86 Comments

We all agree with and support efforts to fight crime. But the pre-digital equivalent of Apple's plan is this: a police officer enters your home every night, walks to the bookcase, pulls out your family photo albums, looks through page after page and runs comparisons with whatever he has in his database. These are your personal family photos: children playing, intimate moments with your significant other, embarrassing selfies, etc. The police officer keeps copies of all of the photos too. Forever.

Q1: How does this fight crime?

Q2: How does this not violate 4A ? "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures."

Q3: What in the world gives the government and a private corporation the right to look through my family photos ?

When the government says "if you have nothing to hide, you have nothing to fear" you gotta remind them that "privacy isn't about hiding, it's about protecting." And "the right to be secure in your person" is all about protecting yourself. If the government argues that scanning through my family photo albums and keeping copies forever is not an "unreasonable search and seizure" then maybe somebody should do something to stop this techno-fascism.

Expand full comment

It's the same excuse as always "It's a private platform so they can do what they want" while detractors will completely ignore the blatant cooperation between politicians and Big Tech

Expand full comment

Anything to deflect from the core principle: people have a right to object when they’re treated like shit by a company like Apple.

Expand full comment

Sounds familiar - where have I heard this before?

Oh, that's right: Louis Rossmann - though the context of repairing Apple hardware, not the surveillance capabilities of Apple software.

Just like how people stuck in abusive relationships shouldn't deny the reality of their abusers, don't deny the validity of your own experience when it comes to Apple.

Expand full comment

1) Stating "you have nothing to hide" is equivalent to "I don't need/have any rights". Not to be fatally pessimistic, but in that case you might as well say, "My rights are worthless."

2) When it comes to surveillance, the US (specifically intelligence community and larger systemic legal structures) secretly wants to be like other authoritarian countries, such as China, but publicly is in denial about its own desire. In those countries, their respective citizens practically have no rights. The future does not look so bright in the US...

Expand full comment

I've been an Apple customer since the IIc and have had every iPhone they've ever made, along with too many other of their products to count.

I find it intolerable that they would presume to violate my privacy in this way.

It's been a good run, but I think it is time to begin the transition to an Ubuntu laptop and a secure phone.

Steve Jobs must be rolling in his grave.

Expand full comment

OK, so what is a "secure phone"? who makes one and what system does it run?

Expand full comment

SIM cards are an implicit backdoor onto any device. Secure phones are simply ones where you can disconnect the camera, microphone, and don’t deliberately run spyware. Recently they’ve started making software SIM devices as well, which is encouraging.

Purism does that, as do two or three other companies that I know of.

Expand full comment

Thanx! Right now the only cell phone I have (my main phone is a land line) is an old LG flip phone on 3G with a pay as you go plan - AT&T informs me they will be discontinuing that early next year. I don't text, the only thing I use it for is if i need to communicate "on the road" or for "emergencies" - I wouldn't know how to disconnect the camera or microphone - and not even sure how to remove a SIM card - my car is 28 years old - with no "internet" connections - in short, I am living in the stone, as opposed to the silicon, age - frankly, I may just ditch the phone altogether. I am old enough to remember when we could live perfectly well without "wireless" anything - my computer (a Lenovo with Linux Mint) is wired to my modem .... I feel rather akin to John "the Savage" in BNW

So, "Purism" is a company that sells phones that I, a tech dummy, can do all that with ? No camera (I don't take pictures), no mic, and, sorry, how to deal with SIM? Folks are probably laughing at me - but I smelled all this coming some time ago and decided not to get sucked in ...

Expand full comment

No good solution unfortunately. Roving bugs are enabled by the design of SIM cards. They’re designed from the ground up to be a vulnerability and the FCC won’t license phones that don’t have the backdoor/SIMcard designed in.

SIM cards are little computers which are required to access the baseband modem directly. They have a low power processor on board and after the keys are compromised, like gemalto has been, you can send malicious text messages that bypass the phone OS and infect the SIM card itself.

Also I’m pretty sure TPMS chips in old car tires are used for unique IDs too.

Expand full comment

Good heavens! Even my tires are "spying" on me? Can I turn the chips off? I don't have GPS in my car - use good ole fashion maps, but do copy directions off my computer and write them down - it's difficult having an analogue brain in a digital world - but it has occurred to me that in the digital world there are only 1s and 0s, in the analogue world there are an infinity of points in between :)

Expand full comment

Thank you, I was not aware of that.

