US gov to Apple: COUGH UP iMessages or FEEL our FEDERAL FROWN

Re: why US agencies are so keen on destroying the tech sector

For the same reason that Risk and Compliance departments are so keen on destroying any business they are part of - they don't give a shit about the consequences so long as their arses are covered.

Re: Why?

Do recall that the current executive has prosecuted (persecuted) more people under the Espionage Act than all other administrations combined. Similar comparisons have been drawn about leaks, including reporters and the entire bureau they work for, and whistleblowers.

Given that track record do you think this President, his Attorney-General, the rest of the DoJ, and various investigatory agencies are going to allow some upstart tech companies to stand in their way?

The really sad part is the other team is even more gung-ho to torch the Constitution. I'd move to another country except the rest of the English-speaking ones are trying to out-gut civil liberties faster.

Re: Why?

Its not as simple as simply moving your communications onto servers not on US territory though. There is something mighty strange when Microsoft are in the US Appeal Court trying to defend Irish jurisprudence- and Google- Belgian jurisprudence. The amazing thing is that we're actually hearing about it- normally these things are done behind closed doors- and presented as a fait accompli.

Microsoft, Google, Apple, Facebook and a select few others- are big enough and have the resources to defend their businesses- very few businesses based elsewhere could mount a comparable battle. You know as well as I do- for a small to medium sized enterprise almost anywhere in the world to take on the US government in this manner- they'd be compared to North Korea- hell, the media would probably accuse the North Koreans and the Chinese of being behind them.

The argument that if you have nothing to hide- you shouldn't feel the need to encrypt your data- also doesn't wash. The fact of the matter is- it is *your* data.

Should there be a backdoor to intercept suspicious communications- and interfere in the ability of terrorist organisations or regimes to communicate in a secure manner. Thats a more circumspect question. The problem is- once you put a backdoor in- before long- its not a hidden backdoor- and there are a hell of a lot of people out there who like to sniff around- more often than not just to prove a point- but there are always going to be a cadre of not so savoury individuals who have other intentions.

The world is one hell of a screwed up place. If the US want to be a global police force on the net- as they apparently do- the very least they can do is try to keep friendly nations on their side- and respecting the simple fact- that Irish law applies in Ireland, Belgian law applies in Belgium, German law applies in Germany. If we don't respect the territorial boundaries of each other's nations- and instead- leave it to the Googles, Microsofts, Facebooks and other organisations- to fight the corner of what should be civilised communications between sovereign states- then something has gone seriously kak.

Most semi-sane countries have mutual assist agreements- enforce them instead of this extra-territorial / arguably extrajudicial data slurp?

Re: Bureaucrats yes, but there are higher-ups

How about, 'Never piss of a companies with offshore cash piles bigger than your national debt'

Re: Never been a fan of Apple, but...

This is one place where Apple, Android and Windows fanboys all find common ground, and all three companies are standing side by side trying to keep the spooks out of our sexts and grocery lists.

"* I know Greenland is still a part of Denmark, and taxes are high, but the server farms don't make any money and need to be cool; feel free to reply with improved suggestions TIA!"

Given how much cash Cupertino have parked in Ireland, they could surely just strike a deal with Denmark to buy Greenland and turn it into a tax-free tech-haven? Unlike every other micro-nation attempt, they actually have the resources to have a serious go at making it stick!

High speed connections to both sides of the Atlantic, efficient data centres, under their own jurisdiction?

Apple servers in Greenland? Well, actually ...

Apple is building a new datacenter in Denmark near Viborg.

Caused a bit of a stir around here, since they officially defined it as a "heat generating factory", so that they could avoid a bit of tax by selling the heat to the local district heating company.

Re: How do we know?

It's most likely the case that this is happening. NSA and similar have already demonstrated they will file charges against business owners/senior execs in order to gain access to encrypted messages. eg Lavabit

It's likely the Apple exec's would silently cave and do this if/when given the same treatment - and they have no legal avenues to alert people. So, it's pretty likely unfortunately. :(

I know exactly what would prevent such a scenario

Another Snowden. There's no way the NSA would keep quiet internally about such capability, it would go up on one of those silly Powerpoints that Snowden leaked. There's no way Apple would risk it.

