Author Topic: Apple privacy letter (Law enforcement through your phone)  (Read 13399 times)

0 Members and 1 Guest are viewing this topic.

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15797
  • Country: fr
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #50 on: August 08, 2021, 05:33:24 pm »
[...]  I need to recoup some investment before I spend on something else [non-Apple, presumably].

Where do we go, though?   The computing world started out as the Wild West, it seems it is ending up in 1984 or Brave New World...

Yeah. Well, I think this is exactly how most technologies start and end up.
 

Offline tooki

  • Super Contributor
  • ***
  • Posts: 13157
  • Country: ch
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #51 on: August 08, 2021, 05:48:06 pm »
Tooki: privacy can only be reasoned about as a worst case outcome from any technical decision. This is actually really my day job; protecting people’s financial data. Regardless of the facts or technical merit of the solution the point is that only the whole concept can be qualified, not just the technical aspects.
And how is one supposed to qualify the whole concept without thoroughly understanding and qualifying the technical aspects, too?!? A great "whole concept" can be turned to complete shit with a poor technical implementation, after all.

But again, I wasn't claiming to evaluate the entire concept, I was addressing a specific technical error in your representation of the process.

That’s probably where we got our wires crossed so apologies if you felt I was standing on your toes there.
Well, I just feel you're trying to correct me on things I already know, and that you would know that I already know, had you read my posts carefully. To wit:

As for recovering the data, Apple already can decrypt your iCloud photos contents; check the terms and conditions.
In my original post here, I literally said:
Remember the context: Apple has always been able and willing to share unencrypted data that’s on iCloud when subpoenaed to do so, and I don’t think they’ve ever claimed that iCloud Photos is end to end encrypted.
And Gruber, linked in another reply of mine, confirms that iCloud photos and files are not end-to-end encrypted.

He says:
Quote
Which in turn makes me wonder if Apple sees this initiative as a necessary first step toward providing end-to-end encryption for iCloud Photo Library and iCloud device backups. Apple has long encrypted all iCloud data that can be encrypted, both in transit and on server, but device backups, photos, and iCloud Drive are among the things that are not end-to-end encrypted. Apple has the keys to decrypt them, and can be compelled to do so by law enforcement.

That's after explaining that everyone else does their CSAM scanning server-side, which becomes literally impossible to do with end-to-end encryption.

They will do that under existing rules not from technical outcomes from this. Their process would be to use this as a basis to decrypt the rest.
Have you not read the documentation? It clearly states that Apple's verification stops at the contents of the vouchers. If they confirm it, then they disable the account and send a report to law enforcement. That's it. One can infer that at that point, the investigation continues forward just as if the clues had come from any other source: subpoenas for all the stuff on their servers, and a subpoena to the suspect to inspect their devices.


The smartphone is far harder to get rid of and that will take a few weeks of careful unpicking. I've had my eye on a Nikon DSLR for a few weeks now so that bit is already solved. The biggest loss for me would be Apple Music as that's actually fairly good. Everything else is replaceable or I can live without. I need to migrate my 2FA stuff over to YubiKeys. I've got a cheap Garmin eTrex 10 and paper maps for outdoors nav, Casio F91W to tell the time. Quite frankly I probably don't need the Internet or phone comms most of the time and spend a lot of my dead time spamming on here when I should be reading a book or something :-DD. I may just switch to a dumb phone for the sake of on call requirements.
That's an awful lot of pain to accomplish (at most!) what you could have accomplished by just disabling iCloud Photos, which you can do without disabling any other iCloud features. (The sexting filter in the iMessage app isn't applicable to you, since it's an opt-in feature only for accounts belonging to kids 12 and under AND within an iCloud family account.)

I say "at most" because of the thing that everyone here is ignoring: Apple is playing catch-up regarding CSAM. Everyone else (FB, Google, etc) has been doing it at large scale for years. Unless you're operating all the servers that run the services you need, you aren't escaping anything.
 

Offline tooki

  • Super Contributor
  • ***
  • Posts: 13157
  • Country: ch
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #52 on: August 08, 2021, 05:51:24 pm »
As for the sexting filter for kids, it’s kinda strange to me, insofar as I don’t really believe in empowering helicopter parents.
Thank you, Apple fanboy, for never failing to deliver :-+
Meaning what, exactly?
 

Offline floobydust

  • Super Contributor
  • ***
  • Posts: 7680
  • Country: ca
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #53 on: August 08, 2021, 09:16:42 pm »
The Internet sure did crank up the gain on society, as well as noise from disinformation.
I'm not sure what to believe here but this memo if true is exactly what I would expect the inside spin to be.
 

