Tim Cook

On Same Day Cabinet Decided to Punt on Back Doors, Tim Cook Said NSA Would Stop Asking for Them

The WaPo has an update on the Administration’s debate about whether to push for legislation for back doors. It reports that the Obama Administration decided to punt — and not ask for legislation right now while continuing efforts to cajole companies to back door their own products. WaPo even provided the date that decision was made: October 1.

“The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry,” FBI Director James Comey said at a Senate hearing Thursday of the Homeland Security and Governmental Affairs Committee.

The decision, which essentially maintains the status quo, underscores the bind the administration is in — between resolving competing pressures to help law enforcement and protecting consumer privacy.


The decision was made at a Cabinet meeting Oct. 1.

“As the president has said, the United States will work to ensure that malicious actors can be held to account – without weakening our commitment to strong encryption,” National Security Council spokesman Mark Stroh said. “As part of those efforts, we are actively engaged with private companies to ensure they understand the public safety and national security risks that result from malicious actors’ use of their encrypted products and services.”

I’m particularly interested in the date given that’s when Tim Cook gave an interview (see NPR’s excerpts) where he stated fairly clearly the NSA would not ask for back doors, but FBI might.

Apple CEO Tim Cook said he doesn’t think we will hear the U.S. National Security Agency asking for a back door into our iPhones, at least not any more. In an interview on NPR’s All Things Consideredon Thursday, Mr. Cook implied that even the FBI is coming around on the need for end-user encryption.

The intelligence community has asked for a back door. They want access into the communications that are going through Apple’s devices. No?

Tim Cook: I don’t think you will hear the [National Security Agency] asking for a back door.

Robert Siegel: The FBI?

Tim Cook: There have been different conversations with the FBI, I think, over time. And I’ve read in the newspapers myself. But my own view is everyone’s coming around to some core tenets. And those core tenets are that encryption is a must in today’s world. And I think everyone is coming around also to recognizing that any back door means a back door for bad guys as well as good guys. And so a back door is a nonstarter. It means we’re all not safe.

When I first read this interview, I was struck by Cook’s certainty about the NSA, compared to his uncertainty about FBI. I wondered at the time whether that certainty meant that the rumored FISC request for a back door was ultimately rejected, which would close off the possibility for NSA for the moment(that would affect FBI, too, but only part of FBI’s requests).

Given the coincidence of these two events — Cook’s stated certainty and the cabinet decision not to pursue back doors right now — I’m all the more curious.

Has FISC secretly told the government it can’t force Apple to back door its products?

On the Apple Back Door Rumors … Remember Lavabit

During the July 1 Senate Judiciary Committee hearing on back doors, Deputy Attorney General Sally Yates claimed that the government doesn’t want the government to have back doors into encrypted communications. Rather, they wanted corporations to retain the back doors to be able to access communications if the government had legal process to do so. (After 1:43.)

We’re not going to ask the companies for any keys to the data. Instead, what we’re going to ask is that the companies have an ability to access it and then with lawful process we be able to get the information. That’s very different from what some other countries — other repressive regimes — from the way that they’re trying to get access to the information.

The claim was bizarre enough, especially as she went on to talk about other countries not having the same lawful process we have (as if that makes a difference to software code).

More importantly, that’s not true.

Remember what happened with Lavabit, when the FBI was in search of what is presumed to be Edward Snowden’s email. Lavabit owner Ladar Levison had a discussion with FBI about whether it was technically feasible to put a pen register on the targeted account. After which the FBI got a court order to do it. Levison tried to get the government to let him write a script that would provide them access to just the targeted account or, barring that, provide for some kind of audit to ensure the government wasn’t obtaining other customer data.

The unsealed documents describe a meeting on June 28th between the F.B.I. and Levison at Levison’s home in Dallas. There, according to the documents, Levison told the F.B.I. that he would not comply with the pen-register order and wanted to speak to an attorney. As the U.S. Attorney for the Eastern District of Virginia, Neil MacBride, described it, “It was unclear whether Mr. Levison would not comply with the order because it was technically not feasible or difficult, or because it was not consistent with his business practice in providing secure, encrypted e-mail service for his customers.” The meeting must have gone poorly for the F.B.I. because McBride filed a motion to compel Lavabit to comply with the pen-register and trap-and-trace order that very same day.

