iPhones are off limits to President Obama for "security reasons"

Senior Advisor

iPhones are off limits to President Obama for "security reasons"

http://nakedsecurity.sophos.com/2013/12/06/iphones-are-off-limits-to-president-obama-for-security-re...

 

iPhones are off limits to President Obama for "security reasons"

 

by Lisa Vaas on December 6, 2013 | 7 Comments

Filed Under: Android, Apple, BlackBerry, Featured, iOS, Mobile, Security threats

Obama, image courtesy of ShutterstockThe powers that be won't let US President Barack Obama use an iPhone because of security reasons, he told a group of young people while pitching his signature healthcare law at the White House.

From the Wall Street Journal's coverage:

I am not allowed, for security reasons, to have an iPhone.

However, the president's daughters, Sasha and Malia, do have iPhones and "seem to spend a lot of time" using them, he said.

President Obama is constrained to using a phone from the surprisingly enough still-not-dead BlackBerry.

All things Apple are not entirely forbidden, mind you. Mr. Obama can, in fact, use an iPad to scan news headlines and surf the internet, Vanity Fair reported last year.

What's so darn scary about the iPhone?

The US government didn't pass out details so we don't know if they've definitely found something they don't like or they just haven't finished looking yet.

If they're still mulling it over there are a few security-related things they'll want to look at:

That last predilection actually got Siri banned from IBM, given that Big Blue didn't take a shine to the idea that transcripts of its employees' musings would be lying around at Apple.

Another thing that's historically made the US government shy away from Apple is its apparent allergy to openness.

In 2012, when the US was moving to equip military and government officials with mobile devices, it specifically looked to Google's Android operating system to meet its security requirements.

Why not the iPhone? Because Apple has never let developers fiddle with its code as freely as Google has.

In February 2011, Apple did make a tentative step toward opening up, offering a copy of the developer preview of Mac OS X 10.7, aka Lion, to security researchers and asking for feedback - by invitation only, and only under a non-disclosure agreement regarding whatever researchers found.

That door wasn't ajar long. Nine months later, it slammed shut on security researcher Charlie Miller - aka "that Apple 0day guy" - who had the gall to uncover a potentially dangerous bug he found in iOS that allowed unapproved code to be run on iPads and iPhones.

Miller packed a proof-of-concept bug into a fake stock ticker program for distribution in Apple's App Store.

Apple didn't appreciate it.

Instead of thanking him for pointing out a dangerous hole with a harmless demo, they ripped up Miller's license as an Apple developer.

Obviously, Apple has a history of being a bit queasy when it comes to opening up its code.

Likewise, there is nothing surprising whatsoever about the Feds refusing to open the doors of the White House to the iPhone - at least, not to the commander in chief.

Sorry, President Obama. I hope that getting to use your iPad is some consolation.

3 REPLIES 3
Senior Advisor

Re: Top tech coalition demands limits on government surveillance

http://nakedsecurity.sophos.com/2013/12/09/top-tech-coalition-demands-limits-on-government-surveilla...

 

Top tech coalition demands limits on government surveillance

 

by Lee Munson on December 9, 2013 | 6 Comments

Filed Under: Apple, Featured, Google, Microsoft, Organisations, Privacy

Conference room image courtesy of ShutterstockEight of the world's leading technology companies have come together to call for a change in the way the US government conducts surveillance.

The companies - AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo - have created an alliance known as Reform Government Surveillance.

The group is asking the world's governments to reassess intelligence gathering practices following the leaking of various documents by whistle-blower Edward Snowden.

These leaks have, according to Microsoft's Brad Smith, lessened people's trust in technology. Smith said, "People won’t use technology they don’t trust. Governments have put this trust at risk, and governments need to help restore it."

The Reform Government Surveillance group has written to President Obama and Congress, arguing that current surveillance practices undermine individual freedoms, as protected by the US Constitution.

An open letter from the group recognised the need for domestic security measures but questioned the extent to which governments go in their collection of information:

Dear Mr. President and Members of Congress,
We understand that governments have a duty to protect their citizens. But this summer’s revelations highlighted the urgent need to reform government surveillance practices worldwide. The balance in many countries has tipped too far in favor of the state and away from the rights of the individual — rights that are enshrined in our Constitution. This undermines the freedoms we all cherish. It’s time for a change.

