back to article Apple CEO Tim Cook: Email keyword sniffing? We'd NEVER do that!

In an interview which covered the company's data protection practices, Apple CEO Tim Cook has said that the company believes "from a values point of view, not from a commercial interest point of view," that privacy is a fundamental human right. Cook was being interviewed on National Public Radio's (NPR) All Tech Considered …

  1. Anonymous Coward
    Anonymous Coward

    If I paid £600 for a handset

    I would also expect the chocolate factory not to provide advertising on the back of my actions.

    Business model is completely different, and Google is an advertising company after all!!

    1. Dan 55 Silver badge

      Re: If I paid £600 for a handset

      Have you seen the non-subsidised price of a Samsung S6/Edge/+/whatever? It's the worst of all worlds - way too expensive, Samsung's software, and everything slurped up by the Chocolate Factory.

    2. ratfox

      Re: If I paid £600 for a handset

      Google doesn't sell £600 phones; Apple does. You get what you pay for and all that, I guess.

    3. Anonymous Coward
      Anonymous Coward

      Re: If I paid £600 for a handset

      I'm fine if they show me ads. I'm fine, if, for example, I search for "hotels in Paris", and they show me paid ads about hotels in Paris.

      I'm not so happy if they collect all of my actions (especially private data like emails), store them for as long as they like, try to correlate everything, and then sell those informations without a full consent.

      And when I look for "hotel in Paris" they use all of those data to ensure I pay the highest price they can calculate I will pay, using all those data against me, and showing me skewed search result to ensure I won't access lower rates.

      Those are two very different business models.

      1. 45RPM Silver badge
        Paris Hilton

        Re: If I paid £600 for a handset

        @LDS

        What about Paris in a hotel? How much would that cost?

        1. MotionCompensation

          Re: If I paid £600 for a handset

          I tried finding that on Google, no success, all I got was hotels in Paris. It's all true, censorship, skewed search results, all of it!

      2. Steven Roper
        Thumb Up

        THANK YOU!

        "they use all of those data to ensure I pay the highest price they can calculate I will pay, using all those data against me, and showing me skewed search result to ensure I won't access lower rates."

        Mind if I steal that, mate?

        That argument is the perfect response to all these people who want or accept profiling and tracking because "I don't want to see ads for shit I'm not interested in," and aren't convinced by the info-selling or psychological-manipulation aspect.

        Now I can tell them, "Yes, OK, you'll see ads for shit you want, but they'll also use your data to work out the top price you'll pay for it and hide cheaper options from you!" Arguing from the hip pocket will be a lot more convincing than arguing from mind-bendery.

        Oh man, I am so going to rip some people I know a new arsehole with this!

        1. JeffyPoooh
          Pint

          Re: THANK YOU!

          I use Google to lead to other websites. Including the booking sites, the various hotel chains themselves.

          So for this nefarious Paris Hotel Price Maximizing plan to work, the entire hotel and hotel booking industry needs to be in cahoots with Google.

          Some people might consider loosening their tinfoil hats.

      3. tom dial Silver badge

        Re: If I paid £600 for a handset

        [Google] "use all of those data to ensure I pay the highest price they can calculate I will pay, using all those data against me, and showing me skewed search result to ensure I won't access lower rates."

        Really? That certainly is not my experience when searching for hotels in various parts of the US. A few minutes ago a search for "hotel in san francisco" gave a first page about a quarter filled with paid ads identified as such; a box listing a number of hotels,with options to sort by price, rating, or number of stars; several aggregators like hotels.com; and a reference to Mariott. Selecting "under $150" gave a list of dozens of hotels, including a fair number for well under $100 per night.

        While Google's bread and butter is advertising, their ability to charge for that depends quite a bit on their search results satisfying users. The business model certainly differs from Apple's, but is not inherently wrong because of that.

        1. RHOmea

          Re: If I paid £600 for a handset

          Your anecdotal experience notwithstanding:

          Google doesn't sell hotel rooms, but they do sell user data to Hotels.com, Marriott, et al. They have been publicly outed in the WSJ, and numerous other media / studies for "dynamic pricing" - up-pricing their offerings based on your data profile. You either accept that fact and live with it or you don't, but there is no arguing that it doesn't happen.

  2. JetSetJim
    Thumb Up

    Good...... (?)

    Thumbs up for the sentiment.

    The cynic in me wonders how much of it is true, though. Haven't read the T&C's in that much detail

    1. Anonymous Coward
      Anonymous Coward

      Re: Good...... (?)

      "We don't collect a lot of your data and understand every detail about your life"

      I assume that Siri probably needs to know quite a bit about you in order to assist you properly. That's probably covered in the T&Cs somewhere.

      1. Fitz_

        Re: Good...... (?)

