New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple Speaks Out Against Cybersecurity Information Sharing Act

Apple LogoApple today voiced its opposition to the Cybersecurity Information Sharing Act, or CISA, just days before the Senate will vote on the bill. In a statement given to The Washington Post, Apple reiterated its commitment to user privacy and said it does not support CISA.
"We don't support the current CISA proposal," Apple said in a statement. "The trust of our customers means everything to us and we don't believe security should come at the expense of their privacy."
Apple's public statement on CISA comes on the heels of statements from several other tech companies who oppose CISA, including Twitter, Yelp, Wikipedia, and reddit. The Computer and Communications Industry Association, which represents companies like Google, Facebook, Microsoft, and Amazon, has also urged the Senate to make improvements to the act, saying it does not support CISA as it is currently written.

The controversial Cybersecurity Information Sharing Act is designed to allow companies to share information on cybersecurity threats with one another and with the government, but opponents say it puts personal privacy at risk by failing to include protections for user privacy and by granting the government wide-ranging rights gather private data from Americans under the guise of shielding them from hackers.

Apple has taken a strong stance on user privacy in recent years and has reiterated many times that the government has no access to Apple's servers. With iOS 8, Apple further strengthened its position on preventing government access to user data by ending its storage of encryption keys for iOS devices, making it impossible for the company to unlock iPhones and iPads under police request.

Over the course of the last two years, Apple CEO Tim Cook has spoken passionately on Apple's unwavering commitment to privacy. He shared his most recent thoughts on the subject last night, at the WSJ.D Live conference in California. "Do we want our nation to be secure? Of course," Cook said. "No one should have to decide between privacy or security. We should be smart enough to do both. Both of these things are essentially part of the Constitution."

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.



Top Rated Comments

(View all)

15 months ago

But do you want the state to have access to potential terrorist communications? Erm, yes.


No, not at the cost of our constitutional rights.
Rating: 31 Votes
15 months ago

But terrorists use very sophisticated encrypted comms, just as we norms do. And infiltration and targeting even those individuals they suspect from other intelligence means they need to gain access to those suspects modes of communication


No one said it was easy. But this is why we have intelligence agencies funded by billions of dollars of taxpayers money - it's their job to solve hard problems.

It is not Apple's responsibility to install backdoors into their systems (and compromise the security of everyone else in the process) in order to make jobs of or security agencies easier.

Imagine you have 5 terrorists sitting around a kitchen table and discussing a plot. Is this also a landlord's responsibility to bug every apartment in his building in order to be able to provide eavesdropping data to the government? Of course not. Electronic methods of communications are no different.
Rating: 21 Votes
15 months ago

So how does the state get access to those comms, without having a way to access them (by breaking encryption)?


They get access the old fashioned way - infiltrating terrorist networks, relying on intelligence and targeting of specific individuals. They don't get to access data via dragnet surveillance and having encryption keys handed to them on a silver platter.
Rating: 20 Votes
15 months ago

The problem is very complex. Look at it from the law enforcement side too.

Do you want the state to protect you from terrorism: yes. But do you want the state to have access to potential terrorist communications? Erm, yes.

So how does the state get access to those comms, without having a way to access them (by breaking encryption)? Yet also not breaking the encrypted comms of innocents as well?

All questions that remain unanswerable currently. And is a dichotomy for us as a society to wrangle with.



But this isn't new. Encryption has existed for a while now. Just because it is a smartphone the government wants the rules changed? No. They want new rules because they were caught breaking the existing ones.
Rating: 15 Votes
15 months ago
Thanks, Tim.

Privacy matters.
Rating: 14 Votes
15 months ago
Write your congressperson, your senator, call them, sign petitions floating around.
Make yourself heard.
CISA is a piece of garbage. :cool:
Rating: 13 Votes
15 months ago

Sure, we all get that, and likely agree. As it's so obvious to be boring.

But terrorists use very sophisticated encrypted comms, just as we norms do. And infiltration and targeting even those individuals they suspect from other intelligence means they need to gain access to those suspects modes of communication.

It's a chicken and egg situation. How to allow them access to suspects info, without them knowing whether that suspects info is incriminating in the first place.


The fourth amendment doesn't make the distinction you're trying to make, and it shouldn't. Terrorists get the same privacy protections we all do. That's how it was meant to be, and how it should continue to be.

If a court grants a warrant to search your private information, then the police can search it. If you still refuse to give them access because of some complex encryption as you say, you go to jail for contempt and probably a few other crimes for interfering with an investigation. It's no different that storing an incriminating paper document in a safe buried somewhere in the desert. If you refuse to give it up despite a legitimate court order, there are consequences.

There is no need for a distinction between good guy and bad guy when it comes to privacy, privacy rights should apply to all equally.

EDIT: http://www.wired.com/2015/10/cops-dont-need-encryption-backdoor-to-hack-iphones/
Cops Don't Need Encryption Backdoor to Hack iPhones - The article is a bit simplistic, but points out that Apple's privacy protections are really designed to thwart common thieves. More sophisticated hackers, whether employed by governments or otherwise, have several ways to still get information from an iPhone.
Rating: 12 Votes
15 months ago
If forced, as we are, to choose between being free and being secure, since the two concepts are polar opposites, I'll choose freedom every time, even if it does come at a cost. It always does, and always will. If this country decides freedom is too scary a burden to live with, well then that pretty much wraps it up for the U.S.

...it's almost like we should have a constitutional amendment specifically declaring the importance of personal communications, travel, and effects to prevent an intrusive government from treating everyone as though they're guilty until proven innocent, creating a culture of paranoia, squelching dissent and free expression, undermining democracy itself.

If that is the position the senate or law enforcement takes, then they are undeniably an enemy of the people, the constitution, and deserve to be treated as such. Wouldn't be the first time, won't be the last.
Rating: 11 Votes
15 months ago

The problem is very complex. Look at it from the law enforcement side too.

Do you want the state to protect you from terrorism: yes. But do you want the state to have access to potential terrorist communications? Erm, yes.


I think the bigger question is what causes the terrorism? The US government is involved in the politics of nearly every nation on earth. The state manipulates elections, supports radicals, refuses to acknowledge lawful governments, and deposes rulers, sometimes outright assassinating them. They toppled at least 30 governments outright or with behind the scenes support in the last 100 years. Once this ceases, we can talk about efforts to prevent whatever terrorism might be left.

Another lesson to be learned... the terrorist long ago adopted a cell structure that keeps the organization from being destroyed even if the top leaders are knocked out. The internet was designed around the same concept. Why then, is everything in the western world moving towards complete centralization? They make obvious targets out of things by doing this.


So how does the state get access to those comms, without having a way to access them (by breaking encryption)? Yet also not breaking the encrypted comms of innocents as well?


There was a USCENTCOM exercise held in and around the Red Sea back around 2000. It was a red vs blue thing, the typical framework exercise where the "good guys" were supposed to win and everyone in the Pentagon could review the white paper and pat each other on the back. One side was to portray "the terrorists", a type of ISIS, and it was led by a USMC officer. Realizing that all his communication were going to be monitored, this officer told his people to stay off the radio and cell phones. He used messengers. Some traveled on foot, some on bicycles or scooters, some simply took taxis around the area or hitchhiked. He went native.

What use would any kind of electronic surveillance be against that? No COMINT or SIGINT worked, and his team reached every goal, ultimately winning the exercise within the first two days of what should have been a 14 day exercise. End result - they reset the clock and restarted the exercise the next day, and he was told to follow the script. Search for information for Lt Gen Paul van Riper, and the Millennium Challenge 2002 for the complete story.

All questions that remain unanswerable currently. And is a dichotomy for us as a society to wrangle with.


No dichotomy here. Don't invade my privacy.
Rating: 11 Votes
15 months ago
Privacy does matter! Go Tim and go apple!

The argument that the government needs blanket data collection to protect us from terrorism is Theater. The Boston bombings weren't stopped/thwarted, and the enforcement agencies ended up resorting to the public with 'have you seen someone that looks like this?'
Rating: 9 Votes

[ Read All Comments ]