I don’t understand why this outrage seems so US-centric. This is the same Apple that hands over all your iCloud data (photos and otherwise) to the CCP if you happen to live in China. And they’ve done this openly for the last several years.
What am I missing? Isn’t that a much much much much worse thing for Apple to do? Why are we only suddenly suspicious of Apple’s privacy claims with this matter?
As an American I couldn’t care less that Chinese people’s data is handed over to Chinese people’s government, especially considering the alternative would be that Chinese people’s data is handed over to a US entity and by association the US government.
Contrary to popular belief, iCloud data, while encrypted, can be decrypted by Apple and is subject to US law enforcement requests. *
Considering this fact, it is pretty one-sighted to see this as some sort of unconceivable act. However if you look at it from the other side would we want all American user data (assuming Russia had a company that had such pervasive penetration into American lives as Apple does globally) to be sitting on Russian servers subject to arbitrary Russian laws?
So if you only consider American interests, it’s unconceivable for us to give up such power and control over other sovereign nations, but perhaps other countries don’t care about American interests like we do.
All Apple did in China was comply with local laws to stay in business there. What Apple is doing in the US is not mandated by law (as far as I know).
From the American side Apple has marketed itself as privacy focused, even fighting the FBI publicly at the risk of negative publicity. This about face is unexpected but also betrays those of us who invested in the Apple product line under the expectation they continue this standard of privacy and security that was marketed. Chinese people probably never expected this level of privacy to begin with, but we did and we can.
This to me is a surprising attitude. As an American whose outlook is generally framed by American values, it’s very upsetting to think of how privacy and freedoms are systematically impinged upon in so many parts of the world. If we can be upset about invasion of privacy in one country, why would those principles change at geopolitical borders?
The imposition of our own values onto others is how wars start. If you think that our values are encoded in laws, and accept that different sovereignties have different laws, then you should be able to accept that different people have different values and standards. Maybe to the EU we are barbarians because our consumer privacy laws are so lacking...
Those principles are not universal because different cultures have different values, beliefs, standards, and situations. If you've been taught otherwise then you've been brainwashed by a propaganda machine designed to motivate you to support and fight wars of value imposition like the Iraq or Afghanistan wars.
Plus, no country was around to teach the Americans how to build a society back then, and you could say we turned out fine enough.
We are big proponents of democracy but not only do we acknowledge that democracy is not a perfect system to begin with (something we are taught in schools), but our version of democracy isn't even a perfect execution of it, much like how China isn't really a communist utopia. We are more like a capitalist democracy, where effectively the wealthy can leverage more of a vote (through advertising, propaganda, PACs, etc). So if all our systems are flawed, who are we really to impose our flawed values. The answer is that the real motivation for imposing our values isn't some belief in fundamental ideals or values, but rather for American interests. We didn't setup a puppet bureaucrat in Afghanistan because of democracy, we just wanted a friendly government in the Middle East. The CIA operating in your country doesn't give you relief! No, they are not there to help YOU or your people.
Thank you for this thoughtful response! I think I see what you mean how values are not necessarily universal and that imposing them across cultures can go very very wrong. You’re totally right that we don’t have to look past the last several weeks’ world news for examples.
As a “value” democracy gets tricky. What does it mean exactly? Even within the US it takes on many contradictory forms. And why does democracy matter? Is it a worthy value simply because it’s the least bad political system? That’s not very universal as a reason, and surely not a good reason to make war.
Where I suppose I diverge is that I think freedom of expression (and, inextricably, guarantees of privacy) actually are universal values that cross whatever kind of boundary. What has nationality to do with it? Call me a myopic American but its hard for me to accept the idea that freedom of speech could be a culturally specific value.
Now should we enforce values with coercion? Generally I think you and I agree that we shouldn’t. But information technology (and, to a great extent, strong cryptography) provides an enormous (peaceful) opportunity to durably promote those values at an anthropocene scale.
Maybe nobody externally taught these values in the formation of the US, but it’s maybe also worth remarking that the formation greatly benefited from an unusually free press for that time period.
I agree with you that freedom of speech is a fairly important individual right. If you look at the reasoning behind its status it's probably because it's one of the early forms of power an individual could wield, much like how treasured gun rights are in America as well. It goes hand in hand with a free press.
