Written by Nick Heer.

Archive for February, 2016

Twitter Hires Natalie Kerris for PR

Kurt Wagner, Recode:

CEO Jack Dorsey on Monday tweeted that the company has hired former Apple comms exec Natalie Kerris as its new VP of global communications. Re/code reported last month that Kerris was close to being hired. Now it’s official.

The announcement comes a month after Twitter lost a sizable portion of its executive team — and seven months after it fired former communications lead Gabriel Stricker, who has since landed at Google-owned Fiber.

Kerris used to work at Apple, so that might explain why she has posted just 313 tweets since she joined in June 2009. For comparison, other Twitter executives — with the exception of Dorsey — don’t fare much better: CAO Robert Kaiden has tweeted just 29 times since he joined in March last year; general counsel Vijaya Gadde is at 1,768 tweets since April 2009; CTO Adam Messinger has tweeted 2,894 times since March 2007.

Volume may not be the best metric here, but when even a CTO has tweeted less often than once per day since he joined the service, perhaps there’s a clear reason for their increasingly off-putting product decisions: they don’t use it.

The iPad-Only Life

As most of you know, Federico Viticci has gone (practically) iPad-only for a year now and it’s only getting better for him:

OS X is a fantastic desktop operating system, but it runs on machines that increasingly don’t fit the lifestyle of users who, like me, can’t sit down at a desk every day. I can’t (and I don’t want to) depend on Macs anymore because I want a computer that can always be with me. The majority of the world’s population doesn’t care about Xcode. I want to use an OS without (what I see as) cruft of decades of desktop conventions. I want powerful, innovative apps that I can touch. An iPad is the embodiment of all this.

After a few years of rather mopey iPad investment, it feels like Apple has recommitted to the platform in a meaningful way. iOS 9 was a real kick in the pants, and I hope that only accelerates with iOS 10. There are still notable gaps in obvious workflows, as Viticci freely points to, but working solely on an iPad is not a ridiculous notion — Viticci and others prove that regularly.

Apple, China, the FBI, and the NYT

Katie Benner and Paul Mozer, New York Times:

In China, for example, Apple — like any other foreign company selling smartphones — hands over devices for import checks by Chinese regulators. Apple also maintains server computers in China, but Apple has previously said that Beijing cannot view the data and that the keys to the servers are not stored in China. In practice and according to Chinese law, Beijing typically has access to any data stored in China.

If Apple accedes to American law enforcement demands for opening the iPhone in the San Bernardino case and Beijing asks for a similar tool, it is unlikely Apple would be able to control China’s use of it. Yet if Apple were to refuse Beijing, it would potentially face a battery of penalties.

Analysts said Chinese officials were pushing for greater control over the encryption and security of computers and phones sold in the country, though Beijing last year backed off on some proposals that would have required foreign companies to provide encryption keys for devices sold in the country after facing pressure from foreign trade groups.

This story — and, in particular, these paragraphs — are very similar to those subtly removed from an article the Times previously published. This is a welcome expansion and deeper dive into the natural consequences of Apple’s capitulation to the FBI’s unreasonable demands. Still, it remains a little odd that the article from which it was derived and expunged lacks any sort of notice of correction.

Strategy Analytics Estimates Decent Apple Watch Sales Figures for 2015

Joe Rossignol, Macrumors:

The latest data from Strategy Analytics reveals that the Apple Watch remained the most popular smartwatch through the fourth quarter of 2015, capturing 63 percent global market share based on an estimated 5.1 million sales in the three-month period. […]

Strategy Analytics previously estimated Apple Watch sales at 4 million in the second quarter, and 4.5 million in the third quarter, meaning that Apple sold an estimated 13.6 million Apple Watch units overall in 2015.

It’s important to note that these are estimates — Apple is not yet reporting sales of the Watch. Furthermore, Tim Cook earlier this month said only that holiday quarter Watch sales exceeded that of the original iPhone. I interpreted this to mean that sales fell somewhere between that of the original iPhone and the 3G; otherwise, it seems likely to me that he would have used the latter figure.

Nevertheless, over 13 million Apple Watches shipped in the first three quarters is nothing to sneeze at, especially for a pricey accessory. For comparison, it took the iPhone over twice as long to sell as many.

LG’s Next Phone Rumoured to Feature Expansion Slots

Evan Blass, VentureBeat:

As we reported last month, the G5 features a so-called Magic Slot at the bottom of the device; CNET Korea later provided a graphic elucidating the concept (pictured above), which also allows the battery to be swapped out. Initially, LG is only allegedly planning to show off two modules compatible with the slot: a battery grip for photography and digital audio chip (DAC) for improved sound quality.

