00:00:00
it's an unfortunate day for privacy here
00:00:01
guys Apple pulls endtoend encryption in
00:00:04
the UK spurning back doors for
00:00:06
government spying what's going on here
00:00:08
is recently the UK has demanded that
00:00:10
Apple create a back door that would
00:00:12
allow government officials globally to
00:00:14
spy on encrypted data Apple decided to
00:00:16
Simply turn off encryption services in
00:00:18
the UK rather than risk exposing its
00:00:20
customers to snooping what we're talking
00:00:21
about here is this tool that Apple has
00:00:24
is called the Advanced Data protection
00:00:26
tool what it does is it gives Apple
00:00:28
users the ability to do endtoend
00:00:30
encryption on their data that sits in
00:00:33
the iCloud right so without endtoend
00:00:35
encryption the way that this works is
00:00:36
there are keys to encrypt your data when
00:00:38
you send them up to the iCloud but the
00:00:40
problem is the key storage resides with
00:00:43
apple the threat model here is twofold
00:00:45
one if Apple wants to decrypt your data
00:00:47
or if the cloud is compromised by a
00:00:49
hacker having these Keys be stored in
00:00:51
the cloud is going to give that hacker
00:00:53
or apple the ability to look at your
00:00:55
private data so to make it more private
00:00:57
Apple created the thing called end end
00:00:59
encryption they didn't actually create
00:01:00
this this is a well-known Concept in
00:01:02
cryptography where you use this public
00:01:04
key cryptography system where you have a
00:01:06
public key that you're able to give out
00:01:08
to anybody and everybody and that allows
00:01:10
them to encrypt data on your behalf they
00:01:12
send it to you or they store it for you
00:01:13
or maybe you're using your own public
00:01:15
key and the only way to decrypt that
00:01:17
data is with your private key that you
00:01:19
keep secret and you store in a secure
00:01:21
way on your hard in the you know
00:01:22
Hardware enclaves on your phone and by
00:01:24
using that uh that private key only you
00:01:27
can decrypt that data so even if Apple
00:01:29
wants to spy on your data if they don't
00:01:31
have your private key which is not
00:01:33
stored in the cloud here when you use
00:01:34
ADP no one can access your data now the
00:01:38
UK government wasn't a huge fan of that
00:01:40
and so the two options for Apple were
00:01:41
either to create a back door that would
00:01:43
allow the UK government to use their own
00:01:45
private key to get into the phone or
00:01:47
apple decided okay how about we just
00:01:48
disable the encryption entirely and
00:01:50
hopefully that will will cover the The
00:01:52
Secret order the Secret order by the way
00:01:54
that was given to Apple which is also
00:01:57
illegal to disclose like whatever you're
00:01:59
given these orders I guess you can't
00:02:01
talk about them so someone anonymously
00:02:03
leaked it to the Washington Post that
00:02:04
this had happened this is not the first
00:02:06
time by the way that the government has
00:02:07
had an issue with encryption or that
00:02:09
we've publicly talked about this uh in
00:02:10
2015 for example after the unfortunate
00:02:12
San Bernardino shooting phone of the
00:02:14
shooter was retrieved and the way it was
00:02:16
set up was that if you got the password
00:02:18
wrong after 10 attempts the password
00:02:21
would delete itself or the phone would
00:02:22
delete itself and so the FBI went to
00:02:24
Apple and said hey can you do me a favor
00:02:26
and write a piece of software and sign
00:02:29
it that we can upload to the phone that
00:02:31
would bypass the the Eraser logic and
00:02:34
also allow us to get into the phone and
00:02:35
access the data now Apple did not want
00:02:37
to be coerced by the government to make
00:02:39
malicious software that was a back door
00:02:41
told them not to do it and eventually
00:02:42
you know a couple days later the FBI
00:02:43
found a third party that could do it for
00:02:45
them but again this is not the first
00:02:46
time we've heard of stories like this
00:02:49
what makes us so ironic though is that
00:02:51
