Senator Tom Cotton Slams Apple CEO Tim Cook For Protecting User Privacy; Demonstrates Pure Ignorance Of The Law
from the this-is-who-we-elect? dept
As you may have heard, last night Apple CEO Tim Cook was on 60 Minutes. The overall story really wasn't all that insightful for anyone who's been following Apple for any length of time, but what got a lot of attention was Tim Cook reiterating his position on protecting the privacy of Apple users through encryption. Here's basically the entire exchange:Charlie Rose: In the government, they say it's like saying, you know, you have a search warrant, but you can't unlock the trunk.Same basic stuff he's said before. Nothing new. Nothing controversial. But grandstanding Senator Tom Cotton apparently flipped out about it and pushed out a statement that shows a rather stunning ignorance of the law.
Tim Cook: Here's the situation is on your smartphone today, on your iPhone, there's likely health information, there's financial information. There are intimate conversations with your family, or your co-workers. There's probably business secrets and you should have the ability to protect it. And the only way we know how to do that, is to encrypt it. Why is that? It's because if there's a way to get in, then somebody will find the way in. There have been people that suggest that we should have a back door. But the reality is if you put a back door in, that back door's for everybody, for good guys and bad guys.
Charlie Rose: But does the government have a point in which they say, "If we have good reason to believe in that information is evidence of criminal conduct or national security behavior?"
Tim Cook: Well if, if the government lays a proper warrant on us today then we will give the specific information that is requested. Because we have to by law. In the case of encrypted communication, we don't have it to give. And so if like your iMessages are encrypted, we don't have access to those.
Charlie Rose: OK, but help me understand how you get to the government's dilemma.
Tim Cook: I don't believe that the tradeoff here is privacy versus national security.
Charlie Rose: Versus security.
Tim Cook: I think that's an overly simplistic view. We're America. We should have both.
"Apple is a distinctive company that has improved the lives of millions of Americans. But Tim Cook omitted critical facts about data encryption on 60 Minutes last night. He claimed that Apple does not comply with lawful subpoenas because it cannot. While it may be true that Apple doesn't have access to encrypted data, that's only because it designed its messaging service that way. As a society, we don't allow phone companies to design their systems to avoid lawful, court-ordered searches. If we apply a different legal standard to companies like Apple, Google, and Facebook, we can expect them to become the preferred messaging services of child pornographers, drug traffickers, and terrorists alike--which neither these companies nor law enforcement want. Our society needs to address this urgent challenge now before more lives are lost or shattered."Of course, Senator Tom Cotton apparently didn't bother to read the actual law dealing with the issue of "assistance capability requirements" because, among other things, it says:
A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.So, yes, as a society we do allow companies to design their systems with encryption. It's in the law.
And there's a good reason why we do that. Because it makes everyone safer. Again, the idea that this suddenly creates a "going dark" problem where "child pornographers, drug traffickers, and terrorists alike" are able to hide out from the law is a massive exaggeration -- which is why the government has still failed to show any real examples of it being a serious problem. Even with encryption, people engaged in illegal behavior leave plenty of other evidence. Even with encryption, basic detective work can usually track down those responsible. Even without encryption, people have always been able to communicate in ways that defy warrants and surveillance orders (e.g., talking in person or writing in code).
The whole idea that this is a big problem is wrong on multiple levels. First, the "problem" is barely a problem at all. Second, those who are attacking encryption, like Senator Tom Cotton, don't seem to have the first clue about how much encryption protects everyone and makes us safer from the actual threats that people face.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, going dark, law enforcement, tim cook, tom cotton
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
Lead by Example
Senator Cotton, access your email via public wifi without encryption, chat with your family without encryption, and do your online banking on sites without encryption. I give it 2 weeks before we have pictures of a mistress, we find out your wife is cheating on you, and you're 9 trillion dollars in debt.
Or we could just agree that catching terrorists should be done the same as catching any other criminal - under the law, with a warrant, not in secret, and as a CRIME, not some strange class of extra-judicial quasi-war thing we don't even have a word for.
Lead by example, Senator. If you aren't willing to do that, keep your poorly thought out ideas to yourself.
[ link to this | view in chronology ]
Re: Lead by Example
This is a mild example. I was going to say that without encryption, we'd find his iMessage texts to underage boys about gay porn.
And why is it that so many legislators who think they're "crusaders" are always hiding some kind of sick secret like this?
[ link to this | view in chronology ]
Tom Cotton: "Because that would be unsafe, than anyone could just walk in"
Me: "Ohhhh really....."