Remember the days of expansion slots and bays on computers? Remember device drivers? Remember managing device drivers? Should be fun.

More Links About the Apple-FBI Story

Spencer Ackerman and Danny Yadron, reporting for the Guardian:

The FBI accused Apple of prioritizing its public relations strategy over a terrorism investigation on Friday in a significant escalation of this week’s war between the tech company and the law enforcement agency. […]

“Apple’s current refusal to comply with the Court’s Order, despite the technical feasibility of doing so, instead appears to be based on its concern for its business model and public brand marketing strategy,” Justice Department attorneys wrote in the Friday filing.

Katie Benner and Nicole Perlroth, New York Times:

Apple had asked the F.B.I. to issue its application for the tool under seal. But the government made it public, prompting Mr. Cook to go into bunker mode to draft a response, according to people privy to the discussions, who spoke on condition of anonymity. The result was the letter that Mr. Cook signed on Tuesday, where he argued that it set a “dangerous precedent” for a company to be forced to build tools for the government that weaken security.

Apple asked for a private discussion and the FBI made it public. And now they’re accusing Apple of treating it as a PR move. Outrageous.

Security researcher and forensic scientist Jonathan Zdziarski:

Not only is Apple being ordered to compromise their own devices; they’re being ordered to give that golden key to the government, in a very roundabout sneaky way. What FBI has requested will inevitably force Apple’s methods out into the open, where they can be ingested by government agencies looking to do the same thing. They will also be exposed to private forensics companies, who are notorious for reverse engineering and stealing other people’s intellectual property. Should Apple comply in providing a tool, it will inevitably end up abused and in the wrong hands.

Finally, Michael Riley and Jordan Robertson for Bloomberg:

Silicon Valley celebrated last fall when the White House revealed it would not seek legislation forcing technology makers to install “backdoors” in their software — secret listening posts where investigators could pierce the veil of secrecy on users’ encrypted data, from text messages to video chats. But while the companies may have thought that was the final word, in fact the government was working on a Plan B.

In a secret meeting convened by the White House around Thanksgiving, senior national security officials ordered agencies across the U.S. government to find ways to counter encryption software and gain access to the most heavily protected user data on the most secure consumer devices, including Apple Inc.’s iPhone, the marquee product of one of America’s most valuable companies, according to two people familiar with the decision.

The approach was formalized in a confidential National Security Council “decision memo,” tasking government agencies with developing encryption workarounds, estimating additional budgets and identifying laws that may need to be changed to counter what FBI Director James Comey calls the “going dark” problem: investigators being unable to access the contents of encrypted data stored on mobile devices or traveling across the Internet. Details of the memo reveal that, in private, the government was honing a sharper edge to its relationship with Silicon Valley alongside more public signs of rapprochement.

High stakes.

Update: John Paczkowski:

Apple: Within 24 hours of govt taking possession of SB shooter’s phone, Apple ID pass was changed—backup may have been accessible prior

Be sure to read his report — it’s damning, and also revealing in how iCloud backups are supposedly encrypted:

The executives said the company had been in regular discussions with the government since early January, and that it proposed four different ways to recover the information the government is interested in without building a back door. One of those methods would have involved connecting the phone to a known wifi network.

This would have initiated an iCloud backup; however:

Apple sent engineers to try that method, the executives said, but the experts were unable to do it. It was then that they discovered that the Apple ID password associated with the phone had been changed.

An astonishing mishandling of this case. And yet, notice that Apple says that they would have been able to recover the requested data had the iPhone been allowed to back up to iCloud.

NYT Pulls Mentions of China From Article About Apple’s Encryption Case

There’s no notice of correction on the original article, nor any indication that the article was edited. 790 AM — “Talk That Rocks” — of Las Vegas also has a mirror of the article, if you’d like secondhand proof:

China is watching the dispute closely. Analysts say that the Chinese government does take cues from the United States when it comes to encryption regulations, and that it would most likely demand that multinational companies provide accommodations similar to those in the United States.

Last year, Beijing backed off several proposals that would have mandated that foreign firms provide encryption keys for devices sold in China after heavy pressure from foreign trade groups. Nonetheless, a Chinese antiterrorism law passed in December required foreign firms to hand over technical information and to aid with decryption when the police demand it in terrorism-related cases.

