No one asked you to.
Not offhand, no. Did the case involve someone who failed to understand an analogy?
Our laws deal with it perfectly well. Until there’s a crime under investigation and a warrant has been issued, per the Fourth Amendment it is nobody’s business but mine and Google’s what doo-dads and bells and whistles I want to come factory-installed on my phone. Once the phone is in my hand, it’s nobody’s business but mine. Speculation about “consequences” is nothing but inane fear-mongering.
No, no need to invoke Che or Rush or Gingrich. This is no lawful-evil demagoguery. To those of us who know a thing or two about computers, his statements merely appear profoundly stupid.
One of the cases involved someone who was arrested for a minor crime, and then the police searched his phone. The Court ruled that they should have had a warrant, which I totally agreed with. But once the phone was searched, his affiliation with a gang and a murder was determined. Police testified about that evidence (a video and some other things) and the guy was convicted.
So, in the future, if the police had obtained a warrant but been unable to execute the search, would his hand in the murder have been known? From what I understand about the case, it seems quite doubtful. I think that is a very good example of why I think it is unfortunate that Apple is making these changes specifically so police would be unable to discover this important evidence.
Going back to our exchange on Snowden, I see now we were talking past each other. My point is that the use of evidence on phones like this case I just summarized has nothing at all whatsoever to do with Snowden.
But I now see that you were saying something different - that Snowden makes people more interested in these phones. That’s a fair point. It reminds me of how the NRA and gun makers made a big deal about Obama being elected in order to sell more guns: it’s very hard to stop a company from using fear to sell more product.
I think you said earlier that our laws have not totally caught up with a lot of these technological issues. I do agree with that, but I’m not sure the police have a right to find things they were not specifically looking for during a search. I think that generally speaking, if they’re looking for evidence of crime A, they can only take evidence of crime B if it’s in something like plain sight, and I don’t object to that in principle.
Yes, that’s exactly what I was saying.
That’s true- except in this case the government has done a fair bit to justify that fear in my opinion.
It’s almost as if that non-criminal majority is actually more, or firstly, thinking about protecting themselves from somebody other than police.
Go back and read your own post. You acknowledge the possibility that they do not have a warrant. If that’s the case, it is the state actor’s action which is the only wrong. Either way, there aren’t two wrongs.
Do you honestly believe that the main reason for this level of encryption is to allow people to place themselves beyond the law? By his own statements the FBI director loses credibility.
No. The analogy is illustrating the point that just because you voluntarily give information to one party, does not mean that you must be compelled to give information to another. Does that make it more clear?
Yes - it’s almost as if the FBI director acknowledged this and then hand waived it away:
Apple is describing its services in those terms: “Our commitment to customer privacy doesn’t stop because of a government information request.” See for yourself in big, 36 point letters. They continue, in smaller print, “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”
So, yes, I think it’s perfectly clear that Apple’s marketing strategy includes talking about how the iPhone 6 is immune from lawful searches.
No, because the whole point of a search warrant and similar court orders is that you are compelled to give information in order to further justice. It’s a very basic feature of our judicial system, I’m sure you’ve heard of it before. You are directly asserting that there is something illegitimate about a judge authorizing a search of one’s personal effects, when, in fact, the Constitution specifically provides for searches of personal property upon probable cause. The catch here is that encryption and electronic data are in this catch-22 void between physical evidence and incriminating testimony.
Again, I need to ask what’s so different about Apple and Google providing this capability, when it’s been widely available for years on PCs and Macs?
My PC’s hard disk is protected with strong encryption, and (I believe) there is no way for anyone to get at my data unless I unlock it for them.
The PGP company has been providing whole-disk encryption for some time. Is PGP thumbing their nose at law enforcement by making software that lets users lock their data without PGP being able to get into it? I didn’t hear any complaints when that came out.
The technology isn’t new, the commercialization of it isn’t new. Why are people getting upset that Apple and Google are using something similar?
Their comment is about requests, not lawful searches. Haven’t there been requests for data that have been denied by ISP and other businesses, because there was no valid warrant, or the warrant was being contested? Apple and others will continue to comply with lawful searches pursuant to a warrant. They will just be less fruitful.
I actually believe the two main reasons for this level of security is marketing, and limiting liability.
No. The point of a search warrant is that you are compelled to allow the search. You are never compelled to “give information”. So go ahead, search. The government will never be able to bypass the security. Ever. And neither will any nefarious actors. Sometimes the two groups are the same.
