Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Democrats Businesses Encryption Government Iphone Privacy Apple

Apple Shared User Data With Governments, Says WikiLeaks Email (dailydot.com) 106

"Please know that Apple will continue its work with law enforcement," reads an email from Apple's vice president of Environment, Policy and Social Initiatives, who reports directly to CEO Tim Cook, according to new documents this week on WikiLeaks. An anonymous reader writes: In the email the Apple executive writes "we work closely with authorities to comply with legal requests for data that have helped solve complex crimes. Thousands of times every month, we give governments information about Apple customers and devices, in response to warrants and other forms of legal process. We have a team that responds to those requests 24 hours a day." The email was addressed to Clinton campaign chairman John Podesta.

But the context is missing, and could show a larger attempt to soften Hillary Clinton's position on encryption. While Jackson writes that at Apple, "We share law enforcement's concerns about the threat to citizens," she later writes "Strong encryption does not eliminate Apple's ability to give law enforcement meta-data or any of a number of other very useful categories of data."

The email also compliments Clinton for her "principled and nuanced stance" on encryption in a December debate against Bernie Sanders. Clinton had said "maybe the backdoor is the wrong door, and I understand what Apple and others are saying about that. But I also understand, when a law enforcement official charged with the responsibility of preventing attack...well, if we can't know what someone is planning, we are going to have to rely on the neighbor... I just think there's got to be a way, and I would hope that our tech companies would work with government to figure that out."
This discussion has been archived. No new comments can be posted.

Apple Shared User Data With Governments, Says WikiLeaks Email

Comments Filter:
  • by Anonymous Coward on Saturday October 29, 2016 @10:41PM (#53177447)

    Closed source encryption = faith-based security.

    • by Anonymous Coward

      same as open source encryption, unless you happen to be a mathematical and code genius. similar amounts of eyes review all of them as their are very very few who have the necessary skills to do so.

      • I am not a mathematical genius, but I know of some who are and that they have looked at the open source code and said that they are happy. This does not guarantee that they have not overlooked something, but is much better than the closed source scenario where only a few have seen the code - and I do not know who those few are or who they work for.

        • More importantly:

          Closed source crypto: those that have seen the code are restricted by NDAs and usually on the payroll of whoever developed and deploys the encryption. These people have various reasons not to speak out on any potential issues, including back doors. You'll have to wait for a Snowden or Mannings to step up and reveal any issues.

          Open source crypto: everyone, including "the enemy" and others with vested interests to break it and reveal exploits can see and analyse the code. They are not bound b

    • Kerchoff's Principle essentially states that the security of a cryptographic system should depend only upon the secret key and not on the secrecy of the system itself. Indeed in the book Cryptography Engineering, the authors claim that they have reviewed may secret cryptographic systems and all of them had flaws.

    • by Anonymous Coward

      Closed source encryption = faith-based security.

      Unless you audit everything yourself, you're employing faith based security.

  • by BLKMGK ( 34057 ) <morejunk4me.hotmail@com> on Saturday October 29, 2016 @10:50PM (#53177463) Homepage Journal

    Total surprise! It's why they've made sure they can't get through their own crypto...

    • by Lisandro ( 799651 ) on Saturday October 29, 2016 @11:04PM (#53177505)

      That was my exact first thought. I'm far from an Apple fanboy, but why the hell is the story framed to sound like they're surreptitiously sharing customer data with the NSA or something

      • That was my exact first thought. I'm far from an Apple fanboy, but why the hell is the story framed to sound like they're surreptitiously sharing customer data with the NSA or something

        Because that way they get more clicks as the members of the self appointed Apple critics brigade pile in here to vent their rage?

    • I came here to see if anyone had posted this. None of this is even story-worthy. If they have the information they must respond to a warrant.
      • by BLKMGK ( 34057 ) <morejunk4me.hotmail@com> on Saturday October 29, 2016 @11:28PM (#53177555) Homepage Journal

        Exactly! Metadata is things like IP addresses of logins or names of accounts. These are things they have to have in order to operate and it's not something they can deny a valid warrant. AOL, Google, Yahoo!, and many many other companies respond to these requests. But if they cannot get at the data they cannot turn it over. Some companies, like Yahoo! apparently, give way more than others but if they couldn't get to the data they couldn't and Apple claims they no longer can. Put a good password on your account, your backups, and good grief don't use the cloud. How hard is that? Non-story unless they can show that Apple is breaking the most recent crypto...

        • by ljw1004 ( 764174 )

          Put a good password on your account, your backups, and good grief don't use the cloud. How hard is that?

