There is a technical term economists like to use for behavior like this. Unbelievable chutzpah.
One potentially good thing out of all this, Tim Cook will address it directly tomorrow in front of the Senate:
Mr. Cook is expected to emphasize that Apple is most likely “the largest corporate income tax payer in the U.S., having paid nearly $6 billion in taxes to the U.S. Treasury” in the last fiscal year. “Apple does not use tax gimmicks,” Mr. Cook is expected to testify.
He is expected to seek to rebut the Congressional findings by arguing that some of Apple’s largest subsidiaries do not reduce Apple’s tax liability, and to argue in support of a sweeping overhaul of the United States corporate tax code – in particular, lowering rates on companies moving foreign overseas earnings back to the United States. Apple currently assigns more than $100 billion to offshore subsidiaries.
This story, the day before Cook testifies to the Senate, is probably the worst thing Apple PR could have dreamed of. I wouldn’t want to be in Cook’s shoes tomorrow though, by the same token, if I were an American taxpayer I’d be pissed as all hell about Apple’s actions regardless of the legality of those actions.
It’s been widely reported that the DEA San Jose office is unable to conduct surveillance of Apple iMessages. The note is revealing in its very phrasing; the author(s) state that:
While it is impossible to intercept iMessages between two Apple devices, iMessages between an Apple device and a non-Apple device are transmitted as Short Message Service (SMS) messages and can sometimes be intercepted, depending on where the intercept is placed. The outcome seems to be more successful if the intercept is placed on the non-Apple device. (emphasis added)
Note that despite the ‘encryption’ the agent(s) recognize that they can sometimes intercept messages. Importantly they are ‘more successful’ when the intercept is on the non-Apple device. Their phrasing suggests one of the following:
- Authorities are occasionally able to intercept messages between Apple devices; or
- Authorities are occasionally able to intercept messages that are inbound to an Apple device that are sent from a non-Apple device.
Either situation is interesting, insofar as the former raises questions of the efficacy of Apple’s encryption process and the latter questions about where a tap is placed pre-encryption in the Apple network.
More broadly, however, the challenge facing the DEA is one that is already encountered by investigators around the world. In fact, the DEA is in a pretty envious position: most of the major ‘messaging’ companies have some degree of corporate presence in the US and can thus be easily served with a wiretap order. Sure, a host of orders might need to be issued (one to Apple, one to Facebook, one to Google, etc etc) but this is a possible course of action.
Officers outside of the US that want similar access to messages that flow outside of SMS channels experience a different reality. They tend to need a MLAT or other cross-national warrant might be needed. Such warrants are incredibly time consuming and, as a result, resource intensive. These kinds of pressures are, in part, responsible for the uptick in discussions around state agents serving malware to mobile and fixed computing systems: it just isn’t practical to ‘wiretap’ many of these communications anymore, on the basis that the companies running the services are beyond the authorities’ jurisdictions.
So, while encryption is (fortunately) becoming more and more common, this isn’t necessarily the ‘solution’ to third-parties intercepting communications. Indeed, all it means is that attackers (in this case, the state) are targeting the far softer domains of the communications infrastructure: everything around the encryption layer itself.
I still think [Apple] should go back to Dropbox with a blank check and just ask how many zeros they need to put at the end to make it happen.
I think that this is on the mark, in the sense that iCloud is gross and Apple needs to do better. I also hope it never comes to be, given how much I use Dropbox on non-Apple devices and products.
One of my concerns at the time was network reliability. So, I brought Ken Kocienda, the first Safari engineer, with me to troubleshoot since he wrote so much of our networking code. If necessary, Ken could also diagnose and duct tape any other part of Safari too. He coined one of our team aphorisms, “If it doesn’t fit, you’re not shoving hard enough.
Don Melton, “Safari is released to the world”