        Siri can see data in your phone, but it's not tied to your Apple ID. Obviously some data (such as questions) gets sent to 'the cloud' for analysis, but because it's not linked to your ID then for example an analyst that might need to listen to something that Siri had difficulty with, doesn't have any way of knowing who you are.

  3. Anonymous Coward
    Anonymous Coward

    Are they trying to say they break the law in America? specifically under the 2008 amendments to FISA that added provision for emergency eavesdropping. Are Apple somehow exempt from this? I understand that applies to telecommunications companies however if Apple encryption stops this from happening then surely they would be in trouble.

    1. Hans 1

      What good is encryption when you sync to icloud ? Exactly!

      Besides, all this "going through the courts" obviously includes those "secret courts" ... in the world, you have two types of courts, courts of justice and secret courts - the latter must remain "secret" because they tramp all over justice.

      1. Mike Bell

        iCloud content is encrypted during transit and storage. If you don't take reasonable steps to protect your credentials, e.g with 2-factor authentication all bets are off.

        1. Anonymous Coward
          Anonymous Coward

          @Mike Bell

          Yes, iCloud content is encrypted during transit and storage, but with keys that Apple controls. Whereas an iPhone backup taken using iTunes encrypts the content using a key that only you control.

          Even though it means I don't backup as often, I choose the latter as using iCloud in its current form means you give up some of the protection Apple offers through things like the way iMessage works. If the previous poster's blurb about CALEA is correct, they could ask Apple for your iMessage contents that are stored on iCloud (if you use iCloud) and Apple would be required to provide them. I don't know if that's actually the case, but it might be if that's how CALEA works.

    2. Bronek Kozicki

      I honestly have no idea how the law you refer to is worded, but I suspect it does not apply to all and any electronic communication. Otherwise companies selling secure messaging would be in legal hot water (which does not seem to have happened).

    3. Naselus

      "Are they trying to say they break the law in America? "

      No, Cook makes it pretty clear that Apple will comply with the law completely. But they have no magic decryption wand. They haven't done anything insanely special with this - few companies that sell encryption software have the means to instantly decrypt messages that are encrypted with it, because all they're doing is supplying the algorithm.

      Essentially, Apple will happily hand over your data to the NSA if the NSA can provide a legal reason they should be given it. But Apple cannot break their own encryption in real-time. This makes it kind of questionable why they're on the 'got your back' list, when they're completely willing to hand the information over but aren't willing to do something that it's literally impossible for them to do. OTOH, Dropbox also topped the 'got your back' list, and they hand over information at the drop of a hat, so maybe it's just that the list was absolute bullshit.

    4. tom dial Silver badge

      Under CALEA (not FISA) telecommunication carriers are not required to decrypt, or ensure that law enforcement personnel could decrypt, communications encrypted by the end user unless they (the carriers) provided the encryption capability and possess the key ("information necessary to decrypt"). (47 USC 1002 (b)(3)). If Apple provides the encryption and retains or has access to the keying information, it appears they might be required to assist law enforcement agencies in executing warrants for encrypted data, although they might not qualify as "carriers".

      1. Anonymous Coward
        Anonymous Coward

        @tom dial

        The important phrase in your quote is "retains or has access to the keying information". Apple does not have to the keys used to encrypt iMessage message, as it uses end to end encryption directly between devices.

        Thus they are not required under CALEA to provide the described assistance to law enforcement personnel, and would be unable to do so even if forced (unless Tim Cook was beaten with a rubber hose Apple was coerced into rewriting iOS to do iMessage encryption differently, using keys they control and could share with the spooks)

    5. JB77

      "Is this what you talking about:

      "Increased the time for warrantless surveillance from 48 hours to 7 days, if the FISA court is notified and receives an application, specific officials sign the emergency notification, and relates to an American located outside of the United States with probable cause they are an agent of a foreign power. After 7 days, if the court denies or does not review the application, the information obtained cannot be offered as evidence. If the United States Attorney General believes the information shows threat of death or bodily harm, they can try to offer the information as evidence in future proceedings.[23] "

      From: https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act_of_1978_Amendments_Act_of_2008

      John

  4. Anonymous Coward
    Anonymous Coward

    Maybe it was also aimed at the new MS data slurping policy...

    ... when competitors help you so much, why don't take advantage of it?

    1. joed

      Re: Maybe it was also aimed at the new MS data slurping policy...

      Possibly. I've been avoiding using smartphone for any serious stuff as I considered it beyond my controls. Now that MS crippled PC to MSC I might as well follow the path of convenience and into Apple walled orchard.

  5. thtechnologist

    "We don't collect a lot of your data and understand every detail about your life"

    That explains why, personal testing of course, Siri is so much worse than even Cortana now.

