WingNews logo WingNews
top | item 11124124

(no title)

joycey | 10 years ago

I believe the difference is that Apple/Google are okay with turning over user data on a case-by-case basis provided there's a proper subpoena from a judge, but not okay with building a tool for the FBI that will allow them to look at any user's data. The former is equivalent to allowing the government to open your mail and wander around your house provided that they've obtained a search warrant. The latter is equivalent to building a tool that would allow the government to open anyone's mail and wander around anyone's house without a search warrant.

discuss

order

icebraining|10 years ago

I don't think Apple has been asked to build a tool, just to help unlock a single device.

I think Pichai is making a distinction between handing over data they already own (eg. a Gmail account) and data stored on user-controlled devices, which must be hacked to access.

Which is interesting, since he's essentially admitting that their push to send everything to "the cloud" makes their users less safe from governmental snooping (justified or not). Of course, we already knew that, but it's curious to see Google's own CEO say it.

cromwellian|10 years ago

Actually, this is a quite interesting distinction to consider. There is significantly more danger in hacks which can "scale" due to centralization and non-physical access compared to physical access.

In the case of cloud data, the government should be held to a higher standard of restriction, because all of the data is in one location, and requires only a single "factor", the identity of the target to collect data for. This applies to both "encrypted at rest" and "encrypted in flight" data.

But for data encrypted at rest on actual physical devices, there's an inherent '2-factor' security to the private invasion. The government must not only know the identity of the target to collect the information, they must possess the physical device as well. ("something you know" + "something you have")

This means, IMHO, there is far less danger, and far less scalability to "one off" hacks like the ones being requested to Apple. They don't scale to Snowden-level dragnets, they don't present low transaction cost barriers to acquisition.

The dangerous think for decentralized data is having an active attack on the device, or something which intercepts the data "in flight". These are scalable attacks you need to worry about. E.g. "push a key logger to every iphone software update"

Perhaps the law needs to make a distinction to warrants for 1-factor data vs 2-factor data, due to the inherent danger of 1-factor data, given that it scales easily to monitoring millions with little transaction cost.

So in this regard, I think there should be MORE push back for collection of cloud data, but individual one-offs for physical devices have a safer threat model.

I view this more like a Vault being found at the home of a murderer, and the cops asking the Vault maker to help unlock the Vault without revealing the proprietary locking mechanism, or without the cops needing to blow up the vault and potentially lose whats inside.

Oletros|10 years ago

> I think Pichai is making a distinction between handing over data they already own (eg. a Gmail account) and data stored on user-controlled devices, which must be hacked to access.

No, Pichai is making a distinction between giving the information after a correct process and developing a backdoor to slurp the data. It has nothing to do with cloud/device differences

rhizome|10 years ago

I don't think Apple has been asked to build a tool, just to help unlock a single device

Aside from the non-sequitur, what Apple has been asked for is a custom build of iOS.

fleitz|10 years ago

Well, if they aren't being asked to build a tool, then there's nothing for them to help the FBI with because the device functions as designed.

It is precisely the design of the device that the FBI wants Apple to alter using some sort of tool that Apple will make for them.