| ▲ | crazygringo a day ago |
| I'm curious why Apple has let it get this far that court cases are underway and WaPo is writing an article about it. What's in it for Apple? Surely it's easy enough to define some kind of verification process based on various pieces -- phone number, credit card, purchase receipt, etc. -- and requiring a police report to be filed or something. And this isn't like Google or Facebook where accounts are free, preventing manual account recovery from being scalable. People spend thousands of dollars on Apple devices across phones and laptops and more. People who don't spend money on Apple generally aren't keeping their data in iCloud. I'm confused because it seems like the rational, profitable thing for Apple to do here is to have these procedures for account recovery. So what's stopping them? Is there some kind of huge liability question if they ever facilitate giving access to the wrong person? |
|
| ▲ | wmf a day ago | parent | next [-] |
| If Apple can unlock the account from your stolen iPhone they can also unlock your account for the gestapo. Whether it's worth throwing normal people under the bus to protect a few dissidents is a matter of values on which people are going to have differing opinions of course. |
| |
| ▲ | crazygringo a day ago | parent | next [-] | | That doesn't make sense. This isn't a technical hurdle, is it? Apple already can unlock your account "for the gestapo" if they choose to. If the users have enabled Advanced Data Protection and don't have another Apple device, then I can understand why it would be lost for good. But that doesn't seem to be the case in these lawsuits. They make it clear that Apple has access to the data, and could transfer/restore it if they wanted to. | | |
| ▲ | itissid a day ago | parent | next [-] | | Not all data. Not storing location history data is an example of not opening this for gestapo by ommision. For e.g. Apple does not furnish user location info on geo fence warrants because it can't.
I believe Google just made a change towardssm this direction too.
It's a fine line on what data to keep to unlock for a warrant and how to make services better based off centralized user data. | |
| ▲ | JumpCrisscross a day ago | parent | prev [-] | | > Apple already can unlock your account "for the gestapo" if they choose to But they don't. | | |
| ▲ | nativeit a day ago | parent [-] | | Not sure why this is getting down-voted. There are several high-profile instances of Apple refusing to assist law enforcement in gaining access to devices. I recognize this is cold comfort, and provides only marginal reassurance for the future. That said, for the moment, "But they don't," is a perfectly accurate assessment. |
|
| |
| ▲ | IlikeKitties a day ago | parent | prev | next [-] | | This irks me A LOT and is simplified to the point of being incorrect, yet lots of people here make the same logical errors. Protecting the contents of peoples devices and accounts with strong encryption and hardware security is great for the individual and protects them from thieves and governments alike. If Apple designed their devices so that they cannot unencrypt the content without the users secret passsword, that's sensible for a lot of users. But E-Mail Addresses and Accounts are derivatives of your identity and companies should have ways of returning your accounts to you, even if the content is lost, in case of stolen identities. I am pretty paranoid about this stuff and only store private data using encryption and on trusted devices running mostly hardened FOSS software (Graphene OS, Fedora Secure Blue, OpenSuse MicroOS, etc.) and my backups are rcloned encrypted to the cloud. Yet for my most important e-mail that is bound to paypal, banking, shopping etc. I use posteo. They do this exactly right. I have personally tested contacting their support to return access to the e-mail address in case of a "lost password". After some validation, they returned access for it to me, but the encrypted content was unrecoverable. That is exactly what any responsible company should do. | | |
| ▲ | throwaway48476 a day ago | parent [-] | | The people suing didn't turn on E2E encryption. The government could already get access to their data via subpoena. Apple already has access to their data as well. Apple just doesn't want to be forced into doing basic customer service. |
| |
| ▲ | BolexNOLA a day ago | parent | prev [-] | | >to protect a few dissidents Your opinion seems to be to trivialize how important this can be, which fine you do you, but I think saying it only protects "a few dissidents" is a bit ridiculous. Every protest I've filmed at I hit the lock button 5 times so it forces a passcode. I feel secure knowing the police can't just take it and start scrolling - they need a warrant or they're bust. You don't have to be a dissident to need your privacy. | | |
| ▲ | SR2Z a day ago | parent | next [-] | | I think the point here is that either Apple has the technical ability to access your account (in which case they will be forced to do it by the government regardless) or they don't (in which case this lawsuit is ridiculous). The middle ground option where Apple has the ability to do this but is also somehow able to take a stand against the government is kind of difficult to support, because it doesn't make much sense. | |
| ▲ | VincentEvans a day ago | parent | prev [-] | | >hit lock button 5 times so it forces a passcode I didn’t know what that meant - so I googled it. And it says something entirely different…. Quote:
Pressing the lock button (or side button) five times quickly on an iPhone or many Android devices will activate Emergency SOS. This will prompt a countdown and eventually, if not cancelled, initiate a call to emergency services, potentially alerting emergency contacts and sharing your location. | | |
| ▲ | _rutinerad a day ago | parent [-] | | I just tried on my iPhone and it does not do that, there is no countdown. It will force a passcode and give you the option to call SOS, shut off your phone or show your medical id. | | |
| ▲ | Aloisius a day ago | parent [-] | | It's a setting (Settings > Emergency SOS). It used to be on by default and do a little siren sound before calling emergency services. Personally, I just open the slide-to-turn-off phone screen instead (hold volume + side button for a couple seconds). Once that screen is loaded, it'll require a passcode to unlock after you cancel out. |
|
|
|
|
|
| ▲ | duskwuff a day ago | parent | prev | next [-] |
