FBI Calls Apple's Expansion of End-To-End Encryption 'Deeply Concerning' (macrumors.com) 138
An anonymous reader quotes a report from MacRumors: Apple yesterday announced that end-to-end encryption is coming to even more sensitive types of iCloud data, including device backups, messages, photos, and more, meeting the longstanding demand of both users and privacy groups who have rallied for the company to take the significant step forward in user privacy. iCloud end-to-end encryption, or what Apple calls "Advanced Data Protection," encrypts users' data stored in iCloud, meaning only a trusted device can decrypt and read the data. iCloud data in accounts with Advanced Data Protection can only be read by a trusted device, not Apple, law enforcement, or government entities.
While privacy groups and apps applaud Apple for the expansion of end-to-end encryption in iCloud, governments have reacted differently. In a statement to The Washington Post, the FBI, the largest intelligence agency in the world, said it's "deeply concerned with the threat end-to-end and user-only-access encryption pose." Speaking generally about end-to-end encryption like Apple's Advanced Data Protection feature, the bureau said that it makes it harder for the agency to do its work and that it requests "lawful access by design": "This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime, and terrorism," the bureau said in an emailed statement. "In this age of cybersecurity and demands for 'security by design,' the FBI and law enforcement partners need 'lawful access by design.'"
Former FBI official Sasha O'Connell also weighed in, telling The New York Times "it's great to see companies prioritizing security, but we have to keep in mind that there are trade-offs, and one that is often not considered is the impact it has on decreasing law enforcement access to digital evidence."
While privacy groups and apps applaud Apple for the expansion of end-to-end encryption in iCloud, governments have reacted differently. In a statement to The Washington Post, the FBI, the largest intelligence agency in the world, said it's "deeply concerned with the threat end-to-end and user-only-access encryption pose." Speaking generally about end-to-end encryption like Apple's Advanced Data Protection feature, the bureau said that it makes it harder for the agency to do its work and that it requests "lawful access by design": "This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime, and terrorism," the bureau said in an emailed statement. "In this age of cybersecurity and demands for 'security by design,' the FBI and law enforcement partners need 'lawful access by design.'"
Former FBI official Sasha O'Connell also weighed in, telling The New York Times "it's great to see companies prioritizing security, but we have to keep in mind that there are trade-offs, and one that is often not considered is the impact it has on decreasing law enforcement access to digital evidence."
This sounds like laziness (Score:5, Insightful)
Re:This sounds like laziness (Score:4, Insightful)
Re: (Score:2, Insightful)
Well, we have had an authoritarian regime for a few years for sure. When Trump used the Army to get rid of protestors to take a photo, that smacked of Authoritarian Oligarchy so hard that people should have woke up then.
I know what you mean. In Los Angeles, the police were used to clear out the homeless before Biden's visit. His tour route was shockingly clean.
Re: (Score:2)
This happens on the city level before every Olympics. This does not make it fair to the relocated people, or ethical. But it's not a new practice.
Re: (Score:2)
This happens on the city level before every Olympics. This does not make it fair to the relocated people, or ethical. But it's not a new practice.
Los Angeles had the Olympics once in 1984. I understand what you're saying, but drawing a parallel seems to be a stretch given the other homeless practices Los Angeles has been employing in spite of the resident _taxpayers'_ wishes.
Re: (Score:2)
What is odd about the parallel? The practice is quite common place and should surprise no one, even if it can be unfair to the people being pushed from their desperate shelters.
Re: (Score:2)
What is odd about the parallel? The practice is quite common place and should surprise no one, even if it can be unfair to the people being pushed from their desperate shelters.
The parallel you draw is 38 years old. That does not lend to the argument that the practice is commonplace..... ;-) ;-)
Re: (Score:2)
_I_ referred to every city hosting an Olympics since they were restarted in 1896. That includes the most recent 4 host cites, Beijing, Tokyo, Peongchang, and Rio de Janeiro. Someone else cited Los Angeles more specifically. Check the reports about the costs and social burdens of hosting the Olympics for more explicit cases. Do you need more detailed pointers?
Re: (Score:3)
Playing the "both sides" card still doesn't make it okay.
True.
I'm tired of hearing both siding and whataboutisms used as a deflection when a political party does something shitty.
And I'm tired of people using propaganda techniques like crying "whataboutism" as a second stage to deflect criticism of THEIR side's sins after they've done the first stage of preemptively accusing their opponents of what THEY THEMSELVES do as standard operating procedure - whether fairly or falsely.
