AT&T CEO: Congress, Not Companies, Should Decide Encryption Policy

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Depending on which side of the debate you are on, you will totally agree with what AT&T's CEO just said or you will call for his head on a platter. There doesn't seem to be much middle ground in this debate.

“I don’t think it is Silicon Valley’s decision to make about whether encryption is the right thing to do. I understand Tim Cook’s decision, but I don’t think it’s his decision to make”… I personally think that this is an issue that should be decided by the American people and Congress, not by companies.”
 
Looks like he took the middle ground of indecision.
"People will hate us if we take a position. Let's punt and have someone else tell us what to do so we can deflect."
 
I dislike Tim Cook and almost everything he says, but in this one case I feel like Congress being in charge of encryption is about as boneheaded an idea as I can think of.
 
AT&T CEO said:
"I don’t think it is Silicon Valley’s decision to make about whether encryption is the right thing to do.”

I agree, it's not silicon valley's decision to make, but it's not congress's decision to make either. It should be our decision to make (the people who actually use these devices).
 
so how about letting american people make the decision on their monopolistic tactics with internet and cell phones including data usage BS that doesn't cost them anything. list can go on.
 
People in congress are just as corrupt as the people leading these companies. I'm siding with whoever is Pro-Encryption and choose the lesser of the two evils (IMHO Without encryption, there will never be "true" privacy.)
 
"I don’t think it is Silicon Valley’s decision to make about whether encryption is the right thing to do. I understand Tim Cook’s decision, but I don’t think it’s his decision to make"… I personally think that this is an issue that should be decided by the American people and Congress, not by companies."

In a way he has a good point, the people should be able to decided key matters for themselves.

It's 2016, not 1776. We no longer need to send representatives to Washington, D.C. by horseback and carriage when we want to influence the course of the nation, we have the internet.

There should be a US Government issued application for phones and computers which allow the American people to directly cast votes on all matters that come before Congress. The citizens should be able to override Congress and the President., and enact or veto any bill or executive order they chose.
 
There should be a US Government issued application for phones and computers which allow the American people to directly cast votes on all matters that come before Congress. The citizens should be able to override Congress and the President., and enact or veto any bill or executive order they chose.

That hasn't worked out so well in California. Most major issues are put up for vote. That's all fine and dandy. The problem comes from the side who has more money being able to drown out the side that doesn't. It allows lobbyists a direct control instead of their backdoor approach. Remember Prop8? How a progressive state was manipulated by ads paid for by select powerful religious groups? A lot of people didn't realize what side they were voting for, if I recall.
 
Here's a novel idea: how about letting the consumers decide? If the government needs to access encrypted data they can get a warrant just like for everything else. It's frightening how the concepts of due process and presumption of innocence are rapidly becoming outdated ideals.
 
I dislike Tim Cook and almost everything he says, but in this one case I feel like Congress being in charge of encryption is about as boneheaded an idea as I can think of.

Maybe, but Congress is the law making body of our government and at least one house is supposed to represent the little guys. I actually agree with Tim Cook, I don't want the government to allow Apple to get away with what they are doing because the result is not in our best interest.

If Apple does get away with what they have done then in short, all anyone has to do is store all their data in cloud based services which offer encryption and data at rest encryption with no possibility of accessing the data themselves and no one will be able to get to that data even with a warrant or subpoena. Business will call it a cost saving measure that's also great for attracting customers and no one will ever be able to prove anyone has done anything wrong again.

You won't be able to sue anyone and get anywhere if the law suite relies in digital records. Forget suing a hospital or doctor for malpractice, forget suing an investment company for your lost savings, forget any chance for justice against any kind of corporate misdeed or excess. And forget trying to get anything from the Freedom of Information Act because if business is going to get away with murder you can bet the government will be right there with them.

If you guys can't see that allowing anyone to make the claim that electronic data stored at rest, phone records, whatever it might be, is a bad idea. That the data can't be retrieved when legally required is a massive threat to all our institutions that goes way beyond paranoia and fear of government surveillance, then you just don't possess the mental ability to see the issue for what it is.