While it is still not clear how the law might be carried out, it is possible a push from American law enforcement agencies to unlock iPhones would embolden Beijing to demand the same. China would also most likely push to acquire any technology that would allow it to unlock iPhones. Just after Apple introduced tougher encryption standards in 2014, Apple users in China were targeted by an attack that sought to obtain login information from iCloud users.

This seems like a rather important discussion topic. It’s perplexing why the Times would choose to remove it; doubly so considering it’s a silent edit. This article apparently appeared on page A1 of the print edition today, too. If you’re a print subscriber, please let me know if it appear in print with the China-related paragraphs.

A Profile of Apple SVP of Hardware Technologies Johny Srouji

Brad Stone, Adam Satariano, and Gwen Ackerman, for Bloomberg:

Srouji recently spent several hours with Bloomberg Businessweek over several days and guided a tour of Apple chip facilities in Cupertino, Calif., and Herzliya, Israel. This was, no doubt, strategic. Investors have battered Apple stock over the past year, sending it down more than 25 percent. Most people are already pretty satisfied with their phones, the criticism goes, and aren’t compelled to spend an additional few hundred bucks on an upgrade. (In March, Apple intends to announce an updated iPad and smaller-screen iPhone featuring the latest A9x and A9 chips, according to a person familiar with the plans, who wasn’t authorized to comment publicly.)

Apple’s usual response is to point to Jony Ive and his team of fastidiously cool, Wallabee-shod industrial designers, or to highlight elegantly tooled aluminum or an app or some new feature or gadget. There’s always something new to show off. But none of that has ever explained anything about a crucial part of Apple’s profit machine: its chips.

“I think it’s too good of a story not to be told at this stage,” Srouji says. “Hopefully, we won’t reveal too much.”

True to form, very little is revealed in this interview. There is, however, a terrific explanation and a bit of a peek into the rigorous challenges that must be overcome to bring a new A-series chip to market, and a few telling responses as to what Apple will do next with their rapid rise in silicon prowess.

RIP, Error 53

Matthew Panzarino, TechCrunch:

Today, Apple is issuing an updated version of iOS 9.2.1 for users that update their iPhones via iTunes only. This update will restore phones ‘bricked’ or disabled by Error 53 and will prevent future iPhones that have had their home button (or the cable) replaced by third-party repair centers from being disabled. Note that this is a patched version of iOS 9.2.1, previously issued, not a brand-new version of iOS.

Apple posted a support document about two weeks ago — that is, on the same day as the Guardian report was published — with instructions on how to fix the issue.

They’ve also issued a statement to TechCrunch:

We apologize for any inconvenience, this was designed to be a factory test and was not intended to affect customers. Customers who paid for an out-of-warranty replacement of their device based on this issue should contact AppleCare about a reimbursement.

Numerical error codes are always vastly less preferential to succinct explanations of what went wrong. iTunes is especially full of ambiguous numerical errors — I’ve run into many over the years, with one fairly notable incident. Apple makes available a giant list of plain-English responses to different error codes, so I don’t see why that explanation isn’t in the message itself.

Apple’s Privacy Stance Draws Weak-Ass Copycat Peer Responses

Nick Wingfield and Mike Isaac, New York Times:

Late on Wednesday, Sundar Pichai, the chief executive of Google, said on Twitter that law enforcement demands to hack customer devices and data “could be a troubling precedent.” Not long afterward, Reform Government Surveillance, a coalition formed by Apple, Google, Microsoft and Facebook, released a broad statement that did not mention the Apple case or Mr. Cook’s letter but said technology companies should not be required to put “back doors” — the equivalent of a tech entryway — into their products.

Asked about Apple’s opposition to the court order, representatives of Microsoft, Twitter and Facebook declined to comment. A spokesman for Amazon, which is not in the coalition, also declined to comment.

Amazon and Microsoft both have significant government Department of Defence and Department of Justice contracts, so it’s sadly unsurprising that they failed to have Apple’s back here. But the rest of the industry’s response is detestably weak; if it were any more watered-down, Silicon Valley would be a lake right now.

Update: Christopher Soghoian:

It’s easy to forget that months before Apple expanded iOS encryption, DOJ was still arguing warrants weren’t necessary to search phones.

How time flies.

