Why we believe Apple

From: John Gilmore <gnu@toad.com>
Date: Saturday, September 20, 2014
Subject: Re: [Cryptography] new wiretap resistance in iOS 8?
To: cryptography@metzdowd.com

And why do we believe them?

  • Because we can read the source code and the protocol descriptions ourselves, and determine just how secure they are?

  • Because they're a big company and big companies never lie?

  • Because they've implemented it in proprietary binary software, and proprietary crypto is always stronger than the company claims it to be?

  • Because they can't covertly send your device updated software that would change all these promises, for a targeted individual, or on a mass basis?

  • Because you will never agree to upgrade the software on your device, ever, no matter how often they send you updates?

  • Because this first release of their encryption software has no security bugs, so you will never need to upgrade it to retain your privacy?

  • Because if a future update INSERTS privacy or security bugs, we will surely be able to distinguish these updates from future updates that FIX privacy or security bugs?

  • Because if they change their mind and decide to lessen our privacy for their convenience, or by secret government edict, they will be sure to let us know?

  • Because they have worked hard for years to prevent you from upgrading the software that runs on their devices so that YOU can choose it and control it instead of them?

  • Because the US export control bureacracy would never try to stop Apple from selling secure mass market proprietary encryption products across the border?

  • Because the countries that wouldn't let Blackberry sell phones that communicate securely with your own corporate servers, will of course let Apple sell whatever high security non-tappable devices it wants to?

  • Because we're apple fanboys and the company can do no wrong?

  • Because they want to help the terrorists win?

  • Because NSA made them mad once, therefore they are on the side of the public against NSA?

  • Because it's always better to wiretap people after you convince them that they are perfectly secure, so they'll spill all their best secrets?

There must be some other reason, I'm just having trouble thinking of it.

John

Tags: , , , ,

19 Responses:

  1. Druce Vertes (@druce) says:

    Why trust a bank with your jewels and secrets in your safe deposit box?

    Because loss of trust would cost the bank more than they could make by selling out their customers' safety deposit boxes.

    It's a narrow claim and they're exposing themselves to loss of reputation if they break it... I don't think they're claiming that they can't be forced to do stupid things in national security cases like instal malware, or that the NSA will never find an exploit and pwn your phone... but if the local cops can't make your phone testify against you with an order from a 2-bit judge, it's a small step in the right direction.

    • Anonnymoose says:

      > Because loss of trust would cost the bank more...

      How much trust is lost depends on whether or not the details are treated as State Secrets, and how closely people are paying attention.

      After all, Verisign, Comodo, and Trustwave are still in business. ;)

      • Druce Vertes says:

        True, if people didn't understand or care about the promise in the first place, it won't be that big a deal if it gets broken.

        But the point is, you can know how much to trust someone in the long run, based on how big an incentive they have to do the right thing, and how often they do the right thing when they don't have a big incentive.

        I don't necessarily trust Apple that much and there are a lot of other ways to get screwed by your device, but seems like a reasonable, positive and credible step.

    • mbork says:

      Do there really exist any reasonable people who trust banks??? (Disclaimer: I do have a bank account, though I also have considerable savings in cash, do not have a credit card, and avoid paying by a debit card. Ah, and I also have a MSc in "Finance and Banking".)

      • Druce Vertes says:

        Trust them to do what?

        Where I'm from, people don't keep cash under their mattresses, they deposit cash in banks. If they own jewelry and gold coins, they prefer putting them in bank safety deposit boxes to under their mattress, or in a deposit box from someone random in the cheap part of town. The use credit cards, which is basically the bank telling the merchant they will get paid, and the consumer that they will get what they paid for or they can reverse the charges.

        Trust is what a bank is selling.

        I trust them to maximize their big income stream and high fees, by not absconding with my deposits or safe deposit box.

    • PDP says:

      People use a bank safety deposit box because there is no better alternative. Either you keep your jewelry with a bank, or you keep it in your home which is 1000000x less secure.

