You mean like how Google got ECC forward-secure TLS deployed across the whole Internet?
I have nothing but respect for Apple's stance with regard to cryptography, but Google has been more instrumental in getting strong crypto deployed on the Internet, and, just as importantly, in sweeping the minefield of crappy 90s crypto that defined most Internet crypto until recently.
TLS for email is still in pretty bad shape but it's getting better. (Funny, I just noticed that Google's page says "Safe Browsing" while only "Safer Email".) I know you're not a fan of DNSSEC, but something like Secure SMTP via DANE is probably needed for meaningful improvement: https://tools.ietf.org/html/draft-ietf-dane-smtp-01 (though it won't help with the chicken-and-egg problem of domain ownership validation by email)
Agreed, but the article is focused on why these companies that have done significant things to protect users with encryption technologies haven’t been a lot more vocal like Tim Cook has. This issue is so important to them and to everyone that they could spare a little time to speak their minds. Otherwise it just looks like that "kooky Apple" going against the grain. Who cares, they are going out of business soon, right?
> You mean like how Google got ECC forward-secure TLS deployed across the whole Internet?
Did you finish reading the article?
> Facebook’s WhatsApp has brought end-to-end encryption to more people – over 800 million – than any other service; and Google’s engineering team has been a leader in securing much of the web in the post-Snowden era.
And then they go on saying:
> But this is much more than an engineering fight – it’s a political one where public opinion is crucial.
Do you think the average voter knows what ECC forward-secure TLS is? Heck, I'd like to think I kind of know a little about the subject but I know _nothing_ compared to you and a bunch of other HNers.
But unfortunately, we live in a society where people who can vote are really scared of terrorism and lack an understanding of how technology works. If a politician tells them we need to decrypt "all the things" for their safety they'll happily vote for them[0].
We need the celebrities of the tech world to reach out and explain why we need crypto in a way they can understand.
[0]: No link really, just watch any of Donald Trump's rallies and tell me if you think those people care about encryption.
The article is really about CEOs publicly arguing that security back doors are a bad idea. It's unfortunate that mainstream press seems to be conflating "encryption" and "security back doors", but here we are.
As to the argument in the article, are there other examples of non-Tim Cook CEOs of big tech companies saying anything like this?
"But the reality is if you put a back door in, that back door's for everybody, for good guys and bad guys"
The closest I've found was a letter from many companies [1] which says "introducing intentional vulnerabilities into secure products for the government’s use will make those products less secure against other attackers." Google, Apple, Microsoft, Facebook and many others were signatories to that letter. So it certainly sounds like the companies might feel that way.
Eric Schmidt needs to be explaining this & why it's important to his politician friends and sphere of influence. Perhaps he already is, but it would be meaningful politically if he (and others) said something publicly. Cook is kind of the lone ranger on the matter as far as public discourse is concerned, post Paris & San Bernardino.
This has nothing to do with being vocal about security. Yea, they're helping the technical cause, but if you don't want backdoors in everything, the CEO's need to talk to the public so they're aware, and sending letters and phone calls.
You just described what google has done in slightly more technical detail than the article. I don't know why. It is definitely not what was meant. Supporting encrypted communications is a prerequisite to publicly advocating for it, but it is not publicly advocating for it.
The issue I have with Cook's proclaiming support for strong encryption is that Apple still has control over what can and can't install on the user's device. So imagine if some strong agency came and said to a company you can't allow certain apps to install and you can't tell your customers we told you this. "You can allow these apps that claim to encrypt user's messages [list here], but not these [list here]". So some state could still strong arm Apple into compromising privacy and Apple would have their hands clean.
It seems that if you really want to guarantee privacy, you have to give the individual control over what they can install. Telling people to just "trust us" is not really good enough. And Cook is saying they are giving the user ultimate control by not having keys to their encryption but in reality that's nonsense... they are still requiring people to trust them.
I use a lot of web apps on my iphone. They don't have access to all the phone's apis, but they do everything I need, without any hindrance from apple oversight.
Me, to CEO: Hey, think we should ever build a backdoor into any of our
products that employ encryption to help the US government
and law enforcement?
CEO, to me: No, that's a terrible idea.
Me, to CEO: Okay good, just making sure we're on the same page.
I don't think there are many honest and competent technology CEOs who would rally against encryption.
I can't be the only one who thinks it is pessimistic to say "if you put a back door in, that back doors for everybody, for good guys and bad guys." Very few people even seem to recognize this as a problem let alone are working to solve it. Maybe we should stop laughing at Clinton and her "Manhattan Project" comment; that might be the only way to get enough tech people on the problem to actually solve it.
What you think is a problem - is broken cryptography to experts.
There is no shortage of minds working on to create backdoors, or develop cryptographic methods that have backdoors, just look at Dual_EC_DRBG. It was a backdoor for the "good guys", but now its backdoor for everyone - eventually people will study the code and see the backdoor exists.
The crux of the issue is mathematics has no concept of good guys or bad guys, so as far as mathematics is concerned a back door for anyone is a backdoor for everyone.