Offline Bud

  • Super Contributor
  • ***
  • Posts: 7276
  • Country: ca
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #54 on: August 08, 2021, 09:53:00 pm »
The note did not originate from Apple though, as far as i can see.
Facebook-free life and Rigol-free shack.
 

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15797
  • Country: fr
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #55 on: August 09, 2021, 12:01:28 am »
Anyway, I do think those invasive surveillance measures are completely useless at defeating any kind of criminal activity anyway. This may "catch" a few idiots, but unfortunately, I'd think most criminals would know better than to put pictures or videos on surveilled phones and clouds anyway. So as always, they're just using mass surveillance and invading EVERYONE's privacy while criminals will probably continue happily doing their bad deeds while laughing at Apple and the likes.
 
The following users thanked this post: amyk, wraper, bd139, MrMobodies

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23099
  • Country: gb
 
The following users thanked this post: rsjsouza

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #57 on: August 09, 2021, 10:53:07 am »
I'm not sure what people are concerned about? If you use Apple devices or upload data to any number of cloud services, this stuff has been happening for many years. Most people just don't bother to read the EULA before they click "agree".

This isn't new information.
 
The following users thanked this post: tooki

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23099
  • Country: gb
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #58 on: August 09, 2021, 11:43:41 am »
They actually changed the EULA retrospectively to cover this on the 1st and 8th of August and yes I did read it before.
 

Offline jonpaul

  • Super Contributor
  • ***
  • Posts: 3656
  • Country: fr
  • Analog, magnetics, Power, HV, Audio, Cinema
    • IEEE Spectrum
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #59 on: August 09, 2021, 02:42:31 pm »
You have no privacy anyway...Get over it!

Scott McNealy, founder of Sun Microsystems, 1999
An Internet Dinosaur...
 
The following users thanked this post: bd139

Offline Bud

  • Super Contributor
  • ***
  • Posts: 7276
  • Country: ca
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #60 on: August 09, 2021, 02:54:58 pm »
I'm not sure what people are concerned about? If you use Apple devices or upload data to any number of cloud services, this stuff has been happening for many years. Most people just don't bother to read the EULA before they click "agree".

This isn't new information.
And FBI paid a million dollars to a 3rd party to break into the shooter's iPhone because of why?
« Last Edit: August 10, 2021, 05:11:36 am by Halcyon »
Facebook-free life and Rigol-free shack.
 

Offline BravoV

  • Super Contributor
  • ***
  • Posts: 7549
  • Country: 00
  • +++ ATH1
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #61 on: August 10, 2021, 02:34:30 am »
And FBI paid a million dollars to a 3rd party to break into the shooter's iPhone because of why?

Probably inter departments ego thingy like NSA won't share it's backdoors to other depts, also from budgeting POV, and maybe corruption too, e.g.: Pegasus fiasco.

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #62 on: August 10, 2021, 05:11:57 am »
I'm not sure what people are concerned about? If you use Apple devices or upload data to any number of cloud services, this stuff has been happening for many years. Most people just don't bother to read the EULA before they click "agree".

This isn't new information.
And FBI paid a million dollars to a 3rd party to break into the shooter's iPhone because of why?


Because they wanted evidence from a handset and to do so required bypassing Apple's security. Such a thing wasn't available then (to the digital forensics community). That same technology can be bought today for peanuts (but you have to be a special person to buy it). Works all the way up to the current iPhones and IOS versions. Don't forget, the "San Bernardino" example was over 6 years ago now. A lot has changed since then.

You're also talking about acquiring data from an offline handset vs. analysing evidence on a live device or in-the-cloud. Also data acquisitions were possible even back then for older Apple handsets, just not the iPhone 5C.
« Last Edit: August 10, 2021, 05:16:17 am by Halcyon »
 

Offline PlainName

  • Super Contributor
  • ***
  • Posts: 7508
  • Country: va
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #63 on: August 22, 2022, 01:29:53 pm »
Just in case you thought "you won't have a problem if you've got nothing to hide", here's a precautionary tale of how Google will kill your digital life stone dead:

https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html

Quote
A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal.

Google has an automated tool to detect abusive images of children. But the system can get it wrong, and the consequences are serious.
 
The following users thanked this post: thm_w, SilverSolder, BrianHG, bd139

Offline SilverSolder

  • Super Contributor
  • ***
  • Posts: 6126
  • Country: 00
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #64 on: August 22, 2022, 01:55:22 pm »
Just in case you thought "you won't have a problem if you've got nothing to hide", here's a precautionary tale of how Google will kill your digital life stone dead:

https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html

Quote
A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal.

