Apple advances user security with powerful new data protections

[DrMacintosh]

29 minutes ago, wanderingfool2 said:

Android backup has supported E2EE backups since Android 9   They still haven't done photos, but texts are E2EE in backups.

And now iCloud has backups and photos E2EE. iMessage has always been

 

29 minutes ago, wanderingfool2 said:

The funny things about this is that if the FBI is worried about the features, that means they were already accessing that data from Apple.

The FBI has been legally able to request the data that was previously unencrypted before. A company cannot refuse to comply with a lawful order if they can comply. Apples previous basis for refusing to hand over information was based on the fact that Apple was physically unable to comply because the data was encrypted and Apple does not store the keys. 

[DANK_AS_gay]

My mother is a prosecutor, one that has taught seminars aout how to legally get access to a child predators devices in order to get evidence of child porn, and how to get that evidence. A lot of the smarter guys use iPhones over burner phones, because at the very least, Apple is incredibly slow to move. Sure, they have access to some of this stuff (at least as of several years ago when I heard this), but they can't easily access it, and only do so when subpoenaed. Even then, much if not all of the content is automatically deleted over a year. It is significantly harder for the forensic teams to get into an iPhone than it is for them to get in Androids (or older iPhones, the Indianapolis police train people in the Purdue Polytechnic college in the computer forensics class using iPhone 4s...). I don't know that this is a good thing, as it is going to be even easier for child predators and other people to hide their online or otherwise crimes. An example: One case my mother had was of an autistic child that was found suffocated. The investigation was only able to be directly linked to his mother and her boyfriend through browsing history. "How to shut an autistic kid up" "how to kill quietly" other examples like that, and the text message history of the mom's communications about the kid and the murder with her boyfriend. The mom didn't get the full sentence even with evidence that directly linked her to her charges. The boyfriend got the full sentence as a result of this. 

 

There are problems with this though, as any vulnerability, even for Apple only to access, is a vulnerability. And Apple is not entitled to my information, nor is the government, without a warrant/subpoena. All of the people who use iPhones just because they want one should not be negatively affected using the excuse of "what about the child predators", which is what Apple was doing with their feature that scanned images for illegal content. 

 

My main concern is this, the government has to have access to much of this info when necessary in order to convict people, especially when their crimes are almost exclusively online, but the problem is that both entities can and will take advantage of that. What are our rights in this regard in the US? What about users in other countries? This starts getting pretty close to a Supreme Court issue, and I don't think there is an easy solution.

[DrMacintosh]

4 minutes ago, DANK_AS_gay said:

My main concern is this, the government has to have access to much of this info when necessary in order to convict people, especially when their crimes are almost exclusively online

It is not Apples job to make it easier for government agencies to invade user privacy to convict criminals, or to simply keep tabs on them. That's the fundamental problem. Laws like the Patriot Act were created with good intentions, to crack down on terrorism and save lives...but we all know what that law is actually used for today. Government surveillance of every minor thing under the guise of increasing safety despite the fact that government agencies like the FBI constantly say things like, "he was on our radar" but refuse to act. 

 

Giving up privacy for increased security is never the correct choice. We're just going to have to catch criminals via other means. 

[DANK_AS_gay]

4 minutes ago, DrMacintosh said:

like the FBI constantly say things like, "he was on our radar" but refuse to act. 

Can't act until he's actually committed a crime. Because you can't charge people on circumstantial evidence that they might maybe in the future commit a crime.

5 minutes ago, DrMacintosh said:

Giving up privacy for increased security is never the correct choice. We're just going to have to catch criminals via other means. 

Good luck convicting child predators then, since a majority of those crimes are now committed online, with things like child porn. There aren't other means for that sort of crime. Which is why this is an issue that much smarter people than either of us need to look at.

[CommanderAlex]

7 minutes ago, DrMacintosh said:

Laws like the Patriot Act were created with good intentions, to crack down on terrorism and save lives...but we all know what that law is actually used for today.

You also have the (FISA)/FISA Amendments Act of 2008 which turns over court-approved searched terms from data. 

[DrMacintosh]

12 minutes ago, DANK_AS_gay said:

Good luck convicting child predators then, since a majority of those crimes are now committed online, with things like child porn.

And that's a problem for lawmakers to figure an approach too. But for now, we can't put webcams in every home just to catch a predator. Users are entitled to their privacy, just because criminals exist does not mean the rest should suffer. 

[Obioban]

1 hour ago, wanderingfool2 said:

Android backup has supported E2EE backups since Android 9   They still haven't done photos, but texts are E2EE in backups.

iCloud backups were E2EE before, as well. What's changed is that Apple can no longer decrypt them upon request.

