Tim Cook

On the Apple Back Door Rumors … Remember Lavabit

During the July 1 Senate Judiciary Committee hearing on back doors, Deputy Attorney General Sally Yates claimed that the government doesn’t want the government to have back doors into encrypted communications. Rather, they wanted corporations to retain the back doors to be able to access communications if the government had legal process to do so. (After 1:43.)

We’re not going to ask the companies for any keys to the data. Instead, what we’re going to ask is that the companies have an ability to access it and then with lawful process we be able to get the information. That’s very different from what some other countries — other repressive regimes — from the way that they’re trying to get access to the information.

The claim was bizarre enough, especially as she went on to talk about other countries not having the same lawful process we have (as if that makes a difference to software code).

More importantly, that’s not true.

Remember what happened with Lavabit, when the FBI was in search of what is presumed to be Edward Snowden’s email. Lavabit owner Ladar Levison had a discussion with FBI about whether it was technically feasible to put a pen register on the targeted account. After which the FBI got a court order to do it. Levison tried to get the government to let him write a script that would provide them access to just the targeted account or, barring that, provide for some kind of audit to ensure the government wasn’t obtaining other customer data.

The unsealed documents describe a meeting on June 28th between the F.B.I. and Levison at Levison’s home in Dallas. There, according to the documents, Levison told the F.B.I. that he would not comply with the pen-register order and wanted to speak to an attorney. As the U.S. Attorney for the Eastern District of Virginia, Neil MacBride, described it, “It was unclear whether Mr. Levison would not comply with the order because it was technically not feasible or difficult, or because it was not consistent with his business practice in providing secure, encrypted e-mail service for his customers.” The meeting must have gone poorly for the F.B.I. because McBride filed a motion to compel Lavabit to comply with the pen-register and trap-and-trace order that very same day.

Magistrate Judge Theresa Carroll Buchanan granted the motion, inserting in her own handwriting that Lavabit was subject to “the possibility of criminal contempt of Court” if it failed to comply. When Levison didn’t comply, the government issued a summons, “United States of America v. Ladar Levison,” ordering him to explain himself on July 16th. The newly unsealed documents reveal tense talks between Levison and the F.B.I. in July. Levison wanted additional assurances that any device installed in the Lavabit system would capture only narrowly targeted data, and no more. He refused to provide real-time access to Lavabit data; he refused to go to court unless the government paid for his travel; and he refused to work with the F.B.I.’s technology unless the government paid him for “developmental time and equipment.” He instead offered to write an intercept code for the account’s metadata—for thirty-five hundred dollars. He asked Judge Hilton whether there could be “some sort of external audit” to make sure that the government did not take additional data. (The government plan did not include any oversight to which Levison would have access, he said.)

Most important, he refused to turn over the S.S.L. encryption keys that scrambled the messages of Lavabit’s customers, and which prevent third parties from reading them even if they obtain the messages.

The discussions disintegrated because the FBI refused to let Levison do what Yates now says they want to do: ensure that providers can hand over the data tailored to meet a specific request. That’s when Levison tried to give FBI his key in what it claimed (even though it has done the same for FOIAs and/or criminal discovery) was in a type too small to read.

On August 1st, Lavabit’s counsel, Jesse Binnall, reiterated Levison’s proposal that the government engage Levison to extract the information from the account himself rather than force him to turn over the S.S.L. keys.

THE COURT: You want to do it in a way that the government has to trust you—
BINNALL: Yes, Your Honor.
THE COURT: —to come up with the right data.
BINNALL: That’s correct, Your Honor.
THE COURT: And you won’t trust the government. So why would the government trust you?
Ultimately, the court ordered Levison to turn over the encryption key within twenty-four hours. Had the government taken Levison up on his offer, he may have provided it with Snowden’s data. Instead, by demanding the keys that unlocked all of Lavabit, the government provoked Levison to make a last stand. According to the U.S. Attorney MacBride’s motion for sanctions,
At approximately 1:30 p.m. CDT on August 2, 2013, Mr. Levison gave the F.B.I. a printout of what he represented to be the encryption keys needed to operate the pen register. This printout, in what appears to be four-point type, consists of eleven pages of largely illegible characters. To make use of these keys, the F.B.I. would have to manually input all two thousand five hundred and sixty characters, and one incorrect keystroke in this laborious process would render the F.B.I. collection system incapable of collecting decrypted data.
The U.S. Attorneys’ office called Lavabit’s lawyer, who responded that Levison “thinks” he could have an electronic version of the keys produced by August 5th.

Levison came away from the debacle believing that the FBI didn’t understand what it was asking for when they asked for his keys.

One result of this newfound expertise, however, is that Levison believes there is a knowledge gap between the Department of Justice and law-enforcement agencies; the former did not grasp the implications of what the F.B.I. was asking for when it demanded his S.S.L. keys.