Magistrate Judge Theresa Carroll Buchanan granted the motion, inserting in her own handwriting that Lavabit was subject to “the possibility of criminal contempt of Court” if it failed to comply. When Levison didn’t comply, the government issued a summons, “United States of America v. Ladar Levison,” ordering him to explain himself on July 16th. The newly unsealed documents reveal tense talks between Levison and the F.B.I. in July. Levison wanted additional assurances that any device installed in the Lavabit system would capture only narrowly targeted data, and no more. He refused to provide real-time access to Lavabit data; he refused to go to court unless the government paid for his travel; and he refused to work with the F.B.I.’s technology unless the government paid him for “developmental time and equipment.” He instead offered to write an intercept code for the account’s metadata—for thirty-five hundred dollars. He asked Judge Hilton whether there could be “some sort of external audit” to make sure that the government did not take additional data. (The government plan did not include any oversight to which Levison would have access, he said.)

Most important, he refused to turn over the S.S.L. encryption keys that scrambled the messages of Lavabit’s customers, and which prevent third parties from reading them even if they obtain the messages.

The discussions disintegrated because the FBI refused to let Levison do what Yates now says they want to do: ensure that providers can hand over the data tailored to meet a specific request. That’s when Levison tried to give FBI his key in what it claimed (even though it has done the same for FOIAs and/or criminal discovery) was in a type too small to read.

On August 1st, Lavabit’s counsel, Jesse Binnall, reiterated Levison’s proposal that the government engage Levison to extract the information from the account himself rather than force him to turn over the S.S.L. keys.

THE COURT: You want to do it in a way that the government has to trust you—
BINNALL: Yes, Your Honor.
THE COURT: —to come up with the right data.
BINNALL: That’s correct, Your Honor.
THE COURT: And you won’t trust the government. So why would the government trust you?
Ultimately, the court ordered Levison to turn over the encryption key within twenty-four hours. Had the government taken Levison up on his offer, he may have provided it with Snowden’s data. Instead, by demanding the keys that unlocked all of Lavabit, the government provoked Levison to make a last stand. According to the U.S. Attorney MacBride’s motion for sanctions,
At approximately 1:30 p.m. CDT on August 2, 2013, Mr. Levison gave the F.B.I. a printout of what he represented to be the encryption keys needed to operate the pen register. This printout, in what appears to be four-point type, consists of eleven pages of largely illegible characters. To make use of these keys, the F.B.I. would have to manually input all two thousand five hundred and sixty characters, and one incorrect keystroke in this laborious process would render the F.B.I. collection system incapable of collecting decrypted data.
The U.S. Attorneys’ office called Lavabit’s lawyer, who responded that Levison “thinks” he could have an electronic version of the keys produced by August 5th.

Levison came away from the debacle believing that the FBI didn’t understand what it was asking for when they asked for his keys.

One result of this newfound expertise, however, is that Levison believes there is a knowledge gap between the Department of Justice and law-enforcement agencies; the former did not grasp the implications of what the F.B.I. was asking for when it demanded his S.S.L. keys.

I raise all this because of the rumor — which Bruce Schneier inserted into his excerpt of this Nicholas Weaver post — that FBI is already fighting before FISC with Apple for a back door.

There’s a persistent rumor going around that Apple is in the secret FISA Court, fighting a government order to make its platform more surveillance-friendly — and they’re losing. This might explain Apple CEO Tim Cook’s somewhat sudden vehemence about privacy. I have not found any confirmation of the rumor.

Weaver’s post describes how, because of the need to allow users to access their iMessage account from multiple devices (think desktop, laptop, iPad, and phone), Apple technically could give FBI a key.

