Hand over our code to China? We're no commie patsies, Apple cries Apple's fight with law enforcement has stepped up again, with the iPhone giant forced to deny that it hands over user information to Beijing while refusing the authorities at home. Speaking at a hearing of US House of Representatives' Energy and Commerce subcommittee, Apple's general counsel Bruce Sewell said that the Chinese …
Does the report give a background number of how many iDevices there are in said countries?
500 requests in a land having 5M devices sounds a lot more reasonable than 1005 requests if there are only 20K iPhones.
Simple absolute numbers are simplistic... (We saved 20 patients lives last year? Uh, how many did you treat?)
Exactly what I was wondering.
We can probably assume similar uptake rates in most western countries. That would make the information request as a ratio to population:
Germany:0.14 per thousand people.
US:0.012 per thousand people.
Australia: 0.12 per thousand people.
Singapore: 0.34 per thousand people.
Very interesting. Even if we assume that the ratio between USA and the other countries is way off, it's not likely to be by an order of magnitude.
Three interpretations spring to mind, none of which I can speak to the validity of, 1) USA is very poor at making requests (eg law enforcement can't be bothered), 2) law enforcement is more selective (assume that requests will be denied, request will give no useful information), or 3) and this will fuel the suspicious-minded, they have another way of getting information.
Or the more likely explanation, that Germany, due to being a lot closer to the middle east migrations in the past few years, has a lot more people they consider 'suspicious' and have wiretaps ordered on. They've taken in what a couple hundred thousand Syrian refugees since their civil war began?
"because of Apple's encryption software and its refusal to find a way to bypass the security to hand over unencrypted phone data."
An aspect of this should be raising concerns in some circles, for there is no real reason why Apple cannot have a team attempting to find a way to bypass the security of Apple's devices, given this is what hackers et al are also trying to do and hence such work can only lead to the patching of potential security holes before they get widely exploited. We only need to get concerned when the FBI et al, start complaining about Apple's refusal to leave security holes (as requested by them) unpatched...
Apple is refusing to create a custom 'hacked' version of iOS or hack the phones using exploits they may know about. Why should that be raising concerns? Apple should be at the FBI's beck and call to do their work for them?
The requests Apple is responding to is likely for iCloud data, which they can get at (at least some of it, like text messages and call records) But the FBI's actions have already caused Apple to rethink their strategy and they are reportedly working on a way to encrypt all iCloud data with a key the phone owner controls (this is currently only done for sensitive stuff like passwords) at which point it will be IMPOSSIBLE for them to respond to any law enforcement requests.
You might say that raises concerns, but it would totally be the FBI's fault for overreaching and suing Apple to try to force them to create a custom version of iOS designed solely to hack their phones. And the NSA and Bush/Obama administrations for the secret spying programs that Snowden revealed. You reap what you sow, and soon they had better hope that hackers can keep finding holes in iPhones, or no one will be able to help them. I won't feel sorry for law enforcement one bit.
From the article:
Technical experts meanwhile made the same point about encryption that they have also been making for months: that if you create a hole in the security, it will open all phones to potential hackers.
Th FBI wanted a modified and signed firmware that acts as a back door if, and only if, it detected that the phone serial number matches it's target. Why would that be a threat to all other iPhones? Can iPhone serial numbers be changed easily? I doubt it. And being signed firmware it could not be tampered with to make it universal.
It can only be a threat to all iPhones to the same degree as the existence of Apple's source code and signing keys are right now. It can only threaten other iPhones if Apple do it themselves, not the FBI. A far bigger threat surely is some disgruntled employee walking out with a copy of the source code and signing keys.
The only difference is that if done once it sets a precedent. That has nothing to do with technology, hacking, etc, it's purely a social and legal issue. So why are technical experts blathering on about it at all claiming that somehow all encryption would be broken? They're commenting outside their realm of expertise.
My guess is they are fighting fire with fire, it's a bit tiring listening to tech moron's crying "think of the children" or "stop the terrorists" all the time, maybe they are changing tack to counter the complete BS that keeps getting thrown around to alarm less tech savvy people.
Because the FBI was lying when they said it was "just one phone" and concerned terrorism and national security as was revealed only a few weeks later when they introduced the second case in NY for a phone belonging to a low level drug mule.
How exactly is Apple supposed to manage thousands of custom versions of iOS, each targeted for just a single serial number. Why should it be Apple's problem to do this, is the FBI going to pay them for their time? What about the loss of engineering talent Apple will suffer, as they had a bunch of engineers reportedly say they would resign if their manager told them to create such a backdoored OS.
This whole thing was the FBI trying to set a precedent that they could force tech companies to undertake an unlimited amount of work to do what they want, and it blew up in their face. Boo hoo for them.
BTW, it is impossible for an employee to "walk out with the signing keys". If you knew what sort of security is involved with signing keys (not just for Apple, but in general) you wouldn't make such an ignorant suggestion. The one who is commenting outside their realm of expertise is you.
"Meanwhile, New York Police Department (NYPD) intelligence head Thomas Galati continued to push on the fact that it remains unable to get into a significant number of iPhones (67, in fact) because of Apple's encryption software and its refusal to find a way to bypass the security to hand over unencrypted phone data."
So why doesn't he simply get a court order ordering the defendant to hand over the password.... because they'd please the 5th amendment perhaps? So he's trying to get around the 5th amendment, the amendment designed to protect the defendant from a coercive false prosecution? Or perhaps they're a dead defendant, in which case why is he trying to still prosecute a dead defendant?
How many of those cases will collapse without the imagined data? So does he have evidence against those 67 or is he fishing for it in the hope of finding something?
Let me paraphrase:
"Meanwhile, Chinese intelligence head Huan Ho continued to push on the fact that it remains unable to get into a significant number of iPhones (67, in fact) because of Apple's encryption software and its refusal to find a way to bypass the security to hand over unencrypted phone data."
Huan Ho pointed out that the phones he wanted access to could yield valuable information in serious crimes, including violent dissent, promoting democracy, and criticizing the Communist Supreme Council."
I recommend you go to the actual report and check the number.
The article confuses device requests and (not even mentioned, probably because the numbers are smaller) account requests.
With a device request, Apple just gives them whatever information they have about that phone. That's mostly who bought it. The article counts _requests_ and not the number of devices for which numbers were requested. Top of the league is Poland: 22 requests for about 50,000 devices (mostly done by customs and excise to make sure Polish customers pay taxes on their phones). South Korea and Germany have about the same number of _devices_ that they request information about, mostly about stolen phones. With a device request for a stolen phone, the police may for example find out who is the owner and return the phone to the owner.
The real beef is in the account requests. That's where police requests information about an account owner. That's information about a person, not about a phone. For the numbers, read the report.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