Keep being derisive of the issue, spit the words criminal and terrorist all you want, ignore that this goes way beyond those narrow implications, and then be amazed when things don't go the way you thought and then be even more hateful of the government for not looking out for you, the citizen, when you can't even comprehend the issue at hand and can't be asked to think of it in broader terms.

If you can't see the forest for the trees, you should just stay the fuck out of the woods :D
 
I agree with Armenius and Lith1um and several other posters:
Seems to me like encryption should be a personal choice - not a choice dictated by government or corporate.
 
Maybe, but Congress is the law making body of our government and at least one house is supposed to represent the little guys. I actually agree with Tim Cook, I don't want the government to allow Apple to get away with what they are doing because the result is not in our best interest.

If Apple does get away with what they have done then in short, all anyone has to do is store all their data in cloud based services which offer encryption and data at rest encryption with no possibility of accessing the data themselves and no one will be able to get to that data even with a warrant or subpoena. Business will call it a cost saving measure that's also great for attracting customers and no one will ever be able to prove anyone has done anything wrong again.

You won't be able to sue anyone and get anywhere if the law suite relies in digital records. Forget suing a hospital or doctor for malpractice, forget suing an investment company for your lost savings, forget any chance for justice against any kind of corporate misdeed or excess. And forget trying to get anything from the Freedom of Information Act because if business is going to get away with murder you can bet the government will be right there with them.

If you guys can't see that allowing anyone to make the claim that electronic data stored at rest, phone records, whatever it might be, is a bad idea. That the data can't be retrieved when legally required is a massive threat to all our institutions that goes way beyond paranoia and fear of government surveillance, then you just don't possess the mental ability to see the issue for what it is.

Keep being derisive of the issue, spit the words criminal and terrorist all you want, ignore that this goes way beyond those narrow implications, and then be amazed when things don't go the way you thought and then be even more hateful of the government for not looking out for you, the citizen, when you can't even comprehend the issue at hand and can't be asked to think of it in broader terms.

If you can't see the forest for the trees, you should just stay the fuck out of the woods :D

f*** I hate saying this to you....I agree. :)

My first thought is bank records, how many times has a mistake been able to be found due to easily accessible records or the bank requiring the records from another company to show transactions.

And in the more severe cases (heartstring attack) say a loved one is murdered, everyone knows who did it and he video'd the act happening. But it was all stored in a cloud or on his phone with no legal way to extract it.

No the answer isn't an easy way for everyone to snoop around but no one gets a right to have an unopenable lock in their lives. You want the government to protect you and provide services for you, there is a few things they require as well.
 
Here's a novel idea: how about letting the consumers decide? If the government needs to access encrypted data they can get a warrant just like for everything else. It's frightening how the concepts of due process and presumption of innocence are rapidly becoming outdated ideals.

Apple is claiming they can't access the data even with a warrant. that is the problem.

Apple has set up their new phone OS's so that they are not able to comply with proper legal government warrants and subpoenas for electronic data owned by a customer and stored on their servers. that customer can be you or I, a doctor or a lawyer, a stock market analyst, a scientist, a spy, a terrorist, a kidnapper, a real estate company, an electric company, a hospital, any customer at all.

If a phone company can do this then a cloud data provider or massive data farms can do it as well. Their reply to a government subpoena or warrant will become a legal form letters explaining why they can't access the data and no one, none of us, will ever be able to prove anything ever again if the proof is stored digitally, and that's just about everything.

I'll say it again, be careful what you wish for.

You all wanted to hang the NSA for the Bulk Meta-Data program, what you got instead is the most pervasive surveillance program ever created and directed against US Persons who possess a Security Clearance. The reasoning, the think they can stop the next Ed Snowden this way. They want to catch the next Chealsy Manning before he makes his play and sends stuff to Wikileaks or whoever.

Be careful what you wish for, just think it through.
 
So, AT&T is adamantly AGAINST the government governing aspects of the industry when it's THEIR product (Net Neutrality), but when it's someone else's that THEY don't have control over, Congress now needs to step in.

I haven't taken a side on the issue just yet due to the lack of knowledge regarding the arguments of the two sides, but the contradiction here seems a bit hard to ignore.
 
