Skip to Content

Threat Sheet—Saturday, September 12, 2015

Apple’s marketing efforts around the encryption debate—the battle over whether federal authorities should have access to encrypted communications—have been staggeringly successful, in the public eye at least. (Granted, no one can say for sure what might be happening in secret FISA courts.) CEO Tim Cook has been positioning the $650 billion company as a vanguard of consumer privacy—not least due to an operating system upgrade last year that purports to keep the prying eyes of investigators, hackers, spies, and Apple itself out of iMessage, the company’s text messaging product.

But no security nor privacy system is perfect.

It’s worth pointing out where Apple’s rhetoric begins, and understanding how the company’s capabilities extend. The New York Times wrote this week of a narcotics investigation that Apple impeded over the summer by refusing to obey a Department of Justice court order. The company argued that it could not comply with the injunction to intercept and hand over iPhone communications in real-time, that such a feat was technically impossible, given its messaging system’s architecture. That’s not exactly true.

As the security researcher Nicholas Weaver has pointed out, since Apple is the one exchanging encryption keys between devices, the company could, if it so chooses, effectively wiretap iMessage correspondents by “surreptitiously add[ing] another device” to a person’s iCloud account—say, an FBI-owned laptop. With no way to independently confirm the authenticity of keys, Apple users and their chats become vulnerable to tapping.

Of course, why would Apple risk torpedoing its most valuable asset—its brand—to help a law enforcement investigation? Cook has a business to protect, a mighty lucrative one at that. If such a revelation ever leaked—that Apple had compromised its integrity (especially after so much bluster about protecting consumers’ fundamental right to privacy)—that would no doubt be the end of the company.

Nevertheless, it bears reiterating that Apple could—again, if it so chose—eavesdrop. As the science fiction author Arthur C. Clarke once remarked: “When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong.”

The same holds for massively valuable public companies.

Robert Hackett

@rhhackett

robert.hackett@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber, PGP encrypted email, or however you (securely) prefer. Feedback welcome.

THREATS

Microsoft challenges U.S. search warrant—take two. The software giant made its arguments before an appeals court for refusing to turn over to federal authorities email content stored on a foreign computer. Having lost a previous ruling, this is the company’s second attempt to challenge a Dec. 2013 search warrant. (Lawfare, Fortune)

Another health insurer announces data breach. Excellus BlueCross BlueShield, a New York-based non-profit health insurer, says that more than 10 million customers’ information may have been exposed. In March Premera Blue Cross, another member of the Blue Cross Blue Shield System of companies, announced that it had lost the records of 11 million customers. (Fortune)

Cyber stocks trounce S&P 500. A nearly 195-page Bank of America Merrill Lynch report on cybersecurity points out that the ISE Cyber Security Index (HXR), a collection of 32 security-related stocks, has creamed the S&P 500 since Dec. 2010. A frenzy of high profile data breaches has driven the index to perform 120% better than the iconic market indicator. (International Securities Exchange, Wall Street Journal)

FireEye muzzled security researchers. Security firm ERNW revealed in a blog post on Thursday that FireEye, a major security vendor and forensics investigator, had slapped its researchers with a court injunction to prevent them from publicly disclosing vulnerabilities in one of the company’s products. FireEye says it wanted to scrub the disclosures of intellectual property in its source code. (Insinuator, Wired)

U.S. drops charges against alleged Chinese spy. The Justice Department on Friday dropped its case against Xi Xiaoxing, the physics chairman at Temple University, after having arrested him on charges of economic espionage. Prosecutors were forced to acknowledge that their evidence was mistaken. (New York Times)

Ashley Madison fallout continues. Hackers have cracked more than 11 million of the infidelity site’s user passwords. Anonymous plaintiffs are also attempting to sue website-hosting companies such as Amazon and GoDaddy for receiving “stolen property” related to the data leaks. (Fortune)

Okta attains “unicorn” status. After raising $75 million at a $1.2 billion valuation, the identity and access management startup has entered an increasingly less exclusive unicorn club of venture capital backed companies worth $1 billion or more. The new appraisal nearly doubles the company’s June 2014 valuation of $675 million. (Fortune)

ACCESS GRANTED

Fortune senior editor Andrew Nusca explains why we can’t have nice things.

“About two years after ex-NSA contractor Edward Snowden disclosed that the U.S. government had intercepted tens of thousands of domestic e-mail exchanges and instant-message conversations under the guise of counterterrorism, the government is frustrated that the technology industry won’t play ball and create a technical environment to allow it to enforce the law.” Read the rest on Fortune.com.

TREATS

James Bond themes. For your ears only. (The Week)

An M. Night Shyamalan twist. His comeback? (FiveThirtyEight)

Install McAfee. For Cyberpresident. (Time)

Two forgotten Silk Road architects. Variety Jones and Smedley. (Vice Motherboard)

If you can’t beat hackers. Join ’em. (TechCrunch)

FORTUNE RECON

How the Star Wars producer went from secretary to studio boss by Michal Lev-Ram

Inside Tiffany’s plan to rebuild its luxury watch business by Philip Elmer-DeWitt

Several companies are trying to take down the Bloomberg Terminal by Andrew Nusca

ONE MORE THING

Meet your newest oldest ancestor. Homo naledi, an ancient species of human relative found in the Cradle of Humankind. (National Geographic)

EXFIL

“I don’t expect them to understand everything I do. But the fact that they don’t consult with experts and then charge me? Put my family through all this? Damage my reputation? They shouldn’t do this. This is not a joke. This is not a game.”

Temple University physics department chairman and alleged Chinese spy Xi Xiaoxing, reacting to the news that he had been cleared of espionage charges in an interview with the New York Times. Prosecutors’ evidence hinged on him having shared with Chinese scientists schematics for a piece technology called a pocket heater, which is used in superconductor research. Turns out he didn’t. (New York Times)