Expand full comment

Here's a list of some candidate phones. Have not yet decided myself.

https://www.techradar.com/best/secure-smartphones

Expand full comment

Thanx - but I guess I don't want a "smartphone" - don't want a phone that is "smarter" than I am :D and frankly I am always skeptical of anything that claims to be "secure" - have heard that too many times before :)

Expand full comment

The problem here is that we, with our shared mindsets and grave concerns, are very much in the minority. As a teacher, and with kids myself, I can attest to the fact that the younger generation, (the ones who in sum own more of the poisoned apples than we do) really don't give a toss. They aren't taught properly about slavery or loss of liberty in the school curriculum in ANY country, so they can't conceive of any apparatus of control, especially not in the guise of their beloved latest spyphone 12! Whether China, UK, India, USA, governments who are supposed to work FOR us, as our servants, in fact work against us alongside their corporate allies. So, while we all appreciate the gravity of the brilliant Mr Snowden's latest revelation, and collectively baulk at his disclosure, I just wonder what the hell we can actually DO about this situation, given our relatively mature age and modest number? (This isn't meant to be a rhetorical question!)

Expand full comment

We do what all successful minority groups have done: Educate and Advocate within our spheres of influence. First and foremost, in our homes and especially our kids. They will be the educators and advocators of the future. Then, we support those with larger spheres of influence - like we are doing here with Mr. Snowden's substack. BTW... "Continuing Ed" is an amazing title.

Our mature age is our asset. We remember the beginnings of a free and open internet. We remember what it was like to be a stupid kid online, and be able to reinvent a better version of ourselves without carrying the baggage of our stupidity with us forever. This is what makes us the best advocates, because we remember what was.

Expand full comment

I wish i could find my way out of the Apple ecosystem. My MacBook, IPad and phone are all tied to tether with my AirPods that broadcast my every thought. Android seems like a horrible answer. Any ideas where to go next. I’m waiting for answers not because I have anything to hide but because it is just wrong. Pre Crime and precogs are not just for the movies anymore. Planting images seems to easy now. This is a greased pig of a slippery slope. Help Ed.

Expand full comment

Dear God. This is a masterpiece. Thank you sir. Never been more terrified and informed before now.

Expand full comment

How soon before not owning a smart-phone becomes grounds for state persecution?

"You don't have a mobile-device? What do you have to hide, sir? How are you able to work and process payments without one? Do you admit you're retaining cash contraband? I'm sorry to say that your appeal to the 5th Amendment, sir, amounts to probable cause. If you had been receiving security updates you would have known that. I'm afraid we need to bring you in for questioning. Don't worry about your young family; we'll send an automated detachment to watch over them while you're incapacitated for improvements. Once your body has been augmented with an internal nano-bio iPhone mesh you'll be released and allowed to return home. Sorry for the confusion."

Expand full comment

I've heard of jobs and potential partners implicitly denying candidates or dates because they don't have a Facebook profile. "What are they trying to hide!?"

Expand full comment

My goodness, is this actually true?

(For the jobs being described, I infer normal-ish jobs that shouldn't require security clearances.)

Expand full comment

If you are on Facebook, and everyone you know is one Facebook, its all seems pretty normal. Not being on Facebook is considered a red flag in many social circles.

Expand full comment

I'd be happy that's why I got passed over. I wouldn't want to work at any company that puts any importance at all on Facebook.

Expand full comment

I agree.

Expand full comment

It's like the world doesn't understand that some people simply don't show-off.

Expand full comment

If obtaining "reasonable" privacy in 2021 (whatever that means) indicates you have enough privilege to do so, then so is getting a job without having a FB account.

Expand full comment

What should happen here is a mass exodus from Apple's products and ecosystem.

What is more likely is that it will have little impact on their market share.

A market economy makes it relatively easy to chose an alternative but unfortunately this may be the start of a trend of monitoring across various brands of devices.

We need hardware and OS alternatives that prioritise the user. Your phone should work for you not the other way around.

Expand full comment

What to do?

1. Among my friends I became the alien in terms of the phone I'm using. Last year I ditched my eyephone, bought a Pixel, rooted it and installed GrapheneOS. It works quite well (I also tried a pinephone with linux, but that simply is not ready yet).

2. I always think twice wether or not to take the phone with me when leaving the house.

3. No cloud (is an actual possibility)

4. But then, convincing my teenage kids to do the same is an actual impossibility. My oldest one starts to comprehend...

5. Carefully choose the media you consume

6. A paper diary might be a good thing to support your memory instead of the abundant pictures by your camera. I wrote down, when my kids said / did something I wanted to remember.

I am deeply thankful for your initiative! It is a cultural mission.

Greetings from Zurich

Expand full comment

Sounds good, but I would not know how to "root" a phone, or install GrapheneOS

Expand full comment

It's not that bad as it probably sounds. Check out their website https://grapheneos.org/ – there are some tutorials on youtube as well… but anyway you're right. It's not everybodys cheese as we might say

Expand full comment

Its so depressing, because it feels like the ship has already sailed and there is not much that can effectively be done (if one doesn't want to down the ship entirely). Stricter laws? Look at GDPR, is it Really limiting big tech much? Not really. LGPD? New Privacy law in China? Same. US? Laughably behind. CCPA is no deterrent at all. Has not teeth.