So, AT&T is adamantly AGAINST the government governing aspects of the industry when it's THEIR product (Net Neutrality), but when it's someone else's that THEY don't have control over, Congress now needs to step in.

I haven't taken a side on the issue just yet due to the lack of knowledge regarding the arguments of the two sides, but the contradiction here seems a bit hard to ignore.

What argument could there possibly be to justify making encryption of personal devices have back doors for the government to get into?
 
Darunion, Thank You, I know this isn't a capitulation, that all of a sudden you don't agree with me on all things. But even one person who will acknowledge my comments allows a discussion.
 
Darunion, Thank You, I know this isn't a capitulation, that all of a sudden you don't agree with me on all things. But even one person who will acknowledge my comments allows a discussion.

And the best thing we can do even as a few simple people in this country (or anywhere for that matter) is to discuss things. It is healthy to have opinions and be forced or compelled to defend them as it can help you see both sides and also to help one better understand their own opinion.

I know I am not one to really want the government to have more 'power' but in this case I think my strongest stance is that no company should decide any government policy, they can argue their case but that is it.

Also, if all our phones have a way to be opened, so does everyone in the government. We need to stop thinking of them as some kind of unhuman overlords, they are citizens like the rest of us.
 
So, AT&T is adamantly AGAINST the government governing aspects of the industry when it's THEIR product (Net Neutrality), but when it's someone else's that THEY don't have control over, Congress now needs to step in.

I haven't taken a side on the issue just yet due to the lack of knowledge regarding the arguments of the two sides, but the contradiction here seems a bit hard to ignore.

I understand what you are saying, but I think it's apples and oranges. One the one hand we have an issue that is based on communications, services, and falls under interstate commerce. The other issue is related to our privacy rights but has an impact on our legal system and our ability to seek redress either criminally or civilly as well as our ability to find out what the government is doing as well.

I think that if what Apple is doing is allowed to stand, even the government will find a way to use it. Then even the Freedom of Information Act will become a useless piece of history.
 
I left AT&T for good reason: their CEO. As it turns out, he's still an idiot jackass. Good to have my decision reinforced.
 
I've always felt that the government does far more harm by blundering around just doing things stupidly then by grand evil design. The Federal Gov is too big and into way too much, way too deeply. Like an elephant in a hamster run, it can't move or sit without hurting someone.

Apple said what they thought on this issue awhile back. I figure taking a part in the discussion is better then being silent and leaving us all without support. From their actions they have made their point clear, "if you don't start caring about people's privacy we'll start making things uncomfortable enough that you can't ignore us anymore". That's how I read it. But I can't see this staying the way it is, and I don't think this is what we really want. We have way too many smart people not to be able to come up with a real solution that meets our needs both for personal privacy and electronic security and our need to have the government and the courts be able to work in our best interests without causing us harm.
 
There should be a US Government issued application for phones and computers which allow the American people to directly cast votes on all matters that come before Congress. The citizens should be able to override Congress and the President., and enact or veto any bill or executive order they chose.

Things weren't set up the way they were because of horse and buggy limitations. They were set up the way they were so population centers wouldn't wind up shouting down the people who didn't live int he population centers. The point was to temper the possibility of mob rule.
 
Oh, and I really want industry to be in on that solution, I sure don't want the government to be forced to solo it because someone can't get their ass out of the moral high ground seat.

This requires the government, industry, and I would recommend involvement by privacy rights advocacy groups.
 
“I don’t think it is Silicon Valley’s decision to make about whether encryption is the right thing to do. I understand Tim Cook’s decision, but I don’t think it’s his decision to make”… I personally think that this is an issue that should be decided by the American people and Congress, not by companies.”

Don't I have a say in this? It is my phone after all.
 