(emphasis added)
What we have here is a fallacy of false equivalence, e.g.:
Obviously, Apple’s marketing strategy is based on the fact that its customers (correctly) reject the notion that “a government information request” necessarily has anything to do with “lawful searches”.
There is also the technical reality – it is simply not possible to credibly promise security if the government has any sort of backdoor access. We know about Snowden because he used the files he obtained in an act of public whistle-blowing; there is no way to tell how many others gained similar access and used it more discreetly to tap into the backdoors for various underhanded purposes.
In any case, the net result is to put teeth in the requirement that searches be lawful, by insuring that someone with an interest in challenging dubious claims (the phone owner) is in the loop. When the government could simply go to the manufacturer in secret, they had every incentive to say “yeah, sure, whatever” to even the most blatantly abusive fishing expeditions; now, that crap won’t fly.
Yes, but this is essentially like complaining that paper-making companies don’t make their paper impossible to chew up and swallow.
Look, there are very good, very solid reasons to want privacy on your computer. Secure algorithms with no backdoors make sense from a cybersecurity perspective, regardless of whether the secrets you’re carrying would interest the police or not. Indeed, compared to paper communications, you’re still better off when it comes to unbreakable encrypted data. If someone swallows a letter, it’s gone. If someone encrypts the data, all you need to do is hold them in contempt of court until they spit out the password (which, to my knowledge, includes the possibility of indefinite imprisonment). If they never do, you’ve still probably got your perp; if they do give it to you, you’ve got your data.
See, this is what bothers me. If the police need data from your computer, they should need a warrant to get at it. Encrypting the data basically is a way of saying “I want this to be safe from prying eyes”. The NSA using backdoors to peek on what you’re doing online is like the FBI opening your letters or tapping your phone - it should never ever ever ever ever ever ever EVER happen without a warrant. Because that’s how the damned law works, and needs to work in a free society. Because we value the freedom of privacy. The fact that the manufacturer cannot break the encryption on your device means that it’s that much more secure from prying eyes, and as said, there’s legitimate interest in that. Basically, you’re objecting to marketing a lockable tungsten mailbox (which people who often have their mail stolen would probably love) on the off chance that the police will want something from it for an investigation and the owner won’t give up the key.
No-one’s said otherwise. What’e being objected to is a third party (Apple in this case) encrypting the data then not keeping a copy of the key. Hopefully they can be held in contempt when they ignore warrants for said data. Just like you or I would be if we encrypted our data.
More or less, although it’s closer to the company supplying the mailboxes following the postman around, locking the mailboxes, then destroying their copy of the keys. Which should be illegal.
Was this part of my post written in invisible ink? “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”
Apple is specifically marketing the fact that they are not technically capable of responding to a search warrant for information on the phone. Is there a reason both of you did not quote this sentence that specifically refers to warrants?
The first I totally agree with. The second puzzles me: are you suggesting that someone may sue and win a lawsuit against Apple if they comply with a judge’s warrant? It seems extraordinary to me that someone (or some company) could face civil penalties for complying with a court order. Do you have any examples of this happening?
That doesn’t seem to comply with Apple’s statement on the privacy page I linked to earlier. You’re making it sound like if a judge orders Apple to provide something, that the police are then in charge of taking control of Apple’s servers or whatnot in order to find the thing the government is looking for. As Apple itself states: “If we are legally compelled to divulge any information and it is not counterproductive to the facts of the case, we provide notice to the customer when allowed and deliver the narrowest set of information possible in response.” Here, it is specifically saying that Apple provides the government the “narrowest set of information possible” in response to being compelled to do so. If Apple is determining what the minimum amount of information is needed to satisfy the warrant, then it seems clear that Apple (not the police) is actually doing the searching when it is compelled to do so.
Are you under the impression that this is how search warrants typically work? As in a prosecutor asks a judge for a warrant, and then the judge calls the subject of the warrant (or his attorney) in for a hearing on whether or not the warrant should be issued? That seems like a total fantasy-land version of police investigations.
The fact that a judge weighs the probable cause is the teeth in the requirement that the searches be lawful. Unless you’re implying that the gazillions of search warrants issued every year in this country are not actually very legal at all…?
I don’t think you have a functioning understanding of how these things work. What you’re suggesting – a third party, like Apple, keeping a copy of customer keys – is literally insane. Mind-bogglingly, bogo-loco bonkers nuts. There is no world in which the idea is not utterly laughable.
It’s almost as silly as the idea that any of this should be illegal.
