Apple execs deny company helps NSA monitor iPhone users
Apple executives have denied granting the US National Security Agency a so-called “backdoor” that allowed the intelligence monolith to surveil the company's popular mobile devices.
The denial was prompted by a report this week in the German newspaper Der Spiegel which revealed that the NSA uses software known as DROPOUT JEEP to monitor an iPhone user's files, text messages, contact lists, and location data. The technology was also capable of using the iPhone's camera and even its microphone.
“Apple has never worked with the NSA to create a backdoor in any of our products, including the iPhone,” company spokeswoman Kristin Huguet announced Tuesday. “Additionally, we have been unaware of this alleged NSA program targeting our products.”
One member of the NSA's TAO hacking unit quoted by Der Spiegel said DROPOUT JEEP is what the agency uses for “getting the ungettable.”
“It is not about the quantity produced but the quality of intelligence that is important,” the TAO chief wrote, adding that the program has provided “some of the most significant intelligence our country has ever seen.” It has “access to our very hardest targets.”
Facebook, Google, Microsoft, Twitter, and other tech companies have publicly criticized the NSA since PRISM and dozens of other programs were made public. Yet security researcher Jacob Applebaum, in a speech delivered this week, used DROPOUT JEEP as a cautionary example to warn against too much corporate involvement in surveillance.
“Do you think Apple helped them build that?” he asked at one point. “I don't know. I hope Apple will clarify that...Here's a problem: I don't really believe that Apple didn't help them. I can't really prove it, but they [the NSA] literally claim that anytime they target an iOS device, that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and are sabotaging them, or Apple sabotaged it themselves.
“Not sure which one it is,” Applebaum continued. “I'd like to believe that since Apple didn't join the PRISM program until after Steve Jobs died, that maybe it's just that they write shitty software.”
Apple similarly denied that it could decipher the iMessages sent between users earlier this summer, only to have that assertion debunked days later. The company claimed that its Apple-exclusive communications were encrypted both when they were sent and received. Yet researchers at the QuarksLab security firm found that Apple's iMessage technology that it could almost certainly be subverted by the NSA.
“So yes, there is end-to-end encryption as Apple claims, but the key infrastructure is not trustworthy,” they wrote earlier this year. “So Apple can encrypt your data, if they want, or more probably if they are ordered to.”
The company was again unbothered by the amount of evidence seemingly indicating the contrary, denying it was involved in the DROPOUT JEEP program.
“Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements,” the company said. “Whenever we hear about attempts to undermine Apple's industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them.”
Both pundits and the American public have voiced concern with the NSA program, not only because of the surveillance but because of what it could mean for future technology development. Michael Dearing, founder of the Harrison Metal tech company, wrote on AllThingsD.com that this latest revelation is a major cause for concern.
“My concern is more personal and local: The NSA's version of patriotism is corroding silicon Valley. Integrity of our products, creative freedom of talented people, and trust with our users are the casualties. The dolphin in the tuna net is us – our industry, our work, and the social fabric of our community,” he wrote.
“Product integrity is doomed when the NSA involves itself in the product development process. The scope of the NSA's activity here is unknowable. But what I hear from founders and other investors – never mind Reuters' reporting about RSA Security, and Spiegel's about backdoors in networking products – is beyond my worst expectations.”