 

 

[Zodiark1593]

1 hour ago, wanderingfool2 said:

 

 

Overall though, I do think the FBI brings up a good point to a certain extent.  Under the current aspect of the law you can't compel someone to give up their password.  If everything is encrypted and you have reasonable suspicion a crime has been committed then it creates a real issue in this modern day where the password is the only way to access the data.

 

I do foresee a time where this starts to become a major issue in terms of tracking down digital crimes.

The 5th Amendment largely dictates that you needn't aid in your own prosecution. Exemptions do exist however, limited to those where divulging the password will not expose you to additional criminal liability, such as in the case of immunity, or the foregone conclusion doctrine. And of course, civil cases have their own set of rules. But for all intents and purposes, if the encrypted data is likely to incriminate you, you're under no duty whatsoever to provide the passwords, or plaintext documents, for the purpose of your own prosecution.

 

Even if encryption everywhere does pose major issues to law enforcement, a constitutional amendment is a very steep hurdle.

[AnonymousGuy]

Advanced iCloud protection is huge.  That was always something that was a really big gap in security because cops could also subpoena stuff that was in icloud since it wasn't blind encrypted.

[Arika]

I'm sure you'll forgive me when I say, I don't trust Apple at all with this. As far as I'm concerned this is all PR speak, just like the last 15 years. They claim to be about privacy for their users, but then turn around and comply with almost every request from the US government.

 

 

 

"Oh we can no longer unencrypt data to had it over "

OK, so you USED to be able to? Then what's been the point of making a big song and dance about how good your encryption and privacy are? How do I know you still won't be able to unencrypted this?

"Trust us bro"

[wanderingfool2]

21 minutes ago, Obioban said:

iCloud backups were E2EE before, as well. What's changed is that Apple can no longer decrypt them upon request.

 

 

...not in the way most people talk about E2EE, the principle is that only the user should be able to effectively decrypt it.

 

20 minutes ago, Zodiark1593 said:

The 5th Amendment largely dictates that you needn't aid in your own prosecution. Exemptions do exist however, limited to those where divulging the password will not expose you to additional criminal liability, such as in the case of immunity, or the foregone conclusion doctrine. And of course, civil cases have their own set of rules. But for all intents and purposes, if the encrypted data is likely to incriminate you, you're under no duty whatsoever to provide the passwords, or plaintext documents, for the purpose of your own prosecution.

 

Even if encryption everywhere does pose major issues to law enforcement, a constitutional amendment is a very steep hurdle.

Oh yea, don't get me wrong, I don't think that the constitutional amendment would ever become a thing, unless things get really bad.  It's just that things are starting to get to the point where some forms of crimes can now be committed in a way that no one would ever have thought possible back when the constitution was written.

 

It's eventually going to hit a point where as a society we will need to discuss it, and it's not going to be pretty either way.  The way to catch some people now and days in regards to some of these crimes is literally through social engineering (thinking of when they managed to convince criminals to use a poisoned phone).  If people are smart enough though, they could at this stage hide some of their crimes without the fear of being caught simply with the knowledge that they won't be able to access the data they need to actually convict you.

 

1 hour ago, DrMacintosh said:

The FBI has been legally able to request the data that was previously unencrypted before. A company cannot refuse to comply with a lawful order if they can comply. Apples previous basis for refusing to hand over information was based on the fact that Apple was physically unable to comply because the data was encrypted and Apple does not store the keys. 

Oh yea, not denying that they aren't legally required to.  Just that the FBI's protesting to it pretty much means they were using it as a means before (and likely under gag orders to Apple as well).

 

1 hour ago, DrMacintosh said:

And now iCloud has backups and photos E2EE. iMessage has always been

Yea I know.  Just pointing out that the concept of encrypting a backup isn't anything new.  iirc there was a roundabout way of access information like iMessages simply by going into the cloud backup, which has the keys needed to decrypt.  It's actually the excuse that Apple gave when there was the shooter information, they claimed the FBI dragged their feet to the point the cloud backup was autodeleted so they couldn't recover the information on the phone.

 

Generally though, with Apple you are still the product.  They just go about it differently, like trying to completely lock you into the ecosystem.

[AnonymousGuy]

3 minutes ago, wanderingfool2 said:

Generally though, with Apple you are still the product.  They just go about it differently, like trying to completely lock you into the ecosystem.

"You are the product" means your data is being sold elsewhere as the means of profit.  That's not what Apple is doing at all here.  You're the customer of their product.

 

Compare to say Google or Facebook where the vast majority of their revenues is harvesting and reselling as much user data as possible.

[wanderingfool2]

2 minutes ago, AnonymousGuy said:

"You are the product" means your data is being sold elsewhere as the means of profit.  That's not what Apple is doing at all here.  You're the customer of their product.