Maybe, but Congress is the law making body of our government and at least one house is supposed to represent the little guys.
Except this hasn't been true for a long time now. Congress represents big money interests. Interests of the "little guys" have essentially no bearing on Congress' decisions anymore.

https://www.youtube.com/watch?v=5tu32CCA_Ig

You won't be able to sue anyone and get anywhere if the law suite relies in digital records. Forget suing a hospital or doctor for malpractice, forget suing an investment company for your lost savings, forget any chance for justice against any kind of corporate misdeed or excess. And forget trying to get anything from the Freedom of Information Act because if business is going to get away with murder you can bet the government will be right there with them.
I think you're making a big jump here. We're talking about individuals with cell phones having encrypted data. Let's say you wish to sue a company because of wrongdoing. Fine, their records should be accessed by the court. The court can't access them because of encryption and the parent company refuses to unlock them? Well whoop de doo, now they're going to hit with a new charge for obstruction of justice and the people involved will be receiving jail time. In a situation like that, having encrypted records isn't any different than a company shredding incriminating paper documents in the past. In other words, the company is facing charges either way.

If you guys can't see that allowing anyone to make the claim that electronic data stored at rest, phone records, whatever it might be, is a bad idea. That the data can't be retrieved when legally required is a massive threat to all our institutions that goes way beyond paranoia and fear of government surveillance, then you just don't possess the mental ability to see the issue for what it is.
Again, if the data is legally required to be accessed and the person responsible for the encryption refuses to do so, then that's obstruction of justice and is a criminal charge also. Maybe I'm misunderstanding the issue here, but if somebody wants their files encrypted, they can encrypt them, the end. Mandating that companies provide a backdoor for the government to access them I guess will help us prosecute the dumber criminals out there, but comes at a cost of compromising data security.

Keep being derisive of the issue, spit the words criminal and terrorist all you want, ignore that this goes way beyond those narrow implications, and then be amazed when things don't go the way you thought and then be even more hateful of the government for not looking out for you, the citizen, when you can't even comprehend the issue at hand and can't be asked to think of it in broader terms.
Are you replying to someone else now or something?
 
Things weren't set up the way they were because of horse and buggy limitations. They were set up the way they were so population centers wouldn't wind up shouting down the people who didn't live int he population centers. The point was to temper the possibility of mob rule.

Agreed. besides, the way people get, you would never be able to take any rapid action on anything because the populace is emotional on many topics. We are so crazy polarized today, everyone has to have or assign a tag to people. Liberal, conservative, SJW, shill, the list is too extensive to continue. You'd never get them to think before they clicked.
 
I understand what you are saying, but I think it's apples and oranges. One the one hand we have an issue that is based on communications, services, and falls under interstate commerce. The other issue is related to our privacy rights but has an impact on our legal system and our ability to seek redress either criminally or civilly as well as our ability to find out what the government is doing as well.

I think that if what Apple is doing is allowed to stand, even the government will find a way to use it. Then even the Freedom of Information Act will become a useless piece of history.

I can certainly see that point, and it certainly does hold weight. It's just hard to accept the argument coming for AT&T.

I'm not trying to suggest they should be excluded from government services simply because of their stance on Net Neutrality, or anything of the sort. Even someone who disagrees with a law still deserves to be protected by other aspects of the law - or even the very law they disagreed with. It's all about credibility.

It's just hard to accept CEO Stephenson as an authority on Tech Industry Policy and how the industry should be working with the government given his previous stances which the industry has greatly been against. If the exact same argument was coming from CEO Pichai of Google, it would hold a thousand times more weight, due to the credibility. In my mind, and the mind of many others, we listen to these words from Stephenson with immediate skepticism at best simply because his credibility on such issues have been shot.
 
Depending on which side of the debate you are on, you will totally agree with what AT&T's CEO just said or you will call for his head on a platter. There doesn't seem to be much middle ground in this debate.

“I don’t think it is Silicon Valley’s decision to make about whether encryption is the right thing to do. I understand Tim Cook’s decision, but I don’t think it’s his decision to make”… I personally think that this is an issue that should be decided by the American people and Congress, not by companies.”

He's kinda right....I just hope congress doesn't pass it and if they do I hope the SCOTUS overturns it.
 
Maybe, but Congress is the law making body of our government and at least one house is supposed to represent the little guys. I actually agree with Tim Cook, I don't want the government to allow Apple to get away with what they are doing because the result is not in our best interest.

