Okay, a few things I'm just plainly getting pissed off about every time I see these threads.
* Bitching about the words "direct access": Guess what, these are words, they have a meaning. They're saying that the government can't view the database directly, they can't determine what they get to see, and they don't get to pull it up whenever the fuck they feel like it. And guess what? That means something. I swear, everyone obsessing over the words "direct access" goes on record as one of the most idiotic things a lot of really smart people get obsessed about.
* Most of these companies are effectively saying they're agreeing to subpoenas, with the one difference being that NSA warrants can't be reported by the companies involved. This is still infinitely more tame than the previous claims that the Guardian has been walking back this last week(let alone the entirely ridiculous argument Snowden put out there saying they can 'watch your thoughts form as you type', which gets even more funny when you consider the only service listed that transmits your typed data is GMail).
* There is a lot to be concerned about here- no mistake about it. But right now, there's a lot more holes in Snowden & Co's story than the opposite. It's still troubling, the attitude taken by some of those at the highest echelons of government, on the whole subject- but the accusers have a lot of explaining to do, if you've been paying attention.
1. Glenn Greenwald, the reporter with actual access to the source and documents, is sticking to the original narrative. I don't know where this "back walking" theme is coming from. Take a look at Greenwald's twitter @ggreenwald for clarification on this point.
2. We've learned that many of these requests are bulk demands for many, many people at a time, often demanding data to be delivered indefinitely thereafter on a periodic basis. We also know that the FISA appeals court has favored the government 100% of the time.
3. It was never stated that the "watching your thoughts as you type" portion was part of the PRISM program. This next part is wild speculation on my part, but if the NSA has a database of zero-day exploits, which I would bet that they do, you could theoretically streamline the process of setting up a keylogger on a target's computer if you know their basic system setup. If they've designed this process to coincide with the laws as has been the pattern with other things we've seen, it's certainly conceivable that Snowden could deploy that system from his terminal.
Greenwald has stated that more revelations are coming. I would say to watch this story closely over the next several weeks, but I'm sure you were going to do that anyway.
> Greenwald has stated that more revelations are coming. I would say to watch this story closely over the next several weeks, but I'm sure you were going to do that anyway.
I was, but at this point he needs to offer actual evidence of his claims. He's effectively claiming there has been an insanely massive data collection program that has somehow gone unnoticed by tens of thousands of security professionals for several years. And while our security professionals may take awhile to find things like Stuxnet/Flame, they at least found vestiges of the programs much earlier, and neither is anything close to the insanely wide scale this would require.
I'm not saying this is impossible, but god damn is a lot of it sounding improbable as hell.
>gone unnoticed by tens of thousands of security professionals for several years
I like that you seem to be making an honest assessment of the program but I really insist that you check this [1] out to see a few whistleblowers who have tried to bring attention to this, only to be rewarded with federal lawsuits. This has created a climate of fear where people ask "Is it really worth it? Or should I continue collecting my 6-digit paycheck and live in Hawaii?"
Stuxnet/Flame were things put out into the 'wild'. The recent stories are of large-scale dragnets sucking information in. Why should security professionals (outside the entity itself), ever know of it?
You can't directly compare this with Stuxnet. Security people (or rather, security people who analyse viruses and worms) discovered stuxnet because it was in the wild. Security companies run honeypot machines set up to capture viruses so they can analyse them. Stuxnet was identified because they weren't discriminate enough with their targeting.
It was only after stuxnet spread itself onto the wider internet that security researchers picked up on it and then thought "this is weird" when they looked at its behaviour.
How do you suggest a third party security researcher could learn about data transfer between Apple's servers and the NSA's servers? Short of hacking into the system or an Apple/NSA employee whistleblowing, there's no way they could.
Security Professionals: Read section 109(b). Pay attention to (1)(B,C,E,F,I,K). Talk to your lawyers and accountants. Your company "reputation" has a value. What is it worth (50-75% of stock market value)?
szc is saying that carriers should include lost business / damaged reputation, when reporting the costs of complying with the legislation.
Say it costs Verizon $10 million to build the infrastructure to let the government listen in. Verizon could claim that the revelation of this program will cost them $10 billion in future lost business. Since the Attorney General is unlikely to approve such an expense, Verizon would be declared compliant without actually having to turn anything over.
It's an interesting loophole in theory, but probably wouldn't actually work.
tl;dr citation 9. If nothing else, read that. Great article.
The massive scale of the NSA's operations are hardly being disputed (logging of US-based backbones, underwater cables, foreign fiber, telephone records), what is up for debate is implementation details, specific wording, and the extent of protection for US citizens.[9] The "insanely massive data collection program" has been conducted for years.