But the scariest thought is that maybe the children that are growing up now will not only Not know any other world but perhaps they will Not care if privacy effectively does not exist anymore.

Which makes me think, what change (if any) can be really carried out and how, if not enough people want it? What can we do if there is not enough of us who believe privacy is a basic human right? And I ask that as a privacy lawyer.

Expand full comment

Oh, just take some more Soma ....

Expand full comment

I am really hoping there is another solution. I am as passionate as possible within the community of privacy pros as well as the companies I consult at (but most are only interested in risk mitigation, not real privacy protection), speaking at events, holding workshops, providing true privacy advocating expert opinion to governments when they are open to it, and making privacy related web series, but is that enough?

In the light of new generations growing up on tiktok and with multiple apple products already in their pockets, guiding (if not outright steering) their lives?

Once "behavioral biometrics to crypto" (patented by microsoft already) will take place, the ship will become a fleet. What then. Or better yet, what now?

Expand full comment

How long do you think it takes for Google to announce the same back door on Android? This is the beginning of the end for privacy for all of us. Time to get a Linux phone!

Expand full comment

Really terrified by this announcement and I am very glad that you wrote this article. This is a very important issue that should not be shrugged off with a “well they are a private company that can do what they want and you agreed to their user policy” argument. The idea that they are standing behind the shield of “don’t you want to catch people who abuse children” defense is slimy as hell, and I am a survivor of childhood sexual abuse! This idea that if you have nothing to hide then you shouldn’t be upset is ridiculous. That’s literally what they said in Europe when randomly searching a person’s house. I thought it was those kind of infractions that led to the American Revolution and the writing of our Constitution in the first place.

America is quickly becoming the very picture of what we thought was happening behind the “Iron Curtain”. We allow the government and private corporations to spy on us. We are debating whether or not we should have to prove our vaccination status, quite literally adopting a “show me your papers” State. The ideas that led to our founding have all but disappeared.

I am an Apple customer and I am outraged! What on earth can be done? What kind of phone or computer can safely be used anymore? Society has been pushed onto the internet to the point where you have to have a computer or smartphone in order to do business. Speaking about protecting children, is this really the future that we want for them (and us)?

“Brave New World” is already a reality. Huxley desperately tried to warn us, but we thought that couldn’t happen here. Wow, how blind that assumption was.

Thank you for continuing to speak out on these and other issues Ed! You really are an American hero. It is so ironic that you found your freedom in Russia (I know they are far from perfect too). Keep shedding the light on these important issues! If you think of solutions, there are people who would follow your lead.

Expand full comment

Apple has already set up the infrastructure to do the same thing on macOS too. In 2018 Apple phased out classic Kernel Extensions and instead provided Network Extensions (nExt) for apps controlling network traffic, such as LuLu.

But then in October 2020 an official "oversight" happened: some Apple apps, as well as system processes just bypassed the nExt, rendering Application Firewalls useless. Apple did revert that after a massive uproar, calming down the situation for the moment.

And now, less than a year later, their surveillance plans on iOS are firmly moving forward. It is only a matter of time until some Apple processes will bypass nExt control on mac OS to "better protect us".

Expand full comment

Appke should be owned and operated by iPhone users snd one phone one vote.

Expand full comment

MacOS can still be neutered. You can still implement a linux/BSD edge router that can inspect and filter malicious traffic.

Recommend PFSense if you don't have experience in the field. Also watch out for large transfers on udp/53, a favorite bypass for hackers tunneling past firewalls.

Also recommend pihole dns blocking for most applications.

Expand full comment

I bought an outrageously expensive MacBook after getting hacked on a PC because of Apple's "commitment to privacy". Hook, line, sinker. Ugh.

Expand full comment

It is how they falsely market themselves. Three serious problems with the US tech sector though:

1) US jurisdiction allows NSA et al to lean arbitrarily on any company incorporated in the US, also referred to as lawfare. This results in unconstitutional gag orders and more direct compulsion. There also exists a secret legal framework to permit global hacking with zero accountability or technical authority.