 

Compare to say Google or Facebook where the vast majority of their revenues is harvesting and reselling as much user data as possible.

Google in general harvests your data for adverts.  It's still pretty much kept in the ecosystem.  A major difference as well is that Google also correlates that data with data from 3rd parties.  The growth of Apple advertising grew about the same amount that Facebook's shrank when they introduced the prompt.

 

I very much consider Apple to be a company that treats you as a product.  They leverage you as a product to maintain their App Store fees, they leverage you for their advertising (except in this case since they pretty much blocked the competitors from being effective, they now have a lot strong monopoly for ads on iPhones).

 

14 minutes ago, Arika S said:

I'm sure you'll forgive me when I say, I don't trust Apple at all with this. As far as I'm concerned this is all PR speak, just like the last 15 years. They claim to be about privacy for their users, but then turn around and comply with almost every request from the US government.

Honestly though, I have less of an issue when it's legal requests that they comply with.  It doesn't make much of a difference to stand up to every request as they would quickly be saddled with tons of legal fees and in the majority of cases still likely lose.

[DrMacintosh]

14 minutes ago, Arika S said:

but then turn around and comply with almost every request from the US government.

Because that data was previously not encrypted and Apple is legally obligated to turn over that data. A subpoena is a lawful order and cannot be refused just because you feel like it. Now that Apple does encrypt that data, there is nothing to turn over. 

 

16 minutes ago, Arika S said:

OK, so you USED to be able to?

No, that data was not encrypted. Apple never has stored encryption keys on their servers. Encryption is all handled on on device. 

 

16 minutes ago, Arika S said:

How do I know you still won't be able to unencrypted this?

Because Apple does not and doesn't want to store encryption keys. 

[Zodiark1593]

1 hour ago, DANK_AS_gay said:

Can't act until he's actually committed a crime. Because you can't charge people on circumstantial evidence that they might maybe in the future commit a crime.

Good luck convicting child predators then, since a majority of those crimes are now committed online, with things like child porn. There aren't other means for that sort of crime. Which is why this is an issue that much smarter people than either of us need to look at.

Among the predators convicted, I do have to wonder how many are the impulsive sort that do not know how to implement infosec, vs those that are more careful and knowledgeable. I could see obtaining evidence on the former would become more difficult, though they could probably get tripped up elsewhere (there was a Canadian article I read about this exact thing). The latter would probably be paranoid enough where they wouldn't trust larger corporations anyway, and stick to FOSS solutions.

 

I'm rather indifferent on this news myself. I generally assume anything on cloud storage is accessible to outside parties, and anything sensitive that also requires cloud-backup would be encrypted by myself (7-zip is my personal favorite) before uploading. I don't see reason to change practice now.

 

20 minutes ago, wanderingfool2 said:

 If people are smart enough though, they could at this stage hide some of their crimes without the fear of being caught simply with the knowledge that they won't be able to access the data they need to actually convict you.

 

People that are paranoid (and if I was handling data that could land me a lengthy prison sentence, I would be too) have long had FOSS options to tightly encrypt their data, well before Apple/Microsoft/Google have started leaning heavily into consumer-side encryption. Truecrypt was a popular option for a long time, with Veracrypt being the new(er) kid in town that has been audited several times already. Librecrypt also exists. 7-Zip incorporates it's own encryption as well. And LUKS remains a popular option for Linux users. Encrypted containers can be uploaded to the cloud as well. Criminals looking to secure incriminating data have never required Apple's blessing to keep out of reach of the law. A little legwork, and a healthy level of distrust goes a long way.

[Arika]

5 minutes ago, DrMacintosh said:

Because that data was previously not encrypted and Apple is legally obligated to turn over that data. A subpoena is a lawful order and cannot be refused just because you feel like it. Now that Apple does encrypt that data, there is nothing to turn over. 

Unfortunately we've been told for years by Apple fans, the media, and Apple themselves that "what happens on your IPhone stays on your iPhone",  all this talk of privacy and encryption and how they refuse to hand over data.

Only to find out that it was all a lie over and over again. Oh, but NOW they are (apparently) doing what they have been claiming to do for god knows how long, I don't exactly have a lot of trust in what they are saying.

 

Apple has a lot of stuff on my shit list so there is a lot of trust to build before i respect them as a company.

[DrMacintosh]

2 minutes ago, Arika S said:

Apple themselves that "what happens on your IPhone stays on your iPhone",  all this talk of privacy and encryption and how they refuse to hand over data.

Apple has never handed over local only data on any iPhone since the secure enclave became a thing. Any data that has been handed over has been unencrypted cloud data that was lawfully subpoenaed and was required to be handed over. 