In iMessage, each device has its own key, but its important that the sent messages also show up on all of Alice’s devices.  The process of Alice requesting her own keys also acts as a way for Alice’s phone to discover that there are new devices associated with Alice, effectively enabling Alice to check that her keys are correct and nobody has compromised her iCloud account to surreptitiously add another device.

But there remains a critical flaw: there is no user interface for Alice to discover (and therefore independently confirm) Bob’s keys.  Without this feature, there is no way for Alice to detect that an Apple keyserver gave her a different set of keys for Bob.  Without such an interface, iMessage is “backdoor enabled” by design: the keyserver itself provides the backdoor.

So to tap Alice, it is straightforward to modify the keyserver to present an additional FBI key for Alice to everyone but Alice.  Now the FBI (but not Apple) can decrypt all iMessages sent to Alice in the future.

Admittedly, as heroic as Levison’s decision to shut down Lavabit rather than renege on a promise he made to his customers, Apple has a lot more to lose here strictly because of the scale involved. And in spite of the heated rhetoric, FBI likely still trusts Apple more than they trusted Levison.

Still, it’s worth noting that Yates’ claim that FBI doesn’t want keys to communications isn’t true — or at least wasn’t before her tenure at DAG. Because a provider, Levison, insisted on providing his customers what he had promised, the FBI grew so distrustful of him they did demand a key.

The ameriMac

Presumably because of Apple’s rocky PR and financial results of late, Tim Cook gave two purportedly “Exclusive!” interviews, to NBC News and Businessweek. The big takeaway from both “Exclusives!” was the same, however: that Apple will move some production of the Mac back to the US next year.

You were instrumental in getting Apple out of the manufacturing business. What would it take to get Apple back to building things and, specifically, back to building things in the U.S.?
It’s not known well that the engine for the iPhone and iPad is made in the U.S., and many of these are also exported—the engine, the processor. The glass is made in Kentucky. And next year we are going to bring some production to the U.S. on the Mac. We’ve been working on this for a long time, and we were getting closer to it. It will happen in 2013. We’re really proud of it. We could have quickly maybe done just assembly, but it’s broader because we wanted to do something more substantial. So we’ll literally invest over $100 million. This doesn’t mean that Apple will do it ourselves, but we’ll be working with people, and we’ll be investing our money.

Thus far, I have not seen any acknowledgment that this move comes just two months after Lenovo made a similar announcement, that it was going to bring production of formerly IBM products back to Tim Cook’s old stomping grounds in IBM’s former production hub of North Carolina.

And so, perhaps predictably, the analysis of the move has been rather shallow. NBC first focuses on the jobs crisis here, and only later quotes Cook’s comments about skills (which echoes Steve Jobs’ old explanation for why Apple produced in China).

Given that, why doesn’t Apple leave China entirely and manufacture everything in the U.S.? “It’s not so much about price, it’s about the skills,” Cook told Williams.

Echoing a theme stated by many other companies, Cook said he believes the U.S. education system is failing to produce enough people with the skills needed for modern manufacturing processes. He added, however, that he hopes the new Mac project will help spur others to bring manufacturing back to the U.S.

“The consumer electronics world was really never here,” Cook said. “It’s a matter of starting it here.”

Businessweek also focuses on job creation (though Cook makes it clear that he doesn’t think Apple has to create manufacturing jobs, just jobs, which is consistent with his suggestion that someone else will be assembling the Mac in the US).

On that subject, it’s 2012. You’re a multinational. What are the obligations of an American company to be patriotic, and what do you think that means in a globalized era?
(Pause.) That’s a really good question. I do feel we have a responsibility to create jobs. I don’t think we have a responsibility to create a certain kind of job, but I think we do have a responsibility to create jobs.

Matt Yglesias purports to look for an explanation of Apple’s onshoring in this excellent Charles Fishman article on the trend. But with utterly typical cherry-picking from him, he finds the explanation in the 125 words that Fishman devotes to lower US wages rather than the remaining 5,375 words in the article, which describe how teamwork–teamwork including line workers–leads to innovation and higher quality.

Which is too bad, because Fishman’s article and Cook’s comments to Businessweek set up a pretty interesting dialogue about innovation.