Google has an automated tool to detect abusive images of children. But the system can get it wrong, and the consequences are serious.

What a terrible story.   Really people who fall victim to false accusations like this should be entitled to compensation.

As for trusting Big Tech....   well, as long as you understand that the device and the information you put on it isn't your private property, their products are definitely usable.
 
The following users thanked this post: tooki, bd139

Online magic

  • Super Contributor
  • ***
  • Posts: 7453
  • Country: pl
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #65 on: August 22, 2022, 02:09:55 pm »
Those who think they are usable don't seem to understand it, though.

... or they wouldn't think such things ;)
 
The following users thanked this post: bd139

Offline SilverSolder

  • Super Contributor
  • ***
  • Posts: 6126
  • Country: 00
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #66 on: August 22, 2022, 02:55:06 pm »
Those who think they are usable don't seem to understand it, though.

... or they wouldn't think such things ;)

Haha yes, well, for calling your home to say you'll be a little late for dinner, they are probably OK! 

Making these devices the center of your life?  -  not so smart.
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23099
  • Country: gb
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #67 on: August 22, 2022, 03:37:42 pm »
Good article here as well on surveillance with a one liner that sums it up: https://pluralistic.net/2022/08/21/great-taylors-ghost/#solidarity-or-bust

“Successful shitty tech rollouts start with people you can abuse with impunity (prisoners, kids, migrants, etc) and then work their way up the privilege gradient.”
 

Offline Red Squirrel

  • Super Contributor
  • ***
  • Posts: 2757
  • Country: ca
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #68 on: August 22, 2022, 06:38:43 pm »
This is the kind of stuff that makes no not trust phones for anything.  Phones are basically designed from the ground up to breach our privacy in every way possible.  I run a custom rom (CalyxOS) on mine where they stripped out all the google stuff so I'm probably safer, but I still feel uneasy as I can't help but wonder if there is still spying stuff right at the chip level. Like a sub OS running at a lower level.   Phones are just so closed, and basically black boxes, it's not like PC where it's a bit more open and you have more control.  Though I do wonder about modern PCs with UEFI etc since they are basically running a mini OS right on the chip, and there are allegations that Intel CPUs themselves have software on them too with spying stuff built in.   I really hate how everything is just designed to spy on us now days and the majority of people just accept it because "I have nothing to hide".
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #69 on: August 23, 2022, 03:52:32 am »
I honestly don't understand what the big deal is? I think some people are quick to jump down Apple's throat, without knowing how this stuff works. Allow me to offer my view from a law enforcement perspective.

Hash sets derived from known child abuse material have been in existence for quite a long time now. There are a handful of "standard" ones that law enforcement and other companies use. The two biggest ones are Project VIC and CAID. The Australian Federal Police also maintain a hash set that is used by law enforcement agencies here. They only contain hashes of known child abuse material; that is, material that has already been viewed and classified by specialists in the field. They do not contain hashes of images/videos that "might be" child abuse material (an example of this might be an image of a young child where they may or may not be of legal age).

These hash sets are "open" in a sense that, if you are from an agency who has a need to investigate such matters, you can gain access to them. They are also available to manufacturers and developers of digital forensics products. They are not open to the general population for download, because the first thing the criminals will do is "wash" their material through these hash sets to ensure nothing matches.

They use algorithms which will not experience a hash collision, that way, every single file in the world will have it's own, unique hash. Comparing a hash against the hash of your personal files does not reveal private or sensitive information about you (unless you're a paedophile).

Secondly, Apple isn't the first to do this. If you upload content to any number of cloud platforms, whether it be Facebook, TikTok, Instagram, Google, Mega.io etc... etc... they will scan for this kind of content and notify law enforcement agencies if it's located. They will also hand over data (including customer information) when the appropriate authority is given. As a user of these services, you should already be aware of this as you've already agreed to it.

Having being the lead analyst in some of the most horrific and inhumane crimes imaginable, an individuals "privacy" is irrelevant in my opinion. Morally speaking, your human right to protect your dick pics from prying eyes doesn't trump the greater good of the community when these sorts of offences are involved.