[Commodus]

27 minutes ago, Arika S said:

I'm sure you'll forgive me when I say, I don't trust Apple at all with this. As far as I'm concerned this is all PR speak, just like the last 15 years. They claim to be about privacy for their users, but then turn around and comply with almost every request from the US government.

 

 

 

"Oh we can no longer unencrypt data to had it over "

OK, so you USED to be able to? Then what's been the point of making a big song and dance about how good your encryption and privacy are? How do I know you still won't be able to unencrypted this?

"Trust us bro"

Apple is legally required to honor government/police requests for data if it has the means to comply. I understand your concern, but Apple wasn't about to break the law.

 

Apple was already encrypting a significant chunk of iCloud data (14 categories) before this. It's just that the expansion now includes key things like photos and cloud device backups.

[Montana One-Six]

2 hours ago, LAwLz said:

Source?

If you google (xkeyscore even though it's a bit old at this point is probably a good place to start) about that you might find some things but I cannot give you any sources. If you don't want to believe me then don't but I may or may not know some things about some agencies because of reasons and if they want to they can get almost anything about a person of interest without asking any of the companies for anything. They are mostly interested in communications though and there is as far as I know no chat or communication software secure regardless of what the various companies are saying about their chat-programs. In the case of iCloud I don't know for sure but I would guess that it also isn't really an issue.

I don't know if you ever heard what snowden said about mobilephones and the numerous programs used by many agencies but the thing is he was never TAO or on any other similar team and his knowledge is at this point about 10-15 years old. 

[DrMacintosh]

1 minute ago, Montana One-Six said:

They are mostly interested in communications though and there is as far as I know no chat or communication software secure regardless of what the various companies are saying about their chat-programs.

iMessage Contact Key Verification will probably throw a massive wrench in trying to impersonate or otherwise spoof/infiltrate/compromise an iMessage conversation. iMessage is about as safe as it gets. I'd like to see someone try to break through it. 

[Arika]

10 minutes ago, DrMacintosh said:

Apple has never handed over local only data on any iPhone since the secure enclave became a thing. Any data that has been handed over has been unencrypted cloud data that was lawfully subpoenaed and was required to be handed over. 

Sorry, but when Apple made that claim, I doubt anyone took it to mean "oh they only mean my physical device, not my Icloud account that is very prominently advertised in the settings of my phone as a standard feature and where everything is backed up to"

 

That's boarderline false advertisement by way of a loophole

[Zodiark1593]

2 minutes ago, DrMacintosh said:

iMessage Contact Key Verification will probably throw a massive wrench in trying to impersonate or otherwise spoof/infiltrate/compromise an iMessage conversation. iMessage is about as safe as it gets. I'd like to see someone try to break through it. 

Depending on what is being conveyed and what is at risk, I’d probably lean towards Signal with my own server setup over using iMessage. 

[DrMacintosh]

1 minute ago, Zodiark1593 said:

Signal

Signal is great, however I know roughly 0 people that use it. It is a perfectly fine and secure platform as far as I'm concerned though. 

[wanderingfool2]

23 minutes ago, Zodiark1593 said:

A little legwork, and a healthy level of distrust goes a long way.

Oh yea, but it's getting to the point that it's just a click away essentially.  I think it's a good thing having more encryption and such, but I do feel that it will have to come up as a discussion point eventually in the modern world whether we are okay with it (and not being able to compel someone for a password).

 

12 minutes ago, DrMacintosh said:

Apple has never handed over local only data on any iPhone since the secure enclave became a thing. Any data that has been handed over has been unencrypted cloud data that was lawfully subpoenaed and was required to be handed over. 

It's important to note, it's not "unencrypted" cloud data.  I think it's fair to say Apple was required to by law to provide any data which they were capable of decrypting.

 

Apple has at least followed a good practice of having data encrypted on their servers, not leaving it unencrypted.  Just they had the keys to decrypt...but that's better than some companies that leave it unencrypted on servers.

 

Anyways, here's a rundown on the advanced data protection

https://support.apple.com/en-ca/HT202303

There is a table that essentially gives details on what is now E2EE and what is just encrypted on Apples end.

 

Just like to point out though, messages weren't truly E2EE...from what their note says, if you backed up with iCloud then your decryption key was stored.  Which sort of defeats the purpose.  Either way at least the ADP fixes that.

[DrMacintosh]

1 minute ago, wanderingfool2 said:

Just like to point out though, messages weren't truly E2EE...from what their note says, if you backed up with iCloud then your decryption key was stored.

Yeah, I remember when that feature was added and I enabled it that there was a compromise on security there. The convenience was worth it though. Now it's not a problem.