I don't think people are any more pessimistic about back doors as they are about perpetual motion machines.
Let's pause to consider this. Math works, that's why even the NSA can't break encryption. I wouldn't want to tell you wrong and say that it's impossible, it's not, but it would take something like ten billion years to crack. Needless to say, there's a reason why they need a backdoor, and that's because math works.
However, if a backdoor were put into all electronic products, the strength of the encryption is now meaningless as any would-be attacker (government or otherwise) would just target the backdoor instead of trying to break the encryption. Why wait ten billion years for a computer to brute force the message when you could just find a flaw in something designed by the government?
"The problem with cryptographic backdoors isn't that they're the only way that an attacker can break into our cryptographic systems. It's merely that they're one of the best. They take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes."
It's perfectly possible and trivial to put in a backdoor that only works for people who have access to a specific private key.
Obviously if that private key gets stolen anyone can then access the backdoor, but that's true for anything, and you can mitigate it by storing the key in self-destructing immovable hardware with access limitations, as well as periodically changing the keypair (with signed updates).
The real problem is that there is no single "good guy" to entrust with that private key: in particular humans are inherently not fully trustable or good and both individual consumers and other governments have no interest in using or allowing backdoored products.
You might expect Amazon to take a stance to reassure AWS customers. Their AWS sales people like to tout AWS's encryption capabilities and the fact that they weren't part of Snowdens leak
That's not what that document says. iMessage has a design flaw (which is pretty obvious if you think about how it works) that allows it to theoretically be backdoored. In other words, they made a trade-off between usability and security, and (in my opinion, and clearly yours) fucked up. That's very different from saying that they deliberately built a backdoor into the system, and I think that some of the things they've done (like explicitly noting when someone else has been added to your iCloud account, and will be able to decrypt upcoming iMessage messages) goes to some length to mitigate those issues, and make clear that the existing design is more incompetence than malice.
That said, all Apple would have to do to fix this is to allow advanced users to see all keys listed as authorized for their account. I'm getting increasingly annoyed Apple hasn't done that.
Nowhere in the article does it say that Apple actually compromised the end to end nature of an iMessage conversation. All I see is this:
> Apple could collaborate with law enforcement to provide a false key, thereby intercepting a specific user’s messages, and the user would be none the wiser.
Key word is "could". Apple "could" also use its signing keys to install any kind of software on your phone to do whatever it wants. For example, to read your keychain and pull your private keys.
The only reason why Apple is defending encryption is because they're afraid Android (which is open source and thus can be inspected/hardened) could take away iPhone sales from security minded folks.
Apple has a very weak service portfolio (edit: for a company of their stature. When compared to e.g. Yahoo they are doing great!). Their strength is in client UX. Of course they will defend encryption, it's in their financial interest do so.
SSO ID Service /
Cloud Photo Storage /
Cloud Document Sync /
Cloud Backup /
Email /
Instant Messaging /
Music Store /
Music Streaming Service /
Cloud Music Service /
Movie/TV Store /
App Store /
Push Notifications /
Payments /
Video Conferencing /
Game Centre /
eBook Store /
Shared Calendaring /
Notes /
Large File Sharing /
Personal Assistant /
Maps
It’s in the financial interest of much of the technology industry to vociferious campaign for encryption, but they don’t. If Google stopped using any encryption, don't you think their business would suffer?
It may be in their Apple’s financial interests to do so, but it’s also the right thing to do. As you (partially) say, they care about the user experience. That experience includes taking steps to protect user information and they’ve had a long track record of doing just that. They did this long before it probably had any noticeable effect on the bottom line.
[+] [-] tptacek|10 years ago|reply
I have nothing but respect for Apple's stance with regard to cryptography, but Google has been more instrumental in getting strong crypto deployed on the Internet, and, just as importantly, in sweeping the minefield of crappy 90s crypto that defined most Internet crypto until recently.
[+] [-] jcrites|10 years ago|reply
TLS for email is still in pretty bad shape but it's getting better. (Funny, I just noticed that Google's page says "Safe Browsing" while only "Safer Email".) I know you're not a fan of DNSSEC, but something like Secure SMTP via DANE is probably needed for meaningful improvement: https://tools.ietf.org/html/draft-ietf-dane-smtp-01 (though it won't help with the chicken-and-egg problem of domain ownership validation by email)
[+] [-] pluckytree|10 years ago|reply
[+] [-] habith|10 years ago|reply
Did you finish reading the article?
> Facebook’s WhatsApp has brought end-to-end encryption to more people – over 800 million – than any other service; and Google’s engineering team has been a leader in securing much of the web in the post-Snowden era.
And then they go on saying:
> But this is much more than an engineering fight – it’s a political one where public opinion is crucial.
Do you think the average voter knows what ECC forward-secure TLS is? Heck, I'd like to think I kind of know a little about the subject but I know _nothing_ compared to you and a bunch of other HNers.
But unfortunately, we live in a society where people who can vote are really scared of terrorism and lack an understanding of how technology works. If a politician tells them we need to decrypt "all the things" for their safety they'll happily vote for them[0].