Such deflection is a direct att
Re: This sounds like laziness (Score:1)
Re: (Score:2)
It might help if I come over and punch you repeatedly until you see the error of your ways.
Re: (Score:1)
I read this from your post:
Before cell phones with no encryption were invented no one was ever arrested for any crimes in the history of humanity. Breaking cell phone encryption is the only way the FBI can do their job.
Is that what you meant?
Re: (Score:2, Troll)
They kicked people out of their homes for Biden's visit? Oh, wait, they're homeless. They don't have homes. They just got moved someplace else...because they're homeless. For a second I thought it was something I should care about.
The local residents have been asking for something to be done for years, and very little happens. Biden plans a trip and days later, it's handled. "It's good to be the king"?
Re: (Score:1)
The local residents have been asking for something to be done for years, and very little happens. Biden plans a trip and days later, it's handled.
Local residents wanted them moved, not housed. Rest assured there are just as many homeless as before.
Re: (Score:1)
The local residents have been asking for something to be done for years, and very little happens. Biden plans a trip and days later, it's handled.
Local residents wanted them moved, not housed. Rest assured there are just as many homeless as before.
There are likely more homeless since Biden's visit, not less. And Biden's visit did not result in housing, the homeless were just moved. Evacuated event - it was tragic how that was handled. "It's good to be king"?
Re: (Score:2)
Re: (Score:2)
Still when I ask "who really wants to be ruled by a king?" Biden supporters are not top of mind.
Really? Wow.
Re: (Score:2)
Re: (Score:2)
Why? Did they knock down a bunch of houses because they were ugly or something as well?
Re: (Score:2)
Why? Did they knock down a bunch of houses because they were ugly or something as well?
If by "knock down a bunch of houses" you are referring to their lean-tos, then yes: Biden's trip led to them being knocked down. And, they were ugly.
Re: (Score:2)
the russians have a term for this... Potemkin villages
Re: (Score:2)
>They just got moved someplace else...because they're homeless. For a second I thought it was something I should care about.
You're an american, aren't you?
Re: (Score:2)
The police didnâ(TM)t clear the homeless, they were told to by the politicians! Donâ(TM)t blame the cops, they are working people like you and me!
You'll notice I didn't blame the police, I said they were used. To quote myself: " In Los Angeles, the police were used to clear out the homeless"
Re: This sounds like laziness (Score:2)
Re: (Score:2)
To me it sounds like cover and distraction. Apple's encryption code is OSS, so for all you know there's a FBI back door in it. You literally cannot trust it.
sigh, NOT OSS (Score:2)
I haven't had my coffee yet, this cheap drip unit is slow AF.
Apple has been shown to track users they claim they are not tracking [gizmodo.com], so you really can't trust them not to give data to the feds they say they aren't giving them.
Re: (Score:2)
Why are you using that one?
We have it, it makes coffee, I'm happy enough with the results. It was about $15 and it is dumb, which is what I wanted. It's hard to find a good coffeemaker that isn't smartassed.
Re: (Score:2)
Yep, pretty much. Police work must never be easy. It must be hard. Otherwise civil rights deteriorate.
shoe on the other foot. (Score:2)
I wonder what it feels like to consistently be on the wrong side of history and freedom... in a country that supposedly is founded on principles of freedom.
Like... how do these people face themselves in the mirror?
Re:shoe on the other foot. (Score:5, Funny)
I wonder what it feels like to consistently be on the wrong side of history and freedom...
Become a Republican and find out! :-)
History repeats (Score:1)
>> I wonder what it feels like to consistently be on the wrong side of history and freedom... :-)
> Become a Republican and find out!
The Democrats used the FBI to blackmail MLK prior to the assassination, founded the KKK, wrote the Jim Crow laws and filibustered the Civil Rights Act.
You also literally lead the Confederate States into secession to preserve slavery when the Democrats split from the Democrat-Republican party.
And you want to talk smack about being "on the right side of history"?
Re: (Score:1)
Yeah I remember when https://en.wikipedia.org/wiki/... [wikipedia.org] apologized for being such a piece cross burning shit his whole life and how at the same time the other major party all jumped up and said they'd start biting crosses and filibuster the civil rights act next time. Or wait, no I don't recall him killing himself to make up for his literal crimes against humanity nor did anyone else say they were going to burn crosses in his place.
Re: (Score:1)
oh lookie here, twitter, in the past, was removing unacceptable hate speech from its platform... but that was before
Re: (Score:1, Insightful)
Hate speech, like when a Stanford medical scientist who specializes in the field says lock downs are a bad idea and gets smashed by twitter goons, they were stopping hate speech?