The tech coalition also requested changes be made to future surveillance, saying that:

We urge the US to take the lead and make reforms that ensure that government surveillance efforts are clearly restricted by law, proportionate to the risks, transparent and subject to independent oversight.

The group's campaign is not limited to simply writing a letter though. It has also defined five reform principals that it believes governments need to adopt:

  1. Limiting governments' authority to collect users' information - Sensible limitations should be employed in order to protect user privacy. Governments should cease bulk data collection and limit information-gathering to specific cases and in compliance with the law.
  2. Oversight and accountability - Intelligence agencies should be subjected to more checks and balances to ensure compliance with the law. Additionally, reviewing courts should be independent and important decisions should be made public in order to provide accountability.
  3. Transparency about government demands - Governments should be far more forthcoming in disclosing the surveillance techniques they employ so that meaningful debates can take place in respect of the scope and power of such programs. Companies should disclose information about government requests to their users.
  4. Respecting the free flow of information - Governments should allow the free flow of information between countries without any form of hindrance or requirements for service providers to maintain infrastructure within a particular country's borders.
  5. Avoiding conflicts among governments - There should be a better framework to facilitate data requests between different nations and other legal jurisdictions. To this end, the coalition suggests that some sort of treaty could be designed that would govern such requests in a robust and transparent way.

In many ways I applaud this move from some of the world’s largest technology companies but I can't help but wonder if there is a touch of hypocrisy about this campaign?

When I read a quote from Mark Zuckerberg, Facebook's CEO, in which he said ...

Reports about government surveillance have shown there is a real need for greater disclosure and new limits on how governments collect information

... I wondered if perhaps many of the principles put forth by the Reform Government Surveillance group could also be applied to at least some of the companies present in this alliance. After all, the likes of Facebook and Google are not adverse to collecting copious amounts of data about our lives.

For now, I'm not sure which concerns me the most - being spied upon in the name of national security or being spied upon in the name of consumerism.

Senior Advisor

Re: Tim Cook and Other Tech Executives to Meet With President Obama to Discuss NSA Surveillance

 

http://www.macrumors.com/2013/12/16/tim-cook-and-other-tech-executive-to-meet-with-president-obama-a...

 

Tim Cook and Other Tech Executives to Meet With President Obama to Discuss NSA Surveillance and Health Care Website

Tim Cook and other tech executives will meet with President Obama tomorrow to discuss the Healthcare.gov website, as well as "national security and the economic impacts of unauthorized intelligence disclosures". In addition, the group will discuss ways the Obama administration can partner with the tech sector to grow the economy and create new jobs.

According to a report from Time:
“Tomorrow, President Obama will meet with executives from leading tech companies to discuss progress made in addressing performance and capacity issues with HealthCare.Gov and how government can better deliver IT to maximize innovation, efficiency and customer service,” a White House official said. “The meeting will also address national security and the economic impacts of unauthorized intelligence disclosures. Finally, the President will discuss ways his Administration can partner with the tech sector to further grow the economy, create jobs and address issues around income inequality and social mobility.”
According to the report, the following executives will attend:

- Tim Cook, CEO, Apple
- **bleep** Costolo, CEO, Twitter
- Chad Dickerson, CEO, Etsy
- Reed Hastings, Co-Founder & CEO, Netflix
- Drew Houston, Founder & CEO, Dropbox
- Marissa Mayer, President and CEO, Yahoo!
- Burke Norton, Chief Legal Officer, Salesforce
- Mark Pincus, Founder, Chief Product Officer & Chairman, Zynga
- Shervin Pishevar, Co-Founder & Co-CEO, Sherpa Global
- Brian Roberts, Chairman & CEO, Comcast
- Erika Rottenberg, Vice President, General Counsel and Secretary, LinkedIn
- Sheryl Sandberg, COO, Facebook
- Eric Schmidt, Executive Chairman, Google
- Brad Smith, Executive Vice President and General Counsel, Microsoft
- Randall Stephenson, Chairman & CEO, AT&T

Earlier this month, Apple, Google and a number of other tech companies urged the President and Congress to reform government surveillance tactics.

Concerns about government use of user data collecting ramped up in June, when a U.S. government program named PRISM was revealed to be giving the U.S. National Security Agency direct access to user data on corporate servers across a wide spectrum of Internet companies including Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple.

