Apple’s Strong Stance on Privacy and Why Sony Must Follow

Sony_Security_Camera

Earlier today, Apple CEO, Tim Cook, wrote one of the most important declarations you’ll likely hear from a company or politician in some time. At the heart of the debate is our privacy which seems to be shrinking every day in our ever-connected and digital world. Ever read those terms and services when you sign up for an account? How about the amount of data a company like Google is mining from you? There is a reason Android is ‘free’ and offered to each vendor – and the same goes for Gmail, etc.

The US government vs. Apple

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.

The Need for Encryption

Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.

All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.

Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.

For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.

The Threat to Data Security

In today’s digital world, the key to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

A Dangerous Precedent

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

Now, what if you read this entire memo with a slight twist?

More from Rene:

Make no mistake, what is being asked of Apple should horrify not just those in the U.S. but around the world. Nothing made can be unmade. Nothing used once will only ever be used once. The moment after an easy way to brute-force passcodes exists we, none of us, will be safe. A few criminals may be more easily investigated, but catastrophically more people will be subject to unlawful searches, hacks, theft, blackmail, and other crimes. Everywhere.

Read Cook’s letter again, but substitute the FBI for Chinese Intelligence. Imagine China, soon to be a bigger market for Apple than even the U.S., making this demand so they can more easily track and prosecute those they claim to be criminals. Then imagine it being used by governments at war with their own citizens. Now do it again, but this time with Russia’s FSB. Or once more with the NSA.

Imagine when it falls into the hands of everyone from organized crime and terrorists to lone hackers and criminals. Imagine falling asleep while the person you just met sneaks into the other room, replaces the software on your phone, and slips out with your every picture, password, message, and location. And if caught, they’re just fine — they used the same back door to replace the software with a underground version eliminating the back door.

After the jump, how this all related to Sony.

History

In the past decade, Sony has had a troubling history with security. PSN and Qriocity were hacked to near death, PlayStation continues to get DDoS attacked nearly every holiday season, and Sony Pictures was crippled for over a month by North Korea in 2014. After every attack, Sony does its due diligence to take care of its customers but the damage has already been done (to both Sony and the consumer).

In fact I haven’t even written about every single Sony hacking incident and yet when I searched SRN, I was astounded by how many times I wrote about a part of Sony getting hacked.

To this day, many people give Sony’s services a pause before signing up for them, knowing that their information is at risk. Till now, this hasn’t been directly related to privacy policies but more due to lacked security standards. However, with the stance the US government is taking with Apple, users of Sony products could soon not only be worried about hackers, but the government itself as well.

As Tim Cook wrote

 The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge. 

Now think of the future of PlayStation which continues to push into the cloud with services like PS Now and PS Vue. Think of all the connected PlayStation Cameras, the information on Android TVs, the photos and personal data on Xperia smartphones and tablets. Sure, that’s a jump right now – but take all these scenarios and apply them to VR/AR products that are connected to you and work as an extension of you and the government is able to simply tap into them if they suspected something. And if not our government, another government, and certainly if not them, other hackers who now know that exploits and backdoors exist by default due to companies needing to comply with law enforcement officials.

So what does this have to do with Sony?

With their troubled past of security, Sony hasn’t had the best of reputations with consumers about their most basic data and the stakes are only going to rise in the future when more devices have more of our information. Sony might not wield the same weight as Apple or Facebook on this subject but if there was ever a time for the company to talk security and privacy, it would be now. With so much conversation about the topic being held, Sony should stand with Apple and tell its users that their information is sacred to them and that the company won’t simply bend when the (insert China, Russia, Saudi Arabia, etc.) government comes knocking on their door for some piece of information.

From John Gruber:

Sundar Pichai, in a series of tweets:

Important post by @tim_cook. Forcing companies to enable hacking could compromise users’ privacy.

Could?

We know that law enforcement and intelligence agencies face significant challenges in protecting the public against crime and terrorism.

We build secure products to keep your information safe and we give law enforcement access to data based on valid legal orders.

But that’s wholly different than requiring companies to enable hacking of customer devices & data. Could be a troubling precedent.

Could be?

Looking forward to a thoughtful and open discussion on this important issue.

Could Pichai’s response be any more lukewarm? He’s not really taking a stand, and the things he’s posing as questions aren’t actually in question. I’m glad he chimed in at all, and that he seems to be leaning toward Apple’s side, but this could be a lot stronger.