We need the celebrities of the tech world to reach out and explain why we need crypto in a way they can understand.
[0]: No link really, just watch any of Donald Trump's rallies and tell me if you think those people care about encryption.
[+] [-] gok|10 years ago|reply
As to the argument in the article, are there other examples of non-Tim Cook CEOs of big tech companies saying anything like this?
"But the reality is if you put a back door in, that back door's for everybody, for good guys and bad guys"
The closest I've found was a letter from many companies [1] which says "introducing intentional vulnerabilities into secure products for the government’s use will make those products less secure against other attackers." Google, Apple, Microsoft, Facebook and many others were signatories to that letter. So it certainly sounds like the companies might feel that way.
[1] https://static.newamerica.org/attachments/3138--113/Encrypti...
[+] [-] spinchange|10 years ago|reply
[+] [-] pheroden|10 years ago|reply
[+] [-] awqrre|10 years ago|reply
[+] [-] aljones|10 years ago|reply
[+] [-] georgestephanis|10 years ago|reply
[+] [-] lectrick|10 years ago|reply
[+] [-] robotcookies|10 years ago|reply
It seems that if you really want to guarantee privacy, you have to give the individual control over what they can install. Telling people to just "trust us" is not really good enough. And Cook is saying they are giving the user ultimate control by not having keys to their encryption but in reality that's nonsense... they are still requiring people to trust them.
[+] [-] merpnderp|10 years ago|reply
This is probably the most native looking one of the bunch: https://forecast.io/
[+] [-] sarciszewski|10 years ago|reply
[+] [-] tennysonmach|10 years ago|reply
[+] [-] slg|10 years ago|reply
[+] [-] nemothekid|10 years ago|reply
There is no shortage of minds working on to create backdoors, or develop cryptographic methods that have backdoors, just look at Dual_EC_DRBG. It was a backdoor for the "good guys", but now its backdoor for everyone - eventually people will study the code and see the backdoor exists.
The crux of the issue is mathematics has no concept of good guys or bad guys, so as far as mathematics is concerned a back door for anyone is a backdoor for everyone.
[+] [-] asimpletune|10 years ago|reply
Let's pause to consider this. Math works, that's why even the NSA can't break encryption. I wouldn't want to tell you wrong and say that it's impossible, it's not, but it would take something like ten billion years to crack. Needless to say, there's a reason why they need a backdoor, and that's because math works.
However, if a backdoor were put into all electronic products, the strength of the encryption is now meaningless as any would-be attacker (government or otherwise) would just target the backdoor instead of trying to break the encryption. Why wait ten billion years for a computer to brute force the message when you could just find a flaw in something designed by the government?
[+] [-] simonw|10 years ago|reply
"The problem with cryptographic backdoors isn't that they're the only way that an attacker can break into our cryptographic systems. It's merely that they're one of the best. They take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes."
[+] [-] devit|10 years ago|reply
It's perfectly possible and trivial to put in a backdoor that only works for people who have access to a specific private key.
Obviously if that private key gets stolen anyone can then access the backdoor, but that's true for anything, and you can mitigate it by storing the key in self-destructing immovable hardware with access limitations, as well as periodically changing the keypair (with signed updates).
The real problem is that there is no single "good guy" to entrust with that private key: in particular humans are inherently not fully trustable or good and both individual consumers and other governments have no interest in using or allowing backdoored products.
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] harryf|10 years ago|reply
[+] [-] free2rhyme214|10 years ago|reply
[+] [-] gecko|10 years ago|reply
That said, all Apple would have to do to fix this is to allow advanced users to see all keys listed as authorized for their account. I'm getting increasingly annoyed Apple hasn't done that.
[+] [-] conradev|10 years ago|reply
> Apple could collaborate with law enforcement to provide a false key, thereby intercepting a specific user’s messages, and the user would be none the wiser.
Key word is "could". Apple "could" also use its signing keys to install any kind of software on your phone to do whatever it wants. For example, to read your keychain and pull your private keys.
[+] [-] mixmastamyk|10 years ago|reply
Foreign govts? Rather, "against the constant threat of criminal governments and hackers."
[+] [-] mschuster91|10 years ago|reply
[+] [-] s73v3r|10 years ago|reply
[+] [-] mineshaftgap|10 years ago|reply
[deleted]
[+] [-] johansch|10 years ago|reply
[+] [-] coob|10 years ago|reply
Off the top of my head:
SSO ID Service / Cloud Photo Storage / Cloud Document Sync / Cloud Backup / Email / Instant Messaging / Music Store / Music Streaming Service / Cloud Music Service / Movie/TV Store / App Store / Push Notifications / Payments / Video Conferencing / Game Centre / eBook Store / Shared Calendaring / Notes / Large File Sharing / Personal Assistant / Maps
Weak?
[+] [-] pluckytree|10 years ago|reply
It may be in their Apple’s financial interests to do so, but it’s also the right thing to do. As you (partially) say, they care about the user experience. That experience includes taking steps to protect user information and they’ve had a long track record of doing just that. They did this long before it probably had any noticeable effect on the bottom line.