Okey dokey!
Re: (Score:1)
Ever see the movie Serenity? These sort of people truly believe they're creating a better world.
Re: (Score:2)
Ok, Serenity was a good movie, but let's not delve into using fiction to justify things in real life. You might as well say that the fears of the FBI agents are justified because Jack Bauer keeps having to save the country from nuclear and biological weapons. Themes in fiction may be based on real-life ideas, but the actual situations portrayed are usually extremely dramatized.
Batman movies are fun too, but that does not mean that Elon Musk should put on a bat suit and go out at night and find the most dang
Re: (Score:1)
The only thing stopping Elon from being a real world Batman is the Batmobile isn't ready yet.
He says it'll be "next year".
Re: (Score:2)
I would have thought the only thing stopping him is the fact that we live in the real world as opposed to a fictional one, and real-world cops are not so utterly incompetent at their jobs that they wouldn't eventually be able to catch and prosecute such a vigilante. If he, or for that matter, anyone else ever actually tried, their tenure as the venerable comic book hero is liable to be even shorter in duration than "The Hasselhoffs" TV series.
Besides, the Batmobile is nowhere near the least credible t
Re: (Score:2)
Like I said..... real world vs comic books. The former is boring, I know, but it's still what we got.
Re: shoe on the other foot. (Score:1)
The way encryption works now end to end only means everyone within the provider network has access to your end to end conversation which is just silly.
Re: (Score:2)
Re: (Score:2)
hence "supposedly"
Re: (Score:2)
Probably the same way the Nazis thought they were doing humanity a great service...
Re: (Score:1)
This is history: https://en.wikipedia.org/wiki/... [wikipedia.org]
Lawful by Design != Encryption (Score:5, Insightful)
Re: (Score:1)
Google has been doing this for years on Android. I'm actually shocked to learn that until now iOS *hasn't* been doing it.
Re:Lawful by Design != Encryption (Score:5, Interesting)
Yea ... it's because apple was so far out in front on security at first that this lagged.
Apple had the first phones that we very hard to hack locally. Couldn't root it (easily). Couldn't connect a thing (there were a few companies that sold devices, but apple closed those holes as they were known). Couldn't lift a chip and read the crypto keys. They were way WAY out in front of everybody else. I mean, the secure enclave was released with the 5S in 2013 and nobody had anything like it for a few years.
And at the same time apple was increasing the crypto security on their iCloud things too. And ... suddenly there was all this talk from the FBI and others about how we were going to have to mandate backdoors in everything because this was interfering with legitimate police work too much. Too many iPhones that if we could only get the data out of them we could unwind the web of terrorists they were working with and "keep everybody safe."
It was obvious that apple halted their end-to-end crypto work at the phone in a kind of ... stalemate with the surveillance state: the phone is going to be really hard to get into, and we're going to keep making it very hard to get into. But we're going give away enough iCloud storage with every apple ID to do phone backups, and encourage everybody to turn that on. And if you want a copy of the phone (and they have iCloud backups on ... which we encouraged them to do, and gave them the storage for free to do) ... we'll give you a copy of that with a simple subpoena.
This was ... very VERY obvious to anybody who paid attention.
In fact when I saw the story about apple doing end-to-end crypto of backups my first thought was: so how soon will the FBI be complaining?
Re: (Score:3)
Its the one thing the IOS devices do have over Google devices. And it might not be the caprose forever.
It really comes down to the business models of the companies. Apple are a hardware device. Software and services are largely just value adds for the, although they DO make a significqant sum of money on the App stores and itunes/tv+ services. But the bread is still buttered by hardware. So they really don't have much to gain by selling user data but they do have much to gain by being able to create a produ
Re: (Score:2)
Not really. For example, Apple's "secure enclave" that stops you lifting a chip to read out the encryption keys was actually first specified by ARM, and manufacturers like Samsung were implementing it before Apple did. Android added support for it in 4.1, which was released in 2012 - a year before Apple released their version.
Re: (Score:2)
Don't forget they also need to make sure they got plans for the China market, which seems to have IDevices with either less functions or less security as well.
Like the airdrop limits in China, compared to the rest of the world.
FBI - Forever Being Insidious (Score:5, Insightful)
Forcing everyone to use weak encryption is mainly for spying on innocent people. Any requirement that communication be visible to the government infringes on free speech. You can't communicate freely if your words can be spied on. You can't express yourself freely to your trusted people if your words may be decrypted and leaked by government officials, spies, and people working at internet companies.