I raise all this because of the rumor — which Bruce Schneier inserted into his excerpt of this Nicholas Weaver post — that FBI is already fighting before FISC with Apple for a back door.

There’s a persistent rumor going around that Apple is in the secret FISA Court, fighting a government order to make its platform more surveillance-friendly — and they’re losing. This might explain Apple CEO Tim Cook’s somewhat sudden vehemence about privacy. I have not found any confirmation of the rumor.

Weaver’s post describes how, because of the need to allow users to access their iMessage account from multiple devices (think desktop, laptop, iPad, and phone), Apple technically could give FBI a key.

In iMessage, each device has its own key, but its important that the sent messages also show up on all of Alice’s devices.  The process of Alice requesting her own keys also acts as a way for Alice’s phone to discover that there are new devices associated with Alice, effectively enabling Alice to check that her keys are correct and nobody has compromised her iCloud account to surreptitiously add another device.

But there remains a critical flaw: there is no user interface for Alice to discover (and therefore independently confirm) Bob’s keys.  Without this feature, there is no way for Alice to detect that an Apple keyserver gave her a different set of keys for Bob.  Without such an interface, iMessage is “backdoor enabled” by design: the keyserver itself provides the backdoor.

So to tap Alice, it is straightforward to modify the keyserver to present an additional FBI key for Alice to everyone but Alice.  Now the FBI (but not Apple) can decrypt all iMessages sent to Alice in the future.

Admittedly, as heroic as Levison’s decision to shut down Lavabit rather than renege on a promise he made to his customers, Apple has a lot more to lose here strictly because of the scale involved. And in spite of the heated rhetoric, FBI likely still trusts Apple more than they trusted Levison.

Still, it’s worth noting that Yates’ claim that FBI doesn’t want keys to communications isn’t true — or at least wasn’t before her tenure at DAG. Because a provider, Levison, insisted on providing his customers what he had promised, the FBI grew so distrustful of him they did demand a key.

The ameriMac

Presumably because of Apple’s rocky PR and financial results of late, Tim Cook gave two purportedly “Exclusive!” interviews, to NBC News and Businessweek. The big takeaway from both “Exclusives!” was the same, however: that Apple will move some production of the Mac back to the US next year.

You were instrumental in getting Apple out of the manufacturing business. What would it take to get Apple back to building things and, specifically, back to building things in the U.S.?
It’s not known well that the engine for the iPhone and iPad is made in the U.S., and many of these are also exported—the engine, the processor. The glass is made in Kentucky. And next year we are going to bring some production to the U.S. on the Mac. We’ve been working on this for a long time, and we were getting closer to it. It will happen in 2013. We’re really proud of it. We could have quickly maybe done just assembly, but it’s broader because we wanted to do something more substantial. So we’ll literally invest over $100 million. This doesn’t mean that Apple will do it ourselves, but we’ll be working with people, and we’ll be investing our money.

Thus far, I have not seen any acknowledgment that this move comes just two months after Lenovo made a similar announcement, that it was going to bring production of formerly IBM products back to Tim Cook’s old stomping grounds in IBM’s former production hub of North Carolina.

And so, perhaps predictably, the analysis of the move has been rather shallow. NBC first focuses on the jobs crisis here, and only later quotes Cook’s comments about skills (which echoes Steve Jobs’ old explanation for why Apple produced in China).

Given that, why doesn’t Apple leave China entirely and manufacture everything in the U.S.? “It’s not so much about price, it’s about the skills,” Cook told Williams.

Echoing a theme stated by many other companies, Cook said he believes the U.S. education system is failing to produce enough people with the skills needed for modern manufacturing processes. He added, however, that he hopes the new Mac project will help spur others to bring manufacturing back to the U.S.

“The consumer electronics world was really never here,” Cook said. “It’s a matter of starting it here.”

Businessweek also focuses on job creation (though Cook makes it clear that he doesn’t think Apple has to create manufacturing jobs, just jobs, which is consistent with his suggestion that someone else will be assembling the Mac in the US).

On that subject, it’s 2012. You’re a multinational. What are the obligations of an American company to be patriotic, and what do you think that means in a globalized era?
(Pause.) That’s a really good question. I do feel we have a responsibility to create jobs. I don’t think we have a responsibility to create a certain kind of job, but I think we do have a responsibility to create jobs.

Matt Yglesias purports to look for an explanation of Apple’s onshoring in this excellent Charles Fishman article on the trend. But with utterly typical cherry-picking from him, he finds the explanation in the 125 words that Fishman devotes to lower US wages rather than the remaining 5,375 words in the article, which describe how teamwork–teamwork including line workers–leads to innovation and higher quality.