Of course I'm generalising, and there will be valid arguments on both sides of the fence. I value my privacy just like anyone else, but at the end of the day, if it's not a system you designed, you likely don't have complete control of your data, so treat it as such. Ultimately, you as the end-user have a choice on where to spend your money or store your data. No one is forcing you.
« Last Edit: August 23, 2022, 03:57:18 am by Halcyon »
 
The following users thanked this post: SilverSolder, tooki

Online magic

  • Super Contributor
  • ***
  • Posts: 7453
  • Country: pl
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #70 on: August 23, 2022, 04:18:38 am »
They use algorithms which will not experience a hash collision, that way, every single file in the world will have it's own, unique hash.
You fell for propaganda.

It is guaranteed that there exist multiple pairs of files of length N+1, where N is the length of the hash, which map to the same hash value.
I don't even need to know anything about the hash to prove it, it's called "pigeonhole principle".
 
The following users thanked this post: Red Squirrel

Online bdunham7

  • Super Contributor
  • ***
  • Posts: 8176
  • Country: us
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #71 on: August 23, 2022, 04:24:52 am »
Allow me to offer my view from a law enforcement perspective...

...Morally speaking, your human right to protect your dick pics from prying eyes doesn't trump the greater good of the community when these sorts of offences are involved.

Legally and according the constitution of the US, I'd disagree and I'd point out that with a system like this, you and whoever are asking us all to take it on faith that the system works benevolently and in the limited manner that you say it does.  I'm not willing to extend that courtesy because I've seen grotesque abuses of such laws and presume that any such power is likely to be abused if it is wielded behind closed doors. 

The real sticking point here for some is that while we can understand how a cloud service might be compelled to do this with data uploaded to their system, and we might agree to it in the terms of service, in this case the intrusive search mechanism is being done on the users own hardware without their knowledge or consent.  In any other context this would probably not be acceptable to most, but if you throw in the pedophile bogeyman everyone feels powerless to protest.

Of course I don't want to defend pedophiles--nobody does--but that is what the overreachers are counting on--people not asking questions like "why is it a priority to hunt down people who may possess copies of old, known and widely circulated photos of children when in 99%+ of the cases they had absolutely nothing to do with the original crime, which may have happened years ago". 
A 3.5 digit 4.5 digit 5 digit 5.5 digit 6.5 digit 7.5 digit DMM is good enough for most people.
 
The following users thanked this post: SilverSolder, Red Squirrel

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #72 on: August 23, 2022, 04:37:49 am »
They use algorithms which will not experience a hash collision, that way, every single file in the world will have it's own, unique hash.
You fell for propaganda.

It is guaranteed that there exist multiple pairs of files of length N+1, where N is the length of the hash, which map to the same hash value.
I don't even need to know anything about the hash to prove it, it's called "pigeonhole principle".

Propaganda? It's called mathematics. Look at something like SHA-256... the probability of a hash collision is so extraordinarily small.

Of course I don't want to defend pedophiles--nobody does--but that is what the overreachers are counting on--people not asking questions like "why is it a priority to hunt down people who may possess copies of old, known and widely circulated photos of children when in 99%+ of the cases they had absolutely nothing to do with the original crime, which may have happened years ago". 

I'm not suggesting that anyone would be defending them, however child abuse is child abuse. Regardless of whether or not the images are "old" or otherwise. I personally don't see that as a lesser offence.
 

Online bdunham7

  • Super Contributor
  • ***
  • Posts: 8176
  • Country: us
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #73 on: August 23, 2022, 04:52:06 am »
however child abuse is child abuse. Regardless of whether or not the images are "old" or otherwise. I personally don't see that as a lesser offence.

A photo of child abuse is not child abuse, it is evidence of child abuse and in some cases and jurisdictions, a separate offense.  The original offense happened when the picture was taken.  For any other crime, the photo would simply be evidence of a crime and possession of the photo in and of itself would not be a separate crime.  However, there has been a (so far) singular exception carved out in most places now for photographic (and sometimes non-photographic) representations of sexual activity or even merely nudity involving minors.  I think not seeing the latter as a different type of offense than the first is being willfully obtuse.  And I've seen these laws applied in a grotesquely obtuse fashion on occasion, enough so that I am not willing to cede any privacy rights or anything else to support enforcement of them.
A 3.5 digit 4.5 digit 5 digit 5.5 digit 6.5 digit 7.5 digit DMM is good enough for most people.
 

Online magic

  • Super Contributor
  • ***
  • Posts: 7453
  • Country: pl
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #74 on: August 23, 2022, 05:45:21 am »
Propaganda? It's called mathematics. Look at something like SHA-256... the probability of a hash collision is so extraordinarily small.
Until it doesn't. They used to say the same about MD5.

At any rate, you made it sound like this property is somehow guaranteed, which is utter :bullshit:
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf