The thing that convulsed the internet for much of yesterday was this Reuters report that Apple decided against throwing away its keys to users’ encrypted iCloud backups after the FBI complained about encryption.
The word “after” does a lot of work in that formulation — it reads as though it’s meant to be about cause but might just simply be about chronology. Reuters itself didn’t come out and say that Apple chose to retain the ability to unlock your iCloud backups because it was worried about the FBI freaking out if it locked them down, but didn’t not not say that either. One source told the outlet that “Apple didn’t want to poke the bear,” the bear being the FBI.
The news isn’t that the iCloud loophole exists — we’ve always known that. If Reuters’ reporting is correct (and I have no reason to doubt it), the news is Apple’s rare about-face on its march to protect your data.
It’s caused a stir because the larger context is that the US Attorney General is accusing Apple of refusing to help with FBI investigations, a claim Apple strenuously denies. But inside that denial is also the awkward fact that Apple has access to that data in the first place via the iCloud loophole.
Apple set itself up as the paragon of privacy over the past year. I’d argue that Apple’s own rhetoric around privacy and security meant that anything less than perfectly private and secure data would be seen as a failure. And friends: there is no such thing as perfectly private and secure data.
To be clear, Apple really is doing a lot to try to limit the collection and spread of your data — that’s one of the core issues in the big Browser War I wrote about last week. It also has been way out ahead of the rest of big tech when it comes to on-device encryption. Other big tech companies should be doing more to follow Apple’s example when it comes to device encryption and tracking. Credit where due.
Speaking of credit where due — and I’m embarrassed to say I forgot about this until John Gruber mentioned it — Google offers full backup encryption that it can’t access on its servers for newer Android phones. (If only it would offer a more secure default messaging experience!)
Anyway, this whole story was all anybody in tech was talking about yesterday (until the Bezos phone hack story hit. Like I said, there’s a lot going on!). My favorite tweet on the whole fight comes from Joe Cieplinski, who puts the whole debate into exactly the right context:
I love that now the non-tech world thinks Apple is aiding terrorists, and the tech world is simultaneously thinking Apple is selling us out to the FBI. … Gotta love the complete absence of reason in our discourse these days.
I don’t know if there is a complete absence of reason, but the truth is that data privacy and encryption is Really Actually Quite Complicated. As much a we’d like it to be a simple binary choice between secure and not, the truth is that security is a spectrum. You make a trade-off every time you choose a password you have a ghost of a chance of remembering. Apple makes a trade-off when it chooses to keep the decryption key for iCloud backups.
The last time Tim Cook spoke directly to this issue that I’m aware of, he said Apple kept the keys for users who forget their passwords. That’s a legitimate use case, and whether you believe that to be the main reason or not is between you and your general level of trust in Apple and in big tech generally.
This debate has been a long time coming, by the way. It was already one of those things that tech people sort of knew but didn’t think much about when Walt Mossberg wrote about the “iCloud loophole” in 2016 in his column on The Verge. It was a vaguely troubling thing back in 2016. Now in 2020, it’s a much bigger story because Apple itself made it the story of the iPhone all of last year.
When you put up a giant billboard at the biggest consumer electronics show in America touting that “What happens on your iPhone stays on your iPhone,” as Apple did at CES in 2019, people tend to want to see you live up to it. When you follow it up with a “Privacy matters” ad in May, people expect you to live up to it. The heat on this topic is high in large part because Apple’s own rhetoric has been so vociferous.
This might sound like I’m railing against Apple for hypocrisy. I am not — yet. As I mentioned, data security is a spectrum and it’s difficult to understand how everything works in the first place. If I’m unhappy with Apple for anything, it’s for talking about data security and privacy in such absolutist terms.
And I get the impetus! Putting up a billboard that reads “Every security and privacy decision involves trade-offs and we are making the best choices we can in that regard without locking your phone down so much you can barely use it” isn’t going to sell a lot of phones. That’s not how marketing works.
What’s next? I expect a lot of hunkering down from Apple (it hasn’t responded to our request for comment, for example). I don’t know how long it can simply stay silent, however. The FBI and the Attorney General are definitely going to keep pushing. I doubt Apple’s big tech competitors will make hay about it in the way Apple itself has, but that doesn’t mean Apple’s users won’t demand better.
Apple’s choices for iCloud backups involve trade-offs that reasonable people can argue about. I don’t know that I agree with them (in fact I don’t think I do), but it would be nice to have an open, nuanced discussion about them. The problem is that, as Cieplinski tweeted, nuance and reason are in pretty short supply when it comes to discussions about encryption.