[ link to this | view in chronology ]
Completely unrealistic I know, and would likely lead to more of a "class" system. Where politicians and the elite are allowed to have encryption, security and privacy, while the rest of the serfs only get to use weak, or no, encryption.
[ link to this | view in chronology ]
2020
[ link to this | view in chronology ]
Re: 2020
[ link to this | view in chronology ]
Re: 2020
[ link to this | view in chronology ]
Does anyone really think backdooring our encryption would make any difference toward their stated goal? Lets assume a law is passed and every U.S. company instantly gives (lets arbitrarily pick) the U.S. government and only the U.S. govt a backdoor into their encryption.. Even if this is magically perfect and the backdoor isn't discovered 2 days later by hackers, what scenario doesn't have some app made in China/Russia/wherever without this law take over as the preferred communication standard for anyone willing to make the effort?
Is this law supposed to cover the scenario where the terrorists are restricted to U.S. communication devices, are also are too lazy to install something secure on them, and lastly still choose to use these devices rather than a secure method to send critical messages to each other knowing there is a law to ensure they can be read by the U.S. govt?
[ link to this | view in chronology ]
But they don't. Ask anyone of the 21.5 million folks affected by the OPM data breach. The government can't even safely secure the data it has, yet it has no problem telling Apple how to do so?
To mirror Chuck's comment - lead by example, and prove YOU can safely work with a compromised encryption system FIRST.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Response to: Anonymous Coward on Dec 21st, 2015 @ 12:12pm
[ link to this | view in chronology ]
Mr. Cotton forgot to include the Fourth Horsemen of the Infocalypse, Serial Killers. Now his prophesy about internet technology bringing about the end of world as we know it, is complete.
https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalypse
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
oh wait, TSA locks...
[ link to this | view in chronology ]
And the facts are...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Good terrorists (sic) don't obtain cel phones; they let their assistants who won't be part of any operation carry the phone(s). All the 'juicy' communications are face-to-face; any cel phone or email use usually is just to set up meetings.
[ link to this | view in chronology ]
Re: Re:
Kind of like politicians who thing the internet is totally useless because they let their secretary do all the email, banking, reservations, shopping and so on?
[ link to this | view in chronology ]
Need a new bill
Then we can sit back and watch as all the backdoor enthusiasts shift their positions.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: why the law was quoted
response to a warrant ?
Turns out that the law in question specifically says they are allowed to instead of forbidding them.
Oh, that warrant includes some "reasonable suspicion" language does it not ?
Why can't LE pursue that instead of wanting a written confession via a decrypted phone ?
In other words, "Go back to doing your job instead of looking for an easy out."
[ link to this | view in chronology ]
Re:
... and the quote clearly states that they aren't. Particularly the part that says "and the carrier possesses the information necessary to decrypt the communication."
Despite Senator Cotton's claim otherwise, Apple is squarely within the standard that telecommunications companies are held to.
[ link to this | view in chronology ]
Re: Re:
"Because Senator Cotton was saying that telecommunications carriers are responsible for decrypting communications on their networks."
No, he didn't. That's not what he said at all.
He said this:
"we don't allow phone companies to design their systems to avoid lawful, court-ordered searches."
Which is true. As stated in the law:
"A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt... unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication."
Mike Masnick's article is completely incorrect, as is your response to it. Nice work, everybody.
[ link to this | view in chronology ]
Re: Re: Re:
This is being said as if the law disallows the creation and sale of ultimately secure devices. It does not. Go cry some more.
[ link to this | view in chronology ]
Re: Re: Re:
The law makes it clear that telcos don't have to build backdoors into their encryption systems. Cotton is wrong.
And so are you.
[ link to this | view in chronology ]
Re: Re: Re: Re:
As previously pointed out, Apple is not a telecommunications carrier.
So your boneheaded application of a law that has nothing to do with Apple makes you look like the truly silly person you are.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
And if you're arguing that the law shouldn't be applicable at all, because 'Apple isn't a telecommunications carrier', then have fun coming up with the justification for why telecommunications carriers are not forbidden to implement encryption on their services, but other companies are.
The law not only allows telecommunications carriers to implement encryption that they cannot themselves break, it forbids law enforcement from requiring them not to, and if it applies to those that supply the services that carry the communications, then I see no reason why it shouldn't also apply to those that sell the devices used for communications.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Idiots tend to have difficulty understanding things no matter how they are written.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Reading comprehension is really not your strong suit. What I wrote is perfectly clear. But since you're apparently a bit slow, let's spell it out for you.
1. Apple says it cannot decrypt its encryption because that's impossible.
2. Senator Cotton says we don't allow "phone companies" to build encryption that can't be decrypted by third parties, so we shouldn't allow Apple to do so.
