Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Encryption Apple

Tim Cook: "Weakening Encryption Or Taking It Away Harms Good People" 203

Patrick O'Neill writes: Over the last year, Apple CEO Tim Cook has repeatedly made headlines as a spearpoint in the new crypto wars. As FBI director James Comey pushes for legally mandated backdoors on encryption, Cook has added default strong encryption to Apple devices and vocally resisted Comey's campaign. Echoing warnings from technical experts across the world, Cook said that adding encryption backdoors for law enforcement would weaken the security of all devices and "is incredibly dangerous," he said last night at the Electronic Privacy Information Center awards dinner. "So let me be crystal clear: Weakening encryption or taking it away harms good people who are using it for the right reason."
This discussion has been archived. No new comments can be posted.

Tim Cook: "Weakening Encryption Or Taking It Away Harms Good People"

Comments Filter:
  • by Z00L00K ( 682162 ) on Wednesday June 03, 2015 @01:31AM (#49828203) Homepage

    Too many things these days that don't make sense. If you have a hole in a system it will be abused by malicious people.

    • by jcr ( 53032 ) <jcr@@@mac...com> on Wednesday June 03, 2015 @03:13AM (#49828493) Journal

      If you have a hole in a system it will be abused by malicious people.

      Like the federal government.

      -jcr

      • It's clear that the majority of elected officials are not there to help us, so it's sad to see you modded down for sharing facts. Your comment should be insightful or informative, not troll. Sadly, there are still those who think that government is there to help them when it's really a bipartisan effort to keep us in our place.

        • Although I agree with the comment having been marked improperly by trolls, the statement that elected officials are not there to help us is too broad. Most elected officials get into politics to help people by enabling change. Unfortunately some lose their way and some are bound by promises made which end up casting a shadow over the work they accomplished.

          I have met a few people over the years that invested their own money (to avoid ties) with the objective of getting into municipal politics. I know of at

      • by nine-times ( 778537 ) <nine.times@gmail.com> on Wednesday June 03, 2015 @09:01AM (#49829931) Homepage

        Like the federal government.

        Well I think the idea that "If you have a hole in a system, it will be abused by malicious people" is a big part of the reason I'm uncomfortable with the federal government having access to people's personal info. Yes, there's the whole danger of dictatorship and secret police and bla bla bla. It's a real danger, but it feels far off. Far more immediate is the danger of... just some asshole that works for the NSA or FBI abusing the access. For all the assurances that "we have access to your data, but we promise only to look at it after we get a warrant from a secret court," you know that there's some dude at the NSA looking through email from people he went to high school with, just for kicks. And that's creepy and all, but if that guy is also a bit crazy and malicious, he can do some damage to people's lives.

        So ultimately, the danger of the Federal government having access to your data is less that the Federal government is itself dangerous, but having access to private data without sufficient oversight is going to be abused by individuals within the Federal government.

        • by Creepy ( 93888 )

          James Comey (head of the FBI) has pretty much said he wants all encryption outlawed [dailydot.com]. Having personally read a ton of emails that were not mine just for fun in college (via packet sniffer), including some very personal ones (though most not - I also scooped up numerous passwords but never used them... can't say that's true for the other kids that did the same, though), I'd say this is a terrible idea. Let's all go back to party lines, too, because you'll never know who's listening and therefore everyone is m

        • I agree. I think there's a better compromise to be had. Putting aside conspiracy theories I believe there are 2 reasons governments would want access to data.
          1. To monitor for security
          2. In court cases where data on a device is required to provide guilt or innocence

          In my opinion, "Monitoring for security" hasn't yielded any results. Proof that the bad guys are wiser than the system.

          As for court cases I'd keep it pretty clear cut. If a case requires data from a defendant and the defendant refuses to provide

          • Putting aside conspiracy theories I believe there are 2 reasons governments would want access to data.

            I'd argue that the real reason the government wants access is not some coherent conspiracy, but some relatively simple factors: People in the US were in a panic following 9/11.

            People were scared. When people are scared, they panic. When they panic, they make stupid, short-sighted decisions. Remember when people in Iowa were taping plastic sheeting over their windows for fear of a chemical/biological attack? Remember how silly that was?

            While the general populace were panicking, so were various public

      • If you have a hole in a system it will be abused by malicious people.

        Like the federal government.

        -jcr

        you wouldn't want to do anything about that would you? we'll put you on the potential terrorist list just in case.

  • by Anonymous Coward

    Two Words: The Fappening
    Imagine Government has access to your private files LEGALLY, such that exposure of your files, your property, your life is completely unprotected by legislation?

    • by Luckyo ( 1726890 )

      This is already the case?