Which is too bad, because Fishman’s article and Cook’s comments to Businessweek set up a pretty interesting dialogue about innovation.

Before I look at that, though, let me point to this other comment from Cook, which may provide a simpler explanation for the insourcing.

The PC space [market] is also large, but the market itself isn’t growing. However, our share of it is relatively low, so there’s a lot of headroom for us.

We know Lenovo is insourcing to better provide customized ThinkPads quickly. Here, Cook suggests he sees a way to pick up market share in the PC space. I would suggest it likely the Mac insourcing relates to this perceived market opportunity, and would further suggest that Apple’s reasons might mirror Lenovo’s own: to deliver better responsiveness to US-based customers, if not actual customization (though that would be news).

But that’s not what I find so interesting about the way the Fishman article and Cook interview dialogue.

Fishman’s article largely focuses on why GE has brought production back to its Appliance City in Louisville, KY. And while more docile unions and energy costs are two reasosn GE has made the move, the biggest benefit is that when entire teams–including line workers–focused on products, they could build better quality move innovative products more cheaply. Continue reading

Computer Returns

The Chinese computer company, Lenovo, which bought IBM’s PC division in 2004, has announced it will be opening a small production facility in North Carolina next year.

The world’s No. 2 personal-computer maker says the PC production line now being built at a facility in Whitsett, N.C., will allow the company to become more responsive to U.S. corporate clients’ demand for flexible supplies and product customization. Although the cost of U.S. production will be higher compared with overseas production, an added benefit will be to raise Lenovo’s profile in the U.S., where it ranks fourth in market share by shipment.

[snip]

Lenovo executives said the new production line isn’t a temporary publicity stunt. “I believe this is the first of many steps to increase our production capability,” Mr. Schmoock said. “I’m very, very bullish about what I can get out of this facility.”

Gerry Smith, Lenovo’s head of global supply chain, said the decision to set up a production site in the U.S. is in line with the company’s broader strategy of localizing its production in major markets as much as possible.

The move is interesting simply as a reflection of the way that more customized manufacturing–as Lenovo’s higher-end computers can be–is localizing.

But there’s also an irony here, given all the attention on Apple’s production in China, most recently with the Foxconn riots coinciding with the release of the iPhone 5.

But what it does is present an alternative strategy, with products Cook knows well, as a way to compete better against (among others) Cook’s current company.

If Cook can only get those Apple maps to work he might even return to the Southeast to see how this works!

Before Tim Cook became VP and ultimately CEO of Apple, he worked at IBM–what would become Lenovo’s US headquarters–in North Carolina on manufacturing logistics. And this move is effectively a return of ThinkPad production to IBM’s former stomping grounds.

Apple’s still not going to bring device assembly to the US anytime soon. They sell generic widgets, not customized machines as this plant will produce. And even as expensive as their products are within segments, most of what they sell is still much cheaper than a loaded laptop.

Emptywheel Twitterverse
bmaz A Baseline for U.S. Counterintelligence Programs http://t.co/pRxBR3akOZ @FAScientists A short, but critical, post for fellow NatSec junkies
13mreplyretweetfavorite
bmaz I am starting to think will be no #Deflategate decision from @JudgeRichardBerman today. Also a bit bored as I had afternoon calendar cleared
43mreplyretweetfavorite
bmaz Suppression...and, therefore, dismissal. The most wonderful words short of "not guilty" a lawyer can hear. Maybe even better.
53mreplyretweetfavorite
bmaz @stephenlemons This shit just keeps getting better and better.
1hreplyretweetfavorite
bmaz Hahahaha, what an assclown Arpaio is. Especially is you know who and what Dennis Montgomery is. #Charlatans https://t.co/ESfNDJjNwN
1hreplyretweetfavorite
emptywheel @onekade You just want MA to be the next CO. Admit it. @Richardson_Mich
1hreplyretweetfavorite
bmaz RT @GrantWoods: @bmaz @Variety who is worse-Allred or the In a Wreck Get a Check guy? Close.
2hreplyretweetfavorite
bmaz @GrantWoods @Variety Jeebus, good question. Allred is national, but mostly gloms on to idiots. WreckCheck guys are skimming real people.
2hreplyretweetfavorite
bmaz RT @Nick_Hentoff: Nat Hentoff: "Exciting, Illuminating Book 'The Words We Live By' Makes #Constitution Come Alive" http://t.co/dlgP9yFXw7 v…
2hreplyretweetfavorite
bmaz But, hey, that USA Freedumb Act was a GREAT first step! https://t.co/Ve01Deggn8
2hreplyretweetfavorite
September 2015
S M T W T F S
« Aug    
 12345
6789101112
13141516171819
20212223242526
27282930