Ok, I have lots of things to say about encryption keys and hardware security modules. But forget all that for a second. WTF Apple.
“A legal shield from American law.”
Apple asked a lot of people to back them against the FBI in 2015. They used every tool in the legal arsenal to prevent the US from gaining access to their phones. Do they think anyone is going to give them the benefit of the doubt now?
“Important people put their reputations on the line.”
Ok let’s talk about the concrete technical bits. Big parts of iCloud rely on special devices called Hardware Security Modules, or HSMs. These are specialized computers that store keys. In the US, Apple uses Thales HSMs.
Not only is Apple being forced to move Chinese citizens’ HSMs to China, China specifically refused to certify the Thales HSMs. This is actually pretty fascinating.
Thales is theoretically a French company but its products are manufactured and used throughout Europe and North America. They’re certified at the highest levels of FIPS and beyond. Yet China would not accept them. That’s… interesting.
So Apple responded by designing and building their own HSMs, based on the Apple TV platform. Presumably these include secure processors like the T2 chip in MacBooks. But this isn’t “high end HSM” hardware.
It’s really hard to know what to make of this. There are two good theories:
1. China does not trust western HSM hardware to keep them safe.
2. China felt the Thales HSMs were *too* safe, ie they would be difficult to for China to access.
Let’s keep in mind that Apple is going to be deploying these new HSMs in a facility that they do not own or operate. They’ll be placing these inside of a cage at a state-owned cloud provider. Which means that the Chinese government will have significant physical access.
Another interesting note in here is that Apple is partitioning iCloud into a “Chinese iCloud” and “non-Chinese iCloud.” Users who register an account in China will have their keys and data uploaded to these new Chinese data centers and HSMs.
What’s interesting about this change is that (to the best of my knowledge) your iCloud country registration can be changed by anyone who has your iCloud password.
What happens to my data if someone changes my registration to China?
I’m assuming that Apple will put some protections in place to stop this kind of change, but it’s an illustration of the problems that come up when you have one set of hardware and two systems that provide different levels of security.
Anyway, the big thing you should get from this article is the direction of the trend. Apple is clearly being forced to give the Chinese government more control over customer data. The current compromise may even be “ok”, in the sense that some end-to-end encryption is allowed.
But sooner or later the Chinese government is going to ask Apple for something that it doesn’t want to give up, and Apple is going to have to make a choice. Maybe they already have.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
This article about end-to-end encryption and authorities’ desire to perform real-time content scanning is very well written and I hope you’ll read it. It also makes me pretty angry.
For nearly a decade, technologists have been engaged in a good-faith debate with policymakers about the need for “exceptional access” — basically a way to bypass encryption when police get a warrant. 1/
This is a really hard problem. How do you build a system that can keep your data encrypted against hackers, but still allows (even local) police to decrypt it when they want. Some co-authors wrote about this. mitpress.mit.edu/blog/keys-unde… 2/
“New: In 2010, KPN commissioned a study into the behavior of Huawei in the mobile network. The findings were so serious that it was feared for the continued existence of KPN Mobiel if the conclusions were to be leaked”
I can’t access the reporting (paywall and in Dutch) or the actual report. But it sounds like Huawei retained admin access to eavesdrop on calls in the Dutch network, against explicit agreements.
I’ve seen this pattern of story, and I know that it will be hailed by some as “the smoking gun proof of malice” and others will point out that the Huawei code was just a smoking pile of sloppiness, and really: it doesn’t matter.
The extra barriers Apple is throwing up in the way of security researchers make me much more nervous about using their stuff.
It’s not totally the case that security researchers are (today) locked out of iOS. But it’s definitely getting harder. The work that P0 had to do to RE iMessage is an example. googleprojectzero.blogspot.com/2021/01/a-look…
Does it make me nervous that Apple had to write a “firewall” to protect iMessage from malicious payloads (because they’re not confident it can be secured)? Hell yes it does. Would it be nice to have more people banging on this? Yes!
The more I read about the development of electronic payment tech from 1990-2010, the more it looks like a scam designed to ensure that only existing banking (and those few tech companies the banks selected) were viable options.
Apropos a 2010 post by Paul Graham on why the PayPal founders were geniuses. Maybe this is true, but what did PayPal actually do brilliantly? They built anti-fraud tech so that people could use 1970s credit card tech online.
Why weren’t there dozens or hundreds of PayPals, or people doing more sophisticated cash-like payments on the Internet? Well? There were some of the latter but their doors all got kicked in by the Feds. en.m.wikipedia.org/wiki/Liberty_R…
So it looks like NYC is deploying some half-cooked “blockchain” solution for vaccine passports. theintercept.com/2021/03/24/and…
Thank you to @samfbiddle for only using the G-rated quotes.
At one point @samfbiddle told me that IBM claimed to have a technical document explaining how their system worked, and it (in all apparent seriousness) proposed this diagram as a “system architecture” or something. I nearly blew milk out of my nose.
Me: surely everyone else has been a little slower on publishing during the pandemic.
Me: *stupidly checks the websites of my theory friends*
Also me: *vanishes into a tailspin of insecurity*
Advice to new faculty: it is very important to make a friend in your field who will reassure you about why everyone else’s work is easy and yours is both harder and uniquely important. This does not need to actually be true for it to help.