PRISM is one of 504 currently active SIGADs, or intel gathering operations. "The Boundless Informant documents show the agency collecting almost 3 billion pieces of intelligence from US computer networks over a 30-day period ending in March 2013." 97 billion were collected in total over that time span.[1] The FAQ for this program clarifies that it applies to metadata. [8]
edit: that's 97 billion computer records. Metadata for 124 billion phone calls was also recorded over those 30 days.
The NSA does not define "collection" as actually obtaining the data or metadata, it is defined as a human analyst viewing the data.[2]
11 FISA court warrant requests have been rejected over it's existence, out of over 33,000 total. The last one rejected was in 2009.[3] Warrants are also only needed retroactively (within a 7 day period), there is no need to obtain one before accessing data.[4] According to the New York Times, "FISA orders can range from inquiries about specific people to a broad sweep for intelligence, like logs of certain search terms, lawyers who work with the orders said." [5]
The Fisa Amendment Act section 702 bars the NSA from collecting data on people "reasonably believed to be located outside the United States."[4] Additionally, data can be intentionally collected on any communication that has at least one foreign recipient or sender.[6] Note also that these warrants specifically contradict the fourth amendment, but as long as the target is "reasonably believed" to be a foreigner, it doesn't matter to the NSA.
The test of whether someone is located outside the US has been interpreted as a keyword-based system indicating that it is at least 51% likely. And if they aren't actually foreigners? It's nothing to worry about, just include it on a quarterly report.[7] It's also possible that a warrant for a foreigner would permit access to data on US citizens up to 2 social "hops" away, but [citation needed].
Error in 2nd to last paragraph: bars the NSA from collecting data on people unless... i.e. excluding Americans from collection vs excluding non-Americans.
Ad. 1 I think you are missing the point - "not providing direct access" is a bit like Bill Clinton saying he did not have sex with Monica Levinsky, if some company sends some institution a complete database dump of all customer personal data it is not "direct access to the servers" but it is just as bad in terms of privacy implications, so the phrase means nothing in the end.
Are you bothering to read these things, or just searching for the term "direct access" and calling it a day?
From the statement:
"Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities. In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it."
From Google's:
"Until this week’s reports, we had never heard of the broad type of order that Verizon received—an order that appears to have required them to hand over millions of users’ call records. We were very surprised to learn that such broad orders exist. Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false. "
What about that is weasely or unclear to you? They categorically deny providing broad data to the government. Of course they can't say they don't provide any access, because they're obligated by law to comply with warrants. But the accusation was that they provide direct access (those words that you all are so obsessed with appear in the Guardian article), with the implication that the NSA can just go and take whatever data it wants with no oversight.
Unless you believe that Apple, Google, et al. are just plain lying, that is clearly not the case.
Notice that the paragraphs immediately before that specifically talks about data passed to law enforcement and plays down the type of requests, after the paragraph before that talks about national security.
Since when would anyone start to lump NSA in with "law enforcement". The focus on law enforcement in general in that statement is curious since that's not really what all the noise has been about.
Maybe their PR team are just a bunch of buffoons that have still not realised that these statements gets dissected, but it is rather odd that they when releasing a statement to try to stem criticism based on their previous choice of words again choose wording that is so ambiguous
In fact, if I were to trust this (and I can't decide if I should), my main reason for trusting them is that I'm wondering if they wouldn't just flat out lie and give a much stronger denial if they are in fact feeding the NSA with tons of data.
I think the rules said the companies are not allowed to disclose the exact amount of FISA requests. Instead they need to bundle them together with other requests from law enforcement.
They are not saying they are bundling them together - they are saying these are requests from law enforcement. It could just be a sloppy PR department, who knows.
I wonder if they serve their requests via that branch, or another. it'd be convenient to serve the requests from a more bureaucratic branch of the agency in order to allow them to fall outside of "law enforcement requests".
As far as I know, that is a police force that police the NSA offices, seeing as there's obvious security concerns about letting police that don't have the right security clearances onto their grounds.
Are you bothering to read these things, or just searching for the term "direct access" and calling it a day?
Are you bothering to understand what the OP was trying to say or just trolling and calling it a day?
I didn't express any personal opinion on whether Google or Apple leak large amounts of data or not, and in fact I don't have any. I just can understand people wondering about the usage of this phrase and was trying to explain their possible motives.
The phrase "direct access" gets special attention because it's in the first sentence of the first paragraph of the original Guardian article. The companies didn't make up the qualification -- they're repeating the accusation back and refuting it.