That's certainly something the Chinese people deserve to have, but it's also not our fight, especially if the people of China are less interested in it than foreign spectators seem to be. Since their economy and standard of living is rising and more or less doing fairly well, it raises questions of motivations when we really want them to do something for them under the guise of for us. If we value our democracy or freedom of speech and press more than the average Chinese citizen does, then something is probably up... and something is in fact up, because wars are usually fought under the pretense of righteousness. But in reality almost all wars are fought in the interest of self-preservation and self-interest. US foreign policy is pretty much bound to be purely in the interest of its citizens much like how a corporation is bound to make a profit. If we actually promote free speech and democracy, it'll be due to self-interest, because for the simple reason that a politician can't really justify that they did something for the good of other non-constituents and hope to be re-elected.
Free speech is a great ideal, but it's also a tool used by the enemy for disinformation, destabilization, and defamation. This is similar to how encryption is great, but also empowers criminals just as it empowers resistance to tyranny. Some peoples will choose to have less free speech for more stability, and that is their choice. If the EU started fervently advocating for more consumer privacy protections in the US when we actual Americans don't care about it too much, we'd probably raise an eyebrow too on their actual motivations on matters of domestic concern.
Personally, from a righteousness point of view, if we really wanted to help people we'd take them into our borders and integrate them into productive members of our own society. Anything else is illegitimate. If we truly believe China is going the wrong way then we should take in their citizens who agree with us, and give them the opportunity to shine here. Humans are a resource, not a liability. If we can't take them in, then it's also not our place to tell them how to go about their lives. If we really want people to adopt our values, we should integrate them. And for the most part the US does a pretty good job of this as we're probably one of the most multi-cultural societies on this planet.
Governments ultimately draw their authority from their ability to keep their citizens from overthrowing them... China is doing a good enough job right now, even if you don't think so, and even if there are some bad things happening there. But the reality is that even if they were to submit to internationally audited and monitored elections overnight, it'd still be subject to the flaws of a democractic system (private interest group, big money influence, etc) that would taint the ideal of a fair election. A democractic election is ultimately still a proxy of power distribution. You'll end up with more of the same most likely, but with less excuses to point fingures at when they commit unpopular acts (for example they may still imprison Uighurs, expand in the Indian ocean, and threaten Taiwan).
Rather than making such strong remarks telling Chinese people what they are, you can just go there and ask them yourself instead of armchair posturing.
As a non-American, consider that many of us live in countries with better policies than yours, and we’d prefer not to have your ideas imposed on us by fiat, thanks.
So I’m quite happy that Apple has to follow local rules, and I respect Chinese citizens enough to believe that they can advocate for the change they want to see, over time.
Because the Chinese people value different things than the American people and they're governed by different norms and nobody nominated Americans to be privacy commander in chief.
I think gun laws in the US are terrible but I recognize the US has a different history and it's not my place to tell them how to live. Simple as that.
China actually has both actual elections (at the local level) and it definitely has negative public opinion. The Chinese are, if anything, some of the most ardent shitposters if you've actually ever used social media in China. Of course some of it is censored but most of it isn't, deliberately so because it's pretty much the only way to figure out what grievances people have, and technically because you can't stop a billion people with the ability to make memes and puns from getting around anything.[1] There's even people who make that stuff available for English speaking audiences[2]
This notion that you somehow can't figure out what the Chinese want, as if you couldn't talk to them, which you literally can, you could just visit China actually, just shows that the entire discourse happens at some sort of meme level.
That isn’t so just because you say it is and it seems like you have no idea what it is actually like to live in China. A lot of the people pushing back against anti-China sentiments are actually former Chinese citizens… and if you look at the anti-China lobby that consists of ex-Chinese you end up with the cult Falun Gong and ultra right-wing Epoch Times. That should already tell you a lot about how unrealistic your sentiments are and who is really pushing this narrative that Chinese people are somehow all slaves who do not know any better.
If you get a bunch of people who are completed disconnected from a constituency deciding what’s best for them you end up with the former British colony of America, the former democratic Afghanistan. As its clear you don’t know the actual sentiments of Chinese people it’s a bit ludicrous to suggest that you know what’s good for them better than they do.
