive effect on customers, causing some to migrate from Android to Apple. Apple is happy to adopt the mantle of “privacy champions”, as long as there’s a paycheck in it.

Another strong reason is that if your data is encrypted such that Apple can’t read it, then even a total breach of Apple’s systems still won’t compromise their clients’ data. It takes Apple out of the loop from leaking client data. It doesn’t matter how many protections a hacker bypasses in Apple’s servers, a pile of encrypted photos or texts belonging to Beyonce are useless when Apple doesn’t have the key.

Apple has certainly had their missteps along the way. A year ago they were trying to implement CSAM hash matching on images uploaded to iCloud, and there was a huge outcry for two reasons: the first was the idea that your phone would send info to a representative of a reprehensible Big Brother; and the other was that your data was not protected by Apple when it could easily be done. (They have long used the same end-to-end encryption to protect their clients’ passwords, keys, and cookies.)

But Apple’s mistakes are nothing like Google’s “all your data are belong to us” philosophy. Google is the world’s largest advertising company, and their privacy-leaking tools like Chrome and Android are their main cash cows. They may talk about “ad blocking” or “tracker protection”, and shutting off Facebook access to their data streams, but they will never implement real privacy for their users, because it’s the opposite of their business model.

The FBI is butt-hurt because this closes the “easy scoop-all wiretap” approach they’ve used and abused in the past. Instead, if they want to see what bad things Nikkie The Nose has on his phone, they’ll have to obtain Nikkie’s phone and crack it. Apple does not exist to make the FBI’s job easier.

Apple might have sung a different tune if the federal government had ever acted in accordance with their own rules. But case after case has proven that government agencies abuse their power so regularly that it has a name: “Parallel Construction”, where they build a case on illegally obtained evidence, then use that info to dig up enough legally obtained evidence to arrive at a conviction without any demonstrable reliance on the illegal evidence. When they’re so unethical that they can’t do their one job without breaking the law, there’s certainly no moral compulsion to help them.

The Good Guys applaud but the Bad Guys will abuse.

The fact that the FBI hates it is a great endorsement!

End-to-end encryption wasn’t a feature from launch?!

Edit to add a missing negative.

You got that right. I was working inside the ad-supported mobile game industry when Apple rolled that out. Most companies (including the one I worked for) estimated 30-35% opt-out, and adjusted business models accordingly. I was in some of the meetings where this was being decided and it was amazing listening to the marketing people claim that most people like ad tracking because nobody complains about it. In my head, I’m thinking, “Of course they wouldn’t like it, if most people understood what it was and what you were doing”. It was a real “banality of evil” kinda situation. I didn’t say anything because nobody listens to the engineers in a meeting like that, but I’m glad not to be in that business anymore. It’s pretty much evil top to bottom. It’s all monetizing dark patterns and consumer ignorance of surveillance tech.

Don’t let your kids play “free” games on their phones.

“end-to-end encryption is necessary until they learn to behave themselves”

They don’t need to learn to not be a problem if it’s impossible for them to be a problem. Personally, I’d rather put my trust in math than in them claiming to have learned.

If law enforcement agencies are not able to do their job without unfettered access to an indescriminate global surveillance network, they need better training. Police work at any scale should not be framed as a Big Data problem.

People are seeing what the opposite of that looks like right now in China. Ubiquitous logging of cell phone locations and records, pervasive cameras all being recorded, and facial recognition databases built from government issued IDs have essentially stopped street crime in cities like Shenzhen. According to what I’ve read from people like Naomi Wu, if you so much as snatch a purse, the authorities will be waiting for you at your front door.

And simple workarounds like traveling without your phone are not so simple. An elevator with four people in it better have four registered cell phones in it too, or you probably won’t make it out of your apartment building before being stopped.

To the Chinese government, Big Data is an effective solution to one of civilization’s oldest problems. Of course they’re also applying the same tools to civil unrest, which suits the CCP just fine because their hold on power depends entirely on the threat of unlimited force being applied to the population.

Dear FBI and other 3 letter folks,

You’ve had access to this until now and yet there are precious few alt right terrorists in prison. You had your chance, you wasted it.

Signed,
Everyone

This topic was automatically closed after 5 days. New replies are no longer allowed.