We have literally no reason to believe that they are doing a database dump. And I'll also refer you to point 3 again- if all they're getting is database dumps(even if daily), why are the claims so much more?
I also have a hard time believing they're getting DB dumps, even so- Facebook alone would be a DB dump at an insane scale. Unless they're only taking in textual data, which of course could be a lot more manageable.
What is it referring to as the 'cost' being $20m a year? There's no way that could be the total program cost- that'd barely employ the engineers required to build out the system, let alone the data scientists, analysts, and more that would have to support the system. Nor could it count for hardware costs.
So then in that case, is it an advertising packet for other agencies to hop on? Only $20m to have access to their firehose? Genuinely curious here if anyone's figured this one out.
To be clear, while I'm not disagreeing with you about the meaning of "direct access", in this case, the rest of the statement clearly states that Apple is not doing that:
"Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities."
Considering some of the other revelations about the workings of FISA, how do you know that Apple has not been given a request for "all current and future information about all users", and decided that it is "appropriate" and that given the order, the "narrowest possible set" of information is all of it? (while they do indicate the number of requests, users and devices affected by data handed over to law enforcement, the use of that term itself is curious - it's not law enforcement the noise has been over, but intelligence agencies, and particularly NSA)
It may very well be that they have not had to deal with any broad requests from intelligence agencies, but the statement most certainly does not preclude it.
Wow, whatever happened to reading comprehension? Did I say Apple sends database dumps to the government? All I am doing is explaining using an example why people might consider the wording shady especially it is so gladly used by different companies.
This comment is below HN's standards. Your vitriol and ad hominems do nothing to further the conversation and, if anything, make you look like a government apologist.
"Watching your thoughts form as you type" always reminds me of Google searches. You browse through your history of searches and see if you don't recognize thoughts forming, search by search, or perhaps keystroke by keystroke if you enable Google Instant.
No it doesn't. How would you even start approaching to prove that I can only fathom.
> Most of these companies are effectively saying they're agreeing to subpoenas
While at the same time they are actively supplying exploits so that their software can be compromised for political gain. Their software is unsafe, and anything that they're saying is by law allowed to be false or deceptive information, hence why you can't prove the first part.
> 'watch your thoughts form as you type'
Is that not what Google claimed it could do with its machine learning algorithm?
> a lot more holes in Snowden & Co's story than the opposite
Do you work for the government or tow the party line for fun. All your shit sounds like the old this is not "reasonable" this is a conspiracy theory line. When everyone knows the reality is that nothing reasonable is going on.
> No it doesn't. How would you even start approaching to prove that I can only fathom.
I don't even know what to say to this. Are you seriously arguing that having "direct access" to user data doesn't mean anything, and that it can only possibly be talking point words?
> While at the same time they are actively supplying exploits so that their software can be compromised for political gain. Their software is unsafe, and anything that they're saying is by law allowed to be false or deceptive information, hence why you can't prove the first part.
Yeah, y'know, tens of thousands of developers totally are intentionally making hundreds of security exploits, primarily of absolutely zero consequence every year, because the government told them to. Are you a developer? Do you even know how easy it is to accidentally fuck something up in code that leaves an exploit? Criminy sakes alive.
And if you're saying "Yeah but when they find out they let the government know!", I'll also remind you that MAPP supplies that information to several dozen/hundred other companies too.
> Is that not what Google claimed it could do with its machine learning algorithm?
Oh for the love of God are you really going to use BS PR phrases meant to capture the imagination of the lay masses to try and say that the NSA has real-time typing data on all of those companies, not just Google, and even then has such unparalleled software to analyze typing and speaking patterns that they can discern your very thoughts and motivations from them, not just in general, but also in real time?
> Do you work for the government or tow the party line for fun. All your shit sounds like the old this is not "reasonable" this is a conspiracy theory line. When everyone knows the reality is that nothing reasonable is going on.
Neither. I just think that the reason so many in positions of power roll their eyes is because so many of those getting angry sound absolutely ridiculous from any sort of view that could rival reality. There are legit concerns here, but we can't be overstating their position massively and still have any hope of being taken seriously.
I took his statement about "supplying exploits" as turning over information about new discovered exploits before they release a patch. Which we recently learned that microsoft is doing this.
Yes and unlike Microsoft they probably don't give access to their exploits to NSA before they patch their systems. /sarcasm. They will say whatever the government tells them to say, your data is not safe, and if you don't think this is true, you're a fool and an idiot.