      People trust banks in general not just because it's in the bank's interest to be trusted, but because there are laws that enforce minimum standards of trustworthyness. If a bank loses my money, I can at least anticipate some assholes will be going to jail. If Apple / MSFT / Google lose my personal data -- possibly 100% as financially devastating if it least to id theft -- they apologize and nothing else happens.

      People who look at the most regulated bit of the capitalist market and immediately say "trust" or "enlightened self interest" are just the biggest boobs.

      • gryazi says:

        By 'going to jail' you mean 'the FDIC has you covered.'

        This is possibly an important distinction.

  2. Mark Welch says:

    Then there's the small matter of iCloud data not being encrypted.

  3. Mark Hughes says:

    Apple makes money on selling hardware, not their customers.

    And they publish a lot on opensource.apple.com, which should be well-known to anyone actually auditing their security.

  4. phuzz says:

    We can trust them because they put a warrant canary in their privacy reports. Oh, wait a minute.

  5. bode says:

    Gilmore is totally correct - swiss cheese levels of holes and if it were real security I have no doubt the US congress would actually change the law. That said, if we ignore tinfoil hat nonsense this is really simple: we're talking about situations where a US court has issued a 4th compliant / reviewable amendment warrant. So if you believe every branch of government is corrupt, then those things Gilmore suggests are really important. But if you believe that the government has no problem fabricating warrants because you're such an important target, then why don't they just plant the evidence or make you disappear off the street? This seems like an awful lot of work.

    Anyway, FWIW I think congress will probably act at some point after some high-profile cases move the countries opinion. There will be some brutal murders / rapes / child abductions / etc where phones are important evidence that can't be accessed. In case it's not clear, since Snowden didn't materially impact any normal people, this is what those warrants are typically used for. It will however help some drug dealers, which I suppose is good.

    Or I guess Apple could do nothing and keep their head down? Sure it's BS but it's BS that brings this into mainstream conversation and dialogue. I am sure Samsung really cares about making the US better from their perch in South Korea.

  6. Engineer says:

    Because, unlike Facebook, Google, and even John Gilmore, Apple has never ever lied to me.

    It's that simple.

    40 years of honesty builds a lot of credibility.

    Call me a fanboy if you will.

    All that said, there's always levels of "secure". It's a grey area. I trust iOS 8 two orders of magnitude more than I do anything involving google, but I would still, for things that are really important, use an OS more under my control.

    But for my phone? Yeah, glad that Apple's around to at least push back on the NSA (unlike Google, Facebook, Amazon, Microsoft, et. al.)

    • Rich says:

      They outright lied to me when my 2003 iBook failed, and the lie cost me a bunch of money too.

      https://en.wikipedia.org/wiki/IBook#Quality_issues

    • Not the NSA says:

      The man who built that trust is gone. He's the reason Apple didn't fall to PRISM until a year after he was gone because he cared more about values and privacy then 'bottom line'.

      This is no longer the case.

    • whoever says:

      Mr. Jobs publicly spread FUD about Theora (or other free codecs) infringing on patents. He spread FUD about forming a patent pool to go after the codec. They were lies. Jobs publicly lied to everyone.

    • Anonymous says:

      We're going to the standards bodies, starting tomorrow, and we're going to make FaceTime an open industry standard.

  7. I guess we should all go live in a cave then. Because you can no longer hide who you are, where you are, what you do, and why you do things from companies or the government anymore. It doesn't matter if it is Apple, or Google, or some obscure blog.

    They are all guilty of taking your identity and being given some trust in some form or another.

    Don't you want to at least be able to trust some more than others? Isn't there some evidence that some companies are making efforts to give less information about you away than others?

    At least Apple is making some effort to resist the NSA, build protection in their circuits (such as not allowing fingerprint data from leaving the secure portion of the chip), and not spy on your transactions with Apple Pay. I'm not saying they're the holiest of companies, but it is evident that they are more away of privacy issues than some of their contemporaries.

    Will it ever be enough? No. But if that's so important to you, then I guess you better find a cabin in the mountains and detach from reality before it becomes illegal to do so -- because that's the only way you'll ever get the privacy you're expecting.