Health and Privacy at Work

Rachel Emma Silverman, Wall Street Journal:

Employee wellness firms and insurers are working with companies to mine data about the prescription drugs workers use, how they shop and even whether they vote, to predict their individual health needs and recommend treatments. […]

Credit scores can also suggest whether an individual will be readmitted to the hospital following an illness, he says. Those with lower credit scores may be less likely to fill prescriptions and show up for follow-up appointments, adds Dr. Greenspun.

Welltok Inc., whose clients include Colorado’s state employees, has found that people who vote in midterm elections tend to be healthier than those who skip them, says Chris Coloian, the firm’s chief solutions officer.

Given enough data, one can make virtually anything statistically relevant. The difference here is that the companies responsible for this are digging into extremely sensitive data and trying to inform employees’ health decisions. Like this:

To determine which employees might soon get pregnant, Castlight recently launched a new product that scans insurance claims to find women who have stopped filling birth-control prescriptions, as well as women who have made fertility-related searches on Castlight’s health app.

That data is matched with the woman’s age, and if applicable, the ages of her children to compute the likelihood of an impending pregnancy, says Jonathan Rende, Castlight’s chief research and development officer. She would then start receiving emails or in-app messages with tips for choosing an obstetrician or other prenatal care. If the algorithm guessed wrong, she could opt out of receiving similar messages.


Note: I’m linking to the Google redirect; if it doesn’t work, try the original article link.

Spying on Apple

Speaking of the Department of Justice’s obsession with Apple, Jeremy Scahill and Josh Begley reported in an article last year for the Intercept on the CIA’s attempts to break their security measures:

By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption. […]

The documents do not address how successful the targeting of Apple’s encryption mechanisms have been, nor do they provide any detail about the specific use of such exploits by U.S. intelligence. But they do shed light on an ongoing campaign aimed at defeating the tech giant’s efforts to secure its products, and in turn, its customers’ private data.

Apparently, iOS 9 — which was announced and released well after this article was published — made internal encryption far more difficult to break.

Establishing Precedent

Megan Cassella reporting for Reuters:

The court ruling ordering Apple Inc. to help unlock an iPhone belonging to one of the San Bernardino attackers represents just one case, the White House said on Wednesday, emphasizing that the U.S. Department of Justice is asking the tech giant for access to a single device.

In a briefing with reporters, White House spokesman Josh Earnest deferred to the Justice Department but said it’s important to recognize that the government is not asking Apple to redesign its product or “create a new backdoor to its products.”

It is entirely disingenuous for the DOJ to claim that this is only about this single iPhone. This order is about establishing a precedent for future cases, and that explains Apple’s opposition to it. Here’s the actual text from the order:

[Provide] the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File (“SIF”) that can be loaded onto the SUBJECT DEVICE. The SIF will load and run from Random Access Memory (“RAM”) and will not modify the iOS on the actual phone, the user data partition or system partition on the device’s flash memory. The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE. The SIF will be loaded via Device Firmware Upgrade (“DFU”) mode, recovery mode, or other applicable mode available to the FBI. Once active on the SUBJECT DEVICE, the SIF will accomplish the three functions specified in paragraph 2. The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility; if the latter, Apple shall provide the government with remote access to the SUBJECT DEVICE through a computer allowed the government to conduct passcode recovery analysis.

That’s a request for Apple to build a master key. It cannot be done for this device alone; there’s no reason that firmware could not be used against any other pre-5S iPhones. The notion that Apple could code “a unique identifier […] so that the SIF would only load and execute on the SUBJECT DEVICE” is revealing in its ignorance.

Update: According to Matthew Panzarino, the proposed solution would compromise the security of all iPhones, not just those without secure enclaves.

Tim Cook Responds to the Court’s Order

Tim Cook:

We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

I can think of no other company taking such a strong and eloquent stance on customer privacy.

Notes on Apple’s Ordered Intrusion of the San Bernardino iPhone

Robert Graham of Errata Security:

The second hurdle is that the phone asks for a passcode during an update. I updated my old iPhone 5 to verify this. Right between the update steps, it asked for the passcode. I’m not sure who asked for it. Was it the older iOS version, preventing an update? Or was it the new iOS version, asking to verify the new update. In the first case, it’s not something Apple can change, but in the second case, it’s something Apple can fix to comply with the FBI’s request.

I was using iTunes. Apparently, there are other tools out there (used for repair shops and factories) that are more efficient, and which may be able to bypass a security check.

I’m more interested in the moral and legal precedents this case is setting, but the technical angle is fascinating. Maybe it’s possible to decrypt the onboard storage because it’s an older phone, but Apple began doing full-device encryption back with the iPhone 3GS and made it more robust with each generation. The secure enclave in iPhones 5S and newer was a significant leap forward, but I wouldn’t be surprised if this was technically unfeasible.