| > Surely it's easy enough to define some kind of verification process based on various pieces -- phone number, credit card, purchase receipt, etc. -- and requiring a police report to be filed or something. Apple has such a process in place: https://support.apple.com/en-us/118574 (The details aren't all laid out on that web page, but Apple support may ask for information like purchase records to confirm ownership.) What I think is at issue here is that it will only restore access to an account which is not currently being accessed. If an account is being accessed from a logged-in device, Apple is unwilling to cut off the current user's access to that account and hand it over to another party. And, quite honestly, I can see where Apple is coming from with this policy. Arbitrating access to a contested account can get really messy (e.g. consider a scenario where an abusive partner is trying to access the victim's online accounts). |
| |
| ▲ | crote a day ago | parent [-] | | I think you're jumping the gun here. An account is supposed to belong to a single person. If you are able to definitively prove that you are that person (for example, by showing up to an Apple store with your ID card), you should be able to restore access to it. An abusive partner won't have access to that. Refusing restoration when someone else has access to it is understandable, but it works the other way around as well: an abusive partner would be able to prevent the legitimate owner from accessing the account. I think it's far more likely that Apple just can't be bothered. Dealing with stuff like this is messy and complicated, and they aren't going to lose any revenue from those few thousand people a year losing their account and all their data. | | |
| ▲ | theshrike79 14 hours ago | parent [-] | | > An account is supposed to belong to a single person. Supposed to yes. But in practice there are WAAY too many adults giving their kids devices without a specific child account. People have shared FB profiles ffs. |
|
|
|
| ▲ | cyral a day ago | parent | prev | next [-] |
| > Is there some kind of huge liability question if they ever facilitate giving access to the wrong person? This is what I was thinking as I read the article. Imagine what will be written about them when they do give iCloud access to an impostor. Depending on what's on their account thieves could dedicate a ton of time to social engineering Apple into recovering the account. The article mentions police reports being "proof", but that doesn't seem like solid evidence considering how easy it could be to fake a police report from one of the tens of thousands of jurisdictions in the US. This is a problem for a lot of industries actually, i.e. banks and death certificates. |
|
| ▲ | JumpCrisscross a day ago | parent | prev | next [-] |
| > Surely it's easy enough to define some kind of verification process based on various pieces -- phone number, credit card, purchase receipt, etc. -- and requiring a police report to be filed or something Given the stakes, Cupertino may have decided that it does not wish to arbiter such disputes. Requiring a court order shifts the dispute to that forum. |
| |
| ▲ | wmf a day ago | parent [-] | | Will Apple obey court orders? Have they ever? | | |
| ▲ | JumpCrisscross a day ago | parent [-] | | > Will Apple obey court orders? Have they ever? What on earth are you referring to? | | |
| ▲ | nativeit a day ago | parent [-] | | https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d... | | |
| ▲ | Aloisius a day ago | parent | next [-] | | In the primary case on that page, the court ordered Apple to assist the FBI or provide a reason why it would be an undue burden. Apple provided a reason it was an undue burden. A hearing was scheduled. The FBI withdrew the request and the order was vacated. That's not exactly the same as refusing to comply with a court order. | |
| ▲ | votepaunchy a day ago | parent | prev [-] | | The part where the judge sided with Apple and found the FBI requests were found to be unsupported by law? |
|
|
|
|
|
| ▲ | aianus a day ago | parent | prev | next [-] |
| They don’t want to give these powers to a large number of customer service reps who can be bribed or coerced or socially engineered into transferring accounts to bad guys. Look what happened to the mobile carriers and sim-jacking. |
|
| ▲ | anxman 20 hours ago | parent | prev | next [-] |
| Bad actors have compromised the government systems already: https://krebsonsecurity.com/2024/11/fbi-spike-in-hacked-poli.... If Apple complies with those, it means bad actors can also use these vectors. |
|
| ▲ | popalchemist a day ago | parent | prev | next [-] |
| My gut tells me that they don't want to either set the precedent or let it be known that they can access your data and give/revoke access remotely, because it pokes a hole in their E2E encryption claims and opens the door to demands for backdoor access from governments. |
| |
| ▲ | lxgr a day ago | parent | next [-] | | Having access but pretending not to seems like the worst of both worlds. Various entities will still be able to get to the data, while users might incorrectly assume that that's not the case. | |
| ▲ | throwaway48476 a day ago | parent | prev | next [-] | | In this case it wasn't E2E encrypted in the first place. | |
| ▲ | lelandbatey a day ago | parent | prev [-] | | It doesn't "poke a hole" in anything. The only way you get the full E2E encryption Apple talks about is if you enable "Advanced Data Protection", which none of the people in the article did, per the article. Apple could decrypt and return the data because Apple has the keys. Apple is refusing to do so. |
|
|
| ▲ | underseacables a day ago | parent | prev | next [-] |
| I think corporate responses to most things like this is to deny and avoid until forced to get involved. It should not take WaPo getting involved but it seems to be the norm for big tech companies. |
|
| ▲ | leptons a day ago | parent | prev | next [-] |
| >People spend thousands of dollars on Apple devices As long as the people cut off from the walled garden amount to less than a rounding error in Apple's bottom line, they simply don't care. They will only care when a judge forces them to care, as we had to find out the hard way in a class action lawsuit against Apple. We won, but they lost us as lifetime customers. My wife even owns Apple stock and refuses to buy anything else from them and warns others against it. They could have made it right for practically no cost to them, but they chose the dick move, and they were forced to pay out in the end anyway. |
|
| ▲ | Henchman21 a day ago | parent | prev [-] |
| [flagged] |
