Tim Cook: UK crypto backdoors would lead to 'dire consequences' Apple boss Tim Cook has once again warned of what he says would be the "dire consequences" of opening up backdoors to allow spies to access our data. He said it would be wrong for the UK government's latest super-spy bid – the draft Investigatory Powers Bill, which landed in Parliament last week – to weaken cryptography. Cook …
... then take a look at the comments section under the linked Telegraph article. Often homophobic, cherry-picking, or just plain ignoring Apple's strong financials - which I would have thought were as objective measure as any. Strewth. They were more reminiscent of the comments made under a Youtube video than 'disgusted of Tunbridge Wells' or 'Major Smith-Smythe-Smith (Retd)'.
@sabroni
Me too, damn it!
Who are we hating now? I don't really mind as I already hate most people, things and places; I just like to have a name to mutter under my breath as I stare pointedly off into the middle-distance with deep loathing and infinite contempt.
It also allows me to (temporarily) divert my focus from Microsoft, with their recent Windows 10 intrusions, OneDrive bait-and-switch and the fantastically self-serving decision to remove the ability to manually setup Office 2016 to connect to an Exchange server. No auto-discover? Come back 1 year.
"...Microsoft, with their recent Windows 10 intrusions, OneDrive bait-and-switch and the fantastically self-serving decision to remove the ability to manually setup Office 2016 to connect to an Exchange server. No auto-discover? Come back 1 year..."
Okay, now I gotta ask...do I have multiple personality disorder and are you one of my split personalities? Because that was eerily dead on.
Also: if you're the other occupant of this hideous shell, mind putting the cap back on the toothpaste at night, mate? I mean, really...
"Have all the haters from here moved to the Torygraph then?"
Nope, I still hate Apple.
But just because I hate them for selling overpriced, simplified garbage doesn't mean I'll automatically disagree when Tim Cook opens his mouth. When he's talking sense, I'll put aside the fact that I loathe his business and agree with him.
UK.Gov have basically managed to do the unthinkable, and make Mac and PC fans work together on something.
....and so you miss the point, if it has inherent flaws or has been cracked then it is NOT crypto, just obfuscation....
if it's easier for you to understand..... there are only two types of crypto, strong crypto and broken crypto... and broken crypto isn't crypto at all.... so there is in fact only one type of crypto, as the OP stated.....
@A/C
I think things are more nuanced than you imply. For a start some of the problems we've seen recently were implementation problems, Heartbleed for example. Then there's the question of computational resources and message value & currency.
Consider, for example that an announcement is due to be made tomorrow which will affect a company's share price. If you could get the content now you could make a killing but the message is encrypted with a system it would take you until next week to decrypt then you won't get any benefit. If it used a system you could decrypt in the next minute you could. According to your definition both would be broken but one is strong enough to do the job it's used for and the other isn't.
@massivelySerial
"There's no such thing as weak(ened) and strong crypto."
The accuracy of that statement depends on what you define as 'crypto'. I mean, a substitution cipher is still encryption, but it is spectacularly weak encryption. But, moving beyond something so simple and into, as you imply, modern cryptography, we have to consider the parts involved.
A modern cryptographic system includes many different components, depending on the desired use, so it is important to define what part is being discussed at any given time.
Heartbleed, for example, does not (inherently) mean that TLS is 'weak' because it does not exploit problems in TLS so much as bugs in the OpenSSL software. A Microsoft PC accessing an Microsoft IIS-hosted website through Internet Explorer is utterly unaffected by this exploit because none of those components rely on the OpenSSL libraries.
Yes, the security of modern cryptographic systems depend on the security of each and every part involved but one must consider these components individually as well and each of these as well and, moreover, be specific about which you are talking about at any given time.
I know The Register has a decidedly anti-Apple following, so perhaps the reason for the article's statement "...while failing to note that Apple's own iCloud servers had been ransacked late last year" was to address its fan base? Because I can't see another purpose. Why, exactly, is it a "failure" by Tim Cook to not mention every single security bug that has been found in its products prior to making a statement about security/privacy? *Obviously* all software has bugs. Are you suggesting that whenever he talks about any software related subject, he should first give his audience a run-down on every one of the thousands of open bugs in his various products - otherwise he's "failing" his audience? Ridiculous.
