Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Government Apple

FBI Calls Apple's Expansion of End-To-End Encryption 'Deeply Concerning' (macrumors.com) 138

An anonymous reader quotes a report from MacRumors: Apple yesterday announced that end-to-end encryption is coming to even more sensitive types of iCloud data, including device backups, messages, photos, and more, meeting the longstanding demand of both users and privacy groups who have rallied for the company to take the significant step forward in user privacy. iCloud end-to-end encryption, or what Apple calls "Advanced Data Protection," encrypts users' data stored in iCloud, meaning only a trusted device can decrypt and read the data. iCloud data in accounts with Advanced Data Protection can only be read by a trusted device, not Apple, law enforcement, or government entities.

While privacy groups and apps applaud Apple for the expansion of end-to-end encryption in iCloud, governments have reacted differently. In a statement to The Washington Post, the FBI, the largest intelligence agency in the world, said it's "deeply concerned with the threat end-to-end and user-only-access encryption pose." Speaking generally about end-to-end encryption like Apple's Advanced Data Protection feature, the bureau said that it makes it harder for the agency to do its work and that it requests "lawful access by design": "This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime, and terrorism," the bureau said in an emailed statement. "In this age of cybersecurity and demands for 'security by design,' the FBI and law enforcement partners need 'lawful access by design.'"

Former FBI official Sasha O'Connell also weighed in, telling The New York Times "it's great to see companies prioritizing security, but we have to keep in mind that there are trade-offs, and one that is often not considered is the impact it has on decreasing law enforcement access to digital evidence."

This discussion has been archived. No new comments can be posted.

FBI Calls Apple's Expansion of End-To-End Encryption 'Deeply Concerning'

Comments Filter:
  • by DarkRookie2 ( 5551422 ) on Thursday December 08, 2022 @05:44PM (#63114998)
    Each time I here a cop say something to this effect, all I hear is "I am mad that I actually have to do work instead of just offloading everything on Google and collecting a paycheck"
    • by jhoegl ( 638955 ) on Thursday December 08, 2022 @05:50PM (#63115010)
      Well, we have had an authoritarian regime for a few years for sure. When Trump used the Army to get rid of protestors to take a photo, that smacked of Authoritarian Oligarchy so hard that people should have woke up then. But they are still asleep, and it is clear that there are plenty of coup supporters in our law enforcement. They keep gaining power without check.
      • Re: (Score:2, Insightful)

        by sid crimson ( 46823 )

        Well, we have had an authoritarian regime for a few years for sure. When Trump used the Army to get rid of protestors to take a photo, that smacked of Authoritarian Oligarchy so hard that people should have woke up then.

        I know what you mean. In Los Angeles, the police were used to clear out the homeless before Biden's visit. His tour route was shockingly clean.

        • This happens on the city level before every Olympics. This does not make it fair to the relocated people, or ethical. But it's not a new practice.

          • This happens on the city level before every Olympics. This does not make it fair to the relocated people, or ethical. But it's not a new practice.

            Los Angeles had the Olympics once in 1984. I understand what you're saying, but drawing a parallel seems to be a stretch given the other homeless practices Los Angeles has been employing in spite of the resident _taxpayers'_ wishes.

            • What is odd about the parallel? The practice is quite common place and should surprise no one, even if it can be unfair to the people being pushed from their desperate shelters.

              • What is odd about the parallel? The practice is quite common place and should surprise no one, even if it can be unfair to the people being pushed from their desperate shelters.

                The parallel you draw is 38 years old. That does not lend to the argument that the practice is commonplace..... ;-) ;-)

                • _I_ referred to every city hosting an Olympics since they were restarted in 1896. That includes the most recent 4 host cites, Beijing, Tokyo, Peongchang, and Rio de Janeiro. Someone else cited Los Angeles more specifically. Check the reports about the costs and social burdens of hosting the Olympics for more explicit cases. Do you need more detailed pointers?

    • To me it sounds like cover and distraction. Apple's encryption code is OSS, so for all you know there's a FBI back door in it. You literally cannot trust it.

    • by gweihir ( 88907 )

      Yep, pretty much. Police work must never be easy. It must be hard. Otherwise civil rights deteriorate.

  • the FBI, the largest intelligence agency in the world, said it's "deeply concerned with the threat end-to-end and user-only-access encryption pose."

    I wonder what it feels like to consistently be on the wrong side of history and freedom... in a country that supposedly is founded on principles of freedom.

    Like... how do these people face themselves in the mirror?

    • by fahrbot-bot ( 874524 ) on Thursday December 08, 2022 @06:12PM (#63115090)

      I wonder what it feels like to consistently be on the wrong side of history and freedom...

      Become a Republican and find out! :-)

      • by Anonymous Coward

        >> I wonder what it feels like to consistently be on the wrong side of history and freedom...
        > Become a Republican and find out! :-)

        The Democrats used the FBI to blackmail MLK prior to the assassination, founded the KKK, wrote the Jim Crow laws and filibustered the Civil Rights Act.

        You also literally lead the Confederate States into secession to preserve slavery when the Democrats split from the Democrat-Republican party.

        And you want to talk smack about being "on the right side of history"?

    • Ever see the movie Serenity? These sort of people truly believe they're creating a better world.

      • by tragedy ( 27079 )

        Ok, Serenity was a good movie, but let's not delve into using fiction to justify things in real life. You might as well say that the fears of the FBI agents are justified because Jack Bauer keeps having to save the country from nuclear and biological weapons. Themes in fiction may be based on real-life ideas, but the actual situations portrayed are usually extremely dramatized.

        Batman movies are fun too, but that does not mean that Elon Musk should put on a bat suit and go out at night and find the most dang

        • The only thing stopping Elon from being a real world Batman is the Batmobile isn't ready yet.

          He says it'll be "next year".

          • by mark-t ( 151149 )

            I would have thought the only thing stopping him is the fact that we live in the real world as opposed to a fictional one, and real-world cops are not so utterly incompetent at their jobs that they wouldn't eventually be able to catch and prosecute such a vigilante. If he, or for that matter, anyone else ever actually tried, their tenure as the venerable comic book hero is liable to be even shorter in duration than "The Hasselhoffs" TV series.

            Besides, the Batmobile is nowhere near the least credible t

    • The way encryption works now end to end only means everyone within the provider network has access to your end to end conversation which is just silly.

    • by jythie ( 914043 )
      Eh, the 'founded on freedom' thing has always been more marketing than history. The US was founded on authoritarianism, it is simply a kind that you buy your way into rather than lineage.... but the US has always been about knowing your place.. either deferring to you betters or, if you are on the 'better' side, not having pesky democracy restrict your freedom to use your power over others. The FBI is not really on the 'wrong' side of US history, it is US history.
    • by gweihir ( 88907 )

      Probably the same way the Nazis thought they were doing humanity a great service...

  • by therealprologic ( 2118298 ) on Thursday December 08, 2022 @05:51PM (#63115018) Homepage
    Good on Apple Shame on the FBI
    • by AmiMoJo ( 196126 )

      Google has been doing this for years on Android. I'm actually shocked to learn that until now iOS *hasn't* been doing it.

      • by seth_hartbecke ( 27500 ) on Thursday December 08, 2022 @07:11PM (#63115222) Homepage

        Yea ... it's because apple was so far out in front on security at first that this lagged.

        Apple had the first phones that we very hard to hack locally. Couldn't root it (easily). Couldn't connect a thing (there were a few companies that sold devices, but apple closed those holes as they were known). Couldn't lift a chip and read the crypto keys. They were way WAY out in front of everybody else. I mean, the secure enclave was released with the 5S in 2013 and nobody had anything like it for a few years.

        And at the same time apple was increasing the crypto security on their iCloud things too. And ... suddenly there was all this talk from the FBI and others about how we were going to have to mandate backdoors in everything because this was interfering with legitimate police work too much. Too many iPhones that if we could only get the data out of them we could unwind the web of terrorists they were working with and "keep everybody safe."

        It was obvious that apple halted their end-to-end crypto work at the phone in a kind of ... stalemate with the surveillance state: the phone is going to be really hard to get into, and we're going to keep making it very hard to get into. But we're going give away enough iCloud storage with every apple ID to do phone backups, and encourage everybody to turn that on. And if you want a copy of the phone (and they have iCloud backups on ... which we encouraged them to do, and gave them the storage for free to do) ... we'll give you a copy of that with a simple subpoena.

        This was ... very VERY obvious to anybody who paid attention.

        In fact when I saw the story about apple doing end-to-end crypto of backups my first thought was: so how soon will the FBI be complaining?

        • Its the one thing the IOS devices do have over Google devices. And it might not be the caprose forever.

          It really comes down to the business models of the companies. Apple are a hardware device. Software and services are largely just value adds for the, although they DO make a significqant sum of money on the App stores and itunes/tv+ services. But the bread is still buttered by hardware. So they really don't have much to gain by selling user data but they do have much to gain by being able to create a produ

        • by AmiMoJo ( 196126 )

          Not really. For example, Apple's "secure enclave" that stops you lifting a chip to read out the encryption keys was actually first specified by ARM, and manufacturers like Samsung were implementing it before Apple did. Android added support for it in 4.1, which was released in 2012 - a year before Apple released their version.

        • Don't forget they also need to make sure they got plans for the China market, which seems to have IDevices with either less functions or less security as well.

          Like the airdrop limits in China, compared to the rest of the world.

  • by backslashdot ( 95548 ) on Thursday December 08, 2022 @05:52PM (#63115020)

    Forcing everyone to use weak encryption is mainly for spying on innocent people. Any requirement that communication be visible to the government infringes on free speech. You can't communicate freely if your words can be spied on. You can't express yourself freely to your trusted people if your words may be decrypted and leaked by government officials, spies, and people working at internet companies.

    • "But we could have saved the life of this one child, if only Apple would (or could) have given us access to this awful killer's phone message history" -- This is the knee jerk reaction that always gets played, trying to buy public favor for low-security requirements on personal/consumer devices.

      So which is it?

      Do you think the life of one child far outweighs having to further give up assurance of personal privacy?
      -or-
      Do you think that sometimes bad people do bad things, and we'll always be uncovering things

  • by Anonymous Coward
    If you are using encrypted backups that are for personal use, you are not transferring that data to anyone else. As such it is the same as keeping it in your home and the FBI has no business freely searching personal data.

    Now if you are sharing that backup with another party the water gets muddy, sort of. But not really because they can't scan what you hand someone on a flash drive - this is the same thing but 'on the internet'.
  • The most likely reason for a federal spook agency to say something like this is to make people feel comfortable using it for illegal purposes, because they already are comfortable in assuming that they'll be able to break the security model on day one. If they were actually concerned, they would be pressuring legislators to ban it.

    As for their statement, you can either have security by design or law enforcement access by design, but never both. The two requirements are fundamentally at odds, because lite

  • Fuck off you Satanic Russian imposters. You think I don't know what you're up to really? You shouldn't have killed the girl. You're all gonna burn in this life and the next.

  • by BytePusher ( 209961 ) on Thursday December 08, 2022 @05:56PM (#63115044) Homepage
    I want the security of knowing I can have the wrong opinions and keep them to myself, my friends without the implicit assumption someone at the FBI is in the conversation too. We're rapidly entering the dystopian space where seeing the obvious can get your bank account frozen or worse.
  • by HumanEmulator ( 1062440 ) on Thursday December 08, 2022 @05:58PM (#63115048)
    The FBI is deeply concerned, so if you're a baddie trying to keep secrets, they'd really like you to not use an iPhone for that. And they also don't want you to turn on iCloud so your secrets are automatically uploaded and super encrypted where they could never get them. And they especially don't want you to turn on "Find My iPhone" now that it reports your location even when the device is "off", because that's even more secret and ultra encrypted and concerning to them.
  • by al0ha ( 1262684 ) on Thursday December 08, 2022 @05:59PM (#63115052) Journal
    It's called a warrant duly authorized and sign-off on by the judiciary which causes the individual being investigated to provide the access. The iCloud accounts are not anonymous and regardless, the argument made here is BS and a way for law enforcement to circumvent the law.
    • Warrant does not work if you NEED the person's information to unlock access to the documents. The key thing (pun intended) comes down to the next thing SCOTUS can destroy: having the 5th Amendment include passwords.

      If they give you immunity then you can't plead the 5th and must hand over the key; however, if you get the right lawyers and connections you can defy the court and only get 4 months in prison.

    • It's called a warrant duly authorized and sign-off on by the judiciary which causes the individual being investigated to provide the access.

      Warrants don't cause anything. That's not a thing. They're just a piece of paper and they don't unlock your device.

    • by Agripa ( 139780 )

      It's called a warrant duly authorized and sign-off on by the judiciary which causes the individual being investigated to provide the access. The iCloud accounts are not anonymous and regardless, the argument made here is BS and a way for law enforcement to circumvent the law.

      A warrant allows search and seizure; it does not compel others to act. You might be thinking of the All Writs Act.

  • I'm curious if this will come with instructions on how to permanently remove your prior, unencrypted data from their system to ensure that moving forward they only have a copy of your encrypted data.

    And since iCloud is the primary "sync pot" for all your data going to all your devices this seems like a very necessary, and major PITA, task to do to ensure encryption.
  • ...deeply concerned with the threat end-to-end and user-only-access encryption pose

    Is to be "deeply concerned" that people you might be able to overhear are speaking in a language that you don't happen to understand.

  • The US government has every right to ask a company to provide a back door. And a private company has ever right to refuse. I don't really blame them for asking. When I bought a house and moved to my village (legally they call small towns, villages here for some reason) the local police station sent me a small package with all the village codes and regulations. Also included in the package was a letter welcoming to the village but in the name of safety also asking for personal information of everyone who li
    • The US government has every right to ask a company to provide a back door. And a private company has ever right to refuse.

      Apple is part of PRISM (as is Google) so either they are willfully aiding and abetting warrantless surveillance, or they had no right to refuse. Which do you think it is?

  • The FBI must have something to hide. I highly doubt a respectable law enforcement agency needs to use proprietary homegrown encryption such as SIPR net.

    When they stop using that I guess I'll stop trying to produce custom algorithms in my spare time.

    I would rather Force human analysts to unroll a custom algorithm I created even if it has weaknesses that will be better than using an algorithm that is public and already has massive supercomputers precomputing all the possibilities before I even start using the algorithm.

    The biggest lie of our past 30 years is that we should not roll our own encryption. What we really need is individuals coming together to produce a resource specifically geared towards homegrown encryption crafting.

    All the Phds that were supposedly the ones to design the algorithms have proven to be poisoned/planted/untrusted and the new modern attack is simply to hope people use public algorithms that you have already key space walked with supercomputers. The next thing is to hope that they use default parameters and provide some way to automatically know when you gotten to plain text such as a stream Cipher that produces gibberish for Bad Keys.

    We need to produce new encryption routines that use AI layers near the end of decryption to produce human readable text out of all possible key combinations. These are the things that we need to be doing. Force humans to spend time on every decryption. Stop this automated mass decryption nonsense by not "standing on the X" by using Aes or other public algos.

    Time to rise up against this shit

    • Sorry but rolling your own encryption is idiotic for 99.9999% of people. Turns out it is very very hard and trivial to break with any flaws.

      • by Mal-2 ( 675116 )

        Not to mention that you have to explain it to anyone you intend to share data with, and then you lose any pretense of security by obscurity.

    • The problem with rolling your own crypto algorithms is that there's a very large gap between making something which you don't know how to break, and making something which nobody knows how to break. In general, you should trust the algorithms for which the number of people who have tried to break the algorithm, and failed, is as large as possible.
      • I made rot-14. It's just like rot-13 but 1 better!

        The fbi will never figure it out!

        I had previously experimented with double rot-13 encryption but it took twice as long to encrypt so I abandoned that work.

    • So would gibberish at the word level require humans to detect? How far do you take it? Sentences, paragraphs, chapters, complete works of Shakespeare?
  • Good (Score:5, Informative)

    by khchung ( 462899 ) on Thursday December 08, 2022 @06:50PM (#63115182) Journal

    Thanks to FBI for confirming that Apple's E2E encryption is useful.

  • by couchslug ( 175151 ) on Thursday December 08, 2022 @07:03PM (#63115210)

    There is no practical way to keep widely used information secret.

    Anyone to whom that is not instantly obvious is too incompetent to deserve a job in law enforcement, especially making policy.

    Anyone who does understand and wants backdoors anyway is malicious and likewise merits shitcanning.

    • FBI public key used on every Apple device to encrypt the user's iCloud key and also send that to apple.. Then when the FBI requests, Apple gives them the user's key and the FBI decrypts it to obtain access to the data Apple gave them a copy of.

      RISK: the loss of the private FBI keys... and the time delay to re-encrypt all user keys on their updated devices with a new FBI key... and re-encrypt ALL of the iCloud which would involve all users doing this task because it's all done on the client side.

      That is the

      • "RISK: the loss of the private FBI keys"

        And the question is "*When* will that happen?" not "*If* that will happen." I'm picking "five days" in the pool.

  • In the pre-digital world you had the same result as end-to-end encryption without the risk of the encryption being broken. "Lawful access by design" is code for a surveillance state.

  • by VeryFluffyBunny ( 5037285 ) on Thursday December 08, 2022 @07:14PM (#63115224)
    ...that they can't get a warrant to install spyware on suspects' phones & computers in order to monitor their communications in real time. What have they got against lawful wire-tapping?
  • Hey, FBI? The 1990s called. They want their crypto war back and Director Freeh and Bill Clinton are crying "No fair! We tried this shit first!" from the deck of their Clipper while trying to reel in some Skipjack.
  • Pretty sure that we have a right to be secure in our papers and effects from government search and seizure. If the FBI wants our digital files then they can get a warrant.

    If the FBI wants to claim that encryption is a weapon then that's also a protected right, we have the right to keep and bear arms. We have the right of expression, so we should be able to have our communications free from the government listening in and imposing some kind of punishment if they don't approve.

    How many of our protected righ

  • "Security by design" and "lawful access by design" are mutually exclusive concepts.

  • by joe_frisch ( 1366229 ) on Thursday December 08, 2022 @09:55PM (#63115500)
    "Criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime, and terrorism" are concerning, but I'm personally more worried about a government gone bad with the ability to track expressions of "disloyalty" and communications with "co-conspirators".

    The present US government is not terribly oppressive right now- unless you are one of the roughly a million people in prison who never had a trial, but recent events suggest that it has the potential to go very bad very quickly. I think both "reds" and "blues" are aware of the potential for the government to become very oppressive, and those already oppressed know its more than just potential
  • iCloud end-to-end encryption is not really end-to-end encryption. As your iCloud date can be backdoored. The whole point of cloud is to avoid having to physically raid your premises in search of files.
    • by sconeu ( 64226 )

      Note, this paper was written pre-Dobbs, so the references Roe v. Wade may no longer apply to the argument.

  • When Apple is the hero of the story, you gotta know that your government, along with its cops and various TLA's, are really, really villainous!

  • You did just fine before when no digital evidences existed im sure you will so fine in the future also. Just need to get of your butt and do some actual work...
  • If the Feds demanded unfettered access to everyone's private one-on-one conversations with their spouse, significant other, business associate, or friend, everybody would be up in arms. The only difference here is that one is spoken word, the other is electronically transmitted message.
  • I think there is very, very little that the FBI has been losing. I think there was one case where a killer destroyed two Samsung phones and left his iPhone intact. Common sense is that any evidence was on the two phones he destroyed. Police _got_ data from the iPhone and as one would have expected, nothing related to the case on it.

    A situation where law enforcement caught thousands and thousands of criminals was when they hired someone to create a super secure messaging software, sold it to criminals, ev
  • "Lawful Access By Design" is a religion created by law enforcement organizations (LEOs) to pretend that crippled encryption is a good thing.

    Cryptographic experts, mathematicians, computer scientists, and anyone other than LEOs continually point out --quite clearly-- that to allow LEO access to break encryption means the bad actors can do so as well. This doesn't stop LEOs (led by the most incompetent of the bunch, the FBI, who not only no longer do investigations, but pretend their job is to fight terroris

  • What's actually deeply concerning is that our law enforcement agencies keep wanting to blatantly monitor citizens illegally, ask companies to help them do that. And now that Apple enables additional protection for their consumers, these agencies call it "deeply concerning". I've never seen public servants so disappointed when they see the very people that they swear to protect, are now more protected.
  • Somebody needs to sit these people down and explain to them that this is impossible; you cannot design an encryption that can magically determine if access is "lawful." It will allow access to anybody with the access method. If the access method is shared without its owner's consent, it becomes impossible to ensure that it will be restricted to only those who "should" have it.

  • Well, since we are deeply concerned with the FBI I guess that makes us even.
  • Let's follow the whole argument. It's nice to have backups. If your iPhone is lost, or stolen, or destroyed, you can go to an Apple Store, buy a new iPhone, restore your backup from the cloud, and a few hours later it is as if you had your iPhone back. Everyone loves that, including criminals.

    Some people are worried that someone could access their data that is stored in the cloud. So they don't make a backup. That's an inconvenience. It becomes a big inconvenience if your phone is lost. Whether your fear
  • see title.

  • It's a much bigger problem when the government sees everything without a warrant.

    Because then you're in trouble when you disagree with the government.
  • Apple pretends to introduce something that the FBI can't get into, the FBI cries crocodile tears, and the people accept it as truth.
  • The thing that is disturbing is the FBI. They have faked evidence to get FISA warrents to spy on people. Now they also complain because they want a free pass to easily access people's phone data regardless of whether or not they are suspected for any criminal behavior. To the FBI it is preferable to leave everyone vulnerable so that they can access the minute minority of people who actually have something to hide. These people are dangerous.
  • Innocent until proven guilty applies to citizens. However guilty until proven innocent is what SHOULD apply to the government.

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...