    • by geekmux ( 1040042 ) on Wednesday June 03, 2015 @07:00AM (#49829089)

      Two Words: The Fappening Imagine Government has access to your private files LEGALLY, such that exposure of your files, your property, your life is completely unprotected by legislation?

      Why do you speak of legalities as if that were a constraint around our government today?

      Let me be clear. They break the law. And there's not a fucking thing you can do about it.

      And no, it doesn't matter what puppet you vote into office.

  • Something to hide? (Score:5, Insightful)

    by Anonymous Coward on Wednesday June 03, 2015 @01:33AM (#49828223)

    Are you honest person? You have something to hide?

    Yes, every honest person has a lot to hide and it is called privacy! And it is important that everyone would value their privacy and encrypt everything just in sake of others rights for privacy!

    If some authority has problems, they are free to come to knock on my door or call me. I can talk on front door or in the phone.

    • by Anonymous Coward on Wednesday June 03, 2015 @02:46AM (#49828413)

      I am willing to argue that even criminal with evil intent have a right to privacy. The police's job is to catch them by doing hard work. Monitoring everyone thought and wait for a red flag is not police work.

      • I am willing to argue that even criminal with evil intent have a right to privacy.

        And if you argue that far, then certainly a criminal WITHOUT evil intent has a right to privacy. Such as your average weed smoker, or Gay person in much of the world, or Pork eater in Israel military, or dude that ties his giraffe [craveonline.com] to a lamp post on Tuesdays

    • Let's spell it all out. I'm sure this isn't comprehensive:
      - I want personal issues related to my family (medical, mental, social, sexual, etc.) hidden. No one needs to know that, frequently even I do not, but families overshare and it should be safe to do so.
      - I want my finances secret. The government already knows how much I make, my employer and investment banks already helpfully report this and withhold taxes. But that does not mean it should be casually available to anyone who wants to go look. It is no

  • But how many people will support this argument when the subject is encryption but rail against it when the subject is firearms and self-defense?

    • by Kirth ( 183 )

      Oh yeah, now you're comparing locks to guns? What exactly is your point here? Trying to discredit advocates of encryption?

      • Oh yeah, now you're comparing locks to guns?

        It's not that far-fetched. Cryptography was on the U.S. Munitions List as an Auxiliary Military Equipment up until 1992 or so. There are still restrictions of the export of encryption technology.

        • by Sique ( 173459 )
          But it is quite complicated to kill someone by encryption. Maybe reading him 2048-bit-RSA-keys will cause him to die of boredom?
    • Re: (Score:2, Offtopic)

      But how many people will support this argument when the subject is encryption but rail against it when the subject is firearms and self-defense?

      You already know the answer to your rhetorical question my fellow G[r]eek...

      Free Greek language lesson for barbarians:
      How the "I will give you my gun when you pry it from my cold, dead hand" English phrase is "translated" in Greek? MOLON LABE!

    • Guns have strong offensive uses. Encryption generally doesn't, the closest it comes is cryptolocker-style ransomware. Which is mitigated by offline backups.
      • by BlueStrat ( 756137 ) on Wednesday June 03, 2015 @02:53AM (#49828425)

        Guns have strong offensive uses.

        Which are only effectively countered by people defending themselves with guns.

        God created Man. Sam Colt made them equal.

        Grandma (and the physically disabled, young women, etc) has a chance against a young, fit, male attacker if she has a gun. More than without a gun. Much more than blowing a "rape whistle" and peeing herself, or waiting for police who, in many small towns including the one I live in, typically wait at the donut shop until the shooting is over before arriving to take a report and have the body(s) removed. As one cop told me in a moment of frankness; "I ain't dodging gunfire for no $70k a year and a pension!"

        Police in the US have no legal obligation to protect citizens.

        Police handle the paperwork. Citizens are the true "first responders".

        Strat

        • by sjbe ( 173966 ) on Wednesday June 03, 2015 @08:06AM (#49829497)

          Grandma (and the physically disabled, young women, etc) has a chance against a young, fit, male attacker if she has a gun.

          Only if she has it out, loaded, safety off, is capable of pointing it in the right direction before the attack occurs and is aware of where the attack is coming from. It's an absurd hypothetical strawman that NEVER actually happens in the real world. Do you really want granny carrying a sidearm at all times given the extremely remote chance of her actually getting attacked outside of your imagination? Personally that's not a society I care to live in. Firearms have their time and place and I'm not remotely arguing against the 2nd amendment but they aren't what keeps crime in check. Guns are used FAR more often to facilitate crime than to prevent it. Real security comes from a properly structured civil society. Guns play a role but it should be a very minor one.

          As one cop told me in a moment of frankness; "I ain't dodging gunfire for no $70k a year and a pension!"