Please go back and read the NH comments on the article you're referring to - the article was misleading, and there's a good explanation. In short, Microsoft informs many different major partners (both government and private) of security vulnerabilities before an official patch is issued so that sysadmins can be better prepared.
> For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data.
I don’t know, then, why when I do an iCloud restore on a brand new device, all existing messages are recovered. Is this a way to recover all past messages that’s not really addressed, if I can still recover all historical messages after replacing all devices connected to an iCloud account at once?
>why when I do an iCloud restore on a brand new device, all existing messages are recovered
Because they're stored locally on your phone, and then encrypted as a backup file. The statement is saying that the messages aren't sent in the open, so no one (including Apple) can eavesdrop. Of course you can get them from your backup, if you have access to a password, you can always access encrypted data with it.
Hmm, if they are encrypted with your password and Apple does only store hash of that password for login and encrupted messages then everything is ok? I assume that when you change your iCloud password, the old messages are not visible anymore. Anybody to verify that?
> I assume that when you change your iCloud password, the old messages are not visible anymore.
I'm not sure why that would be true.
I posit that such a system could work like this:
* An asymmetric keypair (e.g. RSA or ECC) is generated and stored on Apple's servers. The private key is encrypted with the user's password, which is not retained by Apple except in a hashed form.
* When a device is added, the private key is decrypted using the password and sent to the device.
* When your password is changed, either A) the private key is decrypted with the original password, and re-encrypted with the new password, or B) the private key is decrypted, used to decrypt all data, thrown away, and a new keypair is generated, with which all data is then re-encrypted.
It is, of course, obvious that Apple could, in theory, capture your plaintext password somewhere in there and use it to decrypt messages.
There are ways around this, such as devices doing the key decryption locally and only ever sending a derived/hashed form of your password to the server, and using a different derived/hashed form for encryption.
However, since you can log in to iCloud and Apple's store with your Apple ID in a browser, there is still no effective defense against Apple capturing your plaintext password (unless you care to perform a detailed inspection of a bunch of JavaScript every single time you load any content from Apple's servers).
But this is totally different thing.
One is what some company stores by their IT design and then what some agency can require of that data. Second is whether some agency can force/ask some company to do more, to do active spying by that agency spec. So for example, if company X does not log locations, can NSA force them to start doing that? What else can NSA by law force private company X to do? Can they for example force CEO to stalk user Y by foot? If they can not do that, how can they force to develop IT-systems to do that? So when NSA ask to turn location tracking on, and company Y refuses, then what? CEO goes to jail?
Did, did, i just responded to your (and some other respondents) remarks that Apple _could_ do something they said they are not doing (like catching plain passwords). The fact is when company really-really wants to stalk you, they can.
Either Apple would generate it server-side, or the first device to "sign up" would generate it.
Remember, I'm only explaining a hypothetical method by which the Apple system could work, consistent with Apple's statements and behavior I've observed from my iPhones, iPads, and Macs. It's not an explanation of a strictly secure system.
Given that you send your password in platin text to Apple whenever you login this does not seem like a particularly interception resistant protocol. Apple just need to wait until you login again and then send the encrypted data, and your password to the intelligence services?
Of course, if you're concerned about privacy, it may be a good idea to abstain from iCloud backup/sync and not send all your notes, contacts, etc. to a remote server in the first place. iTunes backups may be relatively clumsy, but they still work.
If you are being angry at Apple, Google, Microsoft and others for being dishonest about managing your data, you are being dishonest yourself.
Apple does not have army of policemen, courts, flying drones, space programs, military operations all over the world and monopoly on finance, education, roads, telecommunications and other important areas.
Government has. Whatever shit government forces other people to do to you is entirely government responsibility. Apple can and will happily operate and be nice to privacy without NSA intrusion. But the nature of NSA is that Apple must comply under threat of violent coercion and also must play whatever game NSA makes them to play (e.g. maintain secrecy of the warrants).
If you are angry, your entire anger should be forwarded towards the government — the monopoly of violence masking itself with a "common good" and "social contract" and making nasty things all over the world at your expense. If you are angry at your fellow citizens because of that kind of shit, you are being manipulated into a civil war by people with power.
You libertarians are making me sick, you are so naive thinking the world is black and white. Just because governments kill and torture people, just because they lie to everyone and never keep their promises, just because they put people in jail for victimless crimes and conscript them to be part time accountants while taxing the shit out of them, just because they coerce businesses to cooperate on illegal activities, just because they do all that, doesn't really mean governments can't do nice things. We still need a government, so the only thing we can realistically do is vote better next time and hope the next guy in office is going to be better.