I couldn't care less who says it as the words are thoroughly justified against this vicious assault on our personal liberties and privacy.
What a useless twerp Andy Burnham is just rolling over and saying tickle my tummy on the Government's Stalin Bill and where the hell is Grandad Corbyn in all this ? Totally conspicuous by his silence.
Tim Cook and Apple are hardly alone in saying this, nearly every tech company CEO would agree. What is unique is how Apple publicly announced making changes to iOS to eliminate the possibility of getting access to a user's iPhone or their iMessage content, even with a warrant. That was a pretty public thumbing of the nose at the authorities in favor of individual users' right to privacy.
Just because they have vulnerabilities available to them doesn't mean they can break into everyone's network. Most would be protected via multiple layers from the outside, with two firewalls, with maybe a VPN in between.
Anyway, since Apple does not hold the keys to user's phones any longer nor are in they in the middle of or hold the keys to user's iMessage conversations, even if the NSA can access Apple's servers without their knowledge the data the NSA can collect from Apple is limited compared to what they could get from Google (since Google collects all that information so they can "provide better search results and more targeted ads")
"We have also never allowed access to our servers." - he should have added "knowingly"
The more interesting bit, IMO, was the "and we never will" at the end; although I have no doubt Apple will do absolutely everything in their power to prevent the spooks getting into their servers, the deck is stacked against them. The Patriot Act really doesn't let them follow through on this promise...
Vic.
the problem that is most concerning, is the "prison if you notice the backdoors". If you were involved in putting the backdoor in place, they will argue it is legal, "because govt".
But if someone finds a backdoor, it is a prison sentence if you disclose it.
We need to get the RSA t-shirts out again, and add QR codes for public keys on them!
P.
"On Monday, Cook pointed out that data breaches were "becoming more frequent", while failing to note that Apple's own iCloud servers had been ransacked late last year."
That is a deliberate, willfully IGNORANT statement. A new trait of The Register?
For those who care, what got 'ransacked' were Apple users who fell for phishing scams and ordinary dictionary attacks on their individual accounts. That problem has been ongoing for years and is of course not confined to Apple, or Facebook, or Twitter, or the banks, etc.
Incredible FAIL Kelly Fiveash. Let's stick to the facts about computer security, not the myths, not the ignorant memes, not stupid statements spread by stupid 'analysts'.
Just from the words quoted in this article, I applaud Mr Cook for the straight-forward, plain language way he has expressed this.
Not that others haven't before, of course, but I this is well put:
"If you halt or weaken encryption, the people you hurt are not the folks that want to do bad things. It’s the good people. The other people know where to go."
This is really one of the core problems. You can argue any of the other points about the downsides of these laws and thus why the price for this is far too high but even if there was next-to-no impact on ordinary civilians and businesses, the plan still wouldn't achieve the stated goals!
So, even if, somehow, they manage to address every possible concern and again, somehow, manage to make the protections ironclad then that will great and all, but it still won't f%$king work!
By analogy, you can imagine these proposed measures and laws as a proposal to put some new buses on the roads. These buses are slow, noisy, exceptionally fuel-inefficient, generate copious amounts of pollution and take up two lanes each, disrupting normal commuter traffic.
So, people complain that the buses are utterly unsuited and will have a big negative impact.
But, regardless of all that, however, the buses are run on roads that have no bus stops or footpaths or pedestrian traffic and have no seats or doors or even room to stand and so would useless for ferrying passengers anyway. So really, even if the buses we reworked such that all the concerns about efficiency and pollution and congestion were addressed and solved, the buses would still be pointless and it would be a big fat waste of time and money.
"The war on terror" has been around for more than a decade.
I doubt very much the proposed bill has anything to do w/ thwarting bad guys.Also I doubt the politicians are that gullible to believe it. It's a very efficient way to control the general population, though.It offers perfect blackmail and industrial espionage opportunities.
OTOH, I hope such ill devised bill/laws will drive end-to-end encryption en masse. Of course, it's a lot harder solution and has its own issues.
Quite right. The powers-that-be, and their owners, couldn't give a rats arse about terrorists, they're much more worried about the massed billions getting peed-off with being used as cannon/bank fodder and heading in their direction with pitchforks (suitably coated with cow/pig dung previously)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