In a time when even Google CEO (Sundar Pichai) is taking a cowardly stance on such a pivotal topic that will set a precedence for decades to come, Sony needs to lead the charge and tells its users that the company values their privacy above all else.

The past is the future

I chose not to originally write about this ludicrous story but when the horrific Paris attacks took place a few months back, reports soon came out that the individuals behind the attacks used PS4 and PSN as a way of communicating and coordinating their attacks. Belgium’s Deputy prime minister and minister of Security and Home Affairs, Jan Jambon:

 The thing that keeps me awake at night is the guy behind his computer, looking for messages from IS and other hate preachers.

PlayStation 4 is even more difficult to keep track of than WhatsApp

The most difficult communication between these terrorists is via PlayStation 4

It’s very, very difficult for our services – not only Belgian services but international services – to decrypt the communication that is done via PlayStation 4 

News quickly spread on the subject with Sony finally commenting on matters:

PlayStation 4 allows for communication amongst friends and fellow gamers and, in common with all modern connected devices, this has the potential to be abused. However, we take our responsibilities to protect our users extremely seriously and we urge our users and partners to report activities that may be offensive, suspicious or illegal. When we identify or are notified of such conduct, we are committed to taking appropriate actions in conjunction with the appropriate authorities and will continue to do so.

What’s absolutely insane about this story, one that Ford erroneously covered, is that the comments by Jambon were made a week prior to the Paris attacks yet the topic quickly turned about how those attackers likely used the service to coordinate when in reality, Jambon was simply implying terrorists could. If the US government was to have their way and defeat Apple, what’s to say that for security’s sake, European governments don’t ask or push Sony to route all game chat audio through their own NSA like servers? Who’s to say the next time you’re playing Call of Duty and talking about killing players and blowing things up, somewhere out there, that bit of data isn’t misinterpreted and you soon have police knocking on your door?

Remember Minority Report? Here is Maurice Chammah on St. Louis cops embracing crime-predicting software:

HunchLab, produced by Philadelphia-based startup Azavea, represents the newest iteration of predictive policing, a method of analyzing crime data and identifying patterns that may repeat into the future. HunchLab primarily surveys past crimes, but also digs into dozens of other factors like population density; census data; the locations of bars, churches, schools, and transportation hubs; schedules for home games — even moon phases. Some of the correlations it uncovers are obvious, like less crime on cold days. Others are more mysterious: rates of aggravated assault in Chicago have decreased on windier days, while cars in Philadelphia were stolen more often when parked near schools.

Now add that to the ability of government having a backdoor into any device which means anybody can have access. By the way, did you know Sony has a security division which sells cameras and other related products?

Discuss:

Do you think Sony should enter into this debate?

[Via AppleiMore, DaringFireball, Verge]

  • Martin

    I think all tech companies should stand united in their opposition to government intrusion in our lives. And as you said, not just the government but the annoying ass hackers and organized crime. The choice is clear…. either we keep our liberties and right to privacy at the risk of tragedies in Paris and California or we become a police state. I for one, do not live in the fear many have succumbed to after the terrorist attacks.

  • Aside from PS-related stuff, I don’t know how they can follow. They are not controlling the software they are using and whatever they are controlling is used by less than 0.2% of all smartphone/tablet owners…

  • I think PlayStation is a big part of it, seeing how that’s where they’re doing numbers but even on Android (phones and TVs), Sony from a hardware vender point could create backdoors since once they get Android in their hands, they can do as they see fit.

  • I doubt it will remain unnoticed then as all FWs are in open access. It’s like trying to make a backdoor in a Linux distribution… Besides, I’m sure the real backdoors are in the cloud, for all companies, including apple, google and ms. For MS it’s basically confirmed for their outlook and skype platforms. Google is like one big backdoor, tracking everything you do, and spying on all of your data. Thus I see Apple doing a good PR game out of nothing, knowing very well that FBI is asking to open ONE particular phone for them, not to build a backdoor they sure already have… Casual readers don’t get that and are ready to stand in line to support their naked king in an imaginary fight against “ze system”. As of Sony – I’m sure they already have a backdoor for PS infrastructure, as a primary requirement for doing trouble-free business in the US, if you know what I mean.