3. I point out the law that shows we DO allow phone companies to build encryption that can't be decrypted by 3rd parties, showing that Senator Cotton is wrong.
As previously pointed out, Apple is not a telecommunications carrier.
Senator Cotton used "phone companies" as his example. I pointed out that phone companies are allowed to make encryption products. How hard is that for you to understand?
So your boneheaded application of a law that has nothing to do with Apple makes you look like the truly silly person you are.
Try looking in a mirror. Senator Cotton was talking about what the law says for *phone companies* and suggesting we should apply the same law to Apple. So the relevant standard is what it says for phone companies.
Wanna apologize now? You're wrong.
[ link to this | view in chronology ]
Nope
[ link to this | view in chronology ]
Re: Nope
Right. That's the point. Cotton claimed that the law forbids telcos from using encryption that they can't decrypt. But the law actually says the exact opposite.
We got it right.
[ link to this | view in chronology ]
Doing it for the children...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Yeah, a lot of people seem to think that encryption only began with "duh internets!"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Unless they are subject to CALEA. Skype was allegedly forced to add intercept capability to their software because they interface with PSTN. IP only services are not forced to under CALEA.
[ link to this | view in chronology ]
Hardly. Any competent-minded individual who doesn't allow his/her thought process to be guided by headlines has come to the accurate determination that these companies share data, wholesale and under the table, with the federal government, all the while pushing the illusion they're at odds with each other in the press. They WANT you to trust Apple (et all) with your data, while they peruse it at their absolute leisure - a scenario they enjoyed more so prior to Snowden, but not so much now, thanks to him. What you see in the press currently is a feverish attempt to reestablish that former status between these unholy alliances (face it, when you're joined at the hip with the federal government, and lying through your damn teeth to cover it up, that's a fairly accurate label).
[ link to this | view in chronology ]
Senator Tom Cotton "Picken Crazy" Says He Believes in Unicorns
[ link to this | view in chronology ]
We are as much a victim of the false War on Terror, as those being bombed & killed by drones around the world to extend the empire.
[ link to this | view in chronology ]
So when we break encryption...
Will the government finally simply end copyright entirely? HDMI, QAM, AACS and many other encryption algorithms are used by multiple tiers of content providers such as cable providers, movie makers and more. Since bypassing encryption will be mandated by our government, making it much more trivial to bypass for everyone, are we simply going to end copyright in our country since now anyone will be able to copy and share anything, anywhere in the world?
Will the Government end its war on Child Pornography? Encryption protects the wifi available not only in many public places, but also in our homes too. Since an IP address used by someone to view or download or share such things will be completely useless once encryption has been compromised fully and anyone can use any wifi access point available, are we simply going to stop going after them?
Will you personally be held responsible for the rise in car thefts once encryption has been compromised and the transmission between your keyfob and your car is much more easily hacked?
Encryption is literally everywhere in our society now. This is the part many of the proponents of surveillance both understand and yet fail to understand. Its not just in your cell phone and on your computer. Its in your car, your cable box, your TV, your alarm panel, your workplace doors, your xbox and playstation, your satellite stereo, your medical devices, your vehicle control systems, and so many more things I really have trouble singling them out. Calling for a weakening of encryption is like advocating a return to the stone age. It SHOULD be damned hard to crack it, but it should be so difficult only a Government could afford to reasonably do so.
We spent hundreds of years encrypting by hand, and breaking those ciphers. Its always been a catch-up game for the governments of the world. It always will be. And it should be. Breaking encryption is not something the government should be advocating, its something the government should be silently doing in the background.
That's how Dad did it.
That's how America does it.
And its worked out pretty well so far. The only real problem is that the NSA et al got caught with their hands in the cookie jar. Which, if they'd not been violating our own citizen's rights by hoovering up such massive amounts of data, would have been much less of a problem. There is nothing to fix about Encryption. There is plenty to fix about government entities running out of control and violating the Constitution. Fix that first.
[ link to this | view in chronology ]
Re: So when we break encryption...
Of course not. It doesn't work that way. You'll just be SOL.
[ link to this | view in chronology ]
Re: So when we break encryption...
Yesyes, and you don't surmise there's something wrong about it?
Because the maxim, obviously not in America, was "gentlemen don't read other gentlemen's mail".
Quite clearly, some people are not gentlemen here..
[ link to this | view in chronology ]
FISC should get involved.
[ link to this | view in chronology ]
But maybe there is a way: Have the phone/computer log into Santa Claus' workshop and check the user against the nice list and the naughty list.
Ho Ho Ho!
[ link to this | view in chronology ]