If you are being angry at Apple, Google, Microsoft and others for being dishonest about managing your data, you are being dishonest yourself.
I'll admit to being disappointed, but I will say this: I'm not angry. What it all boils down to is trust. Do I trust you to keep my sensitive data secure?
Given the recent events and disclosures we've had regarding the exteme over-reach of the US intelligence agencies, it's very easy for me to say: No, I don't. Not anymore.
I cannot trust any US-based, US-operated or operated-elsewhere-US-owned subsidiary to keep my data secure.
That's not your fault, but it is your problem, because I will be taking my data and business elsewhere. And you cannot regain my trust until your country improves its privacy outlook, so for your own sake, I would start lobbying if you already haven't.
The problem is that, from hearing how electronic encryption is permitted and carried out elsewhere, you can't trust any non-US-based or non-US-operated entity to keep your data secure either.
The only way to keep your data secure is to do it yourself by adopting a trust-noone approach and using proven end-to-end encryption software like PGP no matter how inconvenient.
And I don't trust Apple either. But I'm not disappointed at them, because I did not and could not have a strict privacy agreement with them in the first place. What I can do, though, apart from keeping my data secure elsewhere, is to recognise the real source of issues and act accordingly. If someone is suggesting a boycott, it should be against the government, not businesses. Especially when businesses do dirty things because they are coerced by the government (e.g. patenting things).
Lobbying doesn't solve something like that. For any company, potential problems with a government are more dangerous than losing some of its customers - because government, if it wishes so, can cause this company to lose a lot more money or shut down completely. It's not companies' problem that they are forced to give up your privacy, it is precisely your problem, because you supposedly gave this system of governance legitimacy.
It's not companies' problem that they are forced to give up your privacy, it is precisely your problem, because you supposedly gave this system of governance legitimacy.
Just for clarity: I suspect you mistake me for a US citizen. I'm not.
Doesn't matter. Just because some guy revealed US government spies on people doesn't mean it's only the US who do this. Every government does this to the extent of its capabilities (example: https://news.ycombinator.com/item?id=5830994). It's the system, not some particular government. If you vote, whoever you vote for - you're giving this system legitimacy. Don't be mistaken by thinking some governments are nobler than others. Some are better at appearing nobler or worse at doing bad things. But they all will try and coerce businesses into doing things they want given the opportunity.
That's why taking your business out of one jurisdiction to another hardly solves the problem. The source of the problem is the system of governance, not unjust businesses.
Apple's statement about iMessage security is inaccurate.
Apple signs your device's certificate used for secure iMessage communications. Apple can always generate a new certificate for you and provide access to its root keys to impersonate you and read subsequent messages.
While it has forward secrecy, iMessage, and indeed no PKI encryption system, is secure from a rogue root authority.
I think you may be misreading Apple's statement. The security of iMessage does not derive (solely) from PKI. Instead, the spokesman claims:
> There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it
Now it is up to you whether or not you take this statement at face value. But it's consistent with the other things I know about iMessage, as a person who has studied it in far more detail than your average HN reader, and so I believe it to be true.
If it is true, then Apple would be limited by technology to only provide iMessage dumps that started the date of the tap. If they did at all.
And I would be very surprised if they do at all. You obviously have to comply with a warrant to provide data if you have that data, but it becomes much more difficult, legally speaking, to compel somebody to collect information that they do not have to begin with. The CALEA was conceived to "correct" this "problem" but it only applies to "telecommunications infrastructure" organizations like ISPs, and courts have been reluctant to expand its application to actual internet services. It's something of an open secret that it was easier to simply acquire Skype for $8.5 bn and modify their technology than it was to obtain the necessary ruling under the CALEA that would compel them to modify it themselves.
Now if you are plotting revolutions, by all means, don't use iMessage. But my assessment is that the NSA threat level is lower than any other type of communication an ordinary person would be able to use, such as phone, e-mail, or even SSL.
Just as a point of comparison, DJB et al recently (2013) published a repeated plaintext attack on SSL/TLS that is viable at 2^24 TLS sessions. That sounds high enough to be safe, but if you consider the server case or the cron job case of rapidly opening SSL sessions, not so much. And attacks only get better. History suggests that the NSA is often a good ten or fifteen years ahead of the independent cryptographers, and meanwhile we are at plausible SSL attacks today.
I think you misunderstand asymmetric encryption. you have also confused the two uses of asymmetric encryption;
(a) to prove identity -- a digital signature
(b) to provide confidentiality -- encryption
If the secret part of an asymmetric key is generated on a device and it lives and dies on that device, Apple doesn't have it -- the device does. Messages encrypted using the public part of that key can only be decrypted with a device that has the key.
