Tim Cook Calls for Strong US Privacy Law
Apple CEO Tim Cook today called on the US government to pass “a comprehensive federal privacy law,” saying that tech companies that collect wide swaths of user data are engaging in surveillance.
Speaking at the International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Brussels, Cook said that businesses are creating “an enduring digital profile” of each user and that the trade of such data “has exploded into a data-industrial complex.”
[…]
Former Facebook security chief Alex Stamos responded to Cook on Twitter today, questioning Apple’s commitment to privacy in China. “Apple needs to document how they protect data stored by a PRC-owned cloud provider,” Stamos wrote. “In particular, Apple should explain under what circumstances [the Chinese state-owned company] can access iCloud backups. iMessage is the only E2E [end-to-end] encrypted app allowed by the Great Firewall; what was required to get this concession from the Ministry of State Security?”
Update (2018-10-26): Alex Stamos:
The missing context? Apple uses hardware-rooted DRM to deny Chinese users the ability to install the VPN and E2E messaging apps that would allow them to avoid pervasive censorship and surveillance. Apple moved iCloud data into a PRC-controlled joint venture with unclear impacts.
Tim Cook on iCloud encryption: “We can decrypt iCloud data because some users expect us to help them when they lose or forget their password. It’s hard to say when, but I believe we will change this practice in the future, and we won’t have a key for user data in iCloud anymore.”