"Think of the children" Fucking Buy-In (Score:2)
"But we could have saved the life of this one child, if only Apple would (or could) have given us access to this awful killer's phone message history" -- This is the knee jerk reaction that always gets played, trying to buy public favor for low-security requirements on personal/consumer devices.
So which is it?
Do you think the life of one child far outweighs having to further give up assurance of personal privacy?
-or-
Do you think that sometimes bad people do bad things, and we'll always be uncovering things
Re: (Score:2)
You believe the FBI wants unfettered access to everyone's phones to save a kid?
Uh ok.
Re: (Score:2)
FBI - Fraud, Betrayal, and Imbecility.
I like mine better: Fucktards, Bitches and Imbeciles.
Flawed argument. (Score:1)
Now if you are sharing that backup with another party the water gets muddy, sort of. But not really because they can't scan what you hand someone on a flash drive - this is the same thing but 'on the internet'.
Translation: Already Cracked (Score:2, Informative)
The most likely reason for a federal spook agency to say something like this is to make people feel comfortable using it for illegal purposes, because they already are comfortable in assuming that they'll be able to break the security model on day one. If they were actually concerned, they would be pressuring legislators to ban it.
As for their statement, you can either have security by design or law enforcement access by design, but never both. The two requirements are fundamentally at odds, because lite
I call the FBI 'Deeply Concerning." (Score:1)
Fuck off you Satanic Russian imposters. You think I don't know what you're up to really? You shouldn't have killed the girl. You're all gonna burn in this life and the next.
As a law abiding citizen (Score:5, Interesting)
Please don't⦠(Score:3)
Already have lawful access by design (Score:5, Insightful)
Re: (Score:2)
Warrant does not work if you NEED the person's information to unlock access to the documents. The key thing (pun intended) comes down to the next thing SCOTUS can destroy: having the 5th Amendment include passwords.
If they give you immunity then you can't plead the 5th and must hand over the key; however, if you get the right lawyers and connections you can defy the court and only get 4 months in prison.
Re: (Score:2)
It's called a warrant duly authorized and sign-off on by the judiciary which causes the individual being investigated to provide the access.
Warrants don't cause anything. That's not a thing. They're just a piece of paper and they don't unlock your device.
Re: (Score:2)
It's called a warrant duly authorized and sign-off on by the judiciary which causes the individual being investigated to provide the access. The iCloud accounts are not anonymous and regardless, the argument made here is BS and a way for law enforcement to circumvent the law.
A warrant allows search and seizure; it does not compel others to act. You might be thinking of the All Writs Act.
Does this include instructions on prior data? (Score:2)
And since iCloud is the primary "sync pot" for all your data going to all your devices this seems like a very necessary, and major PITA, task to do to ensure encryption.
The real world analogy to this... (Score:2)
Is to be "deeply concerned" that people you might be able to overhear are speaking in a language that you don't happen to understand.
They can ask all the want (Score:2)
Re: (Score:2)
The US government has every right to ask a company to provide a back door. And a private company has ever right to refuse.
Apple is part of PRISM (as is Google) so either they are willfully aiding and abetting warrantless surveillance, or they had no right to refuse. Which do you think it is?
Is that why the government uses different propieta (Score:3)
The FBI must have something to hide. I highly doubt a respectable law enforcement agency needs to use proprietary homegrown encryption such as SIPR net.
When they stop using that I guess I'll stop trying to produce custom algorithms in my spare time.
I would rather Force human analysts to unroll a custom algorithm I created even if it has weaknesses that will be better than using an algorithm that is public and already has massive supercomputers precomputing all the possibilities before I even start using the algorithm.
The biggest lie of our past 30 years is that we should not roll our own encryption. What we really need is individuals coming together to produce a resource specifically geared towards homegrown encryption crafting.
All the Phds that were supposedly the ones to design the algorithms have proven to be poisoned/planted/untrusted and the new modern attack is simply to hope people use public algorithms that you have already key space walked with supercomputers. The next thing is to hope that they use default parameters and provide some way to automatically know when you gotten to plain text such as a stream Cipher that produces gibberish for Bad Keys.
We need to produce new encryption routines that use AI layers near the end of decryption to produce human readable text out of all possible key combinations. These are the things that we need to be doing. Force humans to spend time on every decryption. Stop this automated mass decryption nonsense by not "standing on the X" by using Aes or other public algos.
Time to rise up against this shit
Re: Is that why the government uses different prop (Score:3, Informative)
Sorry but rolling your own encryption is idiotic for 99.9999% of people. Turns out it is very very hard and trivial to break with any flaws.