If Apple does get away with what they have done then in short, all anyone has to do is store all their data in cloud based services which offer encryption and data at rest encryption with no possibility of accessing the data themselves and no one will be able to get to that data even with a warrant or subpoena. Business will call it a cost saving measure that's also great for attracting customers and no one will ever be able to prove anyone has done anything wrong again.

All they have to do is store it in their brain and keep their mouth shut and the government can't get the information.

All they have to do is encrypt the data themselves before uploading it and the government can't access it...or are you suggesting that all encryption should have back doors (even offline encryption)?
 
I think you're making a big jump here. We're talking about individuals with cell phones having encrypted data. Let's say you wish to sue a company because of wrongdoing. Fine, their records should be accessed by the court. The court can't access them because of encryption and the parent company refuses to unlock them? Well whoop de doo, now they're going to hit with a new charge for obstruction of justice and the people involved will be receiving jail time. In a situation like that, having encrypted records isn't any different than a company shredding incriminating paper documents in the past. In other words, the company is facing charges either way.

No, we are talking about a company who stores people's data in a manner that the encrypted data can not be retrieved under court order. Don't try and hide or misrepresent it by dodging the end result, you'll just be fooling yourself.

Now if this is Apple's ploy to maneuver the government into a position so that they can have greater impact if or when they decide to play along with requests on joint solution development, fine. I can see it.

But I think people who see this only on the surface as "Apple standing up for the little guy" and who stick to the idea that it's all or nothing, full encryption as Apple says they provide now or it's just tyranny, I think they are going to be very unhappy when things change because I am pretty sure it must change.

Maybe I am wrong, but I don't think so and no one has convinced me that I am yet.
 
Apple is claiming they can't access the data even with a warrant. that is the problem.

Same goes for spideroak. They don't know my password and thus they can't decrypt the data.

And no company is going to store all of their data using iCloud. If they encrypt, they'll likely do it on their end, and any back door on that means it's a backdoor that anyone can access if they figure it out.
 
Corporations have reporting structures.. they can't stop filing taxes or responding to subpoenas: "because encryption" That's just silly. Whistleblowers will have an easier job capturing data and hiding it in this case. Stop using tech as a foil for things that are social engineering problems.

to no one in general or specific..
 
All they have to do is store it in their brain and keep their mouth shut and the government can't get the information.

All they have to do is encrypt the data themselves before uploading it and the government can't access it...or are you suggesting that all encryption should have back doors (even offline encryption)?

Right now the government requires business to produce data and records on demand by the courts. They are required to maintain specific things for this purpose depending on the industry involved. Already anyone can take a file on their phone, encrypt it themselves, and not even their provider can decrypt it if the encryption is decent enough, whether it's on the phone or on the company storage systems. But if that company can't produce the required records and data, they will be in violation of those laws.

That isn't the issue though. The issue is whether all the data on the phone, what the phone transmits and receives, and what is stored as data at rest on the company's storage systems is encrypted in a manner that it can't be retrieved under court order.

Now people can argue about the validity behind some court orders but that is actually a different discussion and has no bearing here. Ideally, as intended, a court order is suppose to be something that represents a legal and fully justifiable demand for information. It's supposed to be for a good reason and with reasonable justification, good enough that it "warrants" intrusion into a person's privacy. It should pass a test, "in this case, would you or I think it's a good idea to dig into this person's life?"

Right now, Apple would make this very hard to do, they claim, impossible.
 
Same goes for spideroak. They don't know my password and thus they can't decrypt the data.

And no company is going to store all of their data using iCloud. If they encrypt, they'll likely do it on their end, and any back door on that means it's a backdoor that anyone can access if they figure it out.

Many companies already store all their data in icloud, mine does and they are a defense contractor. The are so small they have contracted everything out to cloud based services, Office 365 handles all our productivity needs for typical Office apps, Zenefits for HR and benefits management, Payroll and finance via Paychex and the prime contractor uses DelTek.

Communications between the user and the business service is encrypted, data at rest is encrypted, but it's two separate encryption schemes, not one where these cloud based companies store the data with the user's keys and can't retrieve it, the way Apple is doing.
 
