Apple ataca o lege britanica menita sa reduca securitatea iOS


Apple securitate date iOSGuvernul Marii Britanii intentioneaza sa introduca o lege care i-ar usura munca de a-i spiona pe cetateni si de a obtine acces usor la datele digitale ale acestora, legea fiind prezentata luna trecuta in Marea Britanie.

In baza acestei legi, toate sistemele de operare ar trebui sa aiba o portita prin care autoritatile britanice sa poata accesa datele existente in ele, deci Apple ar trebui sa poata accesa informatii din iMessage, FaceTime sau orice alt sistem existent in iOS in momentul de fata.

Toate aceste prevederi contravin recentei strategii Apple privind securitatea datelor utilizatorilor, asa ca noaptea trecuta cei din Cupertino au publicat o scrisoare deschisa in care isi exprima dezacordul in legatura cu legsilatia pregatita de catre britanici.

Apple sustine ca aceasta legislatie va afecta toti cetatenii de rand ale caror date nu mai sunt sigure si totul pentru efortul autoritatilor fiind de a combate terorismul practicat de catre foarte putine persoane, insa aceste persoane putine ca numar pot face foarte mult rau lumii intregi.

Apple explica in document ca desi multa lume crede ca e usor sa faci un sistem de operare care sa contina portite de acest gen, in realitate toti utilizatorii sunt vulnerabili in fata hackerilor deoarece autoritatile au nevoie de acces la tot si din cauza vulnerabilitatilor toata lumea va fi afectata.

Mai jos aveti intreaga scrisoare publicata de catre compania Apple.



The bill threatens to hurt law-abiding citizens in its effort to combat the few bad actors who have a variety of ways to carry out their attacks. The creation of backdoors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers. A key left under the doormat would not just be there for the good guys. The bad guys would find it too.

Some have asserted that, given the expertise of technology companies, they should be able to construct a system that keeps the data of nearly all users secure but still allows the data of very few users to be read covertly when a proper warrant is served. But the Government does not know in advance which individuals will become targets of investigation, so the encryption system necessarily would need to be compromised for everyone.

The best minds in the world cannot rewrite the laws of mathematics. Any process that weakens the mathematical models that protect user data will by extension weaken the protection. And recent history is littered with cases of attackers successfully implementing exploits that nearly all experts either remained unaware of or viewed as merely theoretical.

The bill would attempt to force non-UK companies to take actions that violate the laws of their home countries. This would immobilise substantial portions of the tech sector and spark serious international conflicts. It would also likely be the catalyst for other countries to enact similar laws, paralysing multinational corporations under the weight of what could be dozens or hundreds of contradictory country-specific laws.

Those businesses affected will have to cope with a set of overlapping foreign and domestic laws. When these laws inevitably conflict, the businesses will be left having to arbitrate between them, knowing that in doing so they might risk sanctions. That is an unreasonable position to be placed in.

If the UK asserts jurisdiction over Irish or American businesses, other states will too. We know that the IP bill process is being watched closely by other countries. For the consumer in, say, Germany, this might represent hacking of their data by an Irish business on behalf of the UK state under a bulk warrant – activity which the provider is not even allowed to confirm or deny. Maintaining trust in such circumstances will be extremely difficult.