Your augment regarding PKI encryption systems is flawed. You don't need or care about a "root authority" to provide confidentiality. If your assertion is/was true, how can or does PGP work? (Hint: signing only affects identification and authenticity of a message)
If the secret part of an asymmetric key is generated on a device and it lives and dies on that device, Apple doesn't have it -- the device does. Messages encrypted using the public part of that key can only be decrypted with a device that has the key.
But he wasn't describing a technique for decoding messages that have already been sent. He's only claiming an attack on future messages.
With control of the CA, the attacker can just advertise a bogus public key for the victim in the key server, giving him access to future messages. He can now intercept and relay.
> (when you add a new device to iMessage all the other devices "see" the new device being added and tell you about it)
And who writes the software on those devices that tells you about the new key again?
Based on what I'm reading, absent physical access to one of the devices authorized for using iMessage at the time, past iMessages should be safe. But, given the apparent ease of adding new authorized devices, tapping future iMessages sounds like it wouldn't be hard.
> For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data.
I don't see how this can possibly be true.
I can sign into iMessage on my MacBook, and then into the same account on my iPhone and see the same messages. The only shared secret between the devices is my password, which means that the private keys must be derived directly from them. As Apple sees my password in plaintext fairly regularly, this is almost next to useless in situation where they are forced to reveal private messages by a government.
Given that the client still can't even keep messages in chronological order (even after the update), I severely doubt their encryption is implemented correctly either.
Actually the devices share a key bag, the popup notifying you when other devices are using your iMessage information comes up during this exchange. The fact that the messages don't immediately show up on other devices and can be out of order speaks to this P2P cryptographic style.
You can search for analysis of their protocol, I've done some dissection and it's pretty solid.
How does this address the concern though? Since a user only needs a password to access past sent messages, the security is only as strong as that password... and Apple can pretty easily circumvent any password related security since they are the ones verifying it.
True, you only need your password to issue a new key set to the keybag; you can actually monitor the protocol for devices that are distributed your decryption keys (including Apple if they were spying) and you get a popup on each device alerting you to this. It is possible Apple could create a back door for them to issue a certificate set to your keybag without your permission but that would be a can of worms for them, I'm actually comforted by the fact that they'd much prefer to keep end-to-end encryption for their own liability.
Apple, Jobs especially, has historically been somewhat cozy with Washington. For the sake of argument, let's say that, hypothetically, Apple is doing work for the NSA beyond what they've admitted to.
1. Apple is a famously compartmentalized and secretive organization. If Google, Facebook, Microsoft, etc. could keep what they were doing a secret until the whistle was blown on them, Apple can too.
2. So far, the whistle has not been specifically blown on Apple.
3. The worse it is, the less likely Snowden had access to it.
4. An admission of guilt would shake trust in Apple as badly as being exposed by a whistle blower, so there's no motivation to do the former in order to prevent the latter.
If Apple's gotten their hands dirty, they're not going to admit to it. I'm not accusing Apple of anything. I'm just pointing out that this press release is utterly and totally meaningless unless you trust the NSA and people working with them not to lie to you.
I may sound paranoid but, in a country where the government has given itself the power to coerce companies into spying and legally prevent them or their employees from revealing the truth, there is no room for trust. It is not possible to trust the statements of any U.S. corporation as long as the U.S. government clings to this power. Obama may be trying to sell the U.S. public on the idea that the safety gained is worth the privacy lost, but the real issue is the death of trust.
"For the sake of argument, let's say that, hypothetically, Apple is doing work for the NSA beyond what they've admitted to."
If this were the case, why bother with end-to-end encryption in iMessage and Facetime (both fairly recent products)? It's not as though Apple trumpeted this aspect when they announced the products even though it's extra engineering effort. I'm not sure that even BBM is properly end-to-end encrypted outside of a corporate environment.
Steve Jobs was never cozy with Washington. There's no evidence that he ever interacted with anyone in Washington. Apple didn't even have any lobbyists until Tim Cook became CEO.
"Apple didn't even have any lobbyists until Tim Cook became CEO."
I don't think that's true. From personal anecdote, I've met one of Google's European lobbyists and during the conversation he spoke about how his counterparts in Apple worked. If they had people in Europe, I'm sure they had them in the US. Perhaps they don't spend much on lobbying but it seems almost foolish not to have people on the ground when you're as big a company as Apple. If only to keep an ear to the ground regarding political winds (who wants to be blindsided by regulatory changes?).
Edit: This doesn't mean they were 'cozy' with anyone, I'm just pointing that they likely existed.