One small correction, though:

Lastly, the older iOS 8 defaulted to 4 digit passcodes, and merely a long delay (but not erasure) between attempts. There’s a good chance this is how the phone was configured. Which means that an intern with the phone will eventually be able to decrypt it.

The original article specifically states that the iPhone in question was the owner’s work phone, so it’s not unlikely that there was a managed profile on it mandating erasure after ten attempts.

Update: The headline of this link has been updated for clarity.

Judge Rules That Apple Must Help Decrypt Terrorist’s iPhone

Tami Abdollah and Eric Tucker, for the Associated Press:

A U.S. magistrate ordered Apple Inc. on Tuesday to help the Obama administration hack into an encrypted iPhone belonging to one of the shooters in the December attack in San Bernardino, California, in a first-of-its-kind ruling that pits digital privacy against national security interests.

The ruling by Magistrate Judge Sheri Pym, a former federal prosecutor, requires Apple to supply highly specialized software the FBI can load onto the county-owned work iPhone to bypass a self-destruct feature, which erases the phone’s data after too many unsuccessful attempts to unlock it. The FBI wants to be able to try different combinations until it finds the right one.

Back in September, some of Apple’s encryption features were put to a legal test, but that seems to have largely revolved around the security of iCloud Backups. This appears to be something entirely different, as the phone was backed-up to iTunes, according to the article.

So let’s look at the possibilities. What if Apple can comply? That would fly in the face of pretty much everything they’ve said publicly on the matter, and would seriously harm their reputation on matters of security.

Or, conversely, what if this is — as Apple has repeatedly said — not technically possible? What if they truly have built a system so secure that they do not have a “back door” and disable its automatic erase feature? Tim Cook has held a very firm stance that he will not accept any attempt to undermine the integrity of any of Apple’s services or software. What if this demand is, quite simply, impossible?

Craig Mod Reviews the Leica Q

Craig Mod:

Make no mistake: The Q is a surgical, professional machine. It pairs best-of-class modern technology (superb autofocus, an astounding electronic view finder, workable ISOs up to and beyond 10,000, a fast processor, beefy sensor) with a minimalist interface packed into a small body, all swaddled in the iconic industrial design for which Leica has become famous. The result is one of the least obtrusive, most single-minded image-capturing devices I’ve laid hands on.

Like all Leicas, the Q is beyond the reach of many casual photographers, but the images it produces — in the hands of a capable photographer like Mod — are absolutely stunning. This is the kind of review that tempts you to drop several thousand dollars that you may not have on a camera that you do not need, and purchase plane tickets to a country where you don’t speak the language, all in an excuse to exercise the technical limitations of the camera in search of your creative limits, or perhaps the other way around.

Proper Support for Apple Pay in Canada Is Getting Closer

Gary Ng:

PassKit source code within iOS 9.2.1 contains references to “NetworkInterac”, which is definitely evidence Apple Pay support from Canadian banks may be coming soon (thanks @chasefromm2016). […]

With Interac support from major Canadian banks, this would also likely include Visa and MasterCard support too, if it were to become available. Currently, Apple Pay in Canada only supports cards issued by American Express.

As I noted when Amex support launched in Canada, Interac accounts for a huge proportion of card-based purchases here. I believe Apple Pay will have the first full support for contactless Interac payments, with the exception of NFC-enabled cards themselves — even the carrier-owned Suretap app only has support for credit and gift cards. The only reference to previous Interac support on smartphones is for a small experiment offered by McDonald’s, RBC, and BlackBerry from 2013.

The Kanye Effect

Fitz Tepper, TechCrunch:

After scoring exclusive streaming rights to Kanye West’s new album, The Life of Pablo, Tidal has taken over the number one spot on the U.S. App Store.

The album, which went live yesterday, was originally supposed to be available for streaming on Tidal’s platform, as well as for purchase on Kanye’s website. However, yesterday Kanye tweeted that he was pulling the album from his own site, meaning Tidal would become the only place fans could listen to the album, at least until it hits iTunes in seven days.

Tidal was practically forgotten until the surprise release of Rihanna’s new album earlier this month, and now this news about Kanye’s new record. That’s a hell of a get.

For what it’s worth, his new album occupies some of the highest slots on popular and private BitTorrent trackers. Make of that what you will.