In response, Apple published a statement of "Commitment to Customer Privacy" denying its participation in the NSA's program and teamed up with a number of tech companies to request greater NSA surveillance transparency, allowing it to provide customers with regular reports on security related requests. Last month, Apple published a report outlining statistics on government and law enforcement requests it received from January to the end of June.

Apple and other companies also met with President Obama in August to discuss privacy issues and government surveillance. Recently, Apple and 30 other technology corporations signed a letter urging the U.S. Congress to pass the Surveillance Order Reporting Act of 2013 and the Surveillance Transparency Act of 2013, which would result in increased surveillance disclosures and would give technology companies the right to publish detailed statistics on demands for user data.

Note: Due to the political nature of the discussion regarding this topic, the comment thread is located in our Politics, Religion, Social Issues forum. All MacRumors forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Senior Advisor

Re: Apple: How we slip YOUR data to govts – but, hey, we're not Google

Recap....

 

http://www.theregister.co.uk/2013/11/05/apple_transparency_report_sticks_thumb_in_eyes_of_google_fac...

 

Apple: How we slip YOUR data to govts – but, hey, we're not Google 'We have no interest in amassing personal information'

 

Apple has joined Facebook, Google, Microsoft, Twitter, and Yahoo!'s transparency club, releasing a detailed report on the numbers and types of requests for personal records it has received from law enforcement and government agencies around the world.

"We have reported all the information we are legally allowed to share," the report, issued Tuesday, states, "and Apple will continue to advocate for greater transparency about the requests we receive."

The report's Account Information Requests table, below (click to make readable), lists the exact number of requests received, acted upon, and other details from the 31 countries from which Apple received such requests. "Some countries are not listed in this report," a note reads, "because Apple has not received any information requests from the government there."

Among the 31, only one country disallows companies from revealing the exact number of requests. Yes, you guessed right: the good ol' U.S. of A.

Account Information Requests listing from Apple transparency report

"At the time of this report," Apple notes, "the U.S. government does not allow Apple to disclose, except in broad ranges, the number of national security orders, the number of accounts affected by the orders, or whether content, such as emails, was disclosed. We strongly oppose this gag order, and Apple has made the case for relief from these restrictions in meetings and discussions with the White House, the U.S. Attorney General, congressional leaders, and the courts."

Account requests, Apple says, commonly involve law enforcement asking for information regarding robberies or other crimes, as well as searches for missing persons or kidnapping victims.

"In very rare cases," the report says about account requests, "we are asked to provide stored photos or email. We consider these requests very carefully and only provide account content in extremely limited circumstances."

In the report, Apple manages the somewhat contortionistic feat of simultaneously patting itself on the back while sticking its thumbs in the eyes of such companies as Google, Facebook, Twitter, and the like. After saying that the privacy of their customers is "a consideration from the earliest stages of design for all our products and services" and that they "work hard to deliver the most secure hardware and software in the world," the thumbs comes out:

Perhaps most important, our business does not depend on collecting personal data. We have no interest in amassing personal information about our customers. We protect personal conversations by providing end-to-end encryption over iMessage and FaceTime. We do not store location data, Maps searches, or Siri requests in any identifiable form. ... Unlike many other companies dealing with requests for customer data from government agencies, Apple's main business is not about collecting information.

In addition to the information on requests for account information, Apple also provides details on device requests, of which they say "the vast majority" relate to lost or stolen devices. "These types of requests frequently arise when our customers ask the police to assist them with a lost or stolen iPhone, or when law enforcement has recovered a shipment of stolen devices."

Device Information Requests listing from Apple transparency report

Apple also notes that it has never received an order to release information under Section 215 of the USA PATRIOT* Act.

That section, under challenge by such civil liberties organizations as the EFF and the ACLU, allows the FBI – and who knows what other federal authorities – to obtain secret clearance from the FISA court to obtain information from a company about you and your activities, ostensibly to "to protect against international terrorism or clandestine intelligence activities." The company must hand over that info to the investigators under a gag order that prevents them from ever informing you+world+dog that they even received the order.

"We would expect to challenge such an order if served on us," Apple says. However, we may never know whether or not they were so served, or if they challenged such an order. Section 215 remains the law of the the land here in the good ol' U.S. of A. ®

Bootnote

* Do know that the USA PATRIOT Act is so capitalized because its common name is an acronym for its full name: the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001.