I interpreted the article to mean that the lobbyist Cook hired was the first one, but I guess it doesn't really say that. It does say that Apple maintained a very low profile in Washington until recently, and still spends about 1/4 what Facebook does in lobbying.
I think it's a lot more likely that these companies are compromised from the bottom rather than from the top: moles who have spent years deep undercover as network admins at relevant data centers, either quietly installing backdoors, or physically walking data out the door.
"The most common form of request comes from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer’s disease, or hoping to prevent a suicide."
Such a broad range of things included in 'the most common form of request' really reduces the power of the statement.
On the contrary, I think the point is that they're all relatively mundane compared to "uncovering terrorist plots!", which has been the alleged motivating factor behind this whole situation.
Notice how Apple's PR strategy always involves waiting. They never speak up until after the main fury has died down. It's like when a person is being yelled at, sucks it up, waits 20 seconds, and then calmly responds.
It worked in Antennagate, and they are catching a lot less flak for their statement than Google and Facebook, who stepped into the melee right away.
"From December 1, 2012 to May 31, 2013, Apple received between 4,000 and 5,000 requests from U.S. law enforcement for customer data. Between 9,000 and 10,000 accounts or devices were specified in those requests, which came from federal, state and local authorities and included both criminal investigations and national security matters."
This looks pretty good (assuming it is honest) with only one possibility for a big weasel worded escape which if they are using they might as well lie.
It doesn't say "information was requested" or "information was provided" for only 9,000-10,000 devices but that only that number were specified. If there were orders that didn't specify devices and accounts (e.g. all messages globally). It might be that this is to cover the fact that those communicating with the specified devices would have some information revealed or it might be that the "specifed devices" figure is misleading.
If anything these numbers are suspiciously small (once the local police department regular investigations are removed). Unless there is a significant breadth to the requests you have to wonder if the FBI (and NSA/CIA for non-citizens) are doing enough targeted requests to track real suspects. Following this line of reasoning you could conclude that they don't need to!
The number "specified" may be less than those information is provided on in the resulting report. "All devices in the US" does not specify any devices but it includes rather a lot.
In a more limited way a request for a specific users details could also include traffic information about first level contacts (and possibly more - try seven degrees and see how few requests you can make to get all the company's details).
Now a plain reading of "all the devices in America" would suggest that it specified millions of devices but the NSA like their wordplay and they might only mean when specific devices are requested rather than included in another request.
Note that Yahoo doesn't mention the number of accounts specified. Possibly they thought that might be too misleading.
Even if the key generated on a device lives and dies on a device, it can still be an insecure key if it is generated by an insecure process like concatenating a well-generated but short (low number of bits) key with an escrowed, possibly public-key encrypted, "LEA" (law enforcement access) key.
If this were true, it would be possible to find it by disassembling iOS. There would also be a suspicious "unexplained" payload that accompanied anything that was encrypted with a symmetric key.
All of your friends say to you, "Your girlfriend is cheating on you." Some of your friends you trust very deeply. Some only moderately so. But you love your girlfriend. You think about some inconsistencies in her behavior in the last few months which makes you suspicious. But on the other hand, her explanations make sense and have supporting evidence of their own. Do you choose to believe a group of your friends, or your significant other?
We all guess how this story plays out, as it often has before. The friends are right. Some of the friends don't even know each other, so its confirmation from different points of origin. The girlfriend does something stupid and gets caught in her lie. You feel stupid for believing her, break up, move on with life, etc.
But what about the cases where the opposite is true.
It turns out that several of your friends actually have a few friends in common that they don't know about. One of them starts a rumor that gets slight confirmation by a couple of random events: The girlfriend is seen talking to a guy from college she was friends with. She is overheard on the subway late at night in a heated argument with someone about her boyfriend. Stuff like that.
The same stories build up and mutual association of close friends tell you that she's up to no good. You choose to confront her, and in either situation you believe her explanations or you think she is lying, when in fact she is telling you the truth.
I know this is an odd allegory. I think that what I'm trying to say is that we are now at a point where reasonable people will start making choices such as either "The government is watching everything I say online" or "The government is only doing routine requests for mostly good causes". People who are more conspiracy minded, myself included, start choosing the "watching everything I say" argument, while other folks take the "mostly good causes" approach.
We've now seen at least 5-6 of these public announcements from companies like Apple, Facebook, and Google that more or less are saying the same thing. They respond to legitimate government requests but push back against seemingly illegitimate ones. And on top of that, the requests are small in number in the 10-20k range.
We can either say that a) the NSA/FBI are only doing moderate numbers of requests and not wholesale collecting and monitoring us like 1984 on steroids, or that b) they're collecting more information about us than they care to let on and all of our worst 1984-esque fears are coming to pass.
To any readers of this that read anything else I write, I'll say this: I lean towards the latter.
I am an admitted layman (don't ask me to do advanced math), but I try to stay informed about the directions that technology is leading us and its effects on society. I'm what you might loosely call a "Singulitarian" in that I feel justified in stating the transformative effects of technology over the next 20-100 years will be far different than anything we've ever experienced before. We're already in the low end of the hockey stick.
I see that right now, including the last few years and a few years into the future, we are living in the 1984 Orwellian state. A little bit gentler and a lot shinier, but basically 1984. But this won't last. Right now the NSA is building a massive data center in Utah, http://www.sltrib.com/sltrib/politics/56461026-90/nsa-data-u.... That gives them the ability to capture and store more data than there are stars in the sky. But this is only temporary. As with all technology, this eventually will scale out to be accessible to all of us.
What is 1984 like when its 2084 but the State is everyone you know and possibly everyone in the world?
So it summarizes like this (note my distaste for TLDR):
Many large companies are spouting the same line right now. We only cooperate with legal government requests, and there aren't that many requests.
This has been going on for two weeks and like all humans, we're getting burned out. Most of us will decide one way or another that the government is spying on us and move on. We'll either not care of be slightly more cautious of what we say/do online. Not that it will help. Either way, your next paycheck is coming, rent is due, oh a bachelor party!, look at the shiny Google/Apple thing!
I don't claim to have an answer. I'm not going to change much of what I do online. I'm not a violent revolutionary, though I'm beginning to think its time for US Govt 2.0 through more peaceful means.
Anyway, if you made it to the end of this congratulations. If you're in SF, buy me a beer and I'll continue at length.
The outcome in this case of being conspiracy minded is good:
1) You don't trust your data online.
2) You keep as much of it in your control as you can.
3) You stop using Facebook and look for alternatives that don't catalog your life.
4) Foreign governments start being weary of putting all their citizen's information in the hands of the US government through their various private corporations.
But we get another statement that iMessages is end-to-end encrypted. Apple continues to state that, but there's also some evidence to the contrary. Like newly authorized devices being able to somehow retrieve the chat history.
Someone more capable than I should really investigate iMessages.
Why is that so suspect? That's just TNO-style encryption- as in, you encrypt it going up, and download the encrypted chat history, before decrypting it using your login information.
Now, if they're sending it back to you as plaintext? Sure okay, that's reason to be concerned. But simply getting back your chat history isn't any reason to doubt the end-to-end encryption.
I think that chat history is actually only retrieved when you restore from an iCloud backup (which backs up everything on the phone, and can be disabled), not when a new device signs in.
It could mean somebody else can, because of key escrow and partial key escrow. Even if the key is generated on the device and stays on the device, you have to look at how the key is generated. With key escrow, the messages can be secure against attacks by everyone except those who have the escrowed portion of the key.
And to do that you mustalso transmit the escrowed part of the key in the protocol -- which is 100% detectable as a blob of "extra but seemingly unnecessary data".
Do you see that? Does anybody see that? Has anybody seen that?
Apple has always placed a priority on protecting our customers’ personal data, and we don’t collect or maintain a mountain of personal details about our customers in the first place. There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it.
This is why Facebook and Google are a nightmare scenario for privacy, they retain everything and then some to profit from it. If they have it (and boy do they have info on users,) NSA and FBI can easily obtain it, all in one place.
* Bitching about the words "direct access": Guess what, these are words, they have a meaning. They're saying that the government can't view the database directly, they can't determine what they get to see, and they don't get to pull it up whenever the fuck they feel like it. And guess what? That means something. I swear, everyone obsessing over the words "direct access" goes on record as one of the most idiotic things a lot of really smart people get obsessed about.
* Most of these companies are effectively saying they're agreeing to subpoenas, with the one difference being that NSA warrants can't be reported by the companies involved. This is still infinitely more tame than the previous claims that the Guardian has been walking back this last week(let alone the entirely ridiculous argument Snowden put out there saying they can 'watch your thoughts form as you type', which gets even more funny when you consider the only service listed that transmits your typed data is GMail).
* There is a lot to be concerned about here- no mistake about it. But right now, there's a lot more holes in Snowden & Co's story than the opposite. It's still troubling, the attitude taken by some of those at the highest echelons of government, on the whole subject- but the accusers have a lot of explaining to do, if you've been paying attention.