    1. Doctor Syntax Silver badge

      For some values of "all" and "every".

    2. Fitz_

      As Siri is not linked to your Apple ID, but Cortana is linked to your Microsoft ID, then that's the difference.

  6. This post has been deleted by its author

  7. ThomH

    Nice if true, but most people won't pay for privacy

    ... at least that seems to be the thesis of today's El Reg BlackBerry article, and sounds compelling to me. I therefore don't think this is much of a sales point, regardless of its motivation. Being very important to you and me doesn't make it the basis on which one sells hundreds of millions of handsets.

  8. hatti

    Caption

    Factory worker: "I'm sending this picture of you to Bill Gates"

    Big cheese: "Ha ha haaaaaaaaaa!"

  9. Bota

    Does the Nexus now come with a fine Merlot and Argentinian steak?

    Because, I prefer to be wined and dined before someone fucks me.

    At least here Apple are *on the surface* doing something.

    They were also the last to sign up to Prism, which they can't legally talk about.

    I'm sure all your data is safe.

    <gasps for air from laughing>

    </gasps>

    1. JeffyPoooh
      Pint

      Re: Does the Nexus now come with a fine Merlot and Argentinian steak?

      Google's Nexus brand is rubbish. Their handling of the Nexus 7 tablet fiasco turned me off. Paid good money for it and it's incapable of managing its own flash memory.

      Junk.

    2. Looper
      Joke

      Re: Does the Nexus now come with a fine Merlot and Argentinian steak?

      I am NOT drinking Merlot!

  10. Amorous Cowherder
    Thumb Down

    Interesting lead picture....

    They managed to find the only Foxconn worker who's either not clinically depressed OR on some very strong anti-depressants to ensure they smile inanely through the whole PR exercise.

  11. Bota

    P.S - She knows when you been sleeping,

    She knows when your awake,

    Siri knows if you've been bad or good,

    So be good for goodness sake!

    I'm sure the NSA aren't interested in Apple data AT ALL. Considering it covers pretty much most of the known world.

  12. ecarlseen

    I get the impression that this is very personal for Cook.

    Since he's a gay man who grew up in the US South, it would make sense that he views personal privacy as a critically important aspect of people's lives. I notice that when the subject comes up, he usually seems a little bit agitated and emotional - something you don't really see on other topics under discussion. This is purely speculation on my part, but it seems consistent.

    1. Anonymous Coward
      Anonymous Coward

      Re: I get the impression that this is very personal for Cook.

      You might be right, and if so that bodes well for Apple continuing down this path which as a customer is exactly what I want.

      I wish they'd figure out a way I could use iCloud with a key that only I hold, rather than its current state where the in-flight encryption and at-rest encryption is done by keys which Apple controls. I suspect that's to make it easy to have iCloud interoperate between multiple devices, but I'd still like to see them figure out a way to at least offer the option of using your own key, even if it complicates that multi-device interoperability for those that choose this option.

      1. Naselus

        Re: I get the impression that this is very personal for Cook.

        "I wish they'd figure out a way I could use iCloud with a key that only I hold, "

        Or, rather than wasting time doing that, they could just use standard public/private PKI encryption like everyone else, which seems to have done the trick for the last twenty years.

        This doesn't need some 'Think Different' re-invention of the wheel. The security standards have all been there for years and work fine for this. Apple just haven't implemented them, out of a mis-placed fear of damaging the 'user experience'.

        It was the same thing which lead to the iCloud hack last year (or rather, not a hack - just lots of private data being taken by unauthorized people. Which isn't a hack when it happens to Apple. Apparently); Apple could've implemented 2FA from the start, and they rolled it out in a matter of days afterwards. But they didn't put it in beforehand, because security pisses users off.

        Apple don't take security seriously. They're getting better, but it's still way down their priority list, behind 'User experience' and 'looks cool' - so whenever there's a conflict, security takes a back seat.

        1. Anonymous Coward
          Anonymous Coward

          Re: I get the impression that this is very personal for Cook.

          Where did I suggest reinventing the wheel? I don't care how they wanted to do it, since currently they don't have user managed keys for iCloud. The use PKI for many things, it isn't like they invented their own scheme that caused the celebgate "scandal". Getting hold of someone's passwords is hardly "hacking iCloud". If I find out your Facebook password and you use the same password on GMail, have I "hacked Gmail"?

          Yes, they should have had 2FA available for iCloud before that, but there are many things more important than iCloud that are still not protected by 2FA (none of my credit card companies provide a method for 2FA logins, for instance) This isn't a failing for just Apple, but is industry-wide. Even companies that take security seriously (which you can argue Microsoft has for the past decade, since they had so many problems with CodeRed, iLoveYou and friends in the early 2000s) still don't get it right a lot of the time.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like