Right now the government requires business to produce data and records on demand by the courts. They are required to maintain specific things for this purpose depending on the industry involved. Already anyone can take a file on their phone, encrypt it themselves, and not even their provider can decrypt it if the encryption is decent enough, whether it's on the phone or on the company storage systems. But if that company can't produce the required records and data, they will be in violation of those laws.

That isn't the issue though. The issue is whether all the data on the phone, what the phone transmits and receives, and what is stored as data at rest on the company's storage systems is encrypted in a manner that it can't be retrieved under court order.

If it's a company phone, I believe the court can order the company to turn over those records. Now the employee could refuse (maybe he'd be incriminated), but he'd be fired as a result. If all employees did that, I think any civil case will go against them.


Now people can argue about the validity behind some court orders but that is actually a different discussion and has no bearing here. Ideally, as intended, a court order is suppose to be something that represents a legal and fully justifiable demand for information. It's supposed to be for a good reason and with reasonable justification, good enough that it "warrants" intrusion into a person's privacy. It should pass a test, "in this case, would you or I think it's a good idea to dig into this person's life?"

Right now, Apple would make this very hard to do, they claim, impossible.

Actually it's the same argument. I'm unwilling to give on this, because I know the government will abuse the system you propose. It's better to take it out of their hands completely.

In the end, it comes down to libertarian (not to be confused with Libertarian) vs authoritarian. Obviously a lot of people choose the latter (thus the popularity of Trump), but I do not.

The feds constantly prove that given an inch they'll take 10 miles (why stop at a mile).
 
Sure, it's a good idea to make individuals with no technical expertise decide on something technical.
 
If it's a company phone, I believe the court can order the company to turn over those records. Now the employee could refuse (maybe he'd be incriminated), but he'd be fired as a result. If all employees did that, I think any civil case will go against them....

It would seem your statement here falls right in line with what I am trying to say.

You are correct, it is standard practice for a company to encrypt data on company phones. They also usually go with phones which, if lost or stolen, can be remotely wiped.

If a Court demands data from an employees phone the business would have to comply or face some real trouble. But if the company uses iPhone 6s for their business, all that data is encrypted and can only be accessed by the employee who used the phone. That means the company can't comply and by law, if it's too much trouble and unreasonable, they don't have to. To me, there is a problem with this.

My daughter had a stroke, her doctor sent her home, said it wasn't a stroke even though she had an episode right in front of him in the emergency room. The symptoms were undeniably stroke like, they did not perform an MRI because they don't have the expertise to interpret the data, they have it done by St. Joseph's in Tucson, 70 miles away. He didn't know what her problem was but he did have stroke symptoms and failed to take any action, including sending her to Tucson. It's been a year since and my kid is still fucked up from this stroke, can't work, can't drive. Now it's a malpractice case.

If the lawyers can show that the doctor discounted her as a stroke victim because of her young age, my kid will win a settlement. If this guy was texting a superior and evidence of this is on his phone or in his stored data, my kid should win.

I am glad this happened over a year ago and maybe he didn't have a iPhone 6 and the latest OS yet.

Now you should be able to see where I am coming from.
 
Sure, it's a good idea to make individuals with no technical expertise decide on something technical.

You know, I would think by now you would know that they don't come to these decisions without going through people that are technical and after consulting technical research.

You know who makes such claims? The other party does. The other party says so and so voted this way and we had this failure, and the politician doesn't know anything about x. But that's not really truthful, it just wins votes.

They hire specialists, employ think tanks, etc, and sometimes things work and frequently they are mismanaged. But usually the failure really isn't tied to who voted to do what, it's usually a lot closer to where the failure actually occurred.

The contract I am working on is in just this kind of trouble, great team on the ground, crappy management from our company leadership coupled with poor performance from the government "customer". We need guidance and requirements in order to give them what they need and they either can't decide on what they want or won't, or at the least, won't communicate it. It's seriously starting to impact production, production is pointing fingers at us in the infrastructure IT team, and the leaders are asking us hard questions and refusing to get it into their heads that they are where the real problem is, the rest is just symptom. Government contracts frequently run like this.
 
Back
Top