          How hard is that? ... pretty much impossible. Don't get me wrong. I used to use my own personal linux server for documents and photos and music. Went through three machines over fifteen years, always with RAID, always with offsite backups. I wrote a frontend to let me browse photo thumbnails quicker than google drive or onedrive.

          But it was too hard to meet reasonable family needs. Too hard to share photos with (non-technical) family members. To hard to automatically upload photos+videos from my phone. Too s

          • by BLKMGK ( 34057 )

            I use some cloud services - photo sharing, email, things like that, if someone sees my vacation pics I don't care. What I don't do is upload a backup of my phone to the cloud. It's stored locally and it's password protected. Yes, the password could be cracked but end of the day I don't save anything earth shattering in it and I've raised the bar significantly - no fappening for me!

            Likewise system backups are done locally as is media storage - my storage has grown over the years and been upgraded as needed.

    • This is the third clickbait Anti-Apple article today. They had the google vulnerability disclosure article and yet another MacBook Pro pooh-pooh article. Apple has always cooperated with LEA warrants and will continue to do so.
      • by tlhIngan ( 30335 )

        This is the third clickbait Anti-Apple article today.

        It's because Apple made the news earlier this week with a product announcement. This brings out all the haters because you know what? Apple stuff leads to ad clicks. So click-bait articles about Apple, especially since Apple is in the news, means lots of ad money.

        It's what journalism has evolved into on the Internet - whatever you can do to trick users into clicking your articles for ads. Gawker might have been the first to formalize it from the get-go -

    • by dissy ( 172727 )

      Apple has already publicly stated exactly this during the FBI lawsuit that clearly no one paid any attention to.

      They stated they have and will continue to honor legally issued warrants for data on a specified customer.

      What they will not do is hand over data for all customers at once without a warrant, and they would not remove their customers encryption leaving them vulnerable to attack by basically everyone.

      Those last two are what the FBI demanded, and failed to sue Apple over.
      In fact during the lawsuit Ap

    • by Anonymous Coward
      I did a quick review of their iMessage protocol. It uses old and weak cryptographic primitives, and provides no forward and/or future secrecy. You also have to trust Apple to serve the correct public keys. I wouldn't be surprised if the NSA can crack it.
  • by Anonymous Coward

    But the context is missing

    That's the whole problem with all of these WikiLeaks emails. We see people shooting messages back and forth but we have no idea what conversations may have led up to, or occurred as a result of, each email. A lot of them are snippets of news articles and other research, looking for opinions and bouncing ideas around. We don't know what decisions were or weren't made based on most of this stuff because we're only seeing a small window into a much larger operation.

    "If one would give me six lines written by th

    • by Anonymous Coward

      And it is amazing how people automatically take the content of these leaks as 100% authentic? How hard would it be for those releasing the information to make a few changes here and there to support their political ideology? Those releasing the WikiLeaks documents as well as those releasing the Snowden information have proved beyond a shadow of a doubt they are using these leaks to drive their political platform. Snowden stole millions of documents but only a small percentage has been released by the gate

      • by AHuxley ( 892839 )
        AC fake emails don't make party political workers quit.
        AC "How hard would it be for those releasing the information to make a few changes here and there to support their political ideology?"
        Smart people in the press have some really great experts for that. They look at every word, sentence, name, date, format, font and write up reports.
        If anything had been added, altered or changed the press would have found it.
        The media world wide has a long institutional memory of been offered altered or fake or hist
      • How hard would it be for those releasing the information to make a few changes here and there to support their political ideology?

        Extremely hard. Like AHuxley there pointed out, the emails are signed by domain keys and you and me, and everybody else, can validate the authenticity and integrity of every email that has the DKIM. To say that they would have forged an email in a way that still validates through a DKIM validator, WikiLeaks (or some other party) would've had to have stolen Google's and other domains' private DKIM keys. Mind you that these keys are *extremely* well protected, especially on Google's services.

        That being said,

  • by Anonymous Coward

    If you give ANY large corporation data about yourself, they can and will disclose that data to the feds, and a lot of the time to advertisers too.

    The only way past all this is to take matters into your own hands. End to end encryption, so no one in the middle CAN disclose the contents. Do not use services that depend on centralized servers. Run your own servers if you have to for your friends and family to use for IM/vidchat/etc.

    Stop centralizing the internet, and this will be less of a problem. We're h

    • by AHuxley ( 892839 )
      Re Or add to the basket every day.
      Take up landscape photography. Buy a few books about one time pads online with a credit card and ensure all privacy settings are wide open during the search for a few well written books that review well. Download or buy some steganography apps.
      At the end of every email you send on an Apple computer or device add a very small creative photo banner.
      Create a small photo of a typed one time pad text and use steganography to hide a new one in every image. With a just few em
  • Well, this one is for all you Apple fans who jumped up and down and breathlessly supported Apple over the Santa Barbara phone case.