Remember that on that slide that showed a timeline of tech companies that capitulated, Apple was listed LAST, years after Google, Microsoft and Facebook knuckled under. I'm sure Apple would have preferred Snowden happened a year earlier so they would have been conspicuously absent from that list and they could told everyone they alone stood up for their customer's privacy. They will not make the same mistake again, which is why they are taking this fight so public.

Obviously Apple haters may believe the worst about them, but the evidence doesn't really support such a scenario.

Re: Microsoft

They've decided that since both Apple and Google are now more profitable than they are, and since they were already using Apple's business model (selling stuff at a high margin - software being the highest margin product there is) they needed to also adopt Google's business model of selling out their customers.

By combining the two strategies Satya believes they will once again be the most profitable company. Too bad it will merely make people look more closely at alternatives such as OS X and Linux to escape the new Windows paradigm of collecting all your data all the time.

Re: Assuming they win...

No, cos the agencies use 'Gabriel protocols' obfuscated start-SSH comms developed by SAIC around the year 2000, ( source: lots of court cases on patent infringement as other companies overlap the secret stuff, especially NetEraser et al.)

On the other hand, surely the 18 us agencies do need to sniff each others' privates as you can't really trust the DIA or the NGA can you?

Traffic analysis.

@AC

The fact that governments employ code breakers suggests that they must provide some value to the government. They must be able to decrypt some of the messages that the government is interested in reading. Otherwise there would be no point in employing them.

Given the number of people designing their own encryption (Some terrorists got busted on this a couple of years back), or buggering up rolling their own implementing of strong encryption, I'd imagine they decrypt plenty of things.

GCHQ, NSA etc can play a very long game; Not just in terms of finances, but also in terms of multi-generational projects. You want to achieve something as soon as possible, fine, but that may take 50 years to figure out, maybe 100+. That's ok from their perspective because the agency lives forever, even if the staff don't.

Further to that, I imagine they can do a lot of clever things around message repetition and big data analysis. "I'm on the train" must be one of the most sent SMS messages of all time, and even encrypted, it would have certain characteristics in common - time and location sent from and to - they can disgard the message from further analysis once they've established it'll just be me texting my wife. The more noise they can eliminate will make the signal side of the ratio stronger.

Define "value"

"The fact that governments employ code breakers suggests that they must provide some value to the government. "

Government uses some very odd values for "value:" bureaucratic inertia, empire building (both figurative bureaucratic and global domination literal), pleasing lobbyists, pandering to voting blocs, etc.

"What do these people do all day"

I guess that massed FPGA arrays & specialized-silicon ASICs are pretty efficient against SHA3

A lot of stuff that was once considered unbreakable is not now, due to both advances in computers but also advances in cryptanalysis. They might find a small weakness in something that makes a 128 bit encryption have effectively only 80 bits, and advances in computing can take it from there.

They also know a lot of things that the public research world do not. For example, how IBM developed DES back in the 70s, the NSA reviewed it and requested several changes without explanation, which IBM made. At the time many assumed these changes were to weaken it so they could crack it, but in the early 90s new techniques were (publicly) discovered that could have cracked DES wide open if the changes the NSA made hadn't been implemented. The NSA was nearly two decades ahead of the research world, at least on that front...how far ahead are they today?

Who knows, maybe the AES encryption that almost everyone uses today can be broken by the NSA, but they are whining about its use to give everyone a false sense of security. Or maybe they can't break it, but they HOPE you assume they are giving you a false sense of security, so you will decide to use something else that may be weaker :)

Re: THANK YOU APPLE!

Do you really believe that Apple aren't partners with the nsa and all of this just small talk to try and re-enforce their public image

2 facts : you cite the constitution, I'm not sure if you're government use that anymore.

Finally :

All agreements between the nsa and u.s are subject to gag orders. You really think all these companies are going to advertise it on their website? I'm not trying to sound like an a hole here, but all u.s tech companies work for "the man". That simple.

Non sequitor alert

The article discusses privacy, your post is about security. The two are not the same. Apple has a leadership role in privacy, but on the security front they still have a lot of catching up to do...

Re: Stick to anything non US

Such as CryptoAG??