          The number of cops that EVER discharge their weapon intentionally in the line of duty is miniscule [pointshooting.com]. It's significantly less than one percent. If your story is true then it shouldn't be surprising at all - almost all cops never have to "dodge gunfire" or shoot at a live person. However if he really wanted a safe job and a pension then he should have picked another line of work. There are easier and safer ways to make a decent living.

          Police in the US have no legal obligation to protect citizens.

          Police have a legal obligation to enforce the laws and guess what? The laws (usually) protect the citizens. (unless you are a minority - then you are apparently on your own judging by police response times) Countries with far stricter gun control laws somehow miraculously manage to have even better crime statistics than the US and FAR fewer deaths by firearm. Having a civil society isn't merely a result of everyone packing guns and having a Mexican standoff.

          Police handle the paperwork. Citizens are the true "first responders".

          What a bunch of delusional macho BS. When was the last time you actually saw someone grab a gun and go be a "first responder" to a crime? You haven't. The notion that you are going to protect society with a firearm isn't justified by the evidence. The evidence shows that the odds are FAR higher that the gun will be used in a suicide or result in an accident. I don't have a problem with people owning guns but let's not pretend that the citizenry are marching out to fight crime. If we get to that point I'm moving to someplace civilized.

          • by rjh ( 40933 )

            When was the last time you actually saw someone grab a gun and go be a "first responder" to a crime? You haven't.

            You seem to believe this doesn't happen. It does. I know because I was the guy with a gun.

            In August 1998 a young man was getting beaten to death in my apartment's parking lot. (Whether it was their intent to kill him, I don't know. What I do know is that beating someone with a tire iron is lethal force.) One of my neighbors called 911. I went out with a 12-gauge loaded with deer slug and s

        • Guns aren't usually going to protect people. For a gun to be useful, the wielder has to be willing to kill with a split-second decision, and that's not really common. If I'm within ten feet of you, and you aren't an expert, I can get my hands on you before you can draw and aim a gun. A whistle has the great advantage that getting it ready is not threatening or attention-grabbing, and using it will come a lot easier than shooting somebody.

          • Guns aren't usually going to protect people.

            Then why do police, judges, and many other government politicians and bureaucrats carry guns for protection and/or are protected by people carrying guns?

            As a poster above correctly points out, *no* safety measure or thing is 100% effective in every single situation that could possible arise. Traffic signals, guard rails, on and on, none of these things or countless others are 100% effective in every situation, and some things, like seat belts & airbags, actually end up doing more harm than good in some

            • Police and bodyguards are generally aware that they may well have to shoot somebody, and have made the decision that they're willing to kill. They also usually have fewer inhibitions about bringing a gun into a situation that might escalate. If a police officer thinks I might get violent, the police officer will be prepared for an attack if I'm within ten feet. It may well be that you're prepared to kill, and I'm not saying that's good or bad, but the majority of the population isn't.

              There are also da

    • I think the major difference might be that firearms are designed to kill animals and people, whereas encryption is designed to keep information secure. As in: Comparing apples with bananas.

      • Here I thought a guns was designed to fire a bullet at the target the operator points it at. No gun I own has ever killed any animals or people despite firing thousands of rounds, because the only thing I point them at are inanimate (paper, steel) targets.

        • by Creepy ( 93888 )

          I use this argument a lot with anti-gun people. While I personally have actually shot animals with guns (rabbits at a farm that were out of control pests for 10 cents a kill), the vast majority of things I've shot are paper targets. I've also shot far more clay pigeons than rabbits (about 3 dozen to 2). I don't own any guns and don't plan to buy any soon, so I'm not some raging pistol shooting Yosemite Sam.

          Incidentally, encryption was considered a munition until Clinton moved it (and increased the amount).

    • Not me? Come to think of it, wasn't the exportation of encryption restricted under munitions export rules? The government may have inadvertently defined it in a way that places it under the 2nd amendment.
  • by SlovakWakko ( 1025878 ) on Wednesday June 03, 2015 @02:16AM (#49828345)
    Anybody who stands to lose more by having their (illegal) activities uncovered compared to being penalized for using (banned) encryption will still use it, so only the good guys, who don't use it to cover up their criminal activity will stop using encryption. At the same time they will be more exposed to data and identity theft, blackmail and illegal snooping. This just shows how little actually the FBI cares about the safety of common, law-abiding citizens. They don't see their mission as protecting people from becoming victims in the first place, but rather as catching criminals after the fact. It's logical if pretty evil - the more crime there is in USA, the more money and power the FBI gets. But folks - which one of those is better for us? Prevention or prosecution?
    • by bill_mcgonigle ( 4333 ) * on Wednesday June 03, 2015 @09:46AM (#49830335) Homepage Journal

      But folks - which one of those is better for us? Prevention or prosecution?