More stories from The Verge
└ Exclusive look at Cruise’s first driverless car without a steering wheel or pedals
Andrew Hawkins with the inside (pardon the pun) look at GM’s entry into the self-driving car discussion. Don’t miss the video, especially.
Inside are two bench seats facing each other, a pair of screens on either end… and nothing else. The absence of all the stuff you expect to see when climbing into a vehicle is jarring. No steering wheel, no pedals, no gear shift, no cockpit to speak of, no obvious way for a human to take control should anything go wrong. There’s a new car smell, but it’s not unpleasant. It’s almost like cucumber-infused water.
└ Microsoft’s CEO looks to a future beyond Windows, iOS, and Android
Tom Warren has a great write up of what a bunch of reporters learned about Microsoft’s strategy at a small summit in New York last week. This quote from CEO Satya Nadella is really something:
”Windows with its billion is good, Android with its 2 billion is good, iOS with its billion is good — but there is 46 billion more. So let’s go and look at what that 46 billion plus 4 [billion] looks like, and define a strategy for that, and then have everything have a place under the sun.”
└ Saudi Arabian prince reportedly hacked Jeff Bezos’ phone with malicious WhatsApp message
└ Google favors temporary facial recognition ban as Microsoft pushes back
James Vincent on the recent back and forth about facial recognition. Here’s an idea: what if we set tech policy by a democratic system involving our duly elected representative instead of whatever these corporations think is best for their image. Weird, I know.
So far, the market is indeed dictating the rules, with big tech companies taking different stances on the issue. Microsoft sells facial recognition but has self-imposed limits, for example, like letting police use the technology in jails but not on the street, and not selling to immigration services. Amazon has eagerly pursued police partnerships, particularly though its video Ring doorbells, which critics say gives law enforcement access to a massive crowdsourced surveillance network.
└ SpaceX successfully tests escape system on new spacecraft — while destroying a rocket
Loren Grush has all the details, including this bit from Elon Musk, who knows how to give a good quote:
But Musk said the Crew Dragon could have survived if it had been right on top of the fireball. “Since the spacecraft has a very powerful base heat shield, it should not really be significantly affected by the fireball,” Musk said. “It could quite literally look like something out of Star Wars, where it flies right out of the fireball.” Musk also noted that the Crew Dragon could do an escape like at any point during the climb to space, right up until it’s deployed into orbit.
└ Meet the 26-year-old socialist trucker running for Congress on TikTok
Great profile from Makena Kelly! Mostly, though, I’m going to be laughing for days over the phrase “yeet the rich.”
└ Sonos and Tile execs warn Congress that Amazon, Google, and Apple are killing competition
Adi Robertson’s story on one of the most engaging hearings I’ve seen in quite some time. I know it’s nothing like impeachment or having big tech CEOs testify, but if you care at all about the consumer tech ecosystem, you should pay attention. At the very least I recommend watching some of the surprisingly forthright opening statements from all of these companies — each of them could be snuffed out in an instant by Amazon or Google or Apple and those giant companies might not even notice they did it. The testimony starts at around the 45 minute mark here.
Things that are not modular and things that are
└ Sonos will stop providing software updates for its oldest products in May
Speaking of Sonos, this is a tough but probably necessary call. The fact that its system won’t update beyond what the oldest speaker in your network can handle is a bummer. Maybe in the future that won’t be a limitation. I cracked a joke on Twitter about how this is an example of why the lack of modular gadgetry is short-sighted. But it’s not really a joke. All the attempts to do it on phones have basically flopped — some so much so (Ara!) that it has poisoned consumers on the whole idea, which is a shame.
└ Riding 27 mph downhill on a Dot electric skateboard
Super fun video with with Becca Farsace. This board seems genuinely cool and modular (at least something can be in 2020!). Mixing and matching parts to get the thing to meet your needs is great. …The fact that it can’t brake when the battery is full is not so great.
└ Skip pulls back the curtain on the high costs of electric scooter maintenance
Modularity! Turns out re-purposing a bunch of scooters original designed for light, personal use into heavy-duty rideshare vehicles was a bad idea. Good on Skip for the transparency here, and hopefully we’ll see these things get more durable over time.
“It’s still early, and we can’t yet extrapolate the long term impact of 4,786 spare parts per 1M trips. Some parts will require replacement due to wear and tear as the fleet ages,” the company says. “But thus far, all parts failures have been caused by vandalism or as the result of premature material failures.”