Before I look at that, though, let me point to this other comment from Cook, which may provide a simpler explanation for the insourcing.

The PC space [market] is also large, but the market itself isn’t growing. However, our share of it is relatively low, so there’s a lot of headroom for us.

We know Lenovo is insourcing to better provide customized ThinkPads quickly. Here, Cook suggests he sees a way to pick up market share in the PC space. I would suggest it likely the Mac insourcing relates to this perceived market opportunity, and would further suggest that Apple’s reasons might mirror Lenovo’s own: to deliver better responsiveness to US-based customers, if not actual customization (though that would be news).

But that’s not what I find so interesting about the way the Fishman article and Cook interview dialogue.

Fishman’s article largely focuses on why GE has brought production back to its Appliance City in Louisville, KY. And while more docile unions and energy costs are two reasosn GE has made the move, the biggest benefit is that when entire teams–including line workers–focused on products, they could build better quality move innovative products more cheaply. Continue reading

Computer Returns

The Chinese computer company, Lenovo, which bought IBM’s PC division in 2004, has announced it will be opening a small production facility in North Carolina next year.

The world’s No. 2 personal-computer maker says the PC production line now being built at a facility in Whitsett, N.C., will allow the company to become more responsive to U.S. corporate clients’ demand for flexible supplies and product customization. Although the cost of U.S. production will be higher compared with overseas production, an added benefit will be to raise Lenovo’s profile in the U.S., where it ranks fourth in market share by shipment.


Lenovo executives said the new production line isn’t a temporary publicity stunt. “I believe this is the first of many steps to increase our production capability,” Mr. Schmoock said. “I’m very, very bullish about what I can get out of this facility.”

Gerry Smith, Lenovo’s head of global supply chain, said the decision to set up a production site in the U.S. is in line with the company’s broader strategy of localizing its production in major markets as much as possible.

The move is interesting simply as a reflection of the way that more customized manufacturing–as Lenovo’s higher-end computers can be–is localizing.

But there’s also an irony here, given all the attention on Apple’s production in China, most recently with the Foxconn riots coinciding with the release of the iPhone 5.

But what it does is present an alternative strategy, with products Cook knows well, as a way to compete better against (among others) Cook’s current company.

If Cook can only get those Apple maps to work he might even return to the Southeast to see how this works!

Before Tim Cook became VP and ultimately CEO of Apple, he worked at IBM–what would become Lenovo’s US headquarters–in North Carolina on manufacturing logistics. And this move is effectively a return of ThinkPad production to IBM’s former stomping grounds.

Apple’s still not going to bring device assembly to the US anytime soon. They sell generic widgets, not customized machines as this plant will produce. And even as expensive as their products are within segments, most of what they sell is still much cheaper than a loaded laptop.

Emptywheel Twitterverse
emptywheel @lib_ertarian_ I wish we would too. Q is how we go about doing that.
emptywheel @StephenZimmermn He was more saying that give all other restrictions everyone tackles at knees, no matter where on field.
emptywheel @cakeninja10 No, I'll be the first to point out the ways that their promises about the dragnet proved to be false. As they did in Paris.
JimWhiteGNV @emptywheel Meh. Gronk's long history of throwing defenders out of his way is finally catching up to him. He earned extra scrutiny.
emptywheel Don't actually think they should be but it's a crappy football year. Go Carolina! https://t.co/FwRi3o8Y6w
emptywheel RT @NEPD_Loyko: I've missed furious Belichick. He is disgusted by your questions!
emptywheel Also who injured BillBel in his center forehead?
emptywheel WTF BillBel gives a presser in a jacket? Writing off the season.
emptywheel @weems Chipotle makes enormous burritoes. @sarahjeong @TyreJim
emptywheel RT @SharkStopper: @Siborg6 @emptywheel I am a NY Giant fan who have the Patriots # but the Patriots were robbed tonight!!!
emptywheel Brady notes that low hits (AKA knees!) where people are allowed to hit now.
November 2015
« Oct