      That's entirely the wrong question. The operant one is, "which one increases the power and wealth of the ruling class? (aka the politically-connected)".

      The "bad guys" won't use strong encryption under the proposed regime. The FCC will force the ISP's to install filters that only allow packets through that are co-signed to the government (y'all wanted Net Neutrality right?). If you try to pass unsigned data it will be blocked and a SWAT team will show up at your house to put a semi-automatic rifle barrel in your face and toss you in a cage for a decade or more. Tunnelling that data will be made a crime and the NSA has the technology to detect it already. You MAY not speak privately from the government.

      There is zero chance of countering this existential security threat while pretending that the ruling elite are interested in the benefit of the People. Security folks need to adult-up and face reality - we're past the point of this ending nicely; it's only a matter of which shit-sandwich we get to swallow at this point. Pixie dust and unicorn farts won't change that. Rand Paul won't be allowed to win the Presidency (but I repeat myself).

  • by Kirth ( 183 ) on Wednesday June 03, 2015 @02:21AM (#49828365) Homepage

    This is an exclusive OR. Choose only one.

    "Either we build our communications infrastructure for surveillance, or we build it for security. Either everyone gets to spy, or no one gets to spy", as Bruce Schneier says.

  • by Shadow of Eternity ( 795165 ) on Wednesday June 03, 2015 @02:59AM (#49828455)

    is the same is saying we should not allow people to lock their cars/houses because criminals might hide something behind a locked door.

  • by Anonymous Coward

    In order to distinguish "right" and "wrong" reasons for privacy, you'd need to look into the communication. Which abolishes privacy.

    The whole point of privacy is not to look into communication. In a way, not to let Schrödinger's cat out of the bag.

    "None of your business" does not distinguish good and bad business. So I don't really like the pitch of Cook here:

    Weakening encryption or taking it away harms good people who are using it for the right reason.

    Because it will be immediately followed up by "so let's only weaken encryption and take it away from people who are using it for the wrong rea

  • give skeleton keys to the government.
    • The government has experts who can open a fire safe. It may not be cheap, but it can be done. As far as we can tell, there are no experts who can decrypt something encrypted in AES-128 or stronger without the key.

      • I have a feeling the NSA can break pretty much anything, so long as they don't need their computers for anything else for a few days or weeks.
        • It is effectively impossible to brute-force a 128-bit key, and by that I mean you can't do it by using all the resources of the Solar System until the heat death of the Universe. Exponential growth works that way, and a 128-bit key is 2^64 times as hard to brute-force as a 64-bit key, which already requires significant horsepower.

          There is a possibility that the NSA can break AES, but that seems unlikely given the Snowden revelations and the lack of success of academic cryptanalysts. They'll probably al

  • I'm sure I'll take a beating for this, but I wonder if Cook's being gay -- and not being completely "out" until relatively recently -- have some influence on this thinking about privacy?

    If you think about it, someone who is gay and had been less than publicly out about it has had a period of their life where they were pretty intense about guarding their personal privacy, especially someone in a high profile corporate job where there are plenty of people inside and outside of the company who would want to ta

    • I agree with you on this. If a biography ever comes out, I wonder if we'll learn that his passion for privacy comes from growing up gay in alabama in the 60's...

  • by sjbe ( 173966 ) on Wednesday June 03, 2015 @07:30AM (#49829269)

    The problem with weakening encryption is that weaknesses do not care who uses them and once discovered they cannot be corrected. And weaknesses WILL be discovered sooner or later. Probably sooner. There is no way to only let the "good guys" in while keeping the "bad guys" out. You cannot weaken encryption without making it completely useless in the process.

  • But not actually resisting.

  • Some of you may have noticed that large banking chains insist upon very restricted use of characters in passwords. They also insist on short passwords that disallow password phrases. For example ASCi2 symbols are usually not allowed. Many keyboard symbols are also disallowed. All in all the major banks seem to insist upon fairly weak passwords. Since they, in theory, cover any losses made by hackers or crackers invading bank accounts I find their position really weird. Certainly it can not be so diff
  • has become the most dangerous person in the world.

  • by Mike Van Pelt ( 32582 ) on Wednesday June 03, 2015 @01:34PM (#49833037)
    The piece of this that hasn't gotten nearly enough attention is this: Requiring U.S. tech companies to put backdoors in encryption will make U.S. technology anathema in every other country on this planet. U.S. tech companies will lose virtually all of their non-US market immediately, and the rest of it as soon as alternatives become available. (Which they will; the demand will be huge.)
  • by kuzb ( 724081 )

    Anyone at Apple trying to sound altruistic just looks like the pot calling the kettle black.

Truth has always been found to promote the best interests of mankind... - Percy Bysshe Shelley

Working...