Nobody fought the American war of independence on behalf of Americans. It’s arrogant to think that others need us to liberate them from some imagined subjugation.
> Chinese people probably never expected this level of privacy to begin with, but we did and we can.
Taiwanese users data is also backed up to China. This was confirmed to me by an Apple Support in China. Whether you believe Taiwan is part of China or not, I can assure you users in Taiwan do expect this level to privacy.
What we are seeing is a slow deterioration of user privacy across the Apple ecosystem, not just the US. So even if you don’t care about Chinese users data, it does show what Apple management as a whole thinks of your data.
> Contrary to popular belief, iCloud data, while encrypted, can be decrypted by Apple and is subject to US law enforcement requests.
The most seem to forget, that with this newcoming feature this is not possible anymore. Apple can’t decrypt your images anymore by request. (Read Apple’s PSI system)
There is also strong evidence that same is coming for backups. On iOS 15 beta, there is backup recovery option by authentication key.
They can’t decrypt the safety vouchers, which contain low resolution versions of your image until the conditions are met … which makes no sense as they have access to the cleartext full resolution image right there.
Unless of course this is a precursor to an E2E encrypted iCloud wherein Apple does not have the ability to decrypt your images server side. I don’t see how this design makes sense unless that’s the next step
> … which makes no sense as they have access to the cleartext full resolution image right there
They have no access. It is end-to-end encrypted with new system. That is the whole point of on-device scanning. It is not next step, it is already there.
That’s not my interpretation of the first party descriptions of the CSAM system. Clearly it works if photos are encrypted; nothing implies they’re using that capability yet.
If that were the case, this would not merely be a PR mess but PR malpractice of an entirely other, novel kind.
The system is complicated, especially the PSI paper. But it is clear, that it is designed to run on encrypted images, there is choice to run without it.
Apple didn’t wake up one day and decide to do this on a lark.
They’re being proactive, probably in a minimalist form, to anticipate regulatory powers on what is unarguably the largest or second largest platform used for illegal porn.
If FB screeners have ptsd and are killing themselves over what they have to see every day, imagine what is on iCloud and iPhones. Right now, nobody is required to filter that content while social media is. The alternative to “sure, you tell us what is illegal and we’ll scan for it” is “We’re the govt and we want to see everyones photos for the children.”
Sure, the latter may still happen, but probably later than sooner now. I’m surprised it has taken this long,
>Government by threatened legislation is much worse than government by actual legislation. Legislation is public, Legislation can be opposed, legislation can be reviewed by the court and so-forth. Allowing yourself (and your users) to controlled by threats of legislation is allowing democracy to be discarded.
It's my understanding that Apple simply can't operate in China without playing by those rules. So really, the onus is on the CCP.
In this case, is Apple being compelled to do this by the US government? Or is it a choice Apple has made purely internally? I think that makes a difference.
I agree the question of whether Apple was compelled by whatever government (or if they did this voluntarily) has implications on the ethics of these decisions. They may genuinely have no choice.
But I don’t see how it affects the question of whether Apple’s privacy assertions are trustworthy.
The CCP would make Apple stop manufacturing in China, which would effectively mean that they couldn't sell anything anywhere. Apple does have very deep pockets, but that would be an existential threat.
Well put. Perhaps it’s cynical, I think that’s true of any corporation of Apple’s size: their only true principle is to maximize shareholder value.
The best we can do as privacy-concerned mere-mortals is to take our business where those profit incentives align with our values. Apple’s put a lot of work into advertising that their profits are aligned with values of privacy, but some signs say otherwise.
This is a claim which should require extraordinary evidence, since Apple has very publicly resisted pressure to build technology at the government’s behest in the past.
It’s now common knowledge (as mentioned in the article) that Apple refrained from adding a feature at the government’s behest in the past. It’s a fine line between not adding a feature they don’t like and adding a feature they do.