2) Corrupt licensing authorities likely require backdoor access to achieve certification, which makes the US highly uncompetitive in the cyber security space

3) If neither of the above are effective, they can just get your company to hire a mole who just steals your keys

TLDR: Apple's claims to privacy have zero credibility

Expand full comment

Oh, and I love what Microsoft has done along w/ so many others in the name of "intellectual property". Tagging documents (including pay stubs and anything else from a company) with their beacons so that when you leave a company there is a way to follow and delete things. Too bad when taking college classes at work (relevant to the profession) and using work computer. Everything belonged to the company - how stupid was I. Using my computer to log into check work email from home allowed creation of admin profile HIGHER than mine and before resignation letter acknowledged, my personal PC had been accessed and what I naively thought was mine was deleted. Horrible lesson, innocent mistake. Paystubs? gone, papers? gone. What a crazy mistake. Computer logs told the story. I spent time learning and know everything created in that system - even journaling I innocently did on breaks- and put on an external drive - sends a beacon to the company whereever it's saved so it can be destroyed. Friends & family thought I had a mental illness come on overnight as I become paranoid because I could see outside access in computer logs. Bought a new one, accessed from somewhere same day. Exchanged it and it happened again. Finally bought a macbook & had to quit looking - it was driving me crazy & I don't know enough to figure it all out. Use VPN, makes no difference. Reset Modem, routers. When I began reading what Microsoft and other companies are doing to "protect" their intellectual capital, it was horrifying. THe only places I saw others like me sharing info was in help / community areas of these companies websites. Then I knew it wasn't just me. And the people at the computer store said they hear it all the time.

I'm in a business where an intellectual property contract is often a part of the required employment documents. One received by a mammoth institution taking over businesses everywhere in healthcare (read: a powerhouse loaded w/ $$$, lawyers & infinite resources) recently stunned me in it's overreach. Couldn't believe anyone would sign it. Granted authority & to all access for company to determine of any creation FOR THE REST OF MY LIFE belonged to them. Oh, and for the company to be appointed as my attorney and to be granted access to my social media.

The recruiter, when asked about it, said "no one else has ever brought this up", apparently just signing w/o reading? Forehead smack....if that's the case, we are doomed.

If anyone has an interest in this, please let me know. I haven't seen this written about - if it is, I've missed it.

Expand full comment

I will be moving all of my family pictures from the i cloud to an external hard drive and chips as a back up. My next electronics purchases will be open sourced. I like the quality of apple products but hate their woke politics.

Expand full comment

yup. I just moved my pics to an external hard drive and canceled my cloud service. Will no longer take pics with my phone. As soon as my phone dies, I will not own a cell phone. Done with this non stop surveillance.

Expand full comment

Unfortunately, that's NOT a fix. Hard drives can & do fail, become obsolete VERY quickly thus the software to access them is no longer available. Trust me, am a photographer who learned the VERY hard way how quickly manufacturers of external hard drives consider something obsolete - after all, they are in business to see more hard drives. DVDs degrade & require a player to read them so there's that. As a music lover, am beyond pissed over the years having become addicted to iTunes. That iPod led me into the Apple grove. It's obsolete too. Didn't understand my physically purchased CDs I diligently added to my iTunes "library" weren't being stored by Apple. Early attempts to backup my library were done wrong. Now I don't even know what format is best to use when storing music- it's become so confusing with Apple in the middle of all the different types of music files. Glad I kept the physical discs although they take up so much room & know those will become obsolete too.

Expand full comment

Apple is "woke" is only its superficial marketing appearance. In fact, its legal and other actions are close to being "woke" at all.

"The size of a corporation like Apple allows it to shield itself from the consequences of the policies it advocates. Backing leftist policies at home while stashing the cash abroad allows for virtue signaling at the best possible side of the profit margin." - from the article "Apple’s Quiet War on Independent Repairmen" by Napoleon Linarthatos in The American Conservative about how Apple makes life harder than required for independent repair shops to work on Apple products.

Also, Apple likes to spread marketing rhetoric that it is against forced slave labor and lies about how its factory does not use forced slave labor, but then panics and sends out lobbyists to try to stop the Uyghur Forced Labor Prevention Act when it realizes it has to walk its "woke" moral high ground talk. This was covered last year in the article "Apple is lobbying against a bill aimed at stopping forced labor in China" by Reed Albergotti in the Washington Post.

So, Apple's decision to stand by its CSAM ruse was almost deterministic.

Expand full comment

Good points and well made. These corporatists never let wokeness or anything else get in the way of their profits, no matter who gets hurt.

Expand full comment

I don’t,and will never own a cell phone. Frustrating at times but why should I pay to be monitored and tracked. This is all just too much

Expand full comment

Just like how I explained to someone who has never held a Facebook account in their life post-Cambridge Analytica, I'll say this again: "Don't feel bad - you aren't missing out on much at all."

Expand full comment

What phone should one be using at this point? Other than the obviously preferable "None"

Expand full comment

"There are no people sadder but wiser about the scale and scope of the attack surface you get when you connect everything to everything and give up your prior ability to do without. Until such people are available, I will busy myself with reducing my dependence on, and thus my risk exposure to, the digital world even though that will be mistaken for curmudgeonly nostalgia."

Dan Geer

Cybersecurity as Realpolitik

Black Hat 2014 Keynote

http://geer.tinho.net/geer.blackhat.6viii14.txt

Expand full comment