this this thing happened in 2015 2016
00:02:54
which is only eight or so years before
00:02:57
uh the FBI urges US citizens to use
00:03:01
encrypted messaging as Chinese hackers
00:03:03
linger in Telco networks we had a video
00:03:05
about this before that I'll link in the
00:03:06
description below and on the cards here
00:03:08
um but salt typhoon which is a threat
00:03:11
group known to be Associated by the
00:03:12
Chinese government uh recently
00:03:14
penetrated in December eight Telco
00:03:16
providers in the US which is crazy
00:03:19
because in order to combat this the FBI
00:03:23
the NSA and saysa all came together and
00:03:24
said hey you guys should all be using
00:03:26
endend encrypted applications because
00:03:28
right now it's the only way we know that
00:03:31
they won't be able to spy on you because
00:03:33
they can't decrypt your data if it's end
00:03:35
to end encrypted the the threat model
00:03:37
being that China had supposedly hacked
00:03:39
into all these Telco networks and were
00:03:40
able to use the lawful intercept
00:03:42
interface to view the communications of
00:03:45
Select people if that contents was
00:03:47
endend encrypted even the lawful
00:03:49
intercept interface couldn't decrypt
00:03:51
that data so it's just kind of funny
00:03:52
that we have this you know this little
00:03:54
thing happened and then maybe not even
00:03:55
10 years later they're like okay maybe
00:03:57
end to end encryption is a net gain for
00:04:00
National Security and then unfortunately
00:04:02
the UK is is rebutting on this and we
00:04:04
can see that it's already publicly
00:04:06
happening in the UK right dhh who was
00:04:07
the creator of ruon rails tweeted about
00:04:09
this showing on his phone that in the
00:04:11
iCloud plus tab the Advanced Data
00:04:14
protection feature that feature that
00:04:15
does the end end encryption up to the
00:04:17
iCloud uh is no longer available in the
00:04:19
UK and now the data listed here on the
00:04:21
left is sitting encrypted but with keys
00:04:24
that apple and supposedly the UK
00:04:26
government now has access to not a great
00:04:29
place to to be from a security
00:04:30
standpoint I think we will continue to
00:04:32
see these conversations these debates
00:04:34
happen as encryption gets better and
00:04:37
more accessible to The Wider world I get
00:04:39
it man like UK doesn't want to have
00:04:41
terrorists in their country cool I get
00:04:42
it us probably the same thing but the
00:04:44
problem is you get this really really
00:04:46
scary slippery slope where okay you're
00:04:48
checking for terrorists you're checking
00:04:50
for denters what else are you checking
00:04:53
for and and why are you checking for it
00:04:54
right real quick today's video is
00:04:55
sponsored by me this is my site L level
00:04:57
Academy I think honestly that if you're
00:04:59
a security practitioner if you're
00:05:00
developer if you're any of those things
00:05:02
it's very important to understand how
00:05:03
computers work at a fundamental level
00:05:05
the best way in my opinion to learn
00:05:06
those things is to learn languages like
00:05:08
C and to learn languages like assembly
00:05:10
in my course here Zero to Hero C
00:05:12
programming you can learn the basics of
00:05:14
how computers work by learning the C
00:05:15
language with all of these modules that
00:05:17
are available to you paying one fixed
00:05:19
price by the way gets you access to all
00:05:21
of these courses and more as they come
00:05:23
out oh and by the way it's on sale get
00:05:25
it while it's on sale for a limited time
00:05:26
and this is the best way to support me
00:05:28
so go check it out I hope you like it
00:05:30
and uh let's keep going thanks anyway
00:05:31
guys that's it for now thanks for
00:05:32
watching I appreciate it if you're into
00:05:33
this kind of stuff if you like talking
00:05:34
about cyber security or software
00:05:36
security or just privacy in general I'm
00:05:38
your guy hit that subscribe button I
00:05:39
appreciate it and then go check out this
00:05:41
video that will be just as interesting I
00:05:44
assure you