This claim is often repeated but the only source for it I’ve found is reporting in Reuters citing anonymous sources. The user experience challenges of end to end encryption are immense, especially since iPhone is many users’ only iCloud client, and I find it hard to believe Apple was moments away from announcing a solution to them but the FBI pressured them out of it. That is not the extraordinary evidence such a claim needs. For example, Bloomberg reported an even better sourced story about supply chain compromises to Apple’s cloud services which has been more or less entirely debunked.
In addition, the emphasis on the on-device portion of this scanning project is evidence that Apple views losing access to iCloud data as part of its roadmap.
The Bloomberg claims were explicitly denied by Apple and several other companies. To the best of my knowledge, Apple has never publicly denied the Reuters reporting, and explicitly declined to comment when given the chance by Reuters. It’s certainly one thing to extend the benefit of the doubt to a company in a dispute with a reputable news agency; it’s entirely another thing to take issue with the claim when even the affected company won’t do so.
So you are suggesting that FBI pressure is the primary reason Apple did not pursue plans to end to end encrypt iCloud Backups on the basis of one news article and lack of comment from Apple?
(There is other counter-evidence: Apple rarely comments on speculation. In an interview with the WSJ, Apple’s answer to why now was that they figured out how to do known CSAM detection in a way they felt met their privacy requirements. The omission is at least slightly informative, if you think FBI pressure is critical. Finally, people more familiar with the legal context have argued it would jeopardize the program for there to be evidence that Apple is doing this work in response to FBI pressure as suggested. Finally, Tim Cook offered a more straightforward explanation and vision for iCloud end to end encryption in an interview with a German newspaper:
SPIEGEL ONLINE: Is the data as secure on your iCloud online service as on the devices?
COOK: Our users have a key there, and we have one. We do this because some users lose or forget their key and then expect help from us to get their data back. It is difficult to estimate when we will change this practice. But I think that in the future it will be controlled like the devices. We will therefore no longer have a key for this in the future.
)
If so, what information would change your mind? How confident are you that this is the full story?
I have specific reasons to believe that Apple has been subject to legal pressure. But if you didn’t believe six anonymous sources in a story by a reputable reporter, you’re not going to believe my secondhand reports either. Skepticism is fine: stubborn unfounded skepticism in the absence of a direct confirmatory statement from Apple isn’t possible to argue with.
Apple being legally pressured is not the full story. It is absolutely true that they have been pressured by the FBI and others, and simultaneously that they also have real concerns about user experience with lost backups. If you read the Reuters story, it doesn’t draw a straight line from the FBI to the backup situation, it just points out that legal pressure is a factor in Apple’s reasoning. Apple spent a lot of money building an E2EE key vault based on HSMs several years ago, and it’s also fairly obvious that they had bigger plans than securing passwords and browser history. Yet they have not made full E2EE backup available even as an option for advanced users, despite the fact that even Android now supports E2EE backups. And prior to enabling E2EE backups (one assumes that’s coming this year) they paused to build exactly the on-device scanning system that law enforcement has been exhorting cryptographers to build since William Barr’s letter in 2018. It does not take a great deal of imagination to see the pattern, but obviously only Tim Cook can prove it to your satisfaction.
ETA: Just to take this a step beyond “someone is arguing on HN”: this argument matters because I think we all intuitively understand how dangerous this system would be in a world where Apple’s engineering is responsive to government pressure. Your skepticism makes perfect sense if you want to believe this system is secure. I wish I could live in a world where I was able to share that skepticism, it would be a more relaxing place.
I’m not sure why it’s obvious to you that Tim Cook must personally whisper into my ears otherwise. The FBI and every other intelligence agency is probably pressuring Apple all the time. Elsewhere in the thread, I even say that I think law enforcement pressure is one reason Messenger has not turned on E2E by default. I understand how this works.
What you haven’t convinced me of is whether Apple’s priorities are being driven by the pressure. Apple can believe keeping known CSAM off their services is important, and just because someone else agrees doesn’t mean the outside party was critical or the cause of the decision. We live in a society where there are lots of non-government reasons to not be the world’s #1 CSAM host, especially as the famously anti-porn company.
To what extent Apple’s intentions are sincere or coerced is important to suss out because it changes the likelihood that Apple, in the long term, will build different features that endanger its users. I agree that the platform vendor is “intuitively” a source of risk, but I don’t think what they’ve announced is any more (technically) dangerous than anything else my device already did. Even if Apple is outright lying about the contents of the hash database and what their human reviewers will flag, they could’ve been outright lying about whether they slurp my iCloud Photo Library straight out off iCloud with the keys they escrow. Besides that, there is no other possibly untoward behavior that I can’t verify locally. In fact, if Apple built iCloud scanning, I’d be at least as concerned about future features, because there I have no audit rights.
I don’t “want to believe” the system is secure - I have the tools to confirm that the system exposes me to no risk that I’m not already comfortable with as an (for sake of argument) iCloud Photo Library user, and almost all of the other risks are hypothetical. I’m even open to believing that the other risks are more probable today than a month ago, but the evidence isn’t very strong. Some evidence that would change my mind: any information about NCMEC being compromised by nation states and Apple ignoring that evidence, any evidence from Apple sources stating that they worked with the FBI on this system design, any evidence that Apple is expanding the system beyond CSAM.
Which brings me back to a question you never answered: how confident are you that the system presages generalized full device content scanning, and what evidence would change your mind?
I never said the device presages full-device content scanning. All I’ve said (including in this NYT op-ed [0]) is that it enables full-device scanning. Apple’s decision to condition scanning on a toggle switch is a policy decision and not a technical restriction as it was in the past with server-side scanning. Server-side scanning cannot scan data you don’t upload, nor can it scan E2EE files. Most people agree that Apple will likely enable E2EE for iCloud in the reasonably-near future, so this isn’t some radical hypothetical — and the new system is manifestly different from server-side scanning in such a regime.
Regarding which content governments want Apple to scan for, we already have some idea of that. The original open letter from US AG William Barr and peers in 2018 [1] that started this debate (and more than arguably led to Apple’s announcement of this system) does not only reference CSAM. It also references terrorist content and “foreign adversaries’ attempts to undermine democratic values and institutions.” A number of providers already scan for “extremist content” [2], so while I can’t prove statements about Apple’s intentions in the future I can only point you to the working systems operating today as evidence that such applications exist and are being used. Governments have asked for these, will continue to ask for them, and Apple has already partially capitulated by building this client-side CSAM system. That should be an important data point, but you have to be open to considering such evidence as an indication of risk rather than intentionally rejecting it and demanding proof of the worst future outcomes.
Apple has also made an opinionated decision not only to scan shared photos, but also to scan entire photo libraries that are unshared with users. This isn’t entirely without precedent, but it’s a specific deployment decision that is inconsistent with existing deployments at other providers such as Dropbox [3] where scanning is (allegedly, according to scanning advocates) not done on upload, but on sharing. Law enforcement and advocates have consistently asked for broader scanning access, including unshared files. Apple’s deployment responds to that request in a way that their existing detection systems (and many industry standard systems) did not. Apple could easily have restricted their scans to shared albums and photos as a means to block distribution of CSAM: they did not. This is yet another difference.
I’m not sure how to respond to your requests for certainty and proof around future actions that might be taken by a secretive company. This demand for an unobtainable standard of evidence seems like an excellent way to “win” an argument on HN, but it is not an effective or reasonable standard to apply to an unprecedented new system that will instantly affect ~1 billion customers of the most popular device manufacturer in the world. There is context here that you are missing, and I think suggesting more reasonable standards of evidence would be more convincing than your demands for unobtainable proof of Apple’s future intentions.
> Apple’s decision to condition scanning on a toggle switch is a policy decision and not a technical restriction as it was in the past with server-side scanning.
This is not a meaningful distinction. There are many security and privacy protections of iOS that are equivalently "policy" decisions: letting iCloud Backups be turned off; not sending a copy of your device passcode to Apple servers; not MITMing iMessage which has no key transparency; not using existing Photos intelligence to detect terrorist content etc. In technical terms, there are many paths to full device scanning, and some of those paths were well trodden even a month ago (iCloud Backup and Spotlight, for starters, and Photos Intelligence as a direct comparison).
Making this claim also requires showing that the likelihood of Apple making one of many undesirable policy decisions has changed.
> Regarding which content governments want Apple to scan for, we already have some idea of that.
I asked about what Apple will scan for, not what governments want them to scan for. Again, I see a pattern in your argument where you state what government wants and then don't state how that desideratum translates into what Apple builds. The latter is entirely the source of ambiguity for me.
> Apple’s deployment responds to that request in a way that their existing detection systems (and industry standard systems) did not.
I could see that. If that's what Apple had built, would you have a different take on the system? It seems like no -- most of the risks you care about are unchanged since you are operating in a world of "policy decision" equivalence classes.
> I’m not sure how to respond to your requests for certainty and proof around future actions that might be taken by a secretive company.
You seem to misunderstand what I said. I'm asking for an estimate of your certainty, not absolute certainty. Furthermore, I'm asking you to provide examples of what information would change your mind for the same reason you keep repeatedly calling me stubborn and accusing me of bad faith: without it, I have no idea whether we are engaged in discussion or a shouting match.
Therein lies a problem. Most people would agree that a good predictor what people will do is what they have done in the past. If you read through some of the stories ( those of Snowden come to mind ), some declassified information over the course of the past few decades, a pattern emerges.
There is no evidence, either because it does not exist or because it is hidden. The best we have is inference and whistleblowers.
That said, I genuinely think we are not being tinfoil enough these days. And that is based only on what we know ( or at least avg. citizen should know ) was already done in the past.
The PRISM revelations, to this day, are very ambiguous about their implications for cooperation. When they came out, most involved companies flat out denied cooperation. The types of data the NSA claimed to get were available by tapping into network backbones. Unless you are aware of a theory or evidence I’m not, I think it’s just as likely that the program described in the leaked slides involved unilateral or covert intrusion by the NSA rather than cooperation.
It is reasonable to be conservative about data stored in someone else’s cloud, and there is undeniable value to end to end encryption that gives you control over who can access it. That said, especially if you read Apple’s letter in response to the PRISM allegations, Apple’s behavior seems quite consistent and sincere over time: https://www.apple.com/apples-commitment-to-customer-privacy/.
I don’t think it’s likely they designed this feature under pressure from the government or with the intention to expand it to local data on your device.
Ok. If that is not the reason, then the question becomes what is the real reason.
Some analysts seem to think Apple should be getting into advertising business, which would partially explain some of the proposed updates. Naturally, if that were the case, it would render Apple's commitment to privacy about as useful as T-Mobile's. Then again, I might be giving Apple too much crap. Most companies don't even pretend to care.
I think Apple (i) genuinely believes scanning on device is better for privacy because it lets users (theoretically) confirm the behavior of the system and (ii) is learning from others’ mistakes of deploying scanning server side and having that become a blocker to moving to end to end encryption (e.g. Facebook Messenger). My guess is they announce expansions to end to end iCloud behavior soon. Features like this are building blocks to controlling who escrows your iCloud private keys: https://gadgettendency.com/apple-allowed-to-bequeath-and-inh...
You’re welcome, and I’m happy to share alternative theories. I think some of the issues of control that have been raised are legitimate. For example, you brought up the idea that Apple is doing this as part of a move to advertising, perhaps because advertisers want to be reassured their ads don’t appear next to distasteful content. I think there’s an interesting idea there: lots of companies are trying to move towards “on-device” ads; are they really private? Is privacy the right framework to evaluate them, or is it a different type of control?
Perhaps. However Apple has since released two security updates to iOS but has not patched the iMessage flaw that allows Pegasus software to spy on thousands (perhaps millions) of iphones.
What are they waiting for? Hmm perhaps getting something else in place first.
You are saying known CSAM detection for iCloud Photo Library will launch before the Pegasus 0-days are fixed? The two are entirely different. If Apple was working on behalf of the government, they could’ve already shipped over the contents of iCloud for all the users targeted.
In any case, I’d happily take the other side of the bet at even odds that the security issue is patched after the child safety program goes live.
> since Apple has very publicly resisted pressure to build technology at the government’s behest in the past.
And they've also not done that. When Jobs died Apple promptly bent the knee and joined up to PRISM.
Very publicly resisted? Nope. They went along, very quietly (it was Yahoo that tried to fight back). We only found out about Apple having joined up thanks to the man that wrote this article.
How many human rights atrocities does Apple get to partake in before their credibility is shot, such that the burden is put on them instead, of proving - in such circumstances as this one - that they're not commiting more atrocities.
> is Apple being compelled to do this by the US government? Or is it a choice Apple has made purely internally? I think that makes a difference.
You're being downvoted but it's a critical issue.
If Apple is currently being compelled to do this, it likely means the US Government has a massive new privacy obliterating program underway and Apple probably isn't the only tech giant joining the human rights violation parade. It's important to find out if that's going on. We can be certain they didn't stop with PRISM.
If it turns out to be the case, that Apple has joined up to another vast human rights violating program (they already did it at least once before, remember), the US needs to move forward toward Nuremberg-style trials for all involved Apple management and all involved Apple employees (and not only them). That's the only way it stops.
Such human rights violations should not be allowed to continue. How many tech employees at these companies got away with extraordinary human rights violations related to PRISM? Employees at these companies were responsible in part and critical to helping to make it happen. Who are these enablers? Why aren't they in prison? Why is this so rarely discussed on HN? (yeah we all know why)
HN is pretty amusing about this topic. Privacy is a human right? Yeah? Also universally HN: but let's not talk about the people actually responsible for the human rights violations; let's not talk about all the techies being paid princely sums to commit human rights atrocities. Let's not talk about prison sentences for what they've done to their fellow humans. Let's not hold tech employees responsible.
The Jan 6 commission is using the riots as a pretext to collect and inspect private speech/communications from a huge list of people who had absolutely nothing to do with January 6 [0] but were politically active for Trump or his campaign or just posted memes on Twitter etc.
The massive list of people they're demanding records for is shocking. Privacy doesn't mean anything to the current establishment, if people could just take off their partisan blinders for two seconds they would realize this and we could probably form a plea to congress as unified voice.
Give this CSAM system another few years and they won't even have to subpoena for most of the private communication they're already going after today.
I imagine because most of us care more about US policies in general than Chinese because most of us live in the US. If fixing Chinese lack of free communication were on the table I'm sure we'd mostly be for it, but that's a whole other thing that ultimately goes back to their government.
I mean, that’s also bad? But the CCP is not going to budge on this, and it doesn’t affect me as much as an American, so I feel like I can be upset about both and more upset about the one that affects me directly.
As far as is documented, the behavior of iCloud does not change, just the operator. In particular, the difference is that end to end encrypted data in iCloud remains that way, so saying all iCloud data is handed over is incorrect.
In fact, iMessage is the only end to end encrypted messaging service operating in the country (for example).
It’s my understanding that the keys used in that “end-to-end” encryption are also under the control of the operator [1], so from a privacy perspective it is the same as handing over that data in plaintext.
It’s an incorrect reading of the article. The HSMs in the data center are operated by the Chinese company so any CloudKit data escrowed by Apple could be accessed, but end to end encryption keys are synced through iCloud Keychain which uses a different protocol with device secrets.
Do you have any sources for that? I ask because the article I linked specifically states that Apple was forced to discard the entire encryption system it uses elsewhere. It’s also hard to understand why a government would insist on this sort of data custody without the benefit of plaintext access.
The key generation routine for iCloud Keychain is shipped in iOS and tangled with your device passcode. Chinese iPhones have the same iOS builds as iPhones everywhere, so if some backdoor code was present to have them generate iCloud Keychain keys differently, someone would have found it.
Here’s what I think the article is trying to describe:
I think #2 is what the article characterizes as “discarding entire encryption system.” However, the encryption of iCloud Keychain isn’t dependent on HSMs in the same way the rest of iCloud data is.
As a result, E2E encrypted iCloud data for Chinese users is probably still safe in China. Given physical access and non-standard HSMs, non E2E encrypted data in iCloud probably is not.
It will be very interesting to track the consequences if and when iCloud moves more data into E2E encryption, since the majority of synced data is not: https://support.apple.com/en-us/HT202303
What am I missing? Isn’t that a much much much much worse thing for Apple to do? Why are we only suddenly suspicious of Apple’s privacy claims with this matter?