    The company you cherished and supported and defended and swore could do no wrong.... was stabbing you in the back and selling you down the river the whole time.

    Ha Ha Ha Ha Ha

    The truth is, big companies like Apple don't get to become big companies like Apple unless they sell out LONG before they get that big. They've ALL sold out. They ALL happily hand over your data all th

    • You sound ridiculous. Do you know what the US Government would do to a corporation that denied assistance to legal warrants from the judicial branch?
      • The same thing any government would do. But it's appealing to act like a few special companies refuse. It could even become a bit of marketing hype for a company to pretend they refuse. Or even that they're special somehow and have designed their system to make impossible not to refuse. All within a shroud of secrecy, and behind closed-source software and trade secrets, of course...

      • by AHuxley ( 892839 ) on Saturday October 29, 2016 @11:50PM (#53177609) Journal
        Re "Do you know what the US Government would do to a corporation .. "
        "The One Telco Exec Who Resisted The NSA Has Been Released From 4+ Years In Jail" (Sep 27th 2013)
        https://www.techdirt.com/artic... [techdirt.com]
        This news just adds to the PRISM decryption and other issues that US brands seem to offer assistance with.
        https://en.wikipedia.org/wiki/... [wikipedia.org]
        If its important encrypt well away from any and all Apple products, send the communications.
        Anonymity is hard to ensure but at least people can get their privacy back from Apple and the mil/gov.
      • Uhm... go to court? It's what's happening to Microsoft. They are refusing to give access to data stored in Ireland. For now, at least, the issue is in the hands of the courts.
        • Right, Ireland. You just made it off topic, but I don't have mod points.
          • Sorry, in which way does MS vs DOJ situation not fit the description "what the US Government would do to a corporation that denied assistance to legal warrants from the judicial branch?"
            • The word "legal" is the key here. They're trying to get something from Ireland, which is more than questionable in terms of legality.
              • The courts have final word in what is legal because their opinion of the meaning of the law is binding. You haven't mentioned why the hypothetical company would deny such government request. If it did so on the basis of a questionable legality of the warrant, the government would do what I originally said they would do. They would go to court.
    • by Anonymous Coward

      Yeah, this isn't news. Anyone who followed the San Bernardino case knows the sticking point with Apple wasn't handing over user data to the FBI - they already handed over the guy's iCloud backups, after all - it was being required to write new code.

      Essentially once it became clear that they weren't going to be able to get into the device without having to - gasp - do some software development, they balked. But up until that point, they were happily helping the FBI try and access that iPhone.

      Apple never has

    • holy fuck. I hate apple more than most but you sound like a fucking retard. All companies are required to respond to legal warrants, Including Microsoft, Google and Any open source based companies or organisations. grow the fuck up.
  • I'm confused, isn't wikileaks pro-sharing? Isn't that all they do?

  • What did you think they did?

    They make changes to make it impossible to turn over your data. But that will never be the case for some kinds of data, like when you last accessed your account, etc.

  • ...but the headline is a bit clickbait-y.

    How about you let us make our own judgements?

    In this case, the facts seem to be that Apple follows the law, and that it's reluctant to enable a back door.

  • In other news, water is wet, the pope is catholic, and bears shit in the woods.

  • In what must be the biggest surprise story of the week, Apple, a big corporation, acts like a big corporation. Jokes aside, the government is *Apple's* government, not yours. Like it's Exxon's or Monsanto's, or Koch whatever. It's called capitalism, a lot of you say you like it, so don't get all outraged when capital rules. And you don't.
  • To all the Apple fanbois:

    You're the pot calling the kettle black! You jumped all over Blackberry when they worked with governments.

    Looks good on ya!
  • The subtle difference between sharing data and writing a non-existent program to access data inside a device when no such program currently exists remains the key. Of course, Apple shares data which they have and can provide when they get subpoenas. They probably do it even without subpoenas under the assumption that the government is a good-faith actor. But such assumption was not enough (as far as we know) to force Apple to write a program which would have made hacking into their own devices possible.
  • I was going to say it isn't really news- but it sort of is. The new part is that Apple is using their stance as a defense in emails to powerful people. The old part is that (a) Apple has metadata that is available to them and (b) Apple shares everything that they can with any government that asks. Apple will deliver, when given a lawful order, metadata, anything that isn't encrypted, and anything that they can decrypt. This includes everything in icloud.

    This should, frankly, not be a surprise, but if yo

  • Citizen 4 had already shown in a leaked document (a PowerPoint of all things) that Apple, Facebook, Micro$oft, Google amongst others were already on the alphabet mafia payroll.

Avoid strange women and temporary variables.

Working...