Then help me understand this – Apple seems to be accusing its competitors of doing this. Its website reads:
So Apple is saying that its competitors can bypass one’s passcode. I’m not sure I’m reading you 100% correctly, but you seem to be saying that a company maintaining the ability to bypass a passcode is the laughably and completely insane.
I don’t get it. Is Apple lying about what its competitors do? Am I misunderstanding some nuance between what Apple posted and what you’re saying? Or is Apple correct, and a company keeping the ability to bypass a passcode actually not as insane as you’re making it out to be?
It’s not so much mind-bogglingly insane as what has been standard practice up to now… The point is, Apple is not a third party, it is the party performing the encryption by making it the default on its devices.
You do realise this is what we’re talking about, right? Not an individual choosing to encrypt their data, but a company choosing to do it for them.
I missed it. Or I forgot to respond to that part.
Essentially, I don’t interpret their statement to say that these are beyond the law. I interpret it to mean that they will no longer have a backdoor into a customer’s phone. They are not party to the warrant (or if they are, they have no ability to comply). Similar to a home builder selling you a home and not keeping a copy of the key. It’s not theirs anymore so they are hands off.
I don’t have examples. This may come close, but it’s not pursuant to a warrant. Consider a hypothetical. Apple’s security get’s compromised either by direct action or by employee malfeasance. Since Apple has the ability to access a customer’s information, what if they do so surreptitiously not as an organization, but by a disgruntled employee. Would a person have grounds for a suit? I would think so. With the new security in place, that’s not possible. Ergo, potential liability is reduced.
I think they could do this [take possession] but since that is more disruptive, Apple complies by furnishing the information. If it were me, there is no way in hell that I’d make it any easier for police to access my encrypted information.
This is one of those issues where we are clearly talking about the same thing, and yet using slanted terms to describe the exact same actions. What I call a court-authorized search warrant, some people here are insisting on calling “snooping” for some silly reason. What Comey called placing information beyond the law, you’re calling closing government backdoors into phones. As long as we acknowledge we’re talking about the same issues, I don’t have much interest in word games.
But it isn’t like a home builder, because an iPhone is both personal property and a service. I know you don’t like this fact, but Apple routinely collects information from iPhone use, which is totally different than handing over the deed and keys to a house. Most homebuilders don’t continue coming around the house to check how much water and electricity you are using. And see my point about technical assistance at the end of this post, because Apple most certainly can be a party to the warrant.
Well, the warrant is the whole point of my question. The idea that someone can be penalized in civil court for complying with a lawful order is just silly.
I suppose the only remedy for that scenario is that companies should never maintain any billing information on their customers, otherwise they can be sued. For example, if a rogue employee in the billing department obtains my address and sends contraband to my house (or whatever), then it is only natural to assume that companies should eliminate their liability by refusing to keep any records of my name, my address, my credit card number, or anything else.
Oh wait – that’s a dumb idea. I think you’re totally missing the point that a company can be sued for anything, just like I can sue you for what you’ve said about me in this thread. However, it is clear that my lawsuit against you would go nowhere, because you haven’t done anything wrong. Similarly, you haven’t actually identified anything that Apple is doing wrong, you’re just dreaming up fanciful scenarios in which someone could file suit and ignoring that such suits have no chance of winning. That’s not convincing at all.
As for the first part of the statement, are you aware that warrants may compel technical assistance to obtain the matter being sought? For example, if a court orders a wire tap on a phone line, the order actually directs the phone company to provide the technical assistance to execute that tap. They don’t have an option on whether or not to comply, the technical assistance is part of the order.
Obviously, if you are served with a warrant to search your personal phone, the law appears to protect you from being compelled to offer that “technical assistance” to unlock your phone. Apple does not have the same constitutional protection to refuse to provide technical assistance, such as on court-ordered searches of older phones without the new encryption capability.
What I mean is that that arrangement is insane for any service that pretends to be secure. Obviously a service that makes no claims of data security can be as shady as it wants to be.
But yes, a company that can retrieve user passcodes, or bypass them by using a copy of the user’s private key (or other encryption secret) is offering a dangerously insecure service. Whether we’re talking about private data stored only on a user’s iPhone, or data that is backed up to their iCloud storage, or wherever it is, if the data is to be encrypted, there is no reason whatsoever that Apple or any other third party ever even needs to see the user’s private key. Period. Generating a keypair on a client and then sending the private key out into the world is like building a gate and omitting to build the fence.
So if Apple is indeed correct that other companies maintain a way to bypass the passcode, what you are calling “a dangerously insecure service” can also be called “well-accepted practices within the industry.”