Tuesday, 18 November 2014

Left Foot Forward, Right Foot Back


iOS 8 was released with much fanfare just a couple of months ago. Apple’s CEO, Tim Cook, went on to elaborate on his company’s stand on the side of the privacy of its users. It was an interesting and, in my opinion, a good angle to sell one’s gadgets with; but it was also forced upon him by the recent hijacking of celebrity nude photos from Apple’s own backyard. Then we started hearing the FBI complaining that iOS 8’s fully encrypted smartphones, and the equivalents that Google had promised to deliver, would spell disaster for society as we know it through the freedom they provide.
All this raises questions: between all the hype and the self interest, where are we really with iOS 8 and – for that matter – OS X Yosemite, the latest version of the Mac’s operating system that was released along similar time lines? Have the privacy wars just been won by the users, or are iOS 8 and Yosemite much of the same?
Let’s start by looking at what we know. I will start with the positives.

iOS 8 seems to deliver on one big major promise: it is the first smartphone whose data is owned by its owner by default. In more complicated words, it encrypts its entire contents with a key that is based on the passcode determined by the user. With no one else having knowledge of this passcode, not even Apple, no one can grab hold of the information stored on the smartphone without resorting into hacking. This may not sound like much, but it is a big deal given the wealth of information people store on their phones nowadays.
So far so good; now, let’s look at the negatives.

It only took a few days after iOS 8 was released for us to hear that one of Apple’s major promises in the area of privacy, the ability to evade wifi tracking, was nothing but a blatant lie. Once Apple’s implementation was examined it was found to be, at least by this self proclaimed expert’s opinion, a bad case of bullshit spin.
Along came the Yosemite release to add fuel to the fire. First we heard complaints that, by default, Spotlight searches on one’s Mac now call on the Internet without users being alerted to the fact. Then we heard worse news: we heard that applications saved their data to Apple’s iCloud automatically and intermittently, as in not necessarily when the users click on the “Save” button. The catch here is that users often keep shorthand notes of deeply private stuff as temporary notes that, at best, they would save locally only (on their encrypted by default hard drives). Now, however, Apple will save this information by default to its iCloud services. And thanks to Mr Edward Snowden we know what happens next: the NSA drinks up all the information up there, courtesy of its PRISM program.
As mentioned in my previous post, Yosemite does other nasty things. Things like calling home to Apple to inform it of every search you do in Safari. This one isn’t even an opt out feature, like the automatic iCloud saves; this one is a feature users cannot get away from as long as they use Safari.
[19/11/2014 update: It occurred to me I neglected to mention finding out that under Yosemite, Apple collects the email addresses used in its Mail OS X application, too.]
Learning about the way iCloud behaves under Yosemite made me pay attention to how it behaves under iOS 8. A few paragraphs earlier I mentioned that under iOS 8, your iGadget’s data is safely yours; however, there is an exception to the rule: the data on your gadget is safe, but the date you save on iCloud isn’t. It’s open season to the NSA’s PRISM. And there’s a good chance that, like me, you back your iGadget to iCloud, because – hey – who wants to lose their data?
The catch is that I do not want all my data backed up. If, for example, I have an app for PGP encrypted emails on my iPhone, I do not want my encryption keys to be backed up on iCloud under the NSA’s watchful eye. Apple gives me the option of cancelling this app’s iCloud backup, but only after it was already backed up to iCloud the first time around. By then it was too late for yours truly.

Now that we’ve seen the evidence at hand, what do I make of it all?
Apple should be commended for pioneering the fully encrypted smartphone. However, there are many light years between having that and having a truly secure smartphone: As The Intercept has informed us, there are companies earning their bread by hacking into smartphones to strip their data away. As learnt from recent competitions, it is not all that hard for a hacker worthy of their title to break into the world’s most popular smartphones. Given this knowledge, we can rest assured that when the FBI is crying foul at Apple’s encryption it is simply lying; for an organisation such as the FBI, the question of “can we hack our way into an iOS 8 iPhone” is not a yes/no question but rather a “which of the hundred possible methods for hacking an iPhone are we going to use today?”
The key difference is not in the FBI’s ability to penetrate the device but on the legality of doing so. Whereas before they could slide the phone under the table and ask Apple to do so for them without anybody in the world knowing it, actively hacking into a smartphone carries legal repercussions with it. iOS 8 did not prevent the FBI from hacking into devices; it just forced the FBI to answer to the law while doing so.
All the while, as the FBI is crying foul, the NSA is sucking Apple users’ information away like there’s no tomorrow through iCloud. They don’t even need to make an effort; cloud technology ensures our information is uploaded directly to the NSA servers, thank you very much.

In conclusion, let us go back to Tim Cook’s declarations on Apple and its stand for the privacy of its users. I will call bullshit on those. Sure, Apple made sure that if one iPhone is stolen, there won’t be much the average thief would be able to do with it. However, as far as protecting its users from Big Brother, both in the shape of the governments tracking our every move as well as in the shape of commercial interests wishing to make a buck of the things we hold private?
Through misleading its users with its spin, Apple took us a step backwards.


Image by Mike Lau, Creative Commons (CC BY-NC-SA 2.0) licence

No comments: