Apple CEO Tim Cook today blasted the U.S. government and other tech companies for failing to support the use of encryption to ensure consumers' privacy.
Cook spoke to the Electronic Privacy Information Center's 2015 “Champions of Freedom” event in Washington, D.C., where he was honored for corporate leadership. Cook did not attend the event in person, but did speak remotely to give an impassioned speech in support of encryption and personal privacy.
“Let me be crystal clear: Weakening encryption or taking it away harms good people who are using it for the right reasons. And ultimately, I believe it has a chilling effect on our First Amendment rights and undermines our country's founding principles,” Cook said.
Encryption essentially refers to putting plain text into code that's impossible to read unless you have the encryption key. It's the only way to keep your data truly secure from hackers, identity thieves and sundry other criminals.
That's why in 2012, the FBI's “New E-Scams and Warnings” website published an article urging smartphone owners to “be aware of malware targeting mobile devices, and safety measures to avoid compromise,” which included the following helpful hint: “Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.”
But the following year, James Comey took over as FBI director and brought with him a completely different view of encryption: he thinks it will only benefit bad people, and ought to be illegal.
"Very dark place"
Last September, when Apple (under CEO Cook) launched its iPhone6, it bragged about the phone's strong security features, including automatic data encryption. Comey responded by saying that data encryption would lead to a “very dark place,” and said he was “very concerned” about what he considered “companies marketing something expressly to allow people to place themselves beyond the law.”
And last month, when a wide variety of organizations ranging from civil-liberty groups and privacy advocates to tech companies and trade associations to security and policy experts sent President Obama an open letter (.pdf here) urging him to reject any legislation that would outlaw secure encryption, Comey called the letter “depressing.”
“I frankly found it depressing because their letter contains no [acknowledgment] that there are societal costs to universal encryption …. All of our lives, including the lives of criminals and terrorist and spies, will be in a place that is utterly unavailable to the court-ordered process. That, I think, to a democracy should be very concerning,” Comey said.
Encryption, of course, does not make it utterly impossible for police and courts to stop dangerous criminals. Even if a phone's data is encrypted, the police or FBI can still get at it – they just can't do it remotely, without your knowledge. Instead, they'll need to get a warrant first, as outlined in the Constitution, which the FBI Director finds “depressing” although he said otherwise in his Oath of Office, when he affirmed that “I, James B. Comey, do solemnly swear that I will support and defend the Constitution of the United States [and] I take this obligation freely, without any mental reservation.” That said, it is debatable whether going to a “very dark place” or otherwise suffering symptoms of a depressive episode anytime he's exposed to the mere idea that constitutional limits on the government might apply to new technology as well as old actually qualifies as a “mental reservation" of the sort mentioned in the FBI Director's Oath of Office.
Indeed, the government appears to hate encryption so much, it's willing to risk violating international law to stop it. One of the many revelations from National Security Agency whistleblower Edward Snowden was that in 2009 and 2010, the NSA and its British equivalent, the Government Communications Headquarters or GCHQ, teamed up to hack into a Dutch company that manufactured subscriber identity modules (or SIMs) for smartphones, and stole the encryption keys used to protect the privacy of cell-phone users all over the world. As The Intercept noted in February:
The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. ...
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
It's against this contentious background that Tim Cook gave his speech on Monday. Among other things, Cook reaffirmed his prior opposition to any requirements that encrypted devices have a “back door” law enforcement could use to read data without an encryption key or the owner's knowledge: “If you put a key under the mat for the cops, a burglar can find it too.”
(Indeed, NSA “backdoor” mandates have already led to led to major security flaws. In March, for example, Microsoft issued an advisory about a then-recently discovered security vulnerability affecting “all supported releases of Microsoft Windows” – namely, Windows was susceptible to a security flaw known as FREAK (a not-quite-acronym for “Factoring attack on RSA-EXPORT Keys”), which makes it possible for attackers to spy on supposedly secure communications. FREAK is also a problem for Android, iOS and OS X users – and, as it turns out, the FREAKshow vulnerability was directly due to NSA backdoor demands.)
Other tech companies
In addition to government policies, Cook also criticized (without mentioning by name) other tech companies for collecting and selling users' personal data.
“I'm speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information,” Cook said in his remote speech to EPIC's Champions of Freedom conference. “They're gobbling up everything they can learn about you and trying to monetize it. We think that's wrong. And it's not the kind of company that Apple wants to be.”
Still, most of Cook's speech focused on what he called the “battle over encryption.” He said that government agencies (such as the Department of Homeland Security) who oppose encryption on the grounds that it helps the country's enemies are actually “hoping to undermine the ability of ordinary citizens to encrypt their data,” and that outlawing secure encryption “as some in Washington would like us to do, would only hurt law-abiding citizens who rely on us to protect their data. The bad guys will still encrypt; it's easy to do and readily available.”