Re: (Score:2)
Not to mention that you have to explain it to anyone you intend to share data with, and then you lose any pretense of security by obscurity.
Re: (Score:3)
Re: (Score:2)
I made rot-14. It's just like rot-13 but 1 better!
The fbi will never figure it out!
I had previously experimented with double rot-13 encryption but it took twice as long to encrypt so I abandoned that work.
Re: Is that why the government uses different prop (Score:2)
Good (Score:5, Informative)
Thanks to FBI for confirming that Apple's E2E encryption is useful.
Malice, stupidity or both? (Score:3)
There is no practical way to keep widely used information secret.
Anyone to whom that is not instantly obvious is too incompetent to deserve a job in law enforcement, especially making policy.
Anyone who does understand and wants backdoors anyway is malicious and likewise merits shitcanning.
Re: (Score:2)
FBI public key used on every Apple device to encrypt the user's iCloud key and also send that to apple.. Then when the FBI requests, Apple gives them the user's key and the FBI decrypts it to obtain access to the data Apple gave them a copy of.
RISK: the loss of the private FBI keys... and the time delay to re-encrypt all user keys on their updated devices with a new FBI key... and re-encrypt ALL of the iCloud which would involve all users doing this task because it's all done on the client side.
That is the
Re: (Score:2)
"RISK: the loss of the private FBI keys"
And the question is "*When* will that happen?" not "*If* that will happen." I'm picking "five days" in the pool.
Screw you FBI (Score:2)
In the pre-digital world you had the same result as end-to-end encryption without the risk of the encryption being broken. "Lawful access by design" is code for a surveillance state.
Next the FBI will tell us... (Score:3)
Crypto wars (Score:2)
How many of our protected rights does FBI hate? (Score:2)
Pretty sure that we have a right to be secure in our papers and effects from government search and seizure. If the FBI wants our digital files then they can get a warrant.
If the FBI wants to claim that encryption is a weapon then that's also a protected right, we have the right to keep and bear arms. We have the right of expression, so we should be able to have our communications free from the government listening in and imposing some kind of punishment if they don't approve.
How many of our protected righ
Mutually Exclusive Terms (Score:1)
"Security by design" and "lawful access by design" are mutually exclusive concepts.
What is most frightening (Score:4, Interesting)
The present US government is not terribly oppressive right now- unless you are one of the roughly a million people in prison who never had a trial, but recent events suggest that it has the potential to go very bad very quickly. I think both "reds" and "blues" are aware of the potential for the government to become very oppressive, and those already oppressed know its more than just potential
iCloud end-to-end encryption (Score:2)
I wrote a paper about this for law school (Score:2)
https://sconeu.net/~scott/NSDP... [sconeu.net] [PDF]
Re: (Score:1)
Note, this paper was written pre-Dobbs, so the references Roe v. Wade may no longer apply to the argument.
Sheesh! (Score:2)
When Apple is the hero of the story, you gotta know that your government, along with its cops and various TLA's, are really, really villainous!
Well it was fine before (Score:2)
Seriously? (Score:2)
What has the FBI lost? (Score:2)
A situation where law enforcement caught thousands and thousands of criminals was when they hired someone to create a super secure messaging software, sold it to criminals, ev
"Lawful Access By Design" charade and TRADEOFF (Score:1)
"Lawful Access By Design" is a religion created by law enforcement organizations (LEOs) to pretend that crippled encryption is a good thing.
Cryptographic experts, mathematicians, computer scientists, and anyone other than LEOs continually point out --quite clearly-- that to allow LEO access to break encryption means the bad actors can do so as well. This doesn't stop LEOs (led by the most incompetent of the bunch, the FBI, who not only no longer do investigations, but pretend their job is to fight terroris
Hypocricy!!! (Score:2)
"lawful access by design" (Score:2)
Somebody needs to sit these people down and explain to them that this is impossible; you cannot design an encryption that can magically determine if access is "lawful." It will allow access to anybody with the access method. If the access method is shared without its owner's consent, it becomes impossible to ensure that it will be restricted to only those who "should" have it.
Concern (Score:2)
Nice to have backups (Score:2)
Some people are worried that someone could access their data that is stored in the cloud. So they don't make a backup. That's an inconvenience. It becomes a big inconvenience if your phone is lost. Whether your fear
FSB agrees. (Score:2)
see title.
Bigger problem: letting government see everything (Score:2)
Because then you're in trouble when you disagree with the government.
Theatre. (Score